diff --git a/addons/account/models/account_bank_statement_line.py b/addons/account/models/account_bank_statement_line.py
index 5fe00e2b20d7a..2f4f0773b744b 100644
--- a/addons/account/models/account_bank_statement_line.py
+++ b/addons/account/models/account_bank_statement_line.py
@@ -453,7 +453,7 @@ def _find_or_create_bank_account(self):
                 'partner_id': self.partner_id.id,
                 'journal_id': None,
             })
-        return bank_account.filtered(lambda x: x.company_id.id in (False, self.company_id.id))
+        return bank_account.filtered(lambda x: x.company_id.id in (False, self.company_id.id)).sudo(False)
 
     def _get_amounts_with_currencies(self):
         """
diff --git a/addons/account/views/bill_preview_template.xml b/addons/account/views/bill_preview_template.xml
index b342ba0fad369..e1b67d48d100b 100644
--- a/addons/account/views/bill_preview_template.xml
+++ b/addons/account/views/bill_preview_template.xml
@@ -8,7 +8,7 @@
                         <div class="o_company_1_layout">
                             <div class="row">
                                 <div class="col-4" style="margin-bottom: 8px !important;">
-                                    <img style="max-height: 60px;" alt="Logo" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAIAAAACACAYAAADDPmHLAAAoA0lEQVR42u19e3xcVbX/d+29zzkzk/TFS4soghfQhisovagItAW0AuWhOEPBDz7wZ7kqBQGFlkxy5jRJqXAREcULXp/opcyASFseItC0iKKXoqiJCF4UwZZ32iaZOY+99/r9MWdCKKWA10KSzvp85pN+0p09+5z9Xe+11waa1KQmNalJTWrSjki0Iz50Pp+XRx11lACA9evXcxAEugmFJjUlwEQn3/dFEATW9/1TPc+bE8cxrLWPE9ElQRBUmZmIiHekd6J2pIfdsGGD9H1fWGs/1NraeloYhhgcHHyciL6Rz+cjAHZHkwBiR3lQZiYACIJAE9HTw8PDSbVaTYjoaQAbK5WKKZVKckcDwA7xwL7vizlz5vC6detssVicJ4T4JDO/yRgjAbQS0bTDDjvsya6urg1NG2ACcj4Rse/7uwD4TynlScwMrbUBQEREnueR1npTFEUXLV269MuprcAAuAmAcc756T93YuaV2Wz2vdVq1TiOI4mef3St616g53mo1WpBV1dXqWEwNm2AcU5BEFhrbTGbzb63VqtFSimZJMmqOI4/GsfxoXEcn2Ot/bMQAmEYaillZ3t7++zUW5jw70dNZO5PN/Et1trPVKtV67quF0XRxd3d3ReMGnqP7/vLtda3KqUOFELAGPMlAL1NL2AcU39/PwGAMeYIpVROKSXiOO576qmnAgDk+77yfV/4vu8GQfCEEKKdmbW1lgEccP755++xI0iBCftwM2bMIAAQQrwNADuOAwC/uPrqq6v5fF4EQaCDILClUilJXcT7jTEbhBAEYEo2m91jNJCaAJjAKq9UKlH6LkbeR5IkO8QLmcgqgFMV8CAAiuMYRDTr7LPPnlqpVExDBZRKJScIAqu1Pkwp9cZUBWxKkuRvqSSZ0K7ghBVvDf9/8eLFb1BKPUhEkx3HEXEcf08IcUYQBHFj7OLFi9/uuu4KAP/iOA7FcXzDkiVLPprP52WlUjFNL2A8Irse/BFBEDzZ0dFxeTab9Wu1mnYc55NxHL+jo6NjuRBivbX2YAAfF0Lsaq3lOI41M1+0I3D/hA8EMTOl+j1njPmB53kfjuNYu66rRgEFWmsYY4zjODJJkoVdXV1f31EygxM6GzhqA4d835+fJEmv67rvS+oWnmBmTu0g67quiuP4nK6urq/n83lJRAY7AE14L8D3fWJmMsbsRUT7GmPAzAqAdBxHUT0mLIgI1tq37Ciif4dyA4mIicj3PG9nY4yWUsJa+1ySJN+t/zeJJEnYcZx/LxaL7wqCgPP5vGwCYJxTuVyWQRDYjo6O9yulTgrD0AKA67pERBUhxAJmfsBxHFhrteM4WQCLAXAqBagJgHFMfX19DICY2ZdSusxspZSqVqsNCCEuDoJAM/MSZjZEJMIwtFLKfHt7++FBENh8Pj/hJeSERXjDh7/wwgtP8DzvJ1prC4AzmYys1Wqd3d3dXb7vuwCstfZWz/OOiqIo9jzPDcOwV0p5JFDPJk5kAExIPcfM1NfXh5kzZ+Y8z/uOUmr3VMTLKIr+orVecOSRR0ZtbW185plnmlmzZj3CzJ8AII0x1nGcvbTWv+vq6uovl8uyUqlMWKNwooo4CoLAZrPZkz3PmxnHsWFmSUQkhFi6bNmyZwGgUCgY3/dFV1fXPcaY5Z7nCWa2VKei7/uZfD5vJ7KkFBOR+4mIL7jggilEdKExBgDY8zyRJMmviOiaUSVfaGtrIwBkjFkax/GglFLGcWw8z3sXM59GRFwul0UTAOOECoWCQD39+7lMJvM2U0eA0FozMwdBEMRpipcbUiCfz4uLLrqo3xjzLdd1RWoXMDOff8455+zU19fHE7UuYEI9lO/7olKp2C996Uu7E9EXtNZsrW1w/6qurq5b0zFmC3fRMjNZa78ShuF6pZSK49hkMpl/aWlpOSMIAjtR6wImIqrZdd3zs9nsblprq5QSxphhIvK3FSiqVCpi6dKlf7fWfk1KSUSEJEmYiM7t7u6enoJGNAEwhrk/CAJbLBbbpJSfjqKIU1UgkiS5pru7+zeNwNBLqA4LgKSU36jVan92HEcaY3Qmk9klDMPzU0lBTQCMUUpFNBHRokwm02qtNVJKGYbhc8y8NI0NbMun57RUbMhxnCWNHEGSJFYp9clisfiOQqFgJ1qIWEwU7q9UKqajo+O9UsqTGyFfx3GImb/S09PzWJrh26Y/X6lUrO/7gpmvi6LoXtd1pTFGO44zlZkX4fkQcRMAY8nnb/xk5pJSymFm4ziOrNVqf9ZaX+n7vniFG8dtbW0UBEHMzIExhgGoKIqsUuqUCy+88L1BENhyuSy38v1NALweVC6XRZrwmaeU+mAcx7YR9AHQs2zZsgHglYd0C4WCYWbq6em5TWu9Kg0Oadd1HSLqSKOMjHppucDzx8fGJRDGtT5jZmpra2MArrX2+47jvMkYoz3PU3Ec3yulPKe3t5fnzJnzqsR2f3+/7O/v50MOOeQRKeWpAJw0XbzvnXfe+eslS5Y87Pu+CoLALFy4cPKBBx5o161bZ8YjCMa1BKhUKoKIWGt9WiaT+bcoiqwQQjCzBtAZBIGuVCriH5jX5PN5uWzZsl8lSXKd67oSgBVCkLXW930/EwSBbm9v32vnnXe+Z7fddvuK7/tuvcBofIFg3OqvRmQuiqJpjuP8wnGcfbTW2vM8p1ar3Sil/GhbWxul7h3/g8xhfd/fm5l/Q0STmNm6riviOP5YFEUPep53k+M4b3YcB4ODgwt6enq+VS6XZaFQME0J8Bq4fUEQWMdxPp3JZPZNksQAkEmSVKWUpSAIbKqr/1Gr3aZxg0estV/3PI+YmY0xxMxfdl33TqXUm4UQqFar1yulbgLQAFxTAmxv3U9E8H3/Ddba30kpdzHGmGw2q6rV6te7u7sX/jM4sVwuy76+PgKwCzP3Sin301pbKaUARiqKvymE+EJ6zoAwznoKjNeqYAJgtdYX5HK5XcMw1EopWavVnonj+MvASDXQ/0W9iEKh0Ggf90RnZ+c6IcR+RMRpkEkYY9q7urouGrWmcRcjGHcASCNxdvHixTOUUp9KksQCgFKK4ji+9OKLL378qquuctavX2/So1+cNoPY2uaQ7/vU399P+XwefX19HASBTV1G6/t+q7X2SCI6j4hmpucFRVpaRsYYmwJGjddeg+NOBYyK+f8wl8t9LAzDRCnlJEnyoBDioCAIqi/F0Rs2bBh53oGBAftSx76KxeI7hBAnAjhRCHGw67oAgGq1GhORQ0QQQpDWekhrfcCyZcseGa8dRdR44/4gCExHR8f7hRCFMAwZ9TIuQ0TTmXlVZ2fnGinlfUmSPB5F0dO5XO6ZVD9vbXPo3HPP3TmXy71BSrknM7/HWjtXCPF2z/OmEBGYGXEcP6O1vt513a8kSXK167qzoyhKstlsa61WWwRgQVpY0pQA29PwK5VK1N/fT/vtt9/KTCZzdBRFRgghlVJQqo5lay2YGVEUDRPRegBPAdgEYIiZG2e+BRFlAExl5l2ZeQ/P86ZKKSGEADOjVqsxM/+FiH5grb2+u7u7DwA6OjrmSCnvNMawlBIAQmZ+fxAED/i+T+NNCowbCVAqlSgIAnvhhRce67ru0aOCPkkYhl8XQuxKRDOZeb9MJkOZTKZFCLEPEe1DRBjdFGoUqMDMI6Cp1WoREf2emX8rhLiJiO5qqBTf91VbWxsXCoXV7e3tN+RyuY+GYRh7npeLoqgDwEnjUaWOFwBQqVTiDRs2OFLKIN1M4ziOE0XRyp6ennPTTdpNa713FEX7AJjBzP/CzG8G8AYicrew1ENmfhrA3wA8LKV8AMD/1mq1hy655JLB0WpnxowZHASBbgSfiKg7juNjpZReHMdWSnlie3v7EUEQ3DXejpSPC8Q2fPpisXh6JpP5dhRFJrXCY2Y+WErZt2HDBnn11Ve/ZFuPc845JxtFkcxmswwAl1566fA2DE0FwG6tV2DD2Ovo6Ph6JpP5fCoFGmcJ5gLQ46nH4JgHQKPFa6lUmsLM9yql9k2SRGcyGScMwyu6urrOGtURTDRq92bMmMGpC8ivxLZoa2ujSqWCcrlst/U3DSmgtd5TSnmvlHIXrbVNj5bnu7q6bhhPHsGYVwGVSkWk3H9GNpvdL23yoMIwfMoY8+XRIN7ypQdBsC2wcyrOX8CtW7MVtpjTpmL+L+3t7d/0PM9PYxEEoOO88867DUBtvPQXGNPpYN/3xec//3kGsAcRfRtAKzNzWqkTdHd331Yul+WZZ575mnJbf38/mJnWrl372yRJTnEcZ5rW2nietzszP9bd3f0/jZTyWAfAmE4G9ff3ExGxMebsTCYzXWutHcdR1Wr1T88888w3mfn1Sr5wpVIRQRBsBLBUStnoSQghxAW+709tlJc1AfB/4P5KpWIWLVq0rxDis3EcN8QsE9GSK6+8cijN9b8uXJbP563v+6Jarf4oiqL7XddVSZLobDb7VmvtWQB4PJwlEGOZ+wFAKdXpeV6LMcaklT4/l1Je7/u+eD1Tr0TE/f39lHoT3cwMIiKtNRPR59rb2/csl8tjXgqMycU1fOn29vZDHMf5SJIkhoiEMUYzc+eoFm+vq45tiHkhxE1a6595nieTJEkymcwbAJwzHozAMQmASqViUy4rKqWyKffLJElu6Onp6R1DbhY3ClOMMd1JkiRCCBVFEQshPlMsFt8x1vsNj7mFpSXXXCwW5zmOc3QYhlYppcIwrBpjloxBsDaqiNcmSfJj13WFtVZnMpkcERWbEuBVBn36+vr48ssv94ioI03MaKWUsNZ+86KLLuofi0GWtBchZTKZII7jGhHJKIosERXa29sP2cpZgiYAtkaFQkEEQWCfffbZ+a7rHhzHceI4jhtF0ZPMfGkjKjjWKBXz1NnZ+Udr7VXpWQLjuq4ios6G19AEwMsY1qlR1crMHY2zfUIIa629cOnSpRsaABmr4pSZSUp5aRiGT0kpVRRF1nGcucVi8XgiGpOt58YMANIuHGyt/Zzrum8jIsnMg1EUfay7u/s7WzvXP9akQArQx5n5q+m5RJ3WDCz2fT83Y8YMHmtSTI4VzklP+OwO4Fue502OouhhrfVJPT09t+XzeXnllVeO+eRKX18fAAghRF+SJB92XXfnOI6153l7GmP+tGTJkgfGWoh4TEiAQqEgGiHfKVOm7FGtVm8TQhy+dOnSe2fNmqXGS369ERwKguA5a+3F6YkiBcAw87uAsdeGVowB7hfpBQ7vBPCljRs3/pcQ4oQgCJ7wfV+sWbNmXFXbNoJDSqnvDw4OXkpEYSaTkdbaobG43tc9HVwqlQQAy8xHArioq6urHQA1CkAx/ojTNLQG8MVisfjdwcHBZVLKTWjSS5Pv+7mGJMUE6cs32uq/4IILpjR3+RWoUUywpoxpGJiaW/vKNr/5fE1qUpOa1KQmNalJTWpSk5rUpCY1qUnbibZvcOIfyX3vANe1Nmkb5Pu+mLV6tRqr5V9NCfAKacF99zkD1aemvqLBShhXWB3/bSisFAoj17rny2VZyedtUyqMIwA0qnZPXrPqEALdwgRFIAtsnaOZmYipyoRBAfwdQvZpa+/NWfvT78+Z98QIEMZR980dGwDMIiCyhTt/crh03NUkpQDz6B3fmt4HCQGSEtJ1YBINq5PHGLguHBy65Ma5Jz3VBMH2oe1WEURSMgDD9du3LFvLbCyztcyW058jH2O1jnUYJtHmQW3C0BDEm51M5ou5Sa2/LNx149xKoWDyr7a2nplGPv9Mw/afMecL56EJB4D0KesP13hIAkEIgmj8rH+k50p38mTXbW1xhJQKAIxObDI4ZCDk3srN3ZxffdMplULB+MzbXHO+XJYjR7GIeOST4jJfLstXs3k+++IFwNtiTt/f4v//sbXxyP/za3uMbLupgJN7Vx4mhLgLJBRbtlJJYbR+2lp7lhQYqPfPqPfRYIscEe0GQYew4RPdluwkXQttClAjpJQWNoTWs66dddyvffZFQFucD2AmH6CAyKbGiDj1qH+bAoHJ5Mk4zgw+W9n/eQOzsc6X27DRaucT312dqe43tLPDpKoqHjrg4AcGGuvwfV8EpRJv1WBlJsZIN5IXri0WZtOgfm7V8cdXX+p7JwYAHCW01o9O2ahnXD3qYV/00tfctJcgZ5njuQUdxZYAAYZR2YyMq8P32V32en9l//0TMI/EDEYDYv7aVe+RQuatMR+CEHuAIQFitmZISPkro82P7dPVGyuFwtBWgQQADAKlXHn3ircIyA+TxTwA7ySiXH0IWwY2SKlu12Ht+vKRJ64dEe2jQDAaaPm7VsxyXO9EtvoDAO2BtCzfMocE/IEIK3VN31iZe8JfRu0PTxgAGJ08hjB5r/lA/OS0dQPiT4PrebfZbfxU764EAL2zZxsiYjDT/LW3/KeTzS5IajVLRIKZrZPNiCSsnbr88HnXjrzY9IXn7/vZFFFLlkkSn1a5rGOiCGzq/f8AQAgB4TogIRAPD/820eaLNxxx/J1bkQQjL33+mpVfEI57rspk32yTBGx0fdvr4ANJAem60GFkjbHfs9HguZUPFDY11tQAWP5nK94iPediQXSyasnCRjGsMc/PQwRSCsJR0HH0d07MJdcedvTlrwUIXvuycEGmQgUzfeV6s2ZOoCtUMGvmzNFr5szRRMQ+swART255w5m6Vvud8jxCo80rETPTx+sTlQDfFyDi+b+84w0y1LdlJk36d7ZWxYNDiY0TFkpBeS6k64IBJNUwiYeHtZPNHpjxvJXze1d+OCCyI3YFM/m+Tx966Bbv5NWrvue2TrpMgN6cDA1qHYXaJMbWN16CmWGSRMdDw4a1puyUSacLJ/fj/OpyK4iQL5dlQIH98E9X7u/kvDu8SS0ns7WcDA4ZHScJM4OkBIhgjLE6CnUyNKTJ4k1OLvvVQu/K//JXs/J9f7saiGPueHhAZPNcllfPnJlY0Nek59Yb9hLBakNE2P9Ta8u7BhRYlAB/9WrFYe0ar7XlvdGmzQkzs/JcB0TQUfRAXAuvT2q1u6zWz6qs5xCT1LWaJkFZSPmdj6xe8faAyPq+L/y0G+nkv5ulmamTPpEMVY1OEssMobyMko4S1uhnTZI8xdYmbq5FESBAZMONm8LcTjsdIWXrf/ipkfnhNTdM91rUdcp194k2DyV1RibhtOQcMMc2SZ60xjwrlRTKyyi2LE2ibTJc1dkpUz79IN28JAgC+3KG74QCAACgUud31ua+aNNgjYSQYAYbAzB2rvLkfeojAvtHEX7amzL5A/GmQQ1AStcVVptHmO1xy2cde+B1s47NXzd73pEM+S5TC6+pAwpKx7H2WlqmOiS68+WyxOzZIggCO3/NzUco1/1CMlwzAAsApDIZoePofh2FHxeSDzKWD2BrPxgPD18jHIdISunkcploaHAjwa7/1a1fcyqFgskgs9hraZkRV6uaCApCQDiSkuGhH2joD4Zh+E4h7UHa6I+ZJH7AyWYJBDCzTIarRnneeaf0rnhfQGTz2+l4+ZjsEzgjX7/qhZR+DuQ9SUq9lZKE2VoQUdZoPQ0APrF6dSZEdaFNEssgQQTB2kSW9anLZ837Vb5cljP6+ri/rY2um/WhxwB8/OTem3dyc9ljdS2kpFqzQsmj7W4tM4LZc36fvuR/dzKeiIeGNQOsMhlhdfLLMAyP+8kHPvLsqGU+AaD35LWrHndbJn1WV6sVreOLK3NO+DMAfGz1LXsY5k8mw1UmQNYlkydsVOtaPmte5xaP/Ogpq1fcri1+plznAB0lzMZAZTKuiePPAvhlZTsdLx+bEqBU/1GLyBDYjG7eSESQgiUA1Kj2rwKYYaJYgNg6LS0wOrlp+eHzfgUAlULBBEFgR7tU7LiBNQYgEFtj3ZaWnCI+BADEZGd3BuboMAQDkoQgqxMd1ZILfvKBjzyb/8Mf3EbwZtZqX4GZpuRstxkcOvzaw45eUJlzwp/z5bILAIbwQek5k+rfJazKeCIJo9/+/bCWJfW/X60ac+X/UHavnXP8M9ra87keLwEAoev3H8+dd9+KHFLjeIeQACiVgCBAiyMms7HTrLUjIWNrbWKZqgAgBe8vlCKbaAaRMFEEkuLf5vfe/DMISLLMDYjXs4vCQkcZAzJEJADAas1EYn8A4Iz3RtdzdzFxbAkgoRSZOP7rDUfO+zmYqUI0EkdYA2ggoKuBKoDf+8wCpRI27D3A9RCY2V9mWtkmiWFmVhlPxlF02xqao2etXq3WzJkzcuZxhu9rMBN++dN1OoofVa67p4ljS8yCiKbmau4+AB7wSyUK/skewZgEQG9vb71p/z237u14mZ10LTRcv9kb1tqNJOlvqbs+laQEa1Pf3SSBdJy9hJJ78Uu+JoaJ4ueTEAAseFrqKu5MghqeI5MQROBHRyJ3W5uMmfKVigiIDADMmr263lEccqoQgpiJiSBMokEWT4BBQ1c/9AJObgSQaitWhK3TxONCyj1tPUwGAJKt2Xk0Y0x0FUCNF261Pb0hD8EMoSQz82NP3PnrR1IzMYblFySVbKJNUgutDl/qE9ktElMEi7C+4xw2QAEigBlMaNl2OpowI5/nhqW+36TG5vLozuUspIQFZwDGQS8x027WSjBl+YXJM3bZJtvrZb/mEsBISWCm/kplJKHCqDda6m9ro6d27aM1c+bowl0rP6Zc98NJrWYBSDBbEpJAuHFNekGTJfqL1RqUhoxVJiOTavVuS/Y8xyrXsGWSz79NNoYkEVkhLBMRJczx5k0KAusBQBE26CgyBBbMABsDZtrv1LtXTdvn0GM3NdzUkaCXXw/0BKCRWP7AI2hIlcdMHANg2YhjSMI7QcR/Wr2aRwd48pWKmMHMD991804A7WeSGGAWJAXYUgyWfwGAYDsEhF5zAGR0nICIK4DZIhw58nDz777ldCLxNWbbkMcsHYfi4eHnEOnvjGyoxf8w200k5WS2lkwcs3Ccf1UUbv7hIcf8+VWLnmHxuM3o3zsZ7wATxtYkWri5zDQdRgsDoiUAcNB99zkHARh45BEbFAomf8fKgzPTWj+eVMNvLj/s6D6kzyVJ3K1rIRORADPFQ8MslDtvfu9P3rV89pzf5MtlOW3vvcX0wUEOUntg/ppVn3Vz2ZZ4uFq3QaTiREd/vPaIYx/fhhoaRwBgiFDJaR+75ZaE7YCkXaaZoVokhJtzqZq0ei69ixmfkVLNZWth67odEGSk56lEJxeWP3ji+ny5LCt9fVw5/JinT16z6iYvl/14MjhkrbVQnrezjtzbCmtWnV6eNW/ti3INP//pgQ7xZUkYXlM58sTvLLjvPufqg1aafKWNfjh37nBhzaobhOseaMLYprrbklQXnrz6lqetN/V7lZkza+saQF1980xI+r7yvLebMDp1/tqbv23IXFE59LjH1vf23jNdVH+nMpkDTBRZZiapxGRjvR/OX33zJ5bPOfa+Blg+sXp1JkLtM0KJ85IUNMxWS9dRJoyuAW+/BNFrkgtII3nE1iYA/gwgBkhQvR5IgLkV4OlOLueBAR2GQN0EYhKC3UmtMty46T+vmz3vs42sW75SEZVCwZzc++N3SCf3CyIx1WptwCyE55KJ4kQIscKw+Q1ZDLLAJAHxTmYc501qySZxNKSj6KPlWcf91GcWDfGav/vWXSTj507W21fXQgMiSULU4/RhdC8R3WNhY2K5F2CPV56X01GUEJGT2Xkn1J595tb97vyfeUEQ2FPW3nyicN0bOTHGWiNAxMpzhYniKjOtAPgRELlgfp/KeO83cZzaJaxVNqeS4eofTChnlefOHWjcmTR+AQAQiCAd9aKvZWvryRHLhgFLxMQMqTyPQAQd1r6yfNa889Is3Yi6GEm2rF51ipfxrmGwtEmi6+NIOq0tICFgEw3hKMBaxMNVwJpIOK5ndKIBfdDyw0/43ahLJrmw9qb3C7i3Ks+dZKJQN5IQTjYjZCYDIoJNEiTDVbBlAzCTkgqMhGDn/ejQY24/6L6rnHUzz0jmr17R406ZcmEyXLWwtu7mC5JOSw7Cceo5hTBCmvRiMENms9JE0UZt9dzKrON+vT2bY26/GHOdgzUDCYgSBhK2nJg4jkwcveBjEx2D2ZAgqTzXcVpalMp4ZIx5IKnVTlo+a955L1AkI3mDeh/eypx51+okmc+Wn3RaW5VwXQmGiQcHo3jz5kjXanG8eXMUDQ2FzGxVNucJRwGMFZLdp5mZgiBgIuJ8OS/Lh59wjyX+IBvzoNPaqqTrSiJiXQvjcOPGsDYwEMZDQ5G1NiEppNPaogAMJVaf/qNDj7nd932xbuYZie/7Yvmc49uToUEfAJzWFklSSGttEg0NRbWBgTDcuDHUtVpMRCwdRzqTWqXV+kFOzIcqs477tc+8XXsjbjcJMH/NTUd4k6beSUptvQ5wC9JRBB2GIZH4m7WmXyjnuoFND9542zFnR9ssthhVQPGRO1ftqRRdIJX8kHTdvaTjgPXzalM4EvHgMEC0zrK+avmhx35rW89w6qofTbNTdjqPhPioVGo/6bnPzyfqadxocHgzAXdqbXoqR8xbl+eyrFCqq5mpkWCqS0T5RYBnu5MmTWZmNFxYkhImSWCT5GFr7Y+f2/D4xbcXPvPcKylaGXMAaOTCT/vZj3dOstn3C4DwMqaLgQEgaiT5uWhY/e3GuXOf2nJzXynwAGD+z2/f3UIfKCD3I6t3B8NjQkhK/C80P6ifGPp1pVCoba2AY6uFHLeUd5XZ3EHCcd7B6XxEtNECDxnLD1RmH/v7Lf/mpeY6tffmf2Wid1rB+0imqYbZCikeh+YHh3SybuVRJzy5rbl2CMqXy7Jeu/cqAcpMeX7l9XmvbD6WLw8+X7xcS3jff/kxAJBnlngND8Vsvy9iplm9va8qhbnb00/zjPQG7/TWrRfo/FeshnxfbDhudzl9cF9Gb+8IF/W3tRHyQAUvPmwy2ghsvBvf96lUKnGpVKLe2bNFY32NsGw/KoRKPen0asCNPDADeUapNLKup3bdlWb39trxeAF1k8Yxjdlr43zfb333u98t7733XvMqJBUBwIIFC5xjjjnm4sMPP3zq2rVr+9KOo/xS45mZrLXLDj/88DeuXbv2dwCwePHiXY844ogvH3roocN33333o9uYY1yTGGObLgBg0aJFO1trfzFp0qSvoRESegUgaCRRPM8TAOYR0YEA8HJXu6eq5hgienfjd67rvsnzvDOllO8Dnr/EqgmA7UiNl+w4zmlSyrcx8ykdHR0HERHy+fzW1kqjb+IQQnA+n5c77bQTARhm5mhb4wFwPp+XaeHlyPg08PLbOI6nE9FlQP1qmJeYY8TAa5xovvzyy71isbiiWCx+crvbWhMIAFSpVOzChQs9Zj4vSZIziegWZv4SAN5Kl20CwIXUAGNmYmZUKhXT29uriUjSi++BHRnf2JRKpWKCILBbGx8EwROjbijb6nem415gvD333HOOEGJfZt4NAC1YsGDMXtE7ZpDp+74KgkB3dnZ+mpmXDg0NvTWXy72HiG71PO/tHR0dj6aAHblA0vd9YYw5XQhxmrX2LQA2E9F1QoivM/MdAG5dsmSJn85tAHBnZ+dpAD5prd2biAaFED8Jw/BSx3FuFkLcs2TJkgsAYOHChd6UKVN+TkTndnV13d1Yn+/7ipk/A+AUZt4DwLAQ4tYkSS5bunTpho6Oji8y8/kAsgCGiegJZt5FSnl8EAT3j7U7j8YEMlNOMgCUtfZMANdcdtlltYULF/5y2rRpf4zj+DwAZ41y1eD7vgvgv4noWABLAawTQkxh5rOstR8gohwzm1S1MAB0dnZ+l5lPE0IsBXApM7daaz/rOM6RQohWY8yIO5eqkZnW2qmpHcGXXnppdmBg4EYiOlhKeZEx5g9EtBMzny+lPMn3/cMArDDG/JWIvszMP7PWXk9EGQCPpNJiTBmSYwIAjUyX7/tHENF+Wut5AHDFFVdEnZ2dVwC4ZPHixV1BEDyTei5aa32W67pHSynf2dnZ+fCo6a7t6Oj4bktLy+zh4eHBhpj3fX+BEGJ+kiQHBUHwwKjx5WKx+LXW1taFmzdvLo9el7U2SiUOCoWC6ejo8InoYCHE/qVSaX1j3IIFC8q77rrrAiFEHATBQwAe6uzsbLfWPtDT03PHlnhvAuClQsLGdBJRZenSpX8vl8uyUCiYgYGB/546dWqPUupTAC5ubIgQ4lyt9SVdXV0PL1iwwDnqqKNsX1+fDIIgFkJ01Gq1jwJwG6rOWnuuMea73d3dD/i+77a1tZmBgQFxxhlnaCllcWho6PRR40dsJGNMwzOZxsyfJqJFQRCsX7BggTMwMGDz+TwKhUIC4BsNgzCXy7UMDQ0pAC3lclmm60rG2uaPCSOwXC7L1Ih6nxCiTQhxeYPjGlKAmS8DsND3/VwQBHbZsmVTAExj5vt93xfTp0/nQqFgSqVSo3buGWPM/1prc+mm7Jzq5PtTV9MWCgVzxhlnaABcKpUGAfyBiLwXBUrqlz5BSrmT4zi7aK1/zsw0ffp0U6lUTLpO8n1fNfR7tVo1aUTRFgoF09/fb8bi5o8JCdCXhla11p9xXXdqHMff7+jocFP/vFE3Jx3H2SNJkpMAXFOr1QzXizDdrcUShoaGZDab9YQQNrXK46lTpwpm9gBgw4YNtEUIGMaY3Lbu+tVaG6UUu66bSS+KHP2dBMCWSqXGbSENFdK8PfzlAj9BEPCiRYv2BnBKkiRnWmvPsdaeLYRYSERnEtHZRPT/oiiqADjb9303CIIhIvqTEOLoIAhsW1sb+76vzjrrLDcIApvNZvf1PG8fZh5OpchmZn5USnlkEAR2YGDAphzrpBb5WzKZzAwiqm3FQGUAyGQyT1lrH2bmfBAEdsOGDTKdQzXcwC0BpJRKfN9Xb3zjG9VYjQW8rhIgjdBZpdR5AP60ZMmSb2wDLH8F8JDWejaA2wH4UsofF4vFNYVC4QcNRl20aNHeQohvSClHDLh0IzuFEHd0dHR8rqur68rG788///w9jDHf8zwvbHgNoxm/MUcQBNVisfhlIvp2sVi8p7u7e9WoOdpyudwXmbk9CIL1AGKu04ygXsE8Zi++Uq8n9xcKBbto0aJ9iegMa+1nmZnOOuss94knntD5fH5k7B133CGCIHi0o6PjZiHEV6+66qoDzjjjjBuLxeL5RPStYrH4KSJ6hIhahRDvMcZcX6vVcsw8fVSM4a729vbPCyG+2tHRcQozPwwgp5SaqbX+abVazQJ44+g1uq6bjaLIbeQXuru7v9Pe3v5WKeW1xWLxXiL6K4CpSqn3GWPuj+O4ll52pTs6Oq5RSi3t6OjIMrMD4OHu7m4/zXI27w1sMKYQYiqAr+62224/ICK+4oor4oZx1fhMnz7dAGBjTBczr1y/fv0UAOju7r5ECHEQgPsBZJl5ozHmU11dXV8E8F/W2rsa6tj3fdHT0/NNrfUBzPwLABkAQ8x8Znd39+eZ+TvW2ttHc38URf8hpXwIAAYGBiwA6unp6SSiw5j592m3kCFr7VlLliw5ftmyZQOVSsUCQFdX139orf8fEblENMzMd6JJ/3wpso3A0v95/KuZAy++8GpcJI9oLGzihg0b5NVXX528wpcvGmHd0b9rWPbTp083aVBJAXhRgcVLjS+Xy7JSqYxO+mDBggXOVVddpWkrxSOj5xgYGLBbu920XC7LO+64Q4z+nibbNqlJTWpSk5rUpLFA/x/uiqsFaH5j9gAAAABJRU5ErkJggg=="/>
+                                    <img style="max-height: 60px;" alt="Logo" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAMgAAADICAYAAACtWK6eAAAAAXNSR0IB2cksfwAAAARnQU1BAACxjwv8YQUAAAAgY0hSTQAAeiYAAICEAAD6AAAAgOgAAHUwAADqYAAAOpgAABdwnLpRPAAAAAZiS0dEAH4AfgB+VnP8sAAAAAlwSFlzAAALEwAACxMBAJqcGAAAGzJJREFUeNrtnXmcFMXZx39Vs7uAWRBFvADvKEYEPN94vIOKGh1v5RDHE9+I0RjEyALLbDVdM7uchkSNuop5NXGiEW9w4iuJxvHAKFGDRkCMoEhQCYIgArt01ftHN3EZu3t6dmd3jn2+n89+xOmu7uqn6tfPU9V1AARBEARBEARBEARBEARBEARBEARBEARBfAsjExQOwzB20Vpvzvxda31jPB6/iyxUeDiZgCBIIARBAiEIEkgZoZQa5NowZOwUwzB+QBaiRnqnJBaLnckYm8EYG+R3ntb6ZQCT4vH4q2Q1EkjZ09jYWLlq1apfc85/HDSN1loppaYNGjRIjBgxwiIrdiwVZIKOE8fq1auf5pyfndMbjDEeCoVqFy9e3AfANQA0WbPjCJEJOoajjjqqkTE2stWunrHB4XB4ezqdTpM1KcQqK4QQZwB43i18AvAIY+whpdRSAJxzPlgpdTXn/FyX85s558ebpvkOWZVCrLJBKZXgnGdW9nUALonH4y9lnP5PAI/HYrFhjLHfMca6tvAilZZlTQYwnKxKHqQsMAxjsNb67UzPwRg7XUr5YhbPcxWABzLSWpZl9WloaPicrNv+0HeQdsayrDNcQqU/ZBMHAEgpH9RaL8xoi4RCodBQsiwJpDxcNGODv2N0zh/O4RKPuPw2iCxLAikXgfTO/K25uXlZ4ALifKmLB9qLLEsCKVuqqqoCd45YllXhIjpqO5JAygOt9Xca00qpwW0J0bTWa8iyJJBy4U2XSj86SMLGxsZKAFe4pH+LzEoCKRcPMk8plTk8ZGhtbe3V2dJ+8sknkxlj/TO8zzbO+XNk2Q5qQ5IJ2h8hRArA2RnCaQIwlnN+r2maquUxwzAqtNaTlVIG55xlCOS+RCJxHVm1Y6Av6R3xFmKsVil1BmOsosVvVQDuVkpdV1dX93vG2BKlVIhzPsiyrCs45993+fq+KRQKSbIoeZCyo66uroYxNr2N4doV8Xj8IbJmx0GjeTuIdDr9ajgc5oyxIa0Ux+R4PP5rsiQJpJxF8pdwONzMGBuagzCaAVxJywAVBurF6mC01ofm2H6p1Fp/QZYjgZQ9hmEMZIxd3oqk06m9SAIpe5RS0xljIY9j7wBwHeHLOT9aCHEpWbDjobdSByGEGArgTz6h1FAAGyzLWpT57cMJzVb07dv3sDFjxjSTNcmDlN2LSCk1w+f4s6ZpvmCa5luMsaSHgA789NNPf0KmJIGUo/e4jHN+tEejfbtSanyLcKpOa73V61I1NTXdyaIkkLLhpptu6qK1Tngd11rfl0gkluz4f9M0Vyql7vTwIr2qqqomkFVJIGVDz549b2SMHeAhjo1KKTPz94qKiqnOog5uIrmltrZ2H7IsCaTkMQyjJ4BaH+8xzW3xBdM0v2SMTfUQSDfOuUnWJYGUPEqpSYyxXh7HVm3evPmXXmnXr19/p9Z6pYdIRsdiscPIwiSQkmXy5Mn9ANzkaXjOJ8+ePXuL1/E77rhjG4DJHgIJAZhGViaBlK5hOZeMsW4e3mORlDLrqNx4PP6wUmqRx/UvNAzjRLI0CaTkqK2tHQiXqbItPMCtCLYIteac1/iEcDPI2iSQkqOiomKaz5CSZ1yWG/XEWWDuWQ+hnSSEuIAsTgIpGQzDOA0Z02tbiKMZQE2u19RaT9BaWx7Hpg0fPpymLZBASoJsQ0ruTSQSy3K9aDwe/4fW+gEPL9L/8MMPH02mJ4EUPUKISxljx3i86TeGQqEprb12KBQSWutvPK5tjhs3rhuVAAmkmEOrKq11g0/DPGGa5r9be33TNP+ltb7N49r7VFdXj6NSIIEULVprvyElKzdt2nRnW+/R1NQ002d24QTDMHankiCBFKP36Km1nuzjPWr9PgoGZcaMGZsAmB736KGUqqPSIIEUHZZlTfQZUvKGlPKRfN2rb9++9ymllnl5McMwDqASIYEUk/foyxj7mY/3CPpRMBDOjELXAZCc80rLshJUKiSQYvIenkNKADwej8dfzvc9E4nEk0qpVzwOX2YYxmAqGRJIwamrqzuSMXalR2jVzBib2F59AoyxGpdFscE5Z1prGoJCAik8WmvPISUA7jJN88P2unc8Hl8I4HGPw2c4W08TJJDCIIQ4lXMe8fAe6ztokelaZ/iKm3inG4ZB5UsCKQi+Q0o45/WmaX7Z3plIJBLLAdzr0TlwlNZ6lNuxRx99NFRXV3cUFSMJpL3aHiM558d6vLk/Yozd0YGdBKbWeqNHXhKGYVS1/M0wjK6LFy9+FMBrQogfUWmSQPKKsy2a35CSiaZpNnVUfqZOnbrWq1HOGDtAKXVDC3FUW5Y1j3N+MWOsq9b6KRJJllCBTJCz97iZMTbb4429MB6Pn4Q8fvcIwrhx47pVV1cvZ4z1ccnTOs75QVu3bt29qqrqGcbYkRnH//X1118fko8v/eRBOjkTJkzYFUDMo2GuOee3dLQ4AGD27NlbGGN1Hl6kl2VZ91dWVr6RKQ6l1BrLsn5E4iCB5IWKigrPISWMsbmmab5eqLwtWbLkt1rrdz06DYZxzntneI6VoVAo3NDQ8B6VLAmkzUyePLkP53ysR2jVpLWeWMj8zZ0712KMBVp1USn1Guf8hPb8TkMC6WyG8lmlRGt9RyKRWFHoPEop/wjgz37naK3nhEKhU03T/IxKNUDUQCbITm1t7QAAV3lUuHXbt2+vL4Z8xmKxs7TWezPGvDzHm4lE4sdUouRB8t328BtSIqdNm7a+wOHfKbFY7EXO+R8ZY0f4eMHjDMM4mUqUPEjeMAzjFK31OR7eY3nfvn3vLlC+uiqlRgC4mTEW+Ku4ZVnTAZyMAvS2kUDKD2ZZ1kzO3R0tYyzekTs+GYZRYVnWKYyxUUqpYYyxHj5tjU8YY/u5eJETY7HYRYlE4gkq3gAVgEzgjRBiJIBHfCphs9Z6Ief8BcbYywAWmaa5Mc+iOLS5ufnkioqKiFLqdM75rn7nK6XSjLEY5/xdpdSHbt3SWuulffv2HUjbuZFAWk1jY2Plp59+upQxdlAu6bTWH2itPwCwjHO+XCm1IhQKfQHgy+rq6nXjx4/fnBkqNTc371pZWdlLa90PwEFKqYM55wO11scwxrIuxODMC1nAOZ8lpVyw4/e6urpbGGO3eSS7XkrZSCVNAmkVdXV1P2OM/aqY86i13qCUeogxdqfbgnSGYVQppZa5rbaitV7To0eP72cKltgZWrLSPazpobV+gjG2i0vFamKMPaWU6sMY61oAUXwN4AnGWGzDhg3Xz5o1a146nXbdjeqll16yhgwZ8jljbJhL+6n7tm3btqTT6TSVOHmQnIjFYg2c80ke4cxtiUTiVsMwKgAcq5Q6TWs9BMBxnPPd8p0XpdQ2xtg7AP7MOV8A4LUcRwuzWCz2htvwfK31xu3btx8yderUtVTq7lAv1ne9x75KqZs93t7rQqFQAgBM09wO4HXnr8ER1sGc8wEA+mutD2WM7a+13g/APoyxah+vsB3AF1rrzzjnK5RSHyqlPgiFQn/r16/f+21sTOtQKDRea/2iixfpUVFRIeCz0Q95ECLTe8zhnF/rUZHHxuPx21spPN7U1OQ20FFNnTp1XXs/lxBiPoBzXDxUM4DDE4nEP6n0yYNka5gfAeBqj1Bneb9+/Vr9UdA0TQWgYKGM1noCgLMyRwRwziuVUvUALqUa8F1oqMnOlchvSMnEUv5u4LeFAoARhmEcSzWABOLnPYZwzs/18B7pcvjy7Gyh8J3JUZxzppSaTrWABOLXFpvpIQ7tLB9a8jhbKMxyNQBjpxmGcRZVBRKIm/cYzhg7zuPw7+Px+Jvl8qxNTU0zlVKubSHLsqbTdm4kkJ3wW6VEa73Fb1uDUmTGjBmbOOeuWyhwzgf2798/SrIggfyH1atXX88YO9hDILfX19d/XG7P3KdPn3uVUss9Dkvazo0EAgCoqanprrUWHm2PtU1NTfXl+Nxjxoxp9hopwBjbv7q6+kaSBgkEVVVVExhje3hUlCnOjk5liZTyCa31Qo/DEydOnLgbyaMTC8QwjH0ZY7d4eI8lnPN7y9wEmnNe4/Fy6FVZWTmR5NGJBZJl45saZ6xVWWOa5isAnvQ4fJNhGPuRQDqn9/gBY+xqj4b5C4lEYn5nsYVSapLbFgqMsW5KKZME0gnxGlKitbYA3NqZbOFMtJrjcfiKurq6I0kgnYi6urohAM7zOPy7eDz+dmezSSgUkm5bKDDGQoyxqSSQzoPn/n1a6y1KqVhnrATOKotec9fPcV4qJJByRwgxjHN+vEcsPrO+vn51Z60IPXr0uE1rvcbj5TEDnXTuUKcRSGNjY6XW2mtIyZrm5uZZnTmUGD9+/GbO+RTXSsL58UKIYSSQMsYZUnKIa9zFmFHOHwWD8v7779+vlFri8RKpd8atkUDKDb8hJVrrt5csWfIbEJg7d67FOZ/g8RL5/urVq68jgZQhXbp0qfEYUrJgl112GTp37lyL5GEjpZynlEp7tNPqampqupNAyoja2tp9ANzi4jluHzBgwNmTJk1aT7LYmVAoNN5ZrTGzLbJXZWXlz0kg5VXYsuUCcEqp5u3bt/84Ho+PHTFiBHkOF0zTfIMxNtejwT7OeemQQEqdWCx2OIBrWniNtVrr0xsaGuaQDLJUDM69hqD0qKysvIIEUh78Z0iJUmpxU1PT8fX19bTUZjAv8hFj7G6PtkgFCaTEMQwjzDk/3ynQp0Kh0EnTp09fSVU/Jy9iKqU+dmm/bSGBlDiWZdUrpbRSqj4UCl1imubXVOVz9iJfhkKh/lrrCVrrDS3CrE4jkLIcPnDrrbfu2a1btxWMsdFSyj9QVc+LR97dsqwYgBs452OklA+SVUqUxsbGSsMwjiZL5J9YLHag0/lBEARBEARBEARBEARBEARBEARBEARBEARBEARBEARBEARBEARBEARBEARBEARBEARBEARB5EzRr4sVTaeOBLA4hyT/lQxH3uiAfPUCcCqA0wAcDKA3gD0B7AHAArAJwDoAywAsAfAqgJeS4chmn2v+HIDfTlcWgEHJcOQfeXyOfQB8BKCrz2k3J8ORX7Uyz/nA8/7tTSmssXpZjuePBPBGO4miC4CrAVwHYDD8V6bcBcBeAH4A4CLnt6ZoOvUSgAcAPJkMR3JdoTAEoAHABXl8rElZxNGpKeqlR6PpFAMwKsdkw510+cxHt2g6dQuAFQDuAXB0K21XBeAMAEkAv29lds6PplMn5em5+jhiJ0pRIABOArB/jmn6ATghj+I4zPFItwHI574YT7Qh7fQ85aEWQBeSQekKJNrKdCPzJI5RABYBGJDn5/oGwJNteXFE06nz2/hs/QD8D0mgRAUSTacqAQxvZfLh0XSKt/H+VzphUHU7PN4zyXCkravNN0TTqVAb0k92Qj6iRD3ImQB6tTLtPgBOboM4TgXQnrtQPZSHaxwB4MpWPt/+AEZT9c9OMfdiRduYfiSAdCsrzxMActkTfDuA9wGsBfCV43V6w+7y7Y2de4n+DeD5PNlIRtOph5PhyNYc08VyfL628iTsLu/W8g8SyM6V9Hvw78p8BsBhzp8Xl0TTqZ8lw5FcN+qcCqBngPMsAE8BaATwil+XbTSdOgDAcQDOBrAmGY4058lUfQH8FDl8h4imUwfC7qruSMxkOPJ38iD540LY3xG8mA9gKYAan3P2AjAEwAs5VJ5jAVwa4NQVAEYlw5G/BrluMhxZCWAlgLntYKvaaDo1JxmObAh4fh1K4/sXtUF8yPZxMAXg6QDXGZHjfeuRfXTBKgAnBhVHB7AbgAkBXwCHALiCqn0JCySaTu3hNNC9eCcZjqwG8DqAL7Jc7pJoOlUR8L67AxgaRHTJcOSzIjPbWOejH3mPTuBBRmQpxPlO2KIAzMtyrT1gj5UKQgT2UA4/5iXDkdeL0GbdABhZXgCH5qHjo9NRjG+TbOHVsy3+/TSAawMILkiv0XkBznmoiMtydDSd+kUyHFnqcVwEeAG0F7FoOvXvVqa9ORmObCOB4D+9PSf6nLIWOw9EXAD7q7Rfg/7iaDr1kwA9R4MDZPHFIhbIjoGMF7vYtT+8x7R9BWDXds7bsDakvRVAwQRSbCHWqCyN5D86oRWcMGsrgP8L0Ig9I8C9985yfFMyHFlbYPsoAF/6HL8omk790OV3w6esbwdAe8iXiEByCa9ahllB2jV+nmsXAD2yXGNdEdhnI+xBk35Mz3i2I3ye/2sAvyIZlIBAounUQPgPCtzu4S3mw/5o58eFzlwOL/YMGMIUA7dnEWs4mk5FAnqPu5PhyDqSQWl4kGze45VkOPJV5o9OAb+aJe2u8O86DjJxqXcxGMkZ5Dgzy2nToukUd2ZjesX/WwH8giRQAgIJODFqvs+xIGHWyCyN/2xeqGs0ndq7SMrtTifPXhwJu0t3ik+bbk4Rfs8pOoqlF+tkAPtlOWdWNJ1qy9zn86PpVFe3gX3JcEQ53ZB7ZbnGaWj9TMB8epHN0XRqJoAZPqf91udYc5a0RJEJ5LIOuEd32IMFvSYqrQwgkIuLQSAOv4bdBbpnK9I+mAxHVnVgXgeX6mDFgodYbZwYlSt+YVaQj4kXOb1CxdAW+aaVXsACMI18Q+m0QX6E1k+MypVznS5dN54NaK97oulUsczEuwtAru2Ih5PhyD+p6peOQDpyfND3AJzjcexNAJ8HbC/dF3QQZDt7kS3IbQEHDXu+C1EKAommU9UAzu/g2470qGwKwSceXQngBWfhg0JzD4A1Ac99PBmOvE/VvnQ8yAXwH0fVHkQcYbpxJ4DVAa/z3wA+jKZTc6Lp1IlOW8rrRcCi6dSR0XTqhmg6dXmevcjWHNoUDVTlc6PQYUKQ8GptDpW2C4DDs5zTDfbI3YfdKls0nRIA7g94vyrYo4mvBbA5mk694+T3S+c+O+akH4hvBwR+gPyPCr4X9uxKvzkhzybDkbcLVM5tGc0LAHOT4cgLnUog0XSqN7IPInwrGY4ck+N1H0X2XrGRbgJxRPKbaDp1MoBrWtG+CbLi4aHRdOrQZDjyQT69SDSdmup4QC/qC/giHNbG9EuRw9TpcvEgIwLcf34rrvt0AIGcFU2neiTDkY0ex6+HvSB1uJ2e/Xzkf8HnObDHsrnZdE0yHFlIAVNpCSTIx8FnW3HdZ2EPbKzIEopdAOB3Hm/kpmg6dRGARxFsGm7BBeJMKvoJVekyaKQHmBgF2PPN32xFRdmAYOthjcxynS9hf6OZ3g4mONGZe0+QQFrtPVLJcES38vpBBi+eGU2nemYRiZUMRyY6baV8zkVfD+AAqn4kkI4Or3IRSCW+3bcjm1f6UzIcOcHxKH+GPdgvV5oA/An2gtH9kuHIIqp+1AZxC68Gwl5X1o9mtGF5zmQ48rHT5ZptnvlIAP+bw3WfB/B8NJ3qDuAUx7Mcjp13l9oGYAPsrt6lAN4D8BaAv/jtLkUQBEEQBEEQBEEQBEEQBEEQBEEQBEEQBFH8sGLJiBCiJ+x1ns4CcBDsnWFXAXgX9lpUT0opdUaao5w0/w17uMdHAN4B8JSUcq7LPY6APfSjJc1Our8CSEgpl2c5fyOAJbA38Jwtpdzm8TztmjeX9MsBHALgMSnlcJfjbyPYFg+AvTloTyc/U6SUZh6fbxOAAVLKTzyeYwzsefb9pZTLCl0vK4pEHBfCXsJmVwALYU9JXQ97v/NjAcSklE+0OJ/D3pfPhD3F9RUAH8IeFzUUwGVCiMcAXC+ldFuc+Xl8O9arGsBAAJcDGCmEOEFK+bbH+Qz2Ngmnw14d5DIhxA+llN8UMG8QQpzkiONTAOcKIXpIKTMng83GzusL9wEwDvZ+j5mz9b6Cx06/eXi+7rAnd51ZCh6kogjEEYG92mEKwA1Syo9dzsnM51jYCxA8AODGjAr6PdgroI+GPWfcbTvp16SUt2Xc4wwAz8GetnqS3/lOJZnlVLAGADcXMG8AcBXsFd8nOi+XC5Gx9KiU8rcZ1xzk5D+deT/nuFeRtfX53gJwhhDiOinlvcUuEF5gcXR33OkiAOe7icMp3O0t0uwNe1HmF6WU17QsIOfczVLKawE8DuB8IcS5QfIipVwA4DUAx7gIMvNc5bxFP4e9nGnB8iaE6Ap7+vJjTti3BdkXAm9teeXj+e4B8BKAWUKI/Ugg/twIoB+An0oprYBproO92c3ELOeNd2L4G3LIzxcIuA+IlLIZwN8BHCCEYAXM24VOaPqIlHIz7D1UThdCtMd2Dfl4PgV7QQyG4KvHdFqBnAl7n4pcptYOcN6Sb2apwCsALEP2uSc73o5dABwHYFFLj5WF3gDeb9F5UIi8XQV74bgd04wfc0LnYe1QXnl5Pud4jSPk60gg3hwA4AMnZAnK4QA+zOzR8mApgP2EENU+la9SCDEA9gIN+8LeDTZIpT3T6RV6rFB5E0LsC3vS1qMtbDgP9uzF9giz8vl898CenTlLCLE/NdLdUbA32cyFrjmcuw32CieZXbFThBBTMn77DMBIJ97P5IdCiLEZPUuXOAU8rYB5u9wJux5p8XbeKIRYACAihOgnpcznNgf5eL4d+dRCiNGwu37nINhGq53Og7wHoJ/TWA/KEgAHCiEqA5x7mOOhMueQz4e99tX1Ld7KC6SUj3tc5ywAv3T+bnRCq2sBnJnRdurovF3pVMAThBBjd/w5FZMBuDTP5ZWP52spkk8A3OKEWmPIg3yXd2F3BQ4H8JscCuk82H3uz/mEJ3s4MfA8l8OLpJSNLc49FsDlQoh7pJSvuZzv+rGskHlzft8R43vtNTgK2fczzFUgbX2+TJHMEUJcAmCmEOI58iA7cz+AzQCmCyF65ZCmyUnjl38T9gJxQSrIz51elzuyXLOY8naV898jpZQs8w/2yi5HCSEOy3N55fv5AHulF8sJtRgJ5Nu3x0oAk2GvBrJQCHGixxsp1CLNB06oMxDAU0KI3TLO5cL+ynU9gHullIsC5OND2B+4jnYKq7XP0yF5c0KcUQD+JqV8zyPpIy28SL7KK+/P51x3NeyPrac7oSuFWC24w3nbmABeFkK8Afv7wirYS+kcDXvjl5br5Bqwt024EcAyIcRfnHBtP9gb3BzmXHdiDvmIOzF9vRBirpRyfSufp93zBnvJoV6OzbyYB+AbRyBT8lhe7fF8kFI+6IRa55EH2dkwSko5w3kr3eW48OGwPzYNdeLeeEaarVLKm2Av5PYcgP6OJzrX6V4cKqUcK6XckkM+NgKIOd4s3obn6Yi8XeWEXQ/7pNnsiORQIcTReSyvvD9fC8bAXk+MIAiCIAiCIAiCIAiCIAiCIAiCIAiCIAiCIAiCKCP+H457+FmLAibsAAAAAElFTkSuQmCC"/>
                                 </div>
                             </div>
                             <div class="row zero_min_height">
diff --git a/addons/account/views/report_invoice.xml b/addons/account/views/report_invoice.xml
index 6af975feb2c7b..e9daa3c85fa9e 100644
--- a/addons/account/views/report_invoice.xml
+++ b/addons/account/views/report_invoice.xml
@@ -22,6 +22,9 @@
                                     <t t-if="o.company_id.account_fiscal_country_id.vat_label" t-esc="o.company_id.account_fiscal_country_id.vat_label" id="inv_tax_id_label"/>
                                     <t t-else="">Tax ID</t>: <span t-field="o.partner_id.vat"/>
                                 </div>
+                                <div t-if="o.partner_id.country_code == 'MA' and o.partner_id.company_registry">
+                                    ICE: <a t-field="o.partner_id.company_registry"/>
+                                </div>
                             </t>
                         </div>
                     </t>
@@ -33,6 +36,9 @@
                                     <t t-if="o.company_id.account_fiscal_country_id.vat_label" t-esc="o.company_id.account_fiscal_country_id.vat_label" id="inv_tax_id_label"/>
                                     <t t-else="">Tax ID</t>: <span t-field="o.partner_id.vat"/>
                                 </div>
+                                <div t-if="o.partner_id.country_code == 'MA' and o.partner_id.company_registry">
+                                    ICE: <a t-field="o.partner_id.company_registry"/>
+                                </div>
                             </t>
                         </div>
                     </t>
@@ -44,6 +50,9 @@
                                     <t t-if="o.company_id.account_fiscal_country_id.vat_label" t-esc="o.company_id.account_fiscal_country_id.vat_label" id="inv_tax_id_label"/>
                                     <t t-else="">Tax ID</t>: <span t-field="o.partner_id.vat"/>
                                 </div>
+                                <div t-if="o.partner_id.country_code == 'MA' and o.partner_id.company_registry">
+                                    ICE: <a t-field="o.partner_id.company_registry"/>
+                                </div>
                             </t>
                         </div>
                     </t>
diff --git a/addons/account/wizard/account_invoice_send.py b/addons/account/wizard/account_invoice_send.py
index 47efe2eb823f4..9dfa520cad9cb 100644
--- a/addons/account/wizard/account_invoice_send.py
+++ b/addons/account/wizard/account_invoice_send.py
@@ -30,6 +30,11 @@ class AccountInvoiceSend(models.TransientModel):
         compute='_compute_move_types',
         readonly=True)
 
+    # Technical field to display or not the attachment button
+    display_attachment_fields = fields.Boolean(compute='_compute_display_attachment_fields')
+    # Technical field to display or not a warning icon besides attachments not supported
+    attachments_not_supported = fields.Json(compute='_compute_attachments_not_supported')
+
     @api.model
     def default_get(self, fields):
         res = super(AccountInvoiceSend, self).default_get(fields)
@@ -112,6 +117,16 @@ def _compute_invoice_without_email(self):
             else:
                 wizard.invoice_without_email = False
 
+    @api.depends('is_email', 'composition_mode')
+    def _compute_display_attachment_fields(self):
+        for wizard in self:
+            wizard.display_attachment_fields = wizard.is_email and wizard.composition_mode != 'mass_mail'
+
+    @api.depends('display_attachment_fields', 'attachment_ids')
+    def _compute_attachments_not_supported(self):
+        for wizard in self:
+            wizard.attachments_not_supported = {}
+
     def _send_email(self):
         if self.is_email:
             # with_context : we don't want to reimport the file we just exported.
diff --git a/addons/account/wizard/account_invoice_send_views.xml b/addons/account/wizard/account_invoice_send_views.xml
index e732600c140be..6d1b6c0067c72 100644
--- a/addons/account/wizard/account_invoice_send_views.xml
+++ b/addons/account/wizard/account_invoice_send_views.xml
@@ -18,6 +18,8 @@
                     <field name="invoice_ids" invisible="1"/>
                     <field name="email_from" invisible="1" />
                     <field name="mail_server_id" invisible="1"/>
+                    <field name="display_attachment_fields" invisible="1"/>
+                    <field name="attachments_not_supported" invisible="1"/>
                     <div name="option_print">
                         <field name="is_print" />
                         <b><label for="is_print"/></b>
@@ -53,9 +55,6 @@
                             <field name="body" class="oe-bordered-editor" options="{'style-inline': true}"/>
                         </div>
                         <group>
-                            <group attrs="{'invisible': [('composition_mode', '=', 'mass_mail')]}">
-                                <field name="attachment_ids" widget="many2many_binary" string="Attach a file" nolabel="1" colspan="2" attrs="{'invisible': [('composition_mode', '=', 'mass_mail')]}"/>
-                            </group>
                             <group>
                                 <field name="template_id" options="{'no_create': True, 'no_edit': True}"
                                     context="{'default_model': 'account.move'}"/>
@@ -63,6 +62,16 @@
                         </group>
                     </div>
 
+                    <group attrs="{'invisible': [('display_attachment_fields', '=', False)]}">
+                        <field name="attachment_ids"
+                               widget="many2many_binary"
+                               string="Attach a file"
+                               nolabel="1"
+                               colspan="2"
+                               attrs="{'invisible': [('display_attachment_fields', '=', False)]}"
+                               options="{'attachments_not_supported_field': 'attachments_not_supported' }"/>
+                    </group>
+
                     <footer>
                         <button string="Send &amp; Print"
                             attrs="{'invisible': ['|', ('is_email', '=', False), ('is_print', '=', False)]}" data-hotkey="q"
diff --git a/addons/account/wizard/account_tour_upload_bill.py b/addons/account/wizard/account_tour_upload_bill.py
index 59482a869f102..d1c92c882cee0 100644
--- a/addons/account/wizard/account_tour_upload_bill.py
+++ b/addons/account/wizard/account_tour_upload_bill.py
@@ -17,7 +17,7 @@ class AccountTourUploadBill(models.TransientModel):
 
     selection = fields.Selection(
         selection=lambda self: self._selection_values(),
-        default="sample"
+        default=lambda self: 'sample' if self.env.ref('base.res_partner_2', raise_if_not_found=False) else 'upload'
     )
 
     preview_invoice = fields.Html(
@@ -50,7 +50,9 @@ def _selection_values(self):
         journal_alias = self.env['account.journal'] \
             .search([('type', '=', 'purchase'), ('company_id', '=', self.env.company.id)], limit=1)
 
-        values = [('sample', _('Try a sample vendor bill')), ('upload', _('Upload your own bill'))]
+        # We don't want people putting demo data in their database if they didn't launch it in demo mode
+        values = [('sample', _('Try a sample vendor bill'))] if self.env.ref('base.res_partner_2', raise_if_not_found=False) else []
+        values.append(('upload', _('Upload your own bill')))
         if journal_alias.alias_name and journal_alias.alias_domain:
             values.append(('email', _('Or send a bill to %s@%s', journal_alias.alias_name, journal_alias.alias_domain)))
         return values
@@ -78,12 +80,7 @@ def apply(self):
             return purchase_journal.with_context(default_journal_id=purchase_journal.id, default_move_type='in_invoice').create_document_from_attachment(attachment_ids=self.attachment_ids.ids)
         elif self.selection == 'sample':
             invoice_date = fields.Date.today() - timedelta(days=12)
-            partner = self.env['res.partner'].search([('name', '=', 'Deco Addict')], limit=1)
-            if not partner:
-                partner = self.env['res.partner'].create({
-                    'name': 'Deco Addict',
-                    'is_company': True,
-                })
+            partner = self.env.ref('base.res_partner_2')
             bill = self.env['account.move'].create({
                 'move_type': 'in_invoice',
                 'partner_id': partner.id,
diff --git a/addons/account_add_gln/__init__.py b/addons/account_add_gln/__init__.py
new file mode 100644
index 0000000000000..0650744f6bc69
--- /dev/null
+++ b/addons/account_add_gln/__init__.py
@@ -0,0 +1 @@
+from . import models
diff --git a/addons/account_add_gln/__manifest__.py b/addons/account_add_gln/__manifest__.py
new file mode 100644
index 0000000000000..471c1b1e5c08e
--- /dev/null
+++ b/addons/account_add_gln/__manifest__.py
@@ -0,0 +1,13 @@
+{
+    'name': "Add Partner GLN",
+    'summary': "This module adds the Global Location Number to the partner. Used on delivery addresses, it is used to identify stock locations and is mandatory on the UBL/CII eInvoices (but not only). The module is intended be merged with account, later on, in master",
+    'category': 'Accounting/Accounting',
+    'version': '1.0',
+    'depends': ['account'],
+    'installable': True,
+    'auto_install': True,
+    'data': [
+        'views/res_partner_views.xml',
+    ],
+    'license': 'LGPL-3',
+}
diff --git a/addons/account_add_gln/models/__init__.py b/addons/account_add_gln/models/__init__.py
new file mode 100644
index 0000000000000..91fed54d404ea
--- /dev/null
+++ b/addons/account_add_gln/models/__init__.py
@@ -0,0 +1 @@
+from . import res_partner
diff --git a/addons/account_add_gln/models/res_partner.py b/addons/account_add_gln/models/res_partner.py
new file mode 100644
index 0000000000000..5e8729168d0a3
--- /dev/null
+++ b/addons/account_add_gln/models/res_partner.py
@@ -0,0 +1,7 @@
+from odoo import fields, models
+
+
+class ResPartner(models.Model):
+    _inherit = 'res.partner'
+
+    global_location_number = fields.Char(string="GLN", help="Global Location Number")
diff --git a/addons/account_add_gln/views/res_partner_views.xml b/addons/account_add_gln/views/res_partner_views.xml
new file mode 100644
index 0000000000000..0a3cc09eac3fa
--- /dev/null
+++ b/addons/account_add_gln/views/res_partner_views.xml
@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<odoo>
+    <record id="account_add_gln.view_partner_form_inherit" model="ir.ui.view">
+        <field name="name">res.partner.form.inherit.account_peppol_partner_extra_fields</field>
+        <field name="model">res.partner</field>
+        <field name="priority">15</field>
+        <field name="inherit_id" ref="base.view_partner_form"/>
+        <field name="arch" type="xml">
+            <xpath expr=".//page[@name='sales_purchases']//group[@name='misc']" position="inside">
+                <field name="global_location_number" attrs="{'invisible': [('type', '!=', 'delivery')]}"/>
+            </xpath>
+            <xpath expr=".//page[@name='contact_addresses']/field[@name='child_ids']/form//field[@name='mobile']" position="after">
+                <field name="global_location_number" attrs="{'invisible': [('type', '!=', 'delivery')]}"/>
+            </xpath>
+        </field>
+    </record>
+</odoo>
diff --git a/addons/account_edi/models/account_edi_format.py b/addons/account_edi/models/account_edi_format.py
index a0b12e11bffe7..38244a5a5b790 100644
--- a/addons/account_edi/models/account_edi_format.py
+++ b/addons/account_edi/models/account_edi_format.py
@@ -516,17 +516,18 @@ def _retrieve_product(self, name=None, default_code=None, barcode=None):
             domains.append([('default_code', '=', default_code)])
         if name:
             domains += [[('name', '=', name)], [('name', 'ilike', name)]]
-        products = self.env['product.product'].search(
-            expression.AND([
-                expression.OR(domains),
-                [('company_id', 'in', [False, self.env.company.id])],
-            ]),
-        )
-        if products:
-            for domain in domains:
-                products_by_domain = products.filtered_domain(domain)
-                if products_by_domain:
-                    return products_by_domain[0]
+
+        for domain in domains:
+            product = self.env['product.product'].search(
+                expression.AND([
+                    domain,
+                    [('company_id', 'in', [False, self.env.company.id])],
+                ]),
+                limit=1
+            )
+            # We need a single product. Exit early if one is found (implements the priority logic).
+            if product:
+                return product
         return self.env['product.product']
 
     def _retrieve_tax(self, amount, type_tax_use):
diff --git a/addons/account_edi_proxy_client/models/account_edi_proxy_user.py b/addons/account_edi_proxy_client/models/account_edi_proxy_user.py
index 8db863b2a5f92..b9aadda2a9754 100644
--- a/addons/account_edi_proxy_client/models/account_edi_proxy_user.py
+++ b/addons/account_edi_proxy_client/models/account_edi_proxy_user.py
@@ -117,9 +117,6 @@ def _make_request(self, url, params=False):
                 self._renew_token()
                 self.env.cr.commit() # We do not want to lose it if in the _make_request below something goes wrong
                 return self._make_request(url, params)
-            if error_code == 'no_such_user':
-                # This error is also raised if the user didn't exchange data and someone else claimed the edi_identificaiton.
-                self.sudo().active = False
             raise AccountEdiProxyError(error_code, proxy_error['message'] or False)
 
         return response['result']
diff --git a/addons/account_edi_ubl_cii/data/ubl_20_templates.xml b/addons/account_edi_ubl_cii/data/ubl_20_templates.xml
index 8f3470f7955d8..5e533c9062a8d 100644
--- a/addons/account_edi_ubl_cii/data/ubl_20_templates.xml
+++ b/addons/account_edi_ubl_cii/data/ubl_20_templates.xml
@@ -313,6 +313,8 @@
                 <cac:Delivery>
                     <cbc:ActualDeliveryDate t-out="foreach_vals.get('actual_delivery_date')"/>
                     <cac:DeliveryLocation>
+                        <cbc:ID t-att-schemeID="foreach_vals.get('delivery_location_vals', {}).get('delivery_location_scheme_id')"
+                                t-out="foreach_vals.get('delivery_location_vals', {}).get('delivery_location_id')"/>
                         <cac:Address>
                             <t t-call="{{AddressType_template}}">
                                 <t t-set="vals"
diff --git a/addons/account_edi_ubl_cii/models/account_edi_xml_ubl_bis3.py b/addons/account_edi_ubl_cii/models/account_edi_xml_ubl_bis3.py
index 2a528081a799b..c200afdeac742 100644
--- a/addons/account_edi_ubl_cii/models/account_edi_xml_ubl_bis3.py
+++ b/addons/account_edi_ubl_cii/models/account_edi_xml_ubl_bis3.py
@@ -179,9 +179,6 @@ def _get_delivery_vals_list(self, invoice):
                              and supplier.country_id.code in economic_area
                              and supplier.country_id != customer.country_id)
 
-        if not intracom_delivery:
-            return []
-
         # [BR-IC-12]-In an Invoice with a VAT breakdown (BG-23) where the VAT category code (BT-118) is
         # "Intra-community supply" the Deliver to country code (BT-80) shall not be blank.
 
@@ -194,12 +191,31 @@ def _get_delivery_vals_list(self, invoice):
         else:
             partner_shipping = customer
 
-        return [{
-            'actual_delivery_date': invoice.invoice_date,
-            'delivery_location_vals': {
+        # TODO master: clean that code a bit hacky, when the module account_add_gln is merged with account
+        gln = 'global_location_number' in partner_shipping._fields and partner_shipping.global_location_number
+
+        if not intracom_delivery and not gln:
+            return []
+
+        delivery_vals = {
+            'delivery_location_vals': {},
+        }
+
+        if intracom_delivery:
+            delivery_vals.update({
+                'actual_delivery_date': invoice.invoice_date,
+            })
+            delivery_vals['delivery_location_vals'].update({
                 'delivery_address_vals': self._get_partner_address_vals(partner_shipping),
-            },
-        }]
+            })
+
+        if gln:
+            delivery_vals['delivery_location_vals'].update({
+                'delivery_location_scheme_id': '0088',
+                'delivery_location_id': partner_shipping.global_location_number,
+            })
+
+        return [delivery_vals]
 
     def _get_partner_address_vals(self, partner):
         # EXTENDS account.edi.xml.ubl_21
@@ -435,10 +451,6 @@ def _invoice_constraints_peppol_en16931_ubl(self, invoice, vals):
             'peppol_en16931_ubl_seller_endpoint': self._check_required_fields(
                 vals['supplier'], 'vat'
             ),
-            # PEPPOL-EN16931-R010: Buyer electronic address MUST be provided
-            'peppol_en16931_ubl_buyer_endpoint': self._check_required_fields(
-                vals['customer'], 'vat'
-            ),
             # PEPPOL-EN16931-R003: A buyer reference or purchase order reference MUST be provided.
             'peppol_en16931_ubl_buyer_ref_po_ref':
                 "A buyer reference or purchase order reference must be provided." if self._check_required_fields(
diff --git a/addons/account_edi_ubl_cii/models/ir_actions_report.py b/addons/account_edi_ubl_cii/models/ir_actions_report.py
index 232c5b4031a2c..29913df33268f 100644
--- a/addons/account_edi_ubl_cii/models/ir_actions_report.py
+++ b/addons/account_edi_ubl_cii/models/ir_actions_report.py
@@ -1,7 +1,7 @@
 # -*- coding: utf-8 -*-
 # Part of Odoo. See LICENSE file for full copyright and licensing details.
 
-from odoo import models
+from odoo import api, models
 from odoo.tools import cleanup_xml_node
 from odoo.tools.pdf import OdooPdfFileReader, OdooPdfFileWriter
 
@@ -21,43 +21,77 @@ def _is_invoice_report(self, report_ref):
         custom_templates = [report.strip() for report in custom_templates.split(',')]
         return super()._is_invoice_report(report_ref) or self._get_report(report_ref).report_name in custom_templates
 
+    @api.model
+    def _get_edi_document_format_codes_for_pdf_embedding(self):
+        return ['ubl_bis3', 'ubl_de', 'nlcius_1', 'efff_1']
+
     def _add_pdf_into_invoice_xml(self, invoice, stream_data):
-        format_codes = ['ubl_bis3', 'ubl_de', 'nlcius_1', 'efff_1']
+        format_codes = self._get_edi_document_format_codes_for_pdf_embedding()
         edi_attachments = invoice.edi_document_ids.filtered(lambda d: d.edi_format_id.code in format_codes).sudo().attachment_id
         for edi_attachment in edi_attachments:
-            old_xml = base64.b64decode(edi_attachment.with_context(bin_size=False).datas, validate=True)
-            tree = etree.fromstring(old_xml)
-            anchor_elements = tree.xpath("//*[local-name()='AccountingSupplierParty']")
-            additional_document_elements = tree.xpath("//*[local-name()='AdditionalDocumentReference']")
-            # with this clause, we ensure the xml are only postprocessed once (even when the invoice is reset to
-            # draft then validated again)
-            if anchor_elements and not additional_document_elements:
-                pdf_stream = stream_data['stream']
-                pdf_content_b64 = base64.b64encode(pdf_stream.getvalue()).decode()
-                pdf_name = '%s.pdf' % invoice.name.replace('/', '_')
-                to_inject = '''
-                    <cac:AdditionalDocumentReference
-                        xmlns="urn:oasis:names:specification:ubl:schema:xsd:Invoice-2"
-                        xmlns:cbc="urn:oasis:names:specification:ubl:schema:xsd:CommonBasicComponents-2"
-                        xmlns:cac="urn:oasis:names:specification:ubl:schema:xsd:CommonAggregateComponents-2">
-                        <cbc:ID>%s</cbc:ID>
-                        <cac:Attachment>
-                            <cbc:EmbeddedDocumentBinaryObject mimeCode="application/pdf" filename=%s>
-                                %s
-                            </cbc:EmbeddedDocumentBinaryObject>
-                        </cac:Attachment>
-                    </cac:AdditionalDocumentReference>
-                ''' % (escape(pdf_name), quoteattr(pdf_name), pdf_content_b64)
-
-                anchor_index = tree.index(anchor_elements[0])
-                tree.insert(anchor_index, etree.fromstring(to_inject))
-                new_xml = etree.tostring(cleanup_xml_node(tree), xml_declaration=True, encoding='UTF-8')
-                edi_attachment.sudo().write({
-                    'res_model': 'account.move',
-                    'res_id': invoice.id,
-                    'datas': base64.b64encode(new_xml),
-                    'mimetype': 'application/xml',
-                })
+            self._add_attachments_into_invoice_xml(
+                invoice,
+                edi_attachment,
+                [{
+                    'name': '%s.pdf' % invoice.name.replace('/', '_'),
+                    'raw_b64': base64.b64encode(stream_data['stream'].getvalue()).decode(),
+                    'mimetype': 'application/pdf',
+                }],
+                is_main_pdf=True,
+                check_for_additionnal_document_elements=True,
+            )
+
+    @api.model
+    def _add_attachments_into_invoice_xml(self, invoice, xml_attachment, extra_attachments, is_main_pdf=False, check_for_additionnal_document_elements=False):
+        """
+        Helper to embed the extra attachments into the xml file
+        :param invoice: The invoice it is all about
+        :param xml_attachment: The xml file that will contain embedded attachments
+        :param extra_attachments: A list of dicts like `[{'name': 'filename', 'raw_b64': 'b64 encoded file content', 'mimetype': 'file mimetype'}, ]`
+        :param is_main_pdf: Is the extra attachments list containing ONLY the Invoice PDF
+        :param check_for_additionnal_document_elements: flag to not embed extra attachments if any document is already embedded into the xml
+        """
+        old_xml = base64.b64decode(xml_attachment.with_context(bin_size=False).datas, validate=True)
+        tree = etree.fromstring(old_xml)
+        anchor_elements = tree.xpath("//*[local-name()='AccountingSupplierParty']")
+        additional_document_elements = tree.xpath("//*[local-name()='AdditionalDocumentReference']")
+        if check_for_additionnal_document_elements and anchor_elements and additional_document_elements:
+            return
+        anchor_index = tree.index(anchor_elements[0])
+        is_main_pdf = is_main_pdf and len(extra_attachments) == 1
+        xmlns_invoice = 'xmlns="urn:oasis:names:specification:ubl:schema:xsd:Invoice-2"' if is_main_pdf else ''
+        for attachment in extra_attachments:
+            to_inject = '''
+                <cac:AdditionalDocumentReference
+                    %s
+                    xmlns:cbc="urn:oasis:names:specification:ubl:schema:xsd:CommonBasicComponents-2"
+                    xmlns:cac="urn:oasis:names:specification:ubl:schema:xsd:CommonAggregateComponents-2">
+                    <cbc:ID>%s</cbc:ID>
+                    <cac:Attachment>
+                        <cbc:EmbeddedDocumentBinaryObject mimeCode=%s filename=%s>
+                            %s
+                        </cbc:EmbeddedDocumentBinaryObject>
+                    </cac:Attachment>
+                </cac:AdditionalDocumentReference>
+            ''' % (
+                xmlns_invoice,
+                escape(attachment['name']),
+                quoteattr(attachment['mimetype']),
+                quoteattr(attachment['name']),
+                attachment['raw_b64'],
+            )
+
+            tree.insert(anchor_index, etree.fromstring(to_inject))
+
+        new_xml = etree.tostring(cleanup_xml_node(tree), xml_declaration=True, encoding='UTF-8')
+        fields_values = {
+            'datas': base64.b64encode(new_xml),
+            'mimetype': 'application/xml',
+        }
+        if is_main_pdf:
+            fields_values['res_model'] = 'account.move'
+            fields_values['res_id'] = invoice.id
+        xml_attachment.sudo().write(fields_values)
 
     def _render_qweb_pdf_prepare_streams(self, report_ref, data, res_ids=None):
         # EXTENDS base
diff --git a/addons/account_peppol/models/__init__.py b/addons/account_peppol/models/__init__.py
index 115e10ea64256..bc96919e1dc61 100644
--- a/addons/account_peppol/models/__init__.py
+++ b/addons/account_peppol/models/__init__.py
@@ -4,6 +4,7 @@
 from . import account_edi_proxy_user
 from . import account_journal
 from . import account_move
+from . import ir_actions_report
 from . import res_company
 from . import res_config_settings
 from . import res_partner
diff --git a/addons/account_peppol/models/account_edi_proxy_user.py b/addons/account_peppol/models/account_edi_proxy_user.py
index e2f6047e4eff6..85b988bbe0c65 100644
--- a/addons/account_peppol/models/account_edi_proxy_user.py
+++ b/addons/account_peppol/models/account_edi_proxy_user.py
@@ -110,29 +110,20 @@ def _try_recover_peppol_proxy_users(self, company, *, peppol_identifier=None):
             return
 
         try:
-            with self.env.cr.savepoint():
-                # fetch state from IAP and update user if relevant
-                # _peppol_get_participant_status ignores errors, and here we want to know if it failed
-                # _make_request_peppol won't commit on no_such_user error
-                proxy_user = user._make_request(f"{user._get_server_url_new()}/api/peppol/1/participant_status")
-
-                state_map = {
-                    'active': 'active',
-                    'verified': 'pending',
-                    'rejected': 'rejected',
-                    'canceled': 'canceled',
-                    # IAP-side is still draft (needs phone confirmation)
-                    # set to pending to match normal registration flow
-                    'draft': 'pending'
-                }
-
-                if proxy_user.get('peppol_state') in state_map:
-                    user.company_id.account_peppol_proxy_state = state_map[proxy_user['peppol_state']]
-                    user.active = True
-                else:
-                    # NOTE: this shouldn't happen, but if it does, we will have refreshed the token
-                    # but as it's an unknown state, there is not much we can do with that information
-                    return
+            # fetch state from IAP and update user if relevant
+            # _peppol_get_participant_status ignores errors, and here we want to know if it failed
+            # _make_request_peppol won't commit on no_such_user error
+            proxy_user = user._make_request(f"{user._get_server_url_new()}/api/peppol/1/participant_status")
+
+            state_map = {'active': 'active', 'verified': 'pending', 'rejected': 'rejected'}
+
+            if proxy_user.get('peppol_state') in state_map:
+                user.company_id.account_peppol_proxy_state = state_map[proxy_user['peppol_state']]
+                user.active = True
+            else:
+                # NOTE: this shouldn't happen, but if it does, we will have refreshed the token
+                # but as it's an unknown state, there is not much we can do with that information
+                return
         except AccountEdiProxyError as e:
             _logger.info("Tried unsuccessfully to recover EDI proxy user id=%s (%s)", user.id, e)
         else:
@@ -301,15 +292,25 @@ def _peppol_get_participant_status(self):
             try:
                 proxy_user = edi_user._make_request(f"{edi_user._get_server_url_new()}/api/peppol/1/participant_status")
             except AccountEdiProxyError as e:
-                _logger.error('Error while updating Peppol participant status: %s', e)
+                if e.code == 'client_gone':
+                    # reset the connection if it was archived/deleted on IAP side
+                    edi_user.sudo().company_id._reset_peppol_configuration()
+                else:
+                    # don't auto-deregister users on any other errors to avoid settings client-side to states
+                    # that are not recoverable without user action if an error on IAP side ever occurs
+                    _logger.error('Error while updating Peppol participant status: %s', e)
                 continue
 
-            state_map = {
+            local_state = {
+                'draft': 'not_registered',
                 'active': 'active',
                 'verified': 'pending',
                 'rejected': 'rejected',
-                'canceled': 'canceled',
-            }
-
-            if proxy_user['peppol_state'] in state_map:
-                edi_user.company_id.account_peppol_proxy_state = state_map[proxy_user['peppol_state']]
+            }.get(proxy_user.get('peppol_state'))
+
+            if local_state == 'not_registered':
+                edi_user.sudo().company_id._reset_peppol_configuration()
+            elif local_state:
+                edi_user.company_id.account_peppol_proxy_state = local_state
+            else:
+                _logger.warning("Received unknown Peppol state '%s' for EDI proxy user id=%s", proxy_user.get('peppol_state'), edi_user.id)
diff --git a/addons/account_peppol/models/ir_actions_report.py b/addons/account_peppol/models/ir_actions_report.py
new file mode 100644
index 0000000000000..3361709d3b19b
--- /dev/null
+++ b/addons/account_peppol/models/ir_actions_report.py
@@ -0,0 +1,9 @@
+from odoo import api, models
+
+
+class IrActionsReport(models.Model):
+    _inherit = 'ir.actions.report'
+
+    @api.model
+    def _get_edi_document_format_codes_for_pdf_embedding(self):
+        return super()._get_edi_document_format_codes_for_pdf_embedding() + ['peppol']
diff --git a/addons/account_peppol/models/res_company.py b/addons/account_peppol/models/res_company.py
index 3247aed40ec8c..98e03e435181f 100644
--- a/addons/account_peppol/models/res_company.py
+++ b/addons/account_peppol/models/res_company.py
@@ -159,6 +159,16 @@ def _sanitize_peppol_phone_number(self, phone_number=None):
         if country_code not in PEPPOL_LIST or not phonenumbers.is_valid_number(phone_nbr):
             raise ValidationError(error_message)
 
+    def _reset_peppol_configuration(self):
+        """Reset all peppol configuration fields to their default value, as if not registered"""
+        self.account_peppol_proxy_state = 'not_registered'
+        self.partner_id._compute_peppol_eas()
+        self.partner_id._compute_peppol_endpoint()
+
+        # on 16.0 the constraints on account_edi_proxy_client.user prevent having multiple users of
+        # type 'peppol' for the same company even if they are archived, so we need to unlink them
+        self.account_edi_proxy_client_ids.unlink()
+
     def _check_peppol_endpoint_number(self, warning=False):
         self.ensure_one()
         peppol_dict = PEPPOL_ENDPOINT_WARNINGS if warning else PEPPOL_ENDPOINT_RULES
diff --git a/addons/account_peppol/models/res_config_settings.py b/addons/account_peppol/models/res_config_settings.py
index 4f257c46257bc..928a2af440478 100644
--- a/addons/account_peppol/models/res_config_settings.py
+++ b/addons/account_peppol/models/res_config_settings.py
@@ -70,6 +70,19 @@ def _call_peppol_proxy(self, endpoint, params=None, edi_user=None):
             raise UserError(errors.get(error_code) or error_message or _('Connection error, please try again later.'))
         return response
 
+    def _peppol_deregister(self):
+        edi_user = self.account_peppol_edi_user
+        company = edi_user.company_id or self.company_id
+        if edi_user and company.account_peppol_proxy_state not in ('not_registered', 'rejected'):
+            try:
+                edi_user._make_request(f'{edi_user._get_server_url_new()}/api/peppol/1/cancel_peppol_registration')
+            except AccountEdiProxyError as e:
+                # if user no longer exists, we can consider it deregistered
+                if e.code not in ['client_gone', 'no_such_user_found']:
+                    raise
+        # even if edi proxy user doesn't exist, we still need to ensure registration_state = 'not_registered'
+        company._reset_peppol_configuration()
+
     # -------------------------------------------------------------------------
     # ONCHANGE METHODS
     # -------------------------------------------------------------------------
@@ -126,8 +139,7 @@ def button_create_peppol_proxy_user(self):
         self.ensure_one()
 
         if self.account_peppol_proxy_state != 'not_registered':
-            raise UserError(
-                _('Cannot register a user with a %s application', self.account_peppol_proxy_state))
+            raise UserError(_('Cannot register a user with a %s application', self.account_peppol_proxy_state))
 
         if not self.account_peppol_phone_number:
             raise ValidationError(_("Please enter a mobile number to verify your application."))
@@ -214,11 +226,11 @@ def button_update_peppol_user_data(self):
 
     def button_cancel_peppol_registration(self):
         """
-        Sets the peppol registration to canceled
+        Sets the peppol registration to not_registered
         - If the user is active on the SMP, we can't just cancel it. They have to deregister.
-        - 'not_registered', 'rejected', 'canceled' proxy states mean that canceling the registration
+        - 'not_registered', 'rejected' proxy states mean that canceling the registration
           makes no sense, so we don't do it
-        - Calls the IAP server first before setting the state as canceled on the client side,
+        - Calls the IAP server first before setting the state as not_registered on the client side,
           in case they've been activated on the IAP side in the meantime
         """
         self.ensure_one()
@@ -230,14 +242,7 @@ def button_cancel_peppol_registration(self):
         if self.account_peppol_proxy_state == 'active':
             raise UserError(_("Can't cancel an active registration. Please deregister instead."))
 
-        if self.account_peppol_proxy_state in {'not_registered', 'rejected', 'canceled'}:
-            raise UserError(_(
-                "Can't cancel registration with this status: %s", self.account_peppol_proxy_state
-            ))
-
-        self._call_peppol_proxy(endpoint='/api/peppol/1/cancel_peppol_registration')
-        self.account_peppol_proxy_state = 'not_registered'
-        self.account_peppol_edi_user.unlink()
+        self._peppol_deregister()
 
     @handle_demo
     def button_deregister_peppol_participant(self):
@@ -246,18 +251,27 @@ def button_deregister_peppol_participant(self):
         """
         self.ensure_one()
 
-        if self.account_peppol_proxy_state != 'active':
-            raise UserError(_(
-                "Can't deregister with this status: %s", self.account_peppol_proxy_state
-            ))
-
-        # fetch all documents and message statuses before unlinking the edi user
-        # so that the invoices are acknowledged
-        self.env['account_edi_proxy_client.user']._cron_peppol_get_message_status()
-        self.env['account_edi_proxy_client.user']._cron_peppol_get_new_documents()
-        if not tools.config['test_enable'] and not modules.module.current_test:
-            self.env.cr.commit()
+        edi_user = self.account_peppol_edi_user
+        if not edi_user:
+            self.company_id._reset_peppol_configuration()
+            return
 
-        self._call_peppol_proxy(endpoint='/api/peppol/1/cancel_peppol_registration')
-        self.account_peppol_proxy_state = 'not_registered'
-        self.account_peppol_edi_user.unlink()
+        proxy_state = None
+        try:
+            # call _make_request directly because _peppol_get_participant_status()
+            # is cron-safe and swallows AccountEdiProxyError.
+            proxy_user = edi_user._make_request(f"{edi_user._get_server_url_new()}/api/peppol/1/participant_status")
+            proxy_state = proxy_user.get('peppol_state')
+        except AccountEdiProxyError as e:
+            # If user no longer exists on IAP side, don't try to fetch docs/statuses (they will fail).
+            if e.code not in ['client_gone', 'no_such_user_found']:
+                raise
+        if proxy_state == 'active':
+            # fetch all documents and message statuses before deregistration
+            # so that the invoices are acknowledged
+            self.env['account_edi_proxy_client.user']._cron_peppol_get_message_status()
+            self.env['account_edi_proxy_client.user']._cron_peppol_get_new_documents()
+            if not tools.config['test_enable'] and not modules.module.current_test:
+                self.env.cr.commit()
+
+        self._peppol_deregister()
diff --git a/addons/account_peppol/models/res_partner.py b/addons/account_peppol/models/res_partner.py
index 36a88733695b3..64441ac697359 100644
--- a/addons/account_peppol/models/res_partner.py
+++ b/addons/account_peppol/models/res_partner.py
@@ -90,12 +90,12 @@ class ResPartner(models.Model):
     )
     account_peppol_verification_label = fields.Selection(
         selection=[
-            ('not_verified', 'Not verified yet'),
-            ('not_valid', 'Not valid'),  # does not exist on Peppol at all
-            ('not_valid_format', 'Cannot receive this format'),  # registered on Peppol but cannot receive the selected document type
-            ('valid', 'Valid'),
+            ('not_verified', 'Unchecked'),
+            ('not_valid', 'Partner is not on Peppol'),  # does not exist on Peppol at all
+            ('not_valid_format', 'Partner cannot receive format'),  # registered on Peppol but cannot receive the selected document type
+            ('valid', 'Partner is on Peppol'),
         ],
-        string='Peppol endpoint validity',
+        string='Peppol status',
         compute='_compute_account_peppol_verification_label',
         copy=False,
     )  # field to compute the label to show for partner endpoint
@@ -366,6 +366,10 @@ def _get_peppol_edi_format(self):
         if self.ubl_cii_format == 'nlcius':
             return self.env.ref('account_edi_ubl_cii.edi_nlcius_1', raise_if_not_found=False)
 
+    @api.onchange('ubl_cii_format', 'peppol_endpoint', 'peppol_eas')
+    def _onchange_verify_peppol_status(self):
+        self.button_account_peppol_check_partner_endpoint()
+
     # -------------------------------------------------------------------------
     # COMPUTE METHODS
     # -------------------------------------------------------------------------
@@ -409,6 +413,22 @@ def _compute_ubl_cii_format(self):
             else:
                 partner.ubl_cii_format = partner.ubl_cii_format
 
+    def _get_peppol_endpoint_value(self, country_code, field):
+        self.ensure_one()
+        value = field in self._fields and self[field]
+
+        if (
+            country_code == 'BE'
+            and field == 'company_registry'
+            and not value
+            and self.vat
+        ):
+            value = self.vat
+            if value.isalnum():
+                value = value[2:]  # remove the country_code prefix
+
+        return value
+
     @api.depends(lambda self: self._peppol_eas_endpoint_depends() + ['peppol_eas'])
     def _compute_peppol_endpoint(self):
         """ If the EAS changes and a valid endpoint is available, set it. Otherwise, keep the existing value."""
@@ -417,11 +437,9 @@ def _compute_peppol_endpoint(self):
             country_code = partner._deduce_country_code()
             if country_code in EAS_MAPPING:
                 field = EAS_MAPPING[country_code].get(partner.peppol_eas)
-                if field \
-                        and field in partner._fields \
-                        and partner[field] \
-                        and not partner._build_error_peppol_endpoint(partner.peppol_eas, partner[field]):
-                    partner.peppol_endpoint = partner[field]
+                value = partner._get_peppol_endpoint_value(country_code, field)
+                if field and value and not partner._build_error_peppol_endpoint(partner.peppol_eas, value):
+                    partner.peppol_endpoint = value
 
     @api.depends(lambda self: self._peppol_eas_endpoint_depends())
     def _compute_peppol_eas(self):
@@ -438,8 +456,9 @@ def _compute_peppol_eas(self):
                     new_eas = next(iter(EAS_MAPPING[country_code].keys()))
                     # Iterate on the possible EAS until a valid one is found
                     for eas, field in eas_to_field.items():
-                        if field and field in partner._fields and partner[field]:
-                            if not partner._build_error_peppol_endpoint(eas, partner[field]):
+                        if field and field in partner._fields:
+                            value = partner._get_peppol_endpoint_value(country_code, field)
+                            if value and not partner._build_error_peppol_endpoint(eas, value):
                                 new_eas = eas
                                 break
                     partner.peppol_eas = new_eas
diff --git a/addons/account_peppol/tests/test_peppol_participant.py b/addons/account_peppol/tests/test_peppol_participant.py
index 5e6c1c080c29e..b5ee7f4251d98 100644
--- a/addons/account_peppol/tests/test_peppol_participant.py
+++ b/addons/account_peppol/tests/test_peppol_participant.py
@@ -11,6 +11,8 @@
 from odoo.tests.common import tagged, TransactionCase
 from odoo.tools import mute_logger
 
+from odoo.addons.account_edi_proxy_client.models.account_edi_proxy_user import AccountEdiProxyError
+
 ID_CLIENT = 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'
 FAKE_UUID = 'yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy'
 PDF_FILE_PATH = 'account_peppol/tests/assets/peppol_identification_test.pdf'
@@ -55,6 +57,7 @@ def _get_mock_responses(cls, peppol_state='active'):
             '/api/peppol/1/update_user': {'result': {}},
             '/api/peppol/1/verify_phone_number': {'result': {}},
             '/api/peppol/1/register_receiver': {'result': {}},
+            '/api/peppol/1/get_all_documents': {'result': {'messages': []}},
         }
 
     @classmethod
@@ -125,8 +128,10 @@ def _get_participant_vals(self):
     def _set_context(self, other_context):
         previous_context = self.env.context
         self.env.context = dict(previous_context, **other_context)
-        yield self
-        self.env.context = previous_context
+        try:
+            yield self
+        finally:
+            self.env.context = previous_context
 
     def test_create_participant_missing_data(self):
         # creating a participant without eas/endpoint/document should not be possible
@@ -284,7 +289,6 @@ def test_restore_with_specific_identifier(self):
         self.assertFalse(edi_user_1.active)
 
     def test_restore_user_in_draft_state(self):
-        """Test recovery when IAP-side is in KYC state (should set to `pending` and not keep in `not_registered`)"""
         settings = self.env['res.config.settings'].create(self._get_participant_vals())
         settings.button_create_peppol_proxy_user()
         edi_user = self.env.company.account_edi_proxy_client_ids
@@ -293,14 +297,15 @@ def test_restore_user_in_draft_state(self):
         edi_user.active = False
         edi_user.company_id.account_peppol_proxy_state = 'not_registered'
 
-        # mock IAP returning draft state (thus still in KYC)
-        with self._set_context({'peppol_state': 'draft'}):
-            result = self.env['account_edi_proxy_client.user']._try_recover_peppol_proxy_users(edi_user.company_id)
+        # mock IAP returning draft state
+        with self._set_context({'peppol_state': 'active'}):
+            user_vals = {**self._get_participant_vals(), 'account_peppol_endpoint': '0000000000'}
+            # user tries to re-register with same endpoint -> recovery kicks in
+            self.env['res.config.settings'].create(user_vals).button_create_peppol_proxy_user()
 
-        # should recover user and set state to 'pending'
-        self.assertEqual(result, edi_user)
+        # should recover user and set state to 'not_registered' (there is no phone validation in 16.0)
         self.assertTrue(edi_user.active)
-        self.assertEqual(edi_user.company_id.account_peppol_proxy_state, 'pending')
+        self.assertEqual(edi_user.company_id.account_peppol_proxy_state, 'active')
 
     def test_cron_recovery_multi_company(self):
         """Test cron recovery works correctly across multi companies"""
@@ -539,3 +544,23 @@ def test_recovery_malformed_response_handling(self):
             # handle malformed response gracefully
             self.assertIsNone(result)
             self.assertFalse(edi_user.active)
+
+    def test_deregister_with_client_gone_error(self):
+        """Test deregistration succeeds even when proxy returns client_gone error"""
+        settings = self.env['res.config.settings'].create(self._get_participant_vals())
+        settings.button_create_peppol_proxy_user()
+        self.env['account_edi_proxy_client.user']._cron_peppol_get_participant_status()
+        self.assertEqual(self.env.company.account_peppol_proxy_state, 'active')
+
+        original_make_request = self.env['account_edi_proxy_client.user']._make_request
+
+        def mock_make_request(self, url, params=None):
+            if 'cancel_peppol_registration' in url:
+                raise AccountEdiProxyError('client_gone', 'Client no longer exists on proxy')
+            return original_make_request(url, params)
+
+        with patch.object(self.registry['account_edi_proxy_client.user'], '_make_request', mock_make_request):
+            settings.button_deregister_peppol_participant()
+
+        # Should successfully deregister despite client_gone error
+        self.assertEqual(self.env.company.account_peppol_proxy_state, 'not_registered')
diff --git a/addons/account_peppol/wizard/account_invoice_send.py b/addons/account_peppol/wizard/account_invoice_send.py
index 8843537f7bd60..332ae4bf5a87d 100644
--- a/addons/account_peppol/wizard/account_invoice_send.py
+++ b/addons/account_peppol/wizard/account_invoice_send.py
@@ -8,6 +8,16 @@
 from odoo.addons.account_edi_proxy_client.models.account_edi_proxy_user import AccountEdiProxyError
 
 
+SUPPORTED_FILE_TYPES = {
+    'application/pdf': '.pdf',
+    'application/vnd.oasis.opendocument.spreadsheet': '.ods',
+    'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet': '.xlsx',
+    'image/jpeg': '.jpeg',
+    'image/png': '.png',
+    'text/csv': '.csv',
+}
+
+
 class AccountInvoiceSend(models.TransientModel):
     _inherit = 'account.invoice.send'
 
@@ -99,6 +109,29 @@ def _compute_peppol_warning(self):
 
             wizard.peppol_warning = "\n".join(warnings) if warnings else False
 
+    @api.depends('enable_peppol', 'checkbox_send_peppol')
+    def _compute_display_attachment_fields(self):
+        # EXTENDS 'account'
+        super()._compute_display_attachment_fields()
+        for wizard in self:
+            if not wizard.display_attachment_fields:
+                wizard.display_attachment_fields = wizard.enable_peppol and wizard.checkbox_send_peppol and wizard.composition_mode != 'mass_mail'
+
+    def _compute_attachments_not_supported(self):
+        # EXTENDS 'account'
+        super()._compute_attachments_not_supported()
+        for wizard in self:
+            if wizard.display_attachment_fields and wizard.checkbox_send_peppol:
+                xml_attachment_name = wizard.peppol_invoice_ids._get_peppol_document().attachment_id.name
+                _attachments_to_embed, attachments_not_supported = wizard._get_peppol_available_attachments(
+                    wizard.peppol_invoice_ids,
+                    wizard.attachment_ids.filtered(lambda attachment: attachment.name != xml_attachment_name),
+                )
+                wizard.attachments_not_supported = {
+                    attachment.id if isinstance(attachment.id, int) else attachment.id.origin: _("Unsupported file type via peppol")
+                    for attachment in attachments_not_supported
+                }
+
     def send_and_print_action(self):
         if self.enable_peppol and self.checkbox_send_peppol:
             self._send_peppol_documents()
@@ -127,12 +160,17 @@ def _send_peppol_documents(self):
                 invoice_data['error'] = _('Please verify partner configuration in partner settings.')
                 continue
 
-            attachment = invoice._get_peppol_document().attachment_id
+            attachment = invoice._get_peppol_document().sudo().attachment_id
             if not attachment:
                 invoice.peppol_move_state = 'error'
                 invoice_data['error'] = _('Please check that a Peppol document has been generated.')
                 continue
 
+            self._embed_extra_attachments(invoice, attachment, self.attachment_ids)
+            if len(attachment) > 64000000:
+                invoice_data['error'] = _("Invoice %s is too big to send via peppol (64MB limit)", invoice.name)
+                continue
+
             documents.append({
                 'filename': attachment.name,
                 'receiver': f"{partner.peppol_eas}:{partner.peppol_endpoint}",
@@ -146,7 +184,7 @@ def _send_peppol_documents(self):
                     params={'documents': documents},
                 )
             except AccountEdiProxyError as e:
-                for invoice in invoices_data.items():
+                for invoice, invoice_data in invoices_data.items():
                     invoice.peppol_move_state = 'error'
                     invoice_data['error'] = e.message
             else:
@@ -160,10 +198,61 @@ def _send_peppol_documents(self):
                     # so we have to rely on the order to connect peppol messages to account.move
                     invoices = self.env['account.move'].browse([invoice.id for invoice in invoices_data])
                     for message, invoice in zip(response['messages'], invoices):
+                        attachments_linked_message = _("The invoice has been sent to the Peppol Access Point. The following attachments were sent with the XML:")
+                        attachments_not_linked_message = _("Some attachments could not be sent with the XML:")
+
                         invoice.peppol_message_uuid = message['message_uuid']
                         invoice.peppol_move_state = 'processing'
-                    log_message = _('The document has been sent to the Peppol Access Point for processing')
-                    invoices._message_log_batch(bodies={invoice.id: log_message for invoice in invoices})
+
+                        xml_attachment_name = invoice._get_peppol_document().attachment_id.name
+                        attachments_linked, attachments_not_linked = self._get_peppol_available_attachments(
+                            invoice,
+                            self.attachment_ids.filtered(lambda attachment: attachment.name != xml_attachment_name),
+                        )
+                        if attachments_not_linked:
+                            invoice.with_context(no_new_invoice=True).message_post(
+                                body=attachments_not_linked_message,
+                                attachments=[(attachment.name, attachment.raw) for attachment in attachments_not_linked],
+                            )
+
+                        if attachments_linked:
+                            new_message = invoice.with_context(no_new_invoice=True).message_post(
+                                body=attachments_linked_message,
+                                attachments=[(attachment.name, attachment.raw) for attachment in attachments_linked],
+                            )
+
+                            if new_message.attachment_ids.ids:
+                                self.env.cr.execute("UPDATE ir_attachment SET res_id = NULL WHERE id IN %s", [tuple(new_message.attachment_ids.ids)])
+                            new_message.attachment_ids.write({
+                                'res_model': new_message._name,
+                                'res_id': new_message.id,
+                            })
 
         if not tools.config['test_enable'] and not modules.module.current_test:
             self._cr.commit()
+
+    def _embed_extra_attachments(self, invoice, xml_attachment, extra_attachments):
+        pdf_names = (f'{invoice._get_report_mail_attachment_filename()}.pdf', invoice._get_report_attachment_filename())
+        attachments_to_embed, _not_supported_attachments = self._get_peppol_available_attachments(
+            invoice,
+            extra_attachments.filtered(
+                # We make sure not to embed the xml or the pdf that was already embed in the xml
+                lambda attachment: attachment.name not in (xml_attachment.name, *pdf_names)
+            ),
+        )
+        self.env['ir.actions.report']._add_attachments_into_invoice_xml(
+            invoice,
+            xml_attachment,
+            [{
+                'name': attachment.name,
+                'raw_b64': attachment.datas.decode(),
+                'mimetype': attachment.mimetype,
+            } for attachment in attachments_to_embed],
+        )
+
+    @api.model
+    def _get_peppol_available_attachments(self, invoice, attachments):
+        if not attachments or not invoice.edi_document_ids.filtered(lambda doc: doc.edi_format_id.code == 'peppol'):
+            return self.env['ir.attachment'], attachments or self.env['ir.attachment']
+        accepted_attachments = attachments.filtered(lambda attachment: attachment.mimetype in SUPPORTED_FILE_TYPES)
+        return accepted_attachments, attachments - accepted_attachments
diff --git a/addons/analytic/data/analytic_account_demo.xml b/addons/analytic/data/analytic_account_demo.xml
index bb9c0105d816a..a4ed2f7bf26fc 100644
--- a/addons/analytic/data/analytic_account_demo.xml
+++ b/addons/analytic/data/analytic_account_demo.xml
@@ -44,7 +44,7 @@
             <field name="plan_id" ref="analytic.analytic_plan_projects"/>
         </record>
         <record id="analytic_agrolait" model="account.analytic.account">
-            <field name="name">Deco Addict</field>
+            <field name="name">Acme Corporation</field>
             <field name="partner_id" ref="base.res_partner_2"/>
             <field name="plan_id" ref="analytic.analytic_plan_projects"/>
         </record>
diff --git a/addons/auth_signup/models/res_users.py b/addons/auth_signup/models/res_users.py
index f3cd528b03fa8..2b469241a5bce 100644
--- a/addons/auth_signup/models/res_users.py
+++ b/addons/auth_signup/models/res_users.py
@@ -252,6 +252,18 @@ def create(self, vals_list):
                     users_with_email.partner_id.with_context(create_user=True).signup_cancel()
         return users
 
+    def write(self, vals):
+        if 'active' in vals and not vals['active']:
+            self.partner_id.sudo().signup_cancel()
+        return super().write(vals)
+
+    @api.ondelete(at_uninstall=False)
+    def _ondelete_signup_cancel(self):
+        # Cancel pending partner signup when the user is deleted.
+        for user in self:
+            if user.partner_id:
+                user.partner_id.signup_cancel()
+
     @api.returns('self', lambda value: value.id)
     def copy(self, default=None):
         self.ensure_one()
diff --git a/addons/crm/data/crm_lead_demo.xml b/addons/crm/data/crm_lead_demo.xml
index 21e5ffc44fe14..2f969da57b9af 100644
--- a/addons/crm/data/crm_lead_demo.xml
+++ b/addons/crm/data/crm_lead_demo.xml
@@ -302,8 +302,8 @@ Andrew</p>]]></field>
             <field name="type">lead</field>
             <field name="name">Estimation for Office Furnitures</field>
             <field name="contact_name">Thomas Passot</field>
-            <field name="partner_name">Deco Addict</field>
-            <field name="email_from">p.thomas@agrolait.com</field>
+            <field name="partner_name">Acme Corporation</field>
+            <field name="email_from">p.thomas@acme-example-company.com</field>
             <field name="partner_id" ref="base.res_partner_1"/>
             <field name="function">Functional Consultant</field>
             <field name="country_id" ref="base.be"/>
@@ -377,8 +377,8 @@ Andrew</p>]]></field>
             <field name="color">7</field>
             <field name="expected_revenue">24000</field>
             <field name="probability">10.0</field>
-            <field name="partner_name">Deco Addict</field>
-            <field name="email_from">info@agrolait.com</field>
+            <field name="partner_name">Acme Corporation</field>
+            <field name="email_from">info@acme-example-company.com</field>
             <field name="partner_id" ref="base.res_partner_2"/>
             <field name="country_id" ref="base.be"/>
             <field name="city">Wavre</field>
@@ -404,7 +404,7 @@ Andrew</p>]]></field>
             <field name="expected_revenue">25000</field>
             <field name="probability">30.0</field>
             <field name="partner_id" ref="base.res_partner_2"/>
-            <field name="email_from">virginie@agrolait.com</field>
+            <field name="email_from">virginie@acme-example-company.com</field>
             <field name="country_id" ref="base.be"/>
             <field name="city">Wavre</field>
             <field name="street">Rue de Namur 69</field>
@@ -763,8 +763,8 @@ Andrew</p>]]></field>
             <field name="name">Open Space Design</field>
             <field name="expected_revenue">11000</field>
             <field name="probability">45</field>
-            <field name="partner_name">Deco Addict</field>
-            <field name="email_from">info@agrolait.com</field>
+            <field name="partner_name">Acme Corporation</field>
+            <field name="email_from">info@acme-example-company.com</field>
             <field name="partner_id" ref="base.res_partner_2"/>
             <field name="street">Rue de Namur 69</field>
             <field name="country_id" ref="base.be"/>
@@ -787,8 +787,8 @@ Andrew</p>]]></field>
             <field name="name">Interest in your products</field>
             <field name="expected_revenue">2000</field>
             <field name="probability">80</field>
-            <field name="partner_name">Deco Addict</field>
-            <field name="email_from">info@agrolait.com</field>
+            <field name="partner_name">Acme Corporation</field>
+            <field name="email_from">info@acme-example-company.com</field>
             <field name="partner_id" ref="base.res_partner_2"/>
             <field name="country_id" ref="base.be"/>
             <field name="city">Wavre</field>
@@ -811,8 +811,8 @@ Andrew</p>]]></field>
             <field name="name">Furnish a 60m² office</field>
             <field name="expected_revenue">7500</field>
             <field name="probability">20</field>
-            <field name="partner_name">Deco Addict</field>
-            <field name="email_from">info@agrolait.com</field>
+            <field name="partner_name">Acme Corporation</field>
+            <field name="email_from">info@acme-example-company.com</field>
             <field name="partner_id" ref="base.res_partner_2"/>
             <field name="country_id" ref="base.be"/>
             <field name="city">Wavre</field>
diff --git a/addons/crm/data/mail_template_demo.xml b/addons/crm/data/mail_template_demo.xml
index b3983ed3f2403..6347f93be917d 100644
--- a/addons/crm/data/mail_template_demo.xml
+++ b/addons/crm/data/mail_template_demo.xml
@@ -33,7 +33,7 @@
                 <tr>
                     <td valign="top" style="font-size: 13px;">
                         <div>
-                            Hi <t t-out="object.partner_id and object.partner_id.name or ''">Deco Addict</t>,<br/><br/>
+                            Hi <t t-out="object.partner_id and object.partner_id.name or ''">Acme Corporation</t>,<br/><br/>
                             Welcome to <t t-out="object.company_id.name or ''">My Company (San Francisco)</t>.
                             It's great to meet you! Now that you're on board, you'll discover what <t t-out="object.company_id.name or ''">My Company (San Francisco)</t> has to offer. My name is <t t-out="object.user_id.name or ''">Marc Demo</t> and I'll help you get the most out of Odoo. Could we plan a quick demo soon?<br/>
                             Feel free to reach out at any time!<br/><br/>
diff --git a/addons/crm/tests/test_crm_lead_convert_mass.py b/addons/crm/tests/test_crm_lead_convert_mass.py
index a39dec8e28548..b15f37a9e1113 100644
--- a/addons/crm/tests/test_crm_lead_convert_mass.py
+++ b/addons/crm/tests/test_crm_lead_convert_mass.py
@@ -24,7 +24,7 @@ def test_assignment_salesmen(self):
         with self.assertQueryCount(user_sales_manager=0):
             test_leads = self.env['crm.lead'].browse(test_leads.ids)
 
-        with self.assertQueryCount(user_sales_manager=543):  # crm 537 / com 543 / ent 537
+        with self.assertQueryCount(user_sales_manager=597):  # crm 537 / com 543 / ent 591
             test_leads._handle_salesmen_assignment(user_ids=user_ids, team_id=False)
 
         self.assertEqual(test_leads.team_id, self.sales_team_convert | self.sales_team_1)
@@ -42,7 +42,7 @@ def test_assignment_salesmen_wteam(self):
         with self.assertQueryCount(user_sales_manager=0):
             test_leads = self.env['crm.lead'].browse(test_leads.ids)
 
-        with self.assertQueryCount(user_sales_manager=524):  # crm 521 / com 524
+        with self.assertQueryCount(user_sales_manager=544):  # crm 521 / com 544
             test_leads._handle_salesmen_assignment(user_ids=user_ids, team_id=team_id)
 
         self.assertEqual(test_leads.team_id, self.sales_team_convert)
@@ -167,7 +167,7 @@ def test_mass_convert_performances(self):
         user_ids = self.assign_users.ids
 
         # randomness: at least 1 query
-        with self.assertQueryCount(user_sales_manager=1704):  # crm 1410 / com 1697
+        with self.assertQueryCount(user_sales_manager=1754):  # crm 1410 / com 1697
             mass_convert = self.env['crm.lead2opportunity.partner.mass'].with_context({
                 'active_model': 'crm.lead',
                 'active_ids': test_leads.ids,
diff --git a/addons/l10n_account_edi_ubl_cii_tests/tests/test_files/from_odoo/bis3_out_invoice_gln.xml b/addons/l10n_account_edi_ubl_cii_tests/tests/test_files/from_odoo/bis3_out_invoice_gln.xml
new file mode 100644
index 0000000000000..9e0e092ac0f66
--- /dev/null
+++ b/addons/l10n_account_edi_ubl_cii_tests/tests/test_files/from_odoo/bis3_out_invoice_gln.xml
@@ -0,0 +1,129 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<Invoice xmlns:cac="urn:oasis:names:specification:ubl:schema:xsd:CommonAggregateComponents-2" xmlns="urn:oasis:names:specification:ubl:schema:xsd:Invoice-2" xmlns:cbc="urn:oasis:names:specification:ubl:schema:xsd:CommonBasicComponents-2">
+  <cbc:CustomizationID>urn:cen.eu:en16931:2017#compliant#urn:fdc:peppol.eu:2017:poacc:billing:3.0</cbc:CustomizationID>
+  <cbc:ProfileID>urn:fdc:peppol.eu:2017:poacc:billing:01:1.0</cbc:ProfileID>
+  <cbc:ID>___ignore___</cbc:ID>
+  <cbc:IssueDate>2017-01-01</cbc:IssueDate>
+  <cbc:DueDate>2017-02-28</cbc:DueDate>
+  <cbc:InvoiceTypeCode>380</cbc:InvoiceTypeCode>
+  <cbc:Note>test narration</cbc:Note>
+  <cbc:DocumentCurrencyCode>USD</cbc:DocumentCurrencyCode>
+  <cbc:BuyerReference>ref_partner_2</cbc:BuyerReference>
+  <cac:OrderReference>
+    <cbc:ID>ref_move</cbc:ID>
+  </cac:OrderReference>
+  <cac:AccountingSupplierParty>
+    <cac:Party>
+      <cbc:EndpointID schemeID="9925">BE0202239951</cbc:EndpointID>
+      <cac:PartyName>
+        <cbc:Name>partner_1</cbc:Name>
+      </cac:PartyName>
+      <cac:PostalAddress>
+        <cbc:StreetName>Chaussée de Namur 40</cbc:StreetName>
+        <cbc:CityName>Ramillies</cbc:CityName>
+        <cbc:PostalZone>1367</cbc:PostalZone>
+        <cac:Country>
+          <cbc:IdentificationCode>BE</cbc:IdentificationCode>
+        </cac:Country>
+      </cac:PostalAddress>
+      <cac:PartyTaxScheme>
+        <cbc:CompanyID>BE0202239951</cbc:CompanyID>
+        <cac:TaxScheme>
+          <cbc:ID>VAT</cbc:ID>
+        </cac:TaxScheme>
+      </cac:PartyTaxScheme>
+      <cac:PartyLegalEntity>
+        <cbc:RegistrationName>partner_1</cbc:RegistrationName>
+        <cbc:CompanyID>BE0202239951</cbc:CompanyID>
+      </cac:PartyLegalEntity>
+      <cac:Contact>
+        <cbc:Name>partner_1</cbc:Name>
+      </cac:Contact>
+    </cac:Party>
+  </cac:AccountingSupplierParty>
+  <cac:AccountingCustomerParty>
+    <cac:Party>
+      <cbc:EndpointID schemeID="9925">BE0477472701</cbc:EndpointID>
+      <cac:PartyName>
+        <cbc:Name>partner_2</cbc:Name>
+      </cac:PartyName>
+      <cac:PostalAddress>
+        <cbc:StreetName>Rue des Bourlottes 9</cbc:StreetName>
+        <cbc:CityName>Ramillies</cbc:CityName>
+        <cbc:PostalZone>1367</cbc:PostalZone>
+        <cac:Country>
+          <cbc:IdentificationCode>BE</cbc:IdentificationCode>
+        </cac:Country>
+      </cac:PostalAddress>
+      <cac:PartyTaxScheme>
+        <cbc:CompanyID>BE0477472701</cbc:CompanyID>
+        <cac:TaxScheme>
+          <cbc:ID>VAT</cbc:ID>
+        </cac:TaxScheme>
+      </cac:PartyTaxScheme>
+      <cac:PartyLegalEntity>
+        <cbc:RegistrationName>partner_2</cbc:RegistrationName>
+        <cbc:CompanyID>BE0477472701</cbc:CompanyID>
+      </cac:PartyLegalEntity>
+      <cac:Contact>
+        <cbc:Name>partner_2</cbc:Name>
+      </cac:Contact>
+    </cac:Party>
+  </cac:AccountingCustomerParty>
+  <cac:Delivery>
+    <cac:DeliveryLocation>
+      <cbc:ID schemeID="0088">222222222222</cbc:ID>
+    </cac:DeliveryLocation>
+  </cac:Delivery>
+  <cac:PaymentMeans>
+    <cbc:PaymentMeansCode name="credit transfer">30</cbc:PaymentMeansCode>
+    <cbc:PaymentID>___ignore___</cbc:PaymentID>
+    <cac:PayeeFinancialAccount>
+      <cbc:ID>BE15001559627230</cbc:ID>
+    </cac:PayeeFinancialAccount>
+  </cac:PaymentMeans>
+  <cac:PaymentTerms>
+    <cbc:Note>Payment terms: 30% Advance End of Following Month</cbc:Note>
+  </cac:PaymentTerms>
+  <cac:TaxTotal>
+    <cbc:TaxAmount currencyID="USD">0.00</cbc:TaxAmount>
+    <cac:TaxSubtotal>
+      <cbc:TaxableAmount currencyID="USD">990.00</cbc:TaxableAmount>
+      <cbc:TaxAmount currencyID="USD">0.00</cbc:TaxAmount>
+      <cac:TaxCategory>
+        <cbc:ID>E</cbc:ID>
+        <cbc:Percent>0.0</cbc:Percent>
+        <cbc:TaxExemptionReason>Articles 226 items 11 to 15 Directive 2006/112/EN</cbc:TaxExemptionReason>
+        <cac:TaxScheme>
+          <cbc:ID>VAT</cbc:ID>
+        </cac:TaxScheme>
+      </cac:TaxCategory>
+    </cac:TaxSubtotal>
+  </cac:TaxTotal>
+  <cac:LegalMonetaryTotal>
+    <cbc:LineExtensionAmount currencyID="USD">990.00</cbc:LineExtensionAmount>
+    <cbc:TaxExclusiveAmount currencyID="USD">990.00</cbc:TaxExclusiveAmount>
+    <cbc:TaxInclusiveAmount currencyID="USD">990.00</cbc:TaxInclusiveAmount>
+    <cbc:PrepaidAmount currencyID="USD">0.00</cbc:PrepaidAmount>
+    <cbc:PayableAmount currencyID="USD">990.00</cbc:PayableAmount>
+  </cac:LegalMonetaryTotal>
+  <cac:InvoiceLine>
+    <cbc:ID>1</cbc:ID>
+    <cbc:InvoicedQuantity unitCode="C62">1.0</cbc:InvoicedQuantity>
+    <cbc:LineExtensionAmount currencyID="USD">990.00</cbc:LineExtensionAmount>
+    <cac:Item>
+      <cbc:Description>product_a</cbc:Description>
+      <cbc:Name>product_a</cbc:Name>
+      <cac:ClassifiedTaxCategory>
+        <cbc:ID>E</cbc:ID>
+        <cbc:Percent>0.0</cbc:Percent>
+        <cac:TaxScheme>
+          <cbc:ID>VAT</cbc:ID>
+        </cac:TaxScheme>
+      </cac:ClassifiedTaxCategory>
+    </cac:Item>
+    <cac:Price>
+      <cbc:PriceAmount currencyID="USD">990.0</cbc:PriceAmount>
+    </cac:Price>
+  </cac:InvoiceLine>
+</Invoice>
diff --git a/addons/l10n_account_edi_ubl_cii_tests/tests/test_xml_ubl_be.py b/addons/l10n_account_edi_ubl_cii_tests/tests/test_xml_ubl_be.py
index 89035abef3e5b..634fcc6014d48 100644
--- a/addons/l10n_account_edi_ubl_cii_tests/tests/test_xml_ubl_be.py
+++ b/addons/l10n_account_edi_ubl_cii_tests/tests/test_xml_ubl_be.py
@@ -547,6 +547,26 @@ def test_export_tax_exempt(self):
         )
         self._assert_invoice_attachment(invoice, None, 'from_odoo/bis3_out_invoice_tax_exempt.xml')
 
+    def test_export_gln(self):
+        """ GLN was added in a fixup module account_add_gln. """
+        # TODO master: clean that skiptest, when the module account_add_gln is merged with account
+        if 'global_location_number' not in self.partner_2._fields:
+            self.skipTest("Fixup module with GLN not installed.")
+        self.partner_2.global_location_number = "222222222222"
+        invoice = self._generate_move(
+            self.partner_1,
+            self.partner_2,
+            move_type='out_invoice',
+            invoice_line_ids=[
+                {
+                    'product_id': self.product_a.id,
+                    'price_unit': 990.0,
+                    'tax_ids': [(6, 0, self.tax_0.ids)],
+                },
+            ],
+        )
+        self._assert_invoice_attachment(invoice, None, 'from_odoo/bis3_out_invoice_gln.xml')
+
     ####################################################
     # Test import
     ####################################################
diff --git a/addons/l10n_fr_fec/__init__.py b/addons/l10n_fr_fec/__init__.py
index 58d2359634e5a..3efd90457dc09 100644
--- a/addons/l10n_fr_fec/__init__.py
+++ b/addons/l10n_fr_fec/__init__.py
@@ -3,4 +3,5 @@
 
 # Copyright (C) 2013-2015 Akretion (http://www.akretion.com)
 
+from . import controllers
 from . import wizard
diff --git a/addons/l10n_fr_fec/controllers/__init__.py b/addons/l10n_fr_fec/controllers/__init__.py
new file mode 100644
index 0000000000000..12a7e529b6741
--- /dev/null
+++ b/addons/l10n_fr_fec/controllers/__init__.py
@@ -0,0 +1 @@
+from . import main
diff --git a/addons/l10n_fr_fec/controllers/main.py b/addons/l10n_fr_fec/controllers/main.py
new file mode 100644
index 0000000000000..bb62897877c99
--- /dev/null
+++ b/addons/l10n_fr_fec/controllers/main.py
@@ -0,0 +1,14 @@
+from odoo import http
+from odoo.http import request
+
+
+class FecDownloadController(http.Controller):
+    @http.route('/download/fec_file/<int:wizard_id>', type='http', auth='user')
+    def download_fec(self, wizard_id):
+        wizard = request.env['account.fr.fec'].browse(wizard_id)
+        content = wizard._get_fec_stream()
+
+        return request.make_response(content, [
+            ('Content-Type', 'text/csv'),
+            ('Content-Disposition', f'attachment; filename={wizard.filename};')
+        ])
diff --git a/addons/l10n_fr_fec/tests/test_wizard.py b/addons/l10n_fr_fec/tests/test_wizard.py
index ca5ed6aab38d5..92c9788be12a1 100644
--- a/addons/l10n_fr_fec/tests/test_wizard.py
+++ b/addons/l10n_fr_fec/tests/test_wizard.py
@@ -1,7 +1,6 @@
 # -*- coding: utf-8 -*-
 # Part of Odoo. See LICENSE file for full copyright and licensing details.
 
-import base64
 from datetime import timedelta
 from freezegun import freeze_time
 
@@ -67,7 +66,6 @@ def setUpClass(cls, chart_template_ref='l10n_fr.l10n_fr_pcg_chart_template'):
         cls.invoice_a.action_post()
 
     def test_generate_fec_sanitize_pieceref(self):
-        self.wizard.generate_fec()
         expected_content = (
             "JournalCode|JournalLib|EcritureNum|EcritureDate|CompteNum|CompteLib|CompAuxNum|CompAuxLib|PieceRef|PieceDate|EcritureLib|Debit|Credit|EcritureLet|DateLet|ValidDate|Montantdevise|Idevise\r\n"
             "INV|Customer Invoices|INV/2021/00001|20210502|701000|Ventes de produits finis|||-|20210502|Hello Darkness|0,00| 000000000001437,12|||20210502|-000000000001437,12|EUR\r\n"
@@ -76,5 +74,7 @@ def test_generate_fec_sanitize_pieceref(self):
             "INV|Customer Invoices|INV/2021/00001|20210502|445710|TVA collectée|||-|20210502|TVA 20,0%|0,00| 000000000001293,41|||20210502|-000000000001293,41|EUR\r\n"
             f"INV|Customer Invoices|INV/2021/00001|20210502|411100|Clients - Ventes de biens ou de prestations de services|{self.partner_a.id}|partner_a|-|20210502|INV/2021/00001| 000000000007760,45|0,00|||20210502| 000000000007760,45|EUR"
         )
-        content = base64.b64decode(self.wizard.fec_data).decode()
+        data_generator = self.wizard.with_context(fec_test_mode=True)._get_fec_stream()
+        content_bytes = b''.join(list(data_generator))
+        content = content_bytes.decode('utf-8')
         self.assertEqual(expected_content, content)
diff --git a/addons/l10n_fr_fec/wizard/account_fr_fec.py b/addons/l10n_fr_fec/wizard/account_fr_fec.py
index 77b88b3250fa4..51055cf4d4d42 100644
--- a/addons/l10n_fr_fec/wizard/account_fr_fec.py
+++ b/addons/l10n_fr_fec/wizard/account_fr_fec.py
@@ -3,11 +3,14 @@
 
 # Copyright (C) 2013-2015 Akretion (http://www.akretion.com)
 
-import base64
+import contextlib
+import csv
 import io
 
+from itertools import chain
 from odoo import api, fields, models, _
 from odoo.exceptions import UserError, AccessDenied
+from odoo.modules.registry import Registry
 from odoo.tools import float_is_zero, pycompat
 from odoo.tools.misc import get_lang
 from stdnum.fr import siren
@@ -19,7 +22,7 @@ class AccountFrFec(models.TransientModel):
 
     date_from = fields.Date(string='Start Date', required=True)
     date_to = fields.Date(string='End Date', required=True)
-    fec_data = fields.Binary('FEC File', readonly=True)
+    fec_data = fields.Binary('FEC File', readonly=True)  # This field is not used anymore.
     filename = fields.Char(string='Filename', size=256, readonly=True)
     test_file = fields.Boolean()
     export_type = fields.Selection([
@@ -102,26 +105,8 @@ def _get_company_legal_data(self, company):
         else:
             return company.vat
 
-    def generate_fec(self):
-        self.ensure_one()
-        if not (self.env.is_admin() or self.env.user.has_group('account.group_account_user')):
-            raise AccessDenied()
-        # We choose to implement the flat file instead of the XML
-        # file for 2 reasons :
-        # 1) the XSD file impose to have the label on the account.move
-        # but Odoo has the label on the account.move.line, so that's a
-        # problem !
-        # 2) CSV files are easier to read/use for a regular accountant.
-        # So it will be easier for the accountant to check the file before
-        # sending it to the fiscal administration
-        today = fields.Date.today()
-        if self.date_from > today or self.date_to > today:
-            raise UserError(_('You could not set the start date or the end date in the future.'))
-        if self.date_from >= self.date_to:
-            raise UserError(_('The start date must be inferior to the end date.'))
-
-        company = self.env.company
-        company_legal_data = self._get_company_legal_data(company)
+    def _get_fec_stream(self):
+        company_id = self.env.company.id
 
         header = [
             u'JournalCode',    # 0
@@ -144,269 +129,317 @@ def generate_fec(self):
             u'Idevise',        # 17
             ]
 
-        rows_to_write = [header]
-        # INITIAL BALANCE
-        unaffected_earnings_account = self.env['account.account'].search([
-            ('account_type', '=', 'equity_unaffected'),
-            ('company_id', '=', company.id)
-        ], limit=1)
-        unaffected_earnings_line = True  # used to make sure that we add the unaffected earning initial balance only once
-        if unaffected_earnings_account:
-            #compute the benefit/loss of last year to add in the initial balance of the current year earnings account
-            unaffected_earnings_results = self._do_query_unaffected_earnings()
-            unaffected_earnings_line = False
-
         if self.pool['account.account'].name.translate:
             lang = self.env.user.lang or get_lang(self.env).code
             aa_name = f"COALESCE(aa.name->>'{lang}', aa.name->>'en_US')"
         else:
             aa_name = "aa.name"
-        sql_query = f'''
-        SELECT
-            'OUV' AS JournalCode,
-            'Balance initiale' AS JournalLib,
-            'OUVERTURE/' || %s AS EcritureNum,
-            %s AS EcritureDate,
-            MIN(aa.code) AS CompteNum,
-            replace(replace(MIN({aa_name}), '|', '/'), '\t', '') AS CompteLib,
-            '' AS CompAuxNum,
-            '' AS CompAuxLib,
-            '-' AS PieceRef,
-            %s AS PieceDate,
-            '/' AS EcritureLib,
-            replace(CASE WHEN sum(aml.balance) <= 0 THEN '0,00' ELSE to_char(SUM(aml.balance), '000000000000000D99') END, '.', ',') AS Debit,
-            replace(CASE WHEN sum(aml.balance) >= 0 THEN '0,00' ELSE to_char(-SUM(aml.balance), '000000000000000D99') END, '.', ',') AS Credit,
-            '' AS EcritureLet,
-            '' AS DateLet,
-            %s AS ValidDate,
-            '' AS Montantdevise,
-            '' AS Idevise,
-            MIN(aa.id) AS CompteID
-        FROM
-            account_move_line aml
-            LEFT JOIN account_move am ON am.id=aml.move_id
-            JOIN account_account aa ON aa.id = aml.account_id
-        WHERE
-            am.date < %s
-            AND am.company_id = %s
-            AND aa.include_initial_balance = 't'
-        '''
-
-        # For official report: only use posted entries
-        if self.export_type == "official":
-            sql_query += '''
-            AND am.state = 'posted'
-            '''
-
-        sql_query += '''
-        GROUP BY aml.account_id, aa.account_type
-        HAVING aa.account_type not in ('asset_receivable', 'liability_payable') AND round(sum(aml.balance), %s) != 0
-        '''
-        formatted_date_from = fields.Date.to_string(self.date_from).replace('-', '')
-        date_from = self.date_from
-        formatted_date_year = date_from.year
-        currency_digits = 2
-
-        self._cr.execute(
-            sql_query, (formatted_date_year, formatted_date_from, formatted_date_from, formatted_date_from, self.date_from, company.id,
-                        currency_digits))
-
-        for row in self._cr.fetchall():
-            listrow = list(row)
-            account_id = listrow.pop()
-            if not unaffected_earnings_line:
-                account = self.env['account.account'].browse(account_id)
-                if account.account_type == 'equity_unaffected':
-                    #add the benefit/loss of previous fiscal year to the first unaffected earnings account found.
-                    unaffected_earnings_line = True
-                    current_amount = float(listrow[11].replace(',', '.')) - float(listrow[12].replace(',', '.'))
-                    unaffected_earnings_amount = float(unaffected_earnings_results[11].replace(',', '.')) - float(unaffected_earnings_results[12].replace(',', '.'))
-                    listrow_amount = current_amount + unaffected_earnings_amount
-                    if float_is_zero(listrow_amount, precision_digits=currency_digits):
-                        continue
-                    if listrow_amount > 0:
-                        listrow[11] = str(listrow_amount).replace('.', ',')
-                        listrow[12] = '0,00'
-                    else:
-                        listrow[11] = '0,00'
-                        listrow[12] = str(-listrow_amount).replace('.', ',')
-            rows_to_write.append(listrow)
-
-        #if the unaffected earnings account wasn't in the selection yet: add it manually
-        if (not unaffected_earnings_line
-            and unaffected_earnings_results
-            and (unaffected_earnings_results[11] != '0,00'
-                 or unaffected_earnings_results[12] != '0,00')):
-            #search an unaffected earnings account
-            unaffected_earnings_account = self.env['account.account'].search([('account_type', '=', 'equity_unaffected'),
-                                                                              ('company_id', '=', company.id)], limit=1)
-            if unaffected_earnings_account:
-                unaffected_earnings_results[4] = unaffected_earnings_account.code
-                unaffected_earnings_results[5] = unaffected_earnings_account.name
-            rows_to_write.append(unaffected_earnings_results)
-
-        # INITIAL BALANCE - receivable/payable
-        sql_query = f'''
-        SELECT
-            'OUV' AS JournalCode,
-            'Balance initiale' AS JournalLib,
-            'OUVERTURE/' || %s AS EcritureNum,
-            %s AS EcritureDate,
-            MIN(aa.code) AS CompteNum,
-            replace(MIN({aa_name}), '|', '/') AS CompteLib,
-            CASE WHEN MIN(aa.account_type) IN ('asset_receivable', 'liability_payable')
-            THEN
-                CASE WHEN rp.ref IS null OR rp.ref = ''
-                THEN rp.id::text
-                ELSE replace(rp.ref, '|', '/')
-                END
-            ELSE ''
-            END
-            AS CompAuxNum,
-            CASE WHEN aa.account_type IN ('asset_receivable', 'liability_payable')
-            THEN COALESCE(replace(rp.name, '|', '/'), '')
-            ELSE ''
-            END AS CompAuxLib,
-            '-' AS PieceRef,
-            %s AS PieceDate,
-            '/' AS EcritureLib,
-            replace(CASE WHEN sum(aml.balance) <= 0 THEN '0,00' ELSE to_char(SUM(aml.balance), '000000000000000D99') END, '.', ',') AS Debit,
-            replace(CASE WHEN sum(aml.balance) >= 0 THEN '0,00' ELSE to_char(-SUM(aml.balance), '000000000000000D99') END, '.', ',') AS Credit,
-            '' AS EcritureLet,
-            '' AS DateLet,
-            %s AS ValidDate,
-            '' AS Montantdevise,
-            '' AS Idevise,
-            MIN(aa.id) AS CompteID
-        FROM
-            account_move_line aml
-            LEFT JOIN account_move am ON am.id=aml.move_id
-            LEFT JOIN res_partner rp ON rp.id=aml.partner_id
-            JOIN account_account aa ON aa.id = aml.account_id
-        WHERE
-            am.date < %s
-            AND am.company_id = %s
-            AND aa.include_initial_balance = 't'
-        '''
 
-        # For official report: only use posted entries
-        if self.export_type == "official":
-            sql_query += '''
-            AND am.state = 'posted'
-            '''
+        def format_row(row):
+            with io.StringIO() as buf:
+                writer = csv.writer(buf, delimiter='|', lineterminator='\r\n')
+                writer.writerow(row)
+                return buf.getvalue().encode()
+
+        @contextlib.contextmanager
+        def get_cursor():
+            if self.env.context.get('fec_test_mode'):
+                yield self.env.cr
+            else:
+                with Registry(self.env.cr.dbname).cursor() as cr:
+                    yield cr
+
+        def stream_header():
+            yield format_row(header)
+
+        def stream_initial_balance():
+            with get_cursor() as cr:
+                fec = self.with_env(self.env(cr=cr))
+                unaffected_earnings_account = fec.env['account.account'].search([
+                    ('account_type', '=', 'equity_unaffected'),
+                    ('company_id', '=', company_id)
+                ], limit=1)
+                unaffected_earnings_line = True  # used to make sure that we add the unaffected earning initial balance only once
+                if unaffected_earnings_account:
+                    # compute the benefit/loss of last year to add in the initial balance of the current year earnings account
+                    unaffected_earnings_results = fec._do_query_unaffected_earnings()
+                    unaffected_earnings_line = False
+
+                sql_query = f'''
+                SELECT
+                    'OUV' AS JournalCode,
+                    'Balance initiale' AS JournalLib,
+                    'OUVERTURE/' || %s AS EcritureNum,
+                    %s AS EcritureDate,
+                    MIN(aa.code) AS CompteNum,
+                    replace(replace(MIN({aa_name}), '|', '/'), '\t', '') AS CompteLib,
+                    '' AS CompAuxNum,
+                    '' AS CompAuxLib,
+                    '-' AS PieceRef,
+                    %s AS PieceDate,
+                    '/' AS EcritureLib,
+                    replace(CASE WHEN sum(aml.balance) <= 0 THEN '0,00' ELSE to_char(SUM(aml.balance), '000000000000000D99') END, '.', ',') AS Debit,
+                    replace(CASE WHEN sum(aml.balance) >= 0 THEN '0,00' ELSE to_char(-SUM(aml.balance), '000000000000000D99') END, '.', ',') AS Credit,
+                    '' AS EcritureLet,
+                    '' AS DateLet,
+                    %s AS ValidDate,
+                    '' AS Montantdevise,
+                    '' AS Idevise,
+                    MIN(aa.id) AS CompteID
+                FROM
+                    account_move_line aml
+                    LEFT JOIN account_move am ON am.id=aml.move_id
+                    JOIN account_account aa ON aa.id = aml.account_id
+                WHERE
+                    am.date < %s
+                    AND am.company_id = %s
+                    AND aa.include_initial_balance = 't'
+                '''
+
+                # For official report: only use posted entries
+                if fec.export_type == "official":
+                    sql_query += '''
+                    AND am.state = 'posted'
+                    '''
+
+                sql_query += '''
+                GROUP BY aml.account_id, aa.account_type
+                HAVING aa.account_type not in ('asset_receivable', 'liability_payable') AND round(sum(aml.balance), %s) != 0
+                '''
+                formatted_date_from = fields.Date.to_string(fec.date_from).replace('-', '')
+                date_from = fec.date_from
+                formatted_date_year = date_from.year
+                currency_digits = 2
+
+                fec._cr.execute(
+                    sql_query, (formatted_date_year, formatted_date_from, formatted_date_from, formatted_date_from, fec.date_from, company_id,
+                                currency_digits))
+
+                for row in fec._cr.fetchall():
+                    listrow = list(row)
+                    account_id = listrow.pop()
+                    if not unaffected_earnings_line:
+                        account = fec.env['account.account'].browse(account_id)
+                        if account.account_type == 'equity_unaffected':
+                            # add the benefit/loss of previous fiscal year to the first unaffected earnings account found.
+                            unaffected_earnings_line = True
+                            current_amount = float(listrow[11].replace(',', '.')) - float(listrow[12].replace(',', '.'))
+                            unaffected_earnings_amount = float(unaffected_earnings_results[11].replace(',', '.')) - float(unaffected_earnings_results[12].replace(',', '.'))
+                            listrow_amount = current_amount + unaffected_earnings_amount
+                            if float_is_zero(listrow_amount, precision_digits=currency_digits):
+                                continue
+                            if listrow_amount > 0:
+                                listrow[11] = str(listrow_amount).replace('.', ',')
+                                listrow[12] = '0,00'
+                            else:
+                                listrow[11] = '0,00'
+                                listrow[12] = str(-listrow_amount).replace('.', ',')
+                    yield format_row(listrow)
+
+                # if the unaffected earnings account wasn't in the selection yet: add it manually
+                if (not unaffected_earnings_line
+                    and unaffected_earnings_results
+                    and (unaffected_earnings_results[11] != '0,00'
+                        or unaffected_earnings_results[12] != '0,00')):
+                    # search an unaffected earnings account
+                    unaffected_earnings_account = fec.env['account.account'].search([('account_type', '=', 'equity_unaffected'),
+                                                                                    ('company_id', '=', company_id)], limit=1)
+                    if unaffected_earnings_account:
+                        unaffected_earnings_results[4] = unaffected_earnings_account.code
+                        unaffected_earnings_results[5] = unaffected_earnings_account.name
+                    yield format_row(unaffected_earnings_results)
+
+                # INITIAL BALANCE - receivable/payable
+                sql_query = f'''
+                SELECT
+                    'OUV' AS JournalCode,
+                    'Balance initiale' AS JournalLib,
+                    'OUVERTURE/' || %s AS EcritureNum,
+                    %s AS EcritureDate,
+                    MIN(aa.code) AS CompteNum,
+                    replace(MIN({aa_name}), '|', '/') AS CompteLib,
+                    CASE WHEN MIN(aa.account_type) IN ('asset_receivable', 'liability_payable')
+                    THEN
+                        CASE WHEN rp.ref IS null OR rp.ref = ''
+                        THEN rp.id::text
+                        ELSE replace(rp.ref, '|', '/')
+                        END
+                    ELSE ''
+                    END
+                    AS CompAuxNum,
+                    CASE WHEN aa.account_type IN ('asset_receivable', 'liability_payable')
+                    THEN COALESCE(replace(rp.name, '|', '/'), '')
+                    ELSE ''
+                    END AS CompAuxLib,
+                    '-' AS PieceRef,
+                    %s AS PieceDate,
+                    '/' AS EcritureLib,
+                    replace(CASE WHEN sum(aml.balance) <= 0 THEN '0,00' ELSE to_char(SUM(aml.balance), '000000000000000D99') END, '.', ',') AS Debit,
+                    replace(CASE WHEN sum(aml.balance) >= 0 THEN '0,00' ELSE to_char(-SUM(aml.balance), '000000000000000D99') END, '.', ',') AS Credit,
+                    '' AS EcritureLet,
+                    '' AS DateLet,
+                    %s AS ValidDate,
+                    '' AS Montantdevise,
+                    '' AS Idevise,
+                    MIN(aa.id) AS CompteID
+                FROM
+                    account_move_line aml
+                    LEFT JOIN account_move am ON am.id=aml.move_id
+                    LEFT JOIN res_partner rp ON rp.id=aml.partner_id
+                    JOIN account_account aa ON aa.id = aml.account_id
+                WHERE
+                    am.date < %s
+                    AND am.company_id = %s
+                    AND aa.include_initial_balance = 't'
+                '''
+
+                # For official report: only use posted entries
+                if fec.export_type == "official":
+                    sql_query += '''
+                    AND am.state = 'posted'
+                    '''
+
+                sql_query += '''
+                GROUP BY aml.account_id, aa.account_type, rp.ref, rp.id
+                HAVING aa.account_type in ('asset_receivable', 'liability_payable') AND round(sum(aml.balance), %s) != 0
+                '''
+                fec._cr.execute(
+                    sql_query, (formatted_date_year, formatted_date_from, formatted_date_from, formatted_date_from, fec.date_from, company_id,
+                                currency_digits))
+
+                for row in fec._cr.fetchall():
+                    listrow = list(row)
+                    account_id = listrow.pop()
+                    yield format_row(listrow)
+
+        def stream_lines():
+            with get_cursor() as cr:
+                fec = self.with_env(self.env(cr=cr))
+                if fec.pool['account.journal'].name.translate:
+                    lang = fec.env.user.lang or get_lang(fec.env).code
+                    aj_name = f"COALESCE(aj.name->>'{lang}', aj.name->>'en_US')"
+                else:
+                    aj_name = "aj.name"
+
+                query_limit = int(fec.env['ir.config_parameter'].sudo().get_param('l10n_fr_fec.batch_size', 500000))  # To prevent memory errors when fetching the results
+
+                sql_query = f'''
+                SELECT
+                    REGEXP_REPLACE(replace(aj.code, '|', '/'), '[\\t\\r\\n]', ' ', 'g') AS JournalCode,
+                    REGEXP_REPLACE(replace({aj_name}, '|', '/'), '[\\t\\r\\n]', ' ', 'g') AS JournalLib,
+                    REGEXP_REPLACE(replace(am.name, '|', '/'), '[\\t\\r\\n]', ' ', 'g') AS EcritureNum,
+                    TO_CHAR(am.date, 'YYYYMMDD') AS EcritureDate,
+                    aa.code AS CompteNum,
+                    REGEXP_REPLACE(replace({aa_name}, '|', '/'), '[\\t\\r\\n]', ' ', 'g') AS CompteLib,
+                    CASE WHEN aa.account_type IN ('asset_receivable', 'liability_payable')
+                    THEN
+                        CASE WHEN rp.ref IS null OR rp.ref = ''
+                        THEN rp.id::text
+                        ELSE replace(rp.ref, '|', '/')
+                        END
+                    ELSE ''
+                    END
+                    AS CompAuxNum,
+                    CASE WHEN aa.account_type IN ('asset_receivable', 'liability_payable')
+                    THEN COALESCE(REGEXP_REPLACE(replace(rp.name, '|', '/'), '[\\t\\r\\n]', ' ', 'g'), '')
+                    ELSE ''
+                    END AS CompAuxLib,
+                    CASE WHEN am.ref IS null OR am.ref = ''
+                    THEN '-'
+                    ELSE REGEXP_REPLACE(replace(am.ref, '|', '/'), '[\\t\\r\\n]', ' ', 'g')
+                    END
+                    AS PieceRef,
+                    TO_CHAR(COALESCE(am.invoice_date, am.date), 'YYYYMMDD') AS PieceDate,
+                    CASE WHEN aml.name IS NULL OR aml.name = '' THEN '/'
+                        WHEN aml.name SIMILAR TO '[\\t|\\s|\\n]*' THEN '/'
+                        ELSE REGEXP_REPLACE(replace(aml.name, '|', '/'), '[\\t\\n\\r]', ' ', 'g') END AS EcritureLib,
+                    replace(CASE WHEN aml.debit = 0 THEN '0,00' ELSE to_char(aml.debit, '000000000000000D99') END, '.', ',') AS Debit,
+                    replace(CASE WHEN aml.credit = 0 THEN '0,00' ELSE to_char(aml.credit, '000000000000000D99') END, '.', ',') AS Credit,
+                    CASE WHEN rec.name IS NULL THEN '' ELSE rec.name END AS EcritureLet,
+                    CASE WHEN aml.full_reconcile_id IS NULL THEN '' ELSE TO_CHAR(rec.create_date, 'YYYYMMDD') END AS DateLet,
+                    TO_CHAR(am.date, 'YYYYMMDD') AS ValidDate,
+                    CASE
+                        WHEN aml.amount_currency IS NULL OR aml.amount_currency = 0 THEN ''
+                        ELSE replace(to_char(aml.amount_currency, '000000000000000D99'), '.', ',')
+                    END AS Montantdevise,
+                    CASE WHEN aml.currency_id IS NULL THEN '' ELSE rc.name END AS Idevise
+                FROM
+                    account_move_line aml
+                    LEFT JOIN account_move am ON am.id=aml.move_id
+                    LEFT JOIN res_partner rp ON rp.id=aml.partner_id
+                    JOIN account_journal aj ON aj.id = am.journal_id
+                    JOIN account_account aa ON aa.id = aml.account_id
+                    LEFT JOIN res_currency rc ON rc.id = aml.currency_id
+                    LEFT JOIN account_full_reconcile rec ON rec.id = aml.full_reconcile_id
+                WHERE
+                    am.date >= %s
+                    AND am.date <= %s
+                    AND am.company_id = %s
+                    {"AND am.state = 'posted'" if fec.export_type == 'official' else ""}
+                ORDER BY
+                    am.date,
+                    am.name,
+                    aml.id
+                LIMIT %s
+                OFFSET %s
+                '''
+
+                query_offset = 0
+                has_more_results = True
+                while has_more_results:
+                    fec._cr.execute(
+                        sql_query,
+                        (fec.date_from, fec.date_to, company_id, query_limit + 1, query_offset)
+                    )
+                    query_offset += query_limit
+                    has_more_results = fec._cr.rowcount > query_limit  # we load one more result than the limit to check if there is more
+                    query_results = fec._cr.fetchall()
+                    for row in query_results[:query_limit]:
+                        row = list(row)
+                        yield format_row(row)
 
-        sql_query += '''
-        GROUP BY aml.account_id, aa.account_type, rp.ref, rp.id
-        HAVING aa.account_type in ('asset_receivable', 'liability_payable') AND round(sum(aml.balance), %s) != 0
-        '''
-        self._cr.execute(
-            sql_query, (formatted_date_year, formatted_date_from, formatted_date_from, formatted_date_from, self.date_from, company.id,
-                        currency_digits))
+        def remove_trailing_newline(rows_iterator):
+            """
+            Remove the trailing newline characters (\r\n) from the last row.
 
-        for row in self._cr.fetchall():
-            listrow = list(row)
-            account_id = listrow.pop()
-            rows_to_write.append(listrow)
+            Each row in the iterator ends with '\r\n', but the FEC file format
+            requires no trailing newline after the final row. This function
+            yields all rows unchanged except the last one, which has its
+            trailing 2 characters (the \r\n) stripped.
+            """
+            try:
+                current_row = next(rows_iterator)
+            except StopIteration:
+                return
 
-        # LINES
-        if self.pool['account.journal'].name.translate:
-            lang = self.env.user.lang or get_lang(self.env).code
-            aj_name = f"COALESCE(aj.name->>'{lang}', aj.name->>'en_US')"
-        else:
-            aj_name = "aj.name"
+            for next_row in rows_iterator:
+                yield current_row
+                current_row = next_row
 
-        query_limit = int(self.env['ir.config_parameter'].sudo().get_param('l10n_fr_fec.batch_size', 500000)) # To prevent memory errors when fetching the results
+            yield current_row[:-2]
 
-        sql_query = f'''
-        SELECT
-            REGEXP_REPLACE(replace(aj.code, '|', '/'), '[\\t\\r\\n]', ' ', 'g') AS JournalCode,
-            REGEXP_REPLACE(replace({aj_name}, '|', '/'), '[\\t\\r\\n]', ' ', 'g') AS JournalLib,
-            REGEXP_REPLACE(replace(am.name, '|', '/'), '[\\t\\r\\n]', ' ', 'g') AS EcritureNum,
-            TO_CHAR(am.date, 'YYYYMMDD') AS EcritureDate,
-            aa.code AS CompteNum,
-            REGEXP_REPLACE(replace({aa_name}, '|', '/'), '[\\t\\r\\n]', ' ', 'g') AS CompteLib,
-            CASE WHEN aa.account_type IN ('asset_receivable', 'liability_payable')
-            THEN
-                CASE WHEN rp.ref IS null OR rp.ref = ''
-                THEN rp.id::text
-                ELSE replace(rp.ref, '|', '/')
-                END
-            ELSE ''
-            END
-            AS CompAuxNum,
-            CASE WHEN aa.account_type IN ('asset_receivable', 'liability_payable')
-            THEN COALESCE(REGEXP_REPLACE(replace(rp.name, '|', '/'), '[\\t\\r\\n]', ' ', 'g'), '')
-            ELSE ''
-            END AS CompAuxLib,
-            CASE WHEN am.ref IS null OR am.ref = ''
-            THEN '-'
-            ELSE REGEXP_REPLACE(replace(am.ref, '|', '/'), '[\\t\\r\\n]', ' ', 'g')
-            END
-            AS PieceRef,
-            TO_CHAR(COALESCE(am.invoice_date, am.date), 'YYYYMMDD') AS PieceDate,
-            CASE WHEN aml.name IS NULL OR aml.name = '' THEN '/'
-                WHEN aml.name SIMILAR TO '[\\t|\\s|\\n]*' THEN '/'
-                ELSE REGEXP_REPLACE(replace(aml.name, '|', '/'), '[\\t\\n\\r]', ' ', 'g') END AS EcritureLib,
-            replace(CASE WHEN aml.debit = 0 THEN '0,00' ELSE to_char(aml.debit, '000000000000000D99') END, '.', ',') AS Debit,
-            replace(CASE WHEN aml.credit = 0 THEN '0,00' ELSE to_char(aml.credit, '000000000000000D99') END, '.', ',') AS Credit,
-            CASE WHEN rec.name IS NULL THEN '' ELSE rec.name END AS EcritureLet,
-            CASE WHEN aml.full_reconcile_id IS NULL THEN '' ELSE TO_CHAR(rec.create_date, 'YYYYMMDD') END AS DateLet,
-            TO_CHAR(am.date, 'YYYYMMDD') AS ValidDate,
-            CASE
-                WHEN aml.amount_currency IS NULL OR aml.amount_currency = 0 THEN ''
-                ELSE replace(to_char(aml.amount_currency, '000000000000000D99'), '.', ',')
-            END AS Montantdevise,
-            CASE WHEN aml.currency_id IS NULL THEN '' ELSE rc.name END AS Idevise
-        FROM
-            account_move_line aml
-            LEFT JOIN account_move am ON am.id=aml.move_id
-            LEFT JOIN res_partner rp ON rp.id=aml.partner_id
-            JOIN account_journal aj ON aj.id = am.journal_id
-            JOIN account_account aa ON aa.id = aml.account_id
-            LEFT JOIN res_currency rc ON rc.id = aml.currency_id
-            LEFT JOIN account_full_reconcile rec ON rec.id = aml.full_reconcile_id
-        WHERE
-            am.date >= %s
-            AND am.date <= %s
-            AND am.company_id = %s
-            {"AND am.state = 'posted'" if self.export_type == 'official' else ""}
-        ORDER BY
-            am.date,
-            am.name,
-            aml.id
-        LIMIT %s
-        OFFSET %s
-        '''
+        return remove_trailing_newline(chain(stream_header(), stream_initial_balance(), stream_lines()))
 
-        with io.BytesIO() as fecfile:
-            csv_writer = pycompat.csv_writer(fecfile, delimiter='|', lineterminator='')
-
-            # Write header and initial balances
-            for initial_row in rows_to_write:
-                initial_row = list(initial_row)
-                # We don't skip \n at then end of the file if there are only initial balances, for simplicity. An empty period export shouldn't happen IRL.
-                initial_row[-1] += u'\r\n'
-                csv_writer.writerow(initial_row)
-
-            # Write current period's data
-            query_offset = 0
-            has_more_results = True
-            while has_more_results:
-                self._cr.execute(
-                    sql_query,
-                    (self.date_from, self.date_to, company.id, query_limit + 1, query_offset)
-                )
-                query_offset += query_limit
-                has_more_results = self._cr.rowcount > query_limit # we load one more result than the limit to check if there is more
-                query_results = self._cr.fetchall()
-                for i, row in enumerate(query_results[:query_limit]):
-                    if i < len(query_results) - 1:
-                        # The file is not allowed to end with an empty line, so we can't use lineterminator on the writer
-                        row = list(row)
-                        row[-1] += u'\r\n'
-                    csv_writer.writerow(row)
+    def generate_fec(self):
+        self.ensure_one()
+        if not (self.env.is_admin() or self.env.user.has_group('account.group_account_user')):
+            raise AccessDenied()
+        # We choose to implement the flat file instead of the XML
+        # file for 2 reasons :
+        # 1) the XSD file impose to have the label on the account.move
+        # but Odoo has the label on the account.move.line, so that's a
+        # problem !
+        # 2) CSV files are easier to read/use for a regular accountant.
+        # So it will be easier for the accountant to check the file before
+        # sending it to the fiscal administration
+        today = fields.Date.today()
+        if self.date_from > today or self.date_to > today:
+            raise UserError(_('You could not set the start date or the end date in the future.'))
+        if self.date_from >= self.date_to:
+            raise UserError(_('The start date must be inferior to the end date.'))
 
-            base64_result = base64.encodebytes(fecfile.getvalue())
+        company = self.env.company
+        company_legal_data = self._get_company_legal_data(company)
 
         end_date = fields.Date.to_string(self.date_to).replace('-', '')
         suffix = ''
@@ -414,7 +447,6 @@ def generate_fec(self):
             suffix = '-NONOFFICIAL'
 
         self.write({
-            'fec_data': base64_result,
             # Filename = <siren>FECYYYYMMDD where YYYMMDD is the closing date
             'filename': '%sFEC%s%s.csv' % (company_legal_data, end_date, suffix),
             })
@@ -426,7 +458,7 @@ def generate_fec(self):
         return {
             'name': 'FEC',
             'type': 'ir.actions.act_url',
-            'url': "web/content/?model=account.fr.fec&id=" + str(self.id) + "&filename_field=filename&field=fec_data&download=true&filename=" + self.filename,
+            'url': f'/download/fec_file/{self.id}',
             'target': 'self',
         }
 
diff --git a/addons/l10n_it_edi/models/account_edi_format.py b/addons/l10n_it_edi/models/account_edi_format.py
index 2a13c63bf13ab..fe507d017e3d1 100644
--- a/addons/l10n_it_edi/models/account_edi_format.py
+++ b/addons/l10n_it_edi/models/account_edi_format.py
@@ -1215,7 +1215,7 @@ def _post_invoice_edi(self, invoices):
 
     def _get_proxy_identification(self, company):
         if self.code != 'fattura_pa':
-            return super()._get_proxy_identification()
+            return super()._get_proxy_identification(company)
 
         if not company.l10n_it_codice_fiscale:
             raise UserError(_('Please fill your codice fiscale to be able to receive invoices from FatturaPA'))
diff --git a/addons/l10n_ma/__init__.py b/addons/l10n_ma/__init__.py
index 67dee8c60dbf8..be9f4fab00ae2 100644
--- a/addons/l10n_ma/__init__.py
+++ b/addons/l10n_ma/__init__.py
@@ -1,2 +1,3 @@
 # -*- coding: utf-8 -*-
 # Part of Odoo. See LICENSE file for full copyright and licensing details.
+from . import models
diff --git a/addons/l10n_ma/__manifest__.py b/addons/l10n_ma/__manifest__.py
index c792c5022e037..e996de567278b 100644
--- a/addons/l10n_ma/__manifest__.py
+++ b/addons/l10n_ma/__manifest__.py
@@ -24,6 +24,8 @@
         'data/account_tax_report_data.xml',
         'data/account_tax_data.xml',
         'data/account_chart_template_data.xml',
+        'views/res_partner_views.xml',
+        'views/res_company_views.xml',
     ],
     'license': 'LGPL-3',
 }
diff --git a/addons/l10n_ma/models/__init__.py b/addons/l10n_ma/models/__init__.py
new file mode 100644
index 0000000000000..89926f8b3be44
--- /dev/null
+++ b/addons/l10n_ma/models/__init__.py
@@ -0,0 +1,2 @@
+from . import base_document_layout
+from . import res_partner
diff --git a/addons/l10n_ma/models/base_document_layout.py b/addons/l10n_ma/models/base_document_layout.py
new file mode 100644
index 0000000000000..c78f94a651001
--- /dev/null
+++ b/addons/l10n_ma/models/base_document_layout.py
@@ -0,0 +1,15 @@
+from markupsafe import Markup
+
+from odoo import api, models
+
+
+class BaseDocumentLayout(models.TransientModel):
+    _inherit = 'base.document.layout'
+
+    @api.model
+    def _default_company_details(self):
+        # OVERRIDE web/models/base_document_layout
+        company_details = super()._default_company_details()
+        if self.env.company.country_code == 'MA':
+            company_details += Markup('<br> ICE: %s') % self.env.company.company_registry
+        return company_details
diff --git a/addons/l10n_ma/models/res_partner.py b/addons/l10n_ma/models/res_partner.py
new file mode 100644
index 0000000000000..4aefc07a6ec31
--- /dev/null
+++ b/addons/l10n_ma/models/res_partner.py
@@ -0,0 +1,12 @@
+from odoo import api, models, _
+from odoo.exceptions import ValidationError
+
+
+class ResPartner(models.Model):
+    _inherit = ['res.partner']
+
+    @api.constrains('company_registry', 'country_id')
+    def _check_company_registry_ma(self):
+        for record in self:
+            if record.country_code == 'MA' and record.company_registry and (len(record.company_registry) != 15 or not record.company_registry.isdigit()):
+                raise ValidationError(_("ICE number should have exactly 15 digits."))
diff --git a/addons/l10n_ma/views/res_company_views.xml b/addons/l10n_ma/views/res_company_views.xml
new file mode 100644
index 0000000000000..5f334e819247d
--- /dev/null
+++ b/addons/l10n_ma/views/res_company_views.xml
@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<odoo>
+    <record id="view_company_form" model="ir.ui.view">
+        <field name="name">res.company.form.inherit.l10n_ma</field>
+        <field name="model">res.company</field>
+        <field name="inherit_id" ref="base.view_company_form"/>
+        <field name="arch" type="xml">
+            <xpath expr="//field[@name='company_registry']" position="attributes">
+                <attribute name="nolabel">1</attribute>
+            </xpath>
+            <field name="company_registry" position="before">
+                <label for="company_registry" attrs="{'invisible': [('country_code', '=', 'MA')]}" />
+                <label for="company_registry" string="ICE" attrs="{'invisible': [('country_code', '!=', 'MA')]}" />
+            </field>
+        </field>
+    </record>
+</odoo>
diff --git a/addons/l10n_ma/views/res_partner_views.xml b/addons/l10n_ma/views/res_partner_views.xml
new file mode 100644
index 0000000000000..aacf0fcc9c2c2
--- /dev/null
+++ b/addons/l10n_ma/views/res_partner_views.xml
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="utf-8"?>
+<odoo>
+    <record id="view_partner_property_form" model="ir.ui.view">
+        <field name="name">res.partner.form.inherit.l10n_ma</field>
+        <field name="model">res.partner</field>
+        <field name="inherit_id" ref="base.view_partner_form"/>
+        <field name="arch" type="xml">
+            <xpath expr="//field[@name='vat']" position="after">
+                <field name="company_registry" string="ICE" attrs="{'invisible': [('country_code', '!=', 'MA')]}"></field>
+            </xpath>
+        </field>
+    </record>
+</odoo>
diff --git a/addons/mail/models/mail_activity.py b/addons/mail/models/mail_activity.py
index 048f7ed748b8b..b027348317eba 100644
--- a/addons/mail/models/mail_activity.py
+++ b/addons/mail/models/mail_activity.py
@@ -567,6 +567,7 @@ def _action_done(self, feedback=False, attachment_ids=None):
 
         for model, activity_data in self._classify_by_model().items():
             records = self.env[model].browse(activity_data['record_ids'])
+            existing = records.exists()  # in case record was cascade-deleted in DB, skipping unlink override
             for record, activity in zip(records, activity_data['activities']):
                 # extract value to generate next activities
                 if activity.chaining_type == 'trigger':
@@ -574,22 +575,25 @@ def _action_done(self, feedback=False, attachment_ids=None):
                     next_activities_values.append(vals)
 
                 # post message on activity, before deleting it
-                activity_message = record.message_post_with_view(
-                    'mail.message_activity_done',
-                    values={
-                        'activity': activity,
-                        'feedback': feedback,
-                        'display_assignee': activity.user_id != self.env.user
-                    },
-                    subtype_id=self.env['ir.model.data']._xmlid_to_res_id('mail.mt_activities'),
-                    mail_activity_type_id=activity.activity_type_id.id,
-                    attachment_ids=[Command.link(attachment_id) for attachment_id in attachment_ids] if attachment_ids else [],
-                )
+                if record in existing:
+                    activity_message = record.message_post_with_view(
+                        'mail.message_activity_done',
+                        values={
+                            'activity': activity,
+                            'feedback': feedback,
+                            'display_assignee': activity.user_id != self.env.user
+                        },
+                        subtype_id=self.env['ir.model.data']._xmlid_to_res_id('mail.mt_activities'),
+                        mail_activity_type_id=activity.activity_type_id.id,
+                        attachment_ids=[Command.link(attachment_id) for attachment_id in attachment_ids] if attachment_ids else [],
+                    )
+                else:
+                    activity_message = self.env['mail.message']
 
                 # Moving the attachments in the message
                 # TODO: Fix void res_id on attachment when you create an activity with an image
                 # directly, see route /web_editor/attachment/add
-                if activity_attachments[activity.id]:
+                if activity_attachments[activity.id] and activity_message:
                     message_attachments = self.env['ir.attachment'].browse(activity_attachments[activity.id])
                     if message_attachments:
                         message_attachments.write({
@@ -597,6 +601,9 @@ def _action_done(self, feedback=False, attachment_ids=None):
                             'res_model': activity_message._name,
                         })
                         activity_message.attachment_ids = message_attachments
+                # removing attachments linked to activity if record is missing
+                elif activity_attachments[activity.id]:
+                    self.env['ir.attachment'].browse(activity_attachments[activity.id]).unlink()
                 messages += activity_message
 
         next_activities = self.env['mail.activity']
diff --git a/addons/mail/models/mail_message.py b/addons/mail/models/mail_message.py
index 6fe334bed9aca..8d523cf1e3456 100644
--- a/addons/mail/models/mail_message.py
+++ b/addons/mail/models/mail_message.py
@@ -8,7 +8,7 @@
 from collections import defaultdict
 
 from odoo import _, api, Command, fields, models, modules, tools
-from odoo.exceptions import AccessError
+from odoo.exceptions import AccessError, MissingError
 from odoo.osv import expression
 from odoo.tools.misc import clean_context
 
@@ -563,6 +563,10 @@ def _generate_model_record_ids(msg_val, msg_ids):
     def create(self, values_list):
         tracking_values_list = []
         for values in values_list:
+            if not (self.env.su or self.env.user.has_group('base.group_user')):
+                values.pop('author_id', None)
+                values.pop('email_from', None)
+                self = self.with_context({k: v for k, v in self.env.context.items() if k not in ['default_author_id', 'default_email_from']})  # noqa: PLW0642
             if 'email_from' not in values:  # needed to compute reply_to
                 _author_id, email_from = self.env['mail.thread']._message_compute_author(values.get('author_id'), email_from=None, raise_on_email=False)
                 values['email_from'] = email_from
@@ -664,6 +668,9 @@ def read(self, fields=None, load='_classic_read'):
         return super(Message, self).read(fields=fields, load=load)
 
     def write(self, vals):
+        if not (self.env.su or self.env.user.has_group('base.group_user')):
+            vals.pop('author_id', None)
+            vals.pop('email_from', None)
         record_changed = 'model' in vals or 'res_id' in vals
         if record_changed or 'message_type' in vals:
             self._invalidate_documents()
@@ -846,6 +853,9 @@ def _message_format(self, fnames, format_reply=True, legacy=False):
         for message in self:
             if message.model and message.res_id:
                 thread_ids_by_model_name[message.model].add(message.res_id)
+        # filter missing records
+        for model_name, record_ids in thread_ids_by_model_name.items():
+            thread_ids_by_model_name[model_name] = self.env[model_name].browse(record_ids).exists().ids
 
         for vals in vals_list:
             message_sudo = self.browse(vals['id']).sudo().with_prefetch(self.ids)
@@ -857,7 +867,7 @@ def _message_format(self, fnames, format_reply=True, legacy=False):
                 'id': message_sudo.author_guest_id.id,
                 'name': message_sudo.author_guest_id.name,
             } if message_sudo.author_guest_id else [('clear',)]
-            if message_sudo.model and message_sudo.res_id:
+            if message_sudo.model and message_sudo.res_id and message_sudo.res_id in thread_ids_by_model_name[message_sudo.model]:
                 record_name = self.env[message_sudo.model].browse(message_sudo.res_id).sudo().with_prefetch(thread_ids_by_model_name[message_sudo.model]).display_name
             else:
                 record_name = False
@@ -1011,7 +1021,9 @@ def _notify_message_notification_update(self):
                 try:
                     record.check_access_rights('read')
                     record.check_access_rule('read')
-                except AccessError:
+                except (MissingError, AccessError):
+                    # record has been removed from db without cascading notif -> avoid crash at least
+                    # access error -> just skip
                     continue
                 else:
                     messages += message
diff --git a/addons/mail/models/mail_message_schedule.py b/addons/mail/models/mail_message_schedule.py
index e8fa207404ba5..beed2df8d3061 100644
--- a/addons/mail/models/mail_message_schedule.py
+++ b/addons/mail/models/mail_message_schedule.py
@@ -64,10 +64,14 @@ def _send_notifications(self, default_notify_kwargs=None):
         for model, schedules in self._group_by_model().items():
             if model:
                 records = self.env[model].browse(schedules.mapped('mail_message_id.res_id'))
+                existing = records.exists()
             else:
                 records = [self.env['mail.thread']] * len(schedules)
+                existing = records
 
             for record, schedule in zip(records, schedules):
+                if record not in existing:
+                    continue
                 notify_kwargs = dict(default_notify_kwargs or {}, skip_existing=True)
                 try:
                     schedule_notify_kwargs = json.loads(schedule.notification_parameters)
diff --git a/addons/mail/models/mail_thread.py b/addons/mail/models/mail_thread.py
index 00dee035e72c3..7d5babc44f39b 100644
--- a/addons/mail/models/mail_thread.py
+++ b/addons/mail/models/mail_thread.py
@@ -1437,6 +1437,9 @@ def _message_parse_extract_payload(self, message, save_original=False):
                 if part.get_content_type() == 'binary/octet-stream':
                     _logger.warning("Message containing an unexpected Content-Type 'binary/octet-stream', assuming 'application/octet-stream'")
                     part.replace_header('Content-Type', 'application/octet-stream')
+                if part.get_content_type() == '*/*':
+                    _logger.warning("Message containing an unexpected Content-Type '*/*', assuming 'application/octet-stream'")
+                    part.replace_header('Content-Type', 'application/octet-stream')
                 if part.get_content_type() == 'multipart/alternative':
                     alternative = True
                 if part.get_content_type() == 'multipart/mixed':
diff --git a/addons/mail/models/res_partner.py b/addons/mail/models/res_partner.py
index ba4a4f85c0036..d5e874ad24f67 100644
--- a/addons/mail/models/res_partner.py
+++ b/addons/mail/models/res_partner.py
@@ -3,6 +3,7 @@
 
 from odoo import _, api, fields, models, tools
 from odoo.osv import expression
+from collections import defaultdict
 
 
 class Partner(models.Model):
@@ -141,7 +142,23 @@ def _message_fetch_failed(self):
             ('mail_message_id.model', '!=', False),
             ('mail_message_id.res_id', '!=', 0),
         ], limit=100)
-        return notifications.mail_message_id._message_notification_format()
+        found = defaultdict(list)
+        for message in notifications.mail_message_id:
+            found[message.model].append(message.res_id)
+        existing = {
+            model: set(self.env[model].browse(ids).exists().ids)
+            for model, ids in found.items()
+        }
+        valid = notifications.filtered(
+            lambda n: (
+                not n.mail_message_id.model or not n.mail_message_id.res_id or
+                n.mail_message_id.res_id in existing[n.mail_message_id.model]
+            )
+        )
+        lost = notifications - valid
+        if lost:
+            lost.sudo().unlink()  # no unlink right except admin, ok to remove as lost anyway
+        return valid.mail_message_id._message_notification_format()
 
     def _get_channels_as_member(self):
         """Returns the channels of the partner."""
diff --git a/addons/mail/tests/common.py b/addons/mail/tests/common.py
index 7362b41bc272b..dc7886c1706eb 100644
--- a/addons/mail/tests/common.py
+++ b/addons/mail/tests/common.py
@@ -1004,13 +1004,18 @@ def assertMailNotifications(self, messages, recipients_info):
                     mbody in message.body and message.message_type == mtype and
                     message.subtype_id == msubtype
                 ))
+                debug_info = '\n'.join(
+                    f'Msg: message_type {message.message_type}, subtype {message.subtype_id.name}, content {message.body}'
+                    for message in messages
+                )
             else:
                 message = self.env['mail.message'].sudo().search([
                     ('body', 'ilike', mbody),
                     ('message_type', '=', mtype),
                     ('subtype_id', '=', msubtype.id)
                 ], limit=1, order='id DESC')
-            self.assertTrue(message, 'Mail: not found message (content: %s, message_type: %s, subtype: %s)' % (mbody, mtype, msubtype.name))
+                debug_info = ''
+            self.assertTrue(message, 'Mail: not found message (content: %s, message_type: %s, subtype: %s\n%s)' % (mbody, mtype, msubtype.name, debug_info))
 
             # check message values
             message_values = message_info.get('message_values', {})
diff --git a/addons/mail_plugin/controllers/authenticate.py b/addons/mail_plugin/controllers/authenticate.py
index 190ff2b720bc6..96b2c9664588b 100644
--- a/addons/mail_plugin/controllers/authenticate.py
+++ b/addons/mail_plugin/controllers/authenticate.py
@@ -53,6 +53,12 @@ def auth_confirm(self, scope, friendlyname, redirect, info=None, do=None, **kw):
         updated_redirect = parsed_redirect.replace(query=werkzeug.urls.url_encode(params))
         return request.redirect(updated_redirect.to_url(), local=False)
 
+    @http.route(['/mail_plugin/auth/check_version'], type='json', auth="none", cors="*",
+                methods=['POST', 'OPTIONS'])
+    def auth_check_version(self):
+        """Allow to know if the module is installed and which addin version is supported."""
+        return 1
+
     # In this case, an exception will be thrown in case of preflight request if only POST is allowed.
     @http.route(['/mail_client_extension/auth/access_token', '/mail_plugin/auth/access_token'], type='json', auth="none", cors="*",
                 methods=['POST', 'OPTIONS'])
diff --git a/addons/mass_mailing/static/tests/mass_mailing_favourite_filter_tests.js b/addons/mass_mailing/static/tests/mass_mailing_favourite_filter_tests.js
index ea65727313818..27e1b8cde16e0 100644
--- a/addons/mass_mailing/static/tests/mass_mailing_favourite_filter_tests.js
+++ b/addons/mass_mailing/static/tests/mass_mailing_favourite_filter_tests.js
@@ -237,7 +237,7 @@ QUnit.module('favorite filter widget', (hooks) => {
             },
             records: [
                 {id: 1, name: 'Azure Interior'},
-                {id: 2, name: 'Deco Addict'},
+                {id: 2, name: 'Acme Corporation'},
                 {id: 3, name: 'Marc Demo'},
             ]
         };
diff --git a/addons/mrp/__init__.py b/addons/mrp/__init__.py
index 4e423d2b936c7..eb561a39ed4d1 100644
--- a/addons/mrp/__init__.py
+++ b/addons/mrp/__init__.py
@@ -19,9 +19,11 @@ def _pre_init_mrp(cr):
     cr.execute("""ALTER TABLE "stock_move" ADD COLUMN "is_done" bool;""")
     cr.execute("""UPDATE stock_move
                      SET is_done=COALESCE(state in ('done', 'cancel'), FALSE);""")
-    cr.execute("""ALTER TABLE "stock_move" ADD COLUMN "unit_factor" double precision;""")
-    cr.execute("""UPDATE stock_move
-                     SET unit_factor=1;""")
+    cr.execute('ALTER TABLE stock_move ADD COLUMN IF NOT EXISTS unit_factor double precision DEFAULT 1')
+    # `stock.move.bom_line_id` is created in this module, so its default value will be NULL.
+    # `stock.move._is_manual_consumption` always returns False when there is no `bom_line_id`;
+    # therefore, we can just initialize `manual_consumption` to FALSE by default.
+    cr.execute('ALTER TABLE stock_move ADD COLUMN IF NOT EXISTS manual_consumption bool DEFAULT FALSE')
 
 def _create_warehouse_data(cr, registry):
     """ This hook is used to add a default manufacture_pull_id, manufacture
diff --git a/addons/mrp/security/mrp_security.xml b/addons/mrp/security/mrp_security.xml
index 1618df9034168..260836d0a6e3f 100644
--- a/addons/mrp/security/mrp_security.xml
+++ b/addons/mrp/security/mrp_security.xml
@@ -47,9 +47,6 @@
 
 </data>
 <data noupdate="1">
-    <record id="base.default_user" model="res.users">
-        <field name="groups_id" eval="[(4,ref('mrp.group_mrp_manager'))]"/>
-    </record>
 <!-- Multi -->
     <record model="ir.rule" id="mrp_production_rule">
         <field name="name">mrp_production multi-company</field>
diff --git a/addons/payment_ogone/models/__init__.py b/addons/payment_ogone/models/__init__.py
index 08dfb8af3427c..6b48b38cae362 100644
--- a/addons/payment_ogone/models/__init__.py
+++ b/addons/payment_ogone/models/__init__.py
@@ -1,4 +1,5 @@
 # Part of Odoo. See LICENSE file for full copyright and licensing details.
 
 from . import payment_provider
+from . import payment_token
 from . import payment_transaction
diff --git a/addons/payment_ogone/models/payment_provider.py b/addons/payment_ogone/models/payment_provider.py
index d5a971bfe5d1b..11e828fb0baac 100644
--- a/addons/payment_ogone/models/payment_provider.py
+++ b/addons/payment_ogone/models/payment_provider.py
@@ -44,6 +44,22 @@ def _compute_feature_support_fields(self):
             'support_tokenization': True,
         })
 
+    # === ACTION METHODS === #
+
+    def action_open_worldline_provider(self):
+        """Open the Worldline module form."""
+        worldline_module = self.env['ir.module.module'].search([
+            ('name', '=', 'payment_worldline'),
+        ])
+        return worldline_module and {
+            'type': 'ir.actions.act_window',
+            'res_model': 'ir.module.module',
+            'res_id': worldline_module.id,
+            'view_mode': 'form',
+            'view_id': self.env.ref('base.module_form').id,
+            'target': 'current',
+        }
+
     #=== BUSINESS METHODS ===#
 
     @api.model
diff --git a/addons/payment_ogone/models/payment_token.py b/addons/payment_ogone/models/payment_token.py
new file mode 100644
index 0000000000000..53bdcdaa5f302
--- /dev/null
+++ b/addons/payment_ogone/models/payment_token.py
@@ -0,0 +1,18 @@
+# Part of Odoo. See LICENSE file for full copyright and licensing details.
+
+from odoo import models
+
+
+class PaymentToken(models.Model):
+    _inherit = 'payment.token'
+
+    def write(self, values):
+        """Override to prevent archiving of tokens during Ogone to Worldline migration.
+
+        :param dict values: The values to write on the record.
+        :return: None if the write is skipped, otherwise the result of the parent write.
+        :rtype: bool or None
+        """
+        if self.env.context.get('skip_token_archival') and 'active' in values:
+            values.pop('active')
+        return super().write(values)
diff --git a/addons/payment_ogone/views/payment_provider_views.xml b/addons/payment_ogone/views/payment_provider_views.xml
index a85182a2d3312..5ece6ae9880a8 100644
--- a/addons/payment_ogone/views/payment_provider_views.xml
+++ b/addons/payment_ogone/views/payment_provider_views.xml
@@ -11,7 +11,12 @@
                      role="alert"
                      attrs="{'invisible': [('code', '!=', 'ogone')]}">
                     This provider is deprecated.
-                    Consider disabling it and moving to <strong>Stripe</strong>.
+                    Please install
+                    <a type="object" name="action_open_worldline_provider">
+                        the Worldline provider
+                    </a>
+                    as a drop-in replacement. Your data and payment tokens will be automatically
+                    migrated from Ogone to Worldline.
                 </div>
             </xpath>
             <group name="provider_credentials" position="inside">
diff --git a/addons/payment_worldline/README.md b/addons/payment_worldline/README.md
new file mode 100644
index 0000000000000..8bcd155080f95
--- /dev/null
+++ b/addons/payment_worldline/README.md
@@ -0,0 +1,48 @@
+# Worldline
+
+## Technical details
+
+API: [Worldline Direct API](https://docs.direct.worldline-solutions.com/en/api-reference)
+version `2`
+
+This module integrates Worldline using the generic payment with redirection flow based on form
+submission provided by the `payment` module.
+
+This is achieved by following the [Hosted Checkout Page]
+(https://docs.direct.worldline-solutions.com/en/integration/basic-integration-methods/hosted-checkout-page)
+guide.
+
+## Supported features
+
+- Payment with redirection flow
+- Webhook notifications
+- Tokenization with payment
+
+## Not implemented features
+
+- Tokenization without payment
+- Manual capture
+- Refunds
+
+## Module history
+
+- `18.0`
+  - The first version of the module is merged. odoo/odoo#175194.
+- `17.0`
+  - Backported from v18.0. odoo/odoo#215206.
+- `16.0`
+  - Backported from v18.0. odoo/odoo#215758.
+
+## Testing instructions
+
+https://docs.direct.worldline-solutions.com/en/integration/how-to-integrate/test-cases/index
+
+Use any name, any date in the future, and any 3 or 4 digits CVC.
+
+### VISA
+
+**Card Number**: `4330264936344675`
+
+### 3D Secure 2 (VISA)
+
+**Card Number**: `4874970686672022`
diff --git a/addons/payment_worldline/__init__.py b/addons/payment_worldline/__init__.py
new file mode 100644
index 0000000000000..189e53b028e54
--- /dev/null
+++ b/addons/payment_worldline/__init__.py
@@ -0,0 +1,14 @@
+# Part of Odoo. See LICENSE file for full copyright and licensing details.
+
+from . import controllers
+from . import models
+
+from odoo.addons.payment import setup_provider, reset_payment_provider
+
+
+def post_init_hook(cr, registry):
+    setup_provider(cr, registry, 'worldline')
+
+
+def uninstall_hook(cr, registry):
+    reset_payment_provider(cr, registry, 'worldline')
diff --git a/addons/payment_worldline/__manifest__.py b/addons/payment_worldline/__manifest__.py
new file mode 100644
index 0000000000000..95adc71583ce9
--- /dev/null
+++ b/addons/payment_worldline/__manifest__.py
@@ -0,0 +1,24 @@
+# Part of Odoo. See LICENSE file for full copyright and licensing details.
+
+{
+    'name': "Payment Provider: Worldline",
+    'category': 'Accounting/Payment Providers',
+    'sequence': 350,
+    'summary': "A French payment provider covering several European countries.",
+    'description': " ",  # Non-empty string to avoid loading the README file.
+    'depends': ['payment'],
+    'data': [
+        'views/payment_provider_views.xml',
+        'views/payment_worldline_templates.xml',
+
+        'data/payment_provider_data.xml',
+    ],
+    'assets': {
+        'web.assets_frontend': [
+            'payment_worldline/static/src/js/payment_form.js',
+        ],
+    },
+    'post_init_hook': 'post_init_hook',
+    'uninstall_hook': 'uninstall_hook',
+    'license': 'LGPL-3',
+}
diff --git a/addons/payment_worldline/const.py b/addons/payment_worldline/const.py
new file mode 100644
index 0000000000000..b41dcaada0822
--- /dev/null
+++ b/addons/payment_worldline/const.py
@@ -0,0 +1,27 @@
+# Part of Odoo. See LICENSE file for full copyright and licensing details.
+
+PAYMENT_METHOD_TYPES = [
+    {'name': 'bancontact', 'countries': ['BE'], 'currencies': ['EUR'], 'code': 3012},
+    {'name': 'eps', 'countries': ['AT'], 'currencies': ['EUR'], 'code': 5406},
+    {'name': 'ideal', 'countries': ['NL'], 'currencies': ['EUR'], 'code': 809},
+    {'name': 'p24', 'countries': ['DE', 'PL'], 'currencies': ['PLN'], 'code': 3124},
+]
+
+# Mapping of transaction states to Worldline's payment statuses.
+# See https://docs.direct.worldline-solutions.com/en/integration/api-developer-guide/statuses.
+PAYMENT_STATUS_MAPPING = {
+    'pending': (
+        'CREATED', 'REDIRECTED', 'AUTHORIZATION_REQUESTED', 'PENDING_CAPTURE', 'CAPTURE_REQUESTED'
+    ),
+    'done': ('CAPTURED',),
+    'cancel': ('CANCELLED',),
+    'declined': ('REJECTED', 'REJECTED_CAPTURE'),
+}
+
+# Mapping of response codes indicating Worldline handled the request
+# See https://apireference.connect.worldline-solutions.com/s2sapi/v1/en_US/json/response-codes.html.
+VALID_RESPONSE_CODES = {
+    200: 'Successful',
+    201: 'Created',
+    402: 'Payment Rejected',
+}
diff --git a/addons/payment_worldline/controllers/__init__.py b/addons/payment_worldline/controllers/__init__.py
new file mode 100644
index 0000000000000..80ee4da1c5ecc
--- /dev/null
+++ b/addons/payment_worldline/controllers/__init__.py
@@ -0,0 +1,3 @@
+# Part of Odoo. See LICENSE file for full copyright and licensing details.
+
+from . import main
diff --git a/addons/payment_worldline/controllers/main.py b/addons/payment_worldline/controllers/main.py
new file mode 100644
index 0000000000000..75d0db5bd4052
--- /dev/null
+++ b/addons/payment_worldline/controllers/main.py
@@ -0,0 +1,106 @@
+# Part of Odoo. See LICENSE file for full copyright and licensing details.
+
+import hashlib
+import hmac
+import logging
+import pprint
+from base64 import b64encode
+
+from werkzeug.exceptions import Forbidden
+
+from odoo import http
+from odoo.exceptions import ValidationError
+from odoo.http import request
+
+_logger = logging.getLogger(__name__)
+
+
+class WorldlineController(http.Controller):
+    _return_url = '/payment/worldline/return'
+    _webhook_url = '/payment/worldline/webhook'
+
+    @http.route(_return_url, type='http', auth='public', methods=['GET'])
+    def worldline_return_from_checkout(self, **data):
+        """ Process the notification data sent by Worldline after redirection.
+
+        :param dict data: The notification data, including the provider id appended to the URL in
+                          `_get_specific_rendering_values`.
+        """
+        _logger.info("Handling redirection from Worldline with data:\n%s", pprint.pformat(data))
+
+        provider_id = int(data['provider_id'])
+        provider_sudo = request.env['payment.provider'].sudo().browse(provider_id).exists()
+        if not provider_sudo or provider_sudo.code != 'worldline':
+            _logger.warning("Received payment data with invalid provider id.")
+            raise Forbidden()
+
+        # Fetch the checkout session data from Worldline.
+        checkout_session_data = provider_sudo._worldline_make_request(
+            f'hostedcheckouts/{data["hostedCheckoutId"]}', method='GET'
+        )
+        _logger.info(
+            "Response of '/hostedcheckouts/<hostedCheckoutId>' request:\n%s",
+            pprint.pformat(checkout_session_data),
+        )
+        notification_data = checkout_session_data.get('createdPaymentOutput', {})
+
+        # Handle the notification data.
+        tx_sudo = request.env['payment.transaction'].sudo()._get_tx_from_notification_data(
+            'worldline', notification_data
+        )
+        tx_sudo._handle_notification_data('worldline', notification_data)
+        return request.redirect('/payment/status')
+
+    @http.route(_webhook_url, type='http', auth='public', methods=['POST'], csrf=False)
+    def worldline_webhook(self):
+        """ Process the notification data sent by Worldline to the webhook.
+
+        See https://docs.direct.worldline-solutions.com/en/integration/api-developer-guide/webhooks.
+
+        :return: An empty string to acknowledge the notification.
+        :rtype: str
+        """
+        notification_data = request.get_json_data()
+        _logger.info(
+            "Notification received from Worldline with data:\n%s", pprint.pformat(notification_data)
+        )
+        try:
+            # Check the integrity of the notification.
+            tx_sudo = request.env['payment.transaction'].sudo()._get_tx_from_notification_data(
+                'worldline', notification_data
+            )
+            received_signature = request.httprequest.headers.get('X-GCS-Signature')
+            request_data = request.httprequest.data
+            self._verify_notification_signature(request_data, received_signature, tx_sudo)
+
+            # Handle the notification data.
+            tx_sudo._handle_notification_data('worldline', notification_data)
+        except ValidationError:  # Acknowledge the notification to avoid getting spammed.
+            _logger.exception("Unable to handle the notification data; skipping to acknowledge.")
+
+        return request.make_json_response('')  # Acknowledge the notification.
+
+    @staticmethod
+    def _verify_notification_signature(request_data, received_signature, tx_sudo):
+        """ Check that the received signature matches the expected one.
+
+        :param dict|bytes request_data: The request data.
+        :param str received_signature: The signature to compare with the expected signature.
+        :param payment.transaction tx_sudo: The sudoed transaction referenced by the notification
+                                            data.
+        :return: None
+        :raise Forbidden: If the signatures don't match.
+        """
+        # Retrieve the received signature from the payload.
+        if not received_signature:
+            _logger.warning("Received notification with missing signature.")
+            raise Forbidden()
+
+        # Compare the received signature with the expected signature computed from the payload.
+        webhook_secret = tx_sudo.provider_id.worldline_webhook_secret
+        expected_signature = b64encode(
+            hmac.new(webhook_secret.encode(), request_data, hashlib.sha256).digest()
+        )
+        if not hmac.compare_digest(received_signature.encode(), expected_signature):
+            _logger.warning("Received notification with invalid signature.")
+            raise Forbidden()
diff --git a/addons/payment_worldline/data/neutralize.sql b/addons/payment_worldline/data/neutralize.sql
new file mode 100644
index 0000000000000..b9c7da57efb48
--- /dev/null
+++ b/addons/payment_worldline/data/neutralize.sql
@@ -0,0 +1,7 @@
+-- disable worldline payment provider
+UPDATE payment_provider
+   SET worldline_pspid = NULL,
+       worldline_api_key = NULL,
+       worldline_api_secret = NULL,
+       worldline_webhook_key = NULL,
+       worldline_webhook_secret = NULL;
diff --git a/addons/payment_worldline/data/payment_provider_data.xml b/addons/payment_worldline/data/payment_provider_data.xml
new file mode 100644
index 0000000000000..abe78bb534fd0
--- /dev/null
+++ b/addons/payment_worldline/data/payment_provider_data.xml
@@ -0,0 +1,33 @@
+<?xml version="1.0" encoding="utf-8"?>
+<odoo noupdate="1">
+
+    <record id="payment_provider_worldline" model="payment.provider">
+        <field name="name">Worldline</field>
+        <field
+            name="image_128"
+            type="base64"
+            file="payment_worldline/static/description/icon.png"
+        />
+        <field name="module_id" ref="base.module_payment_worldline"/>
+        <field
+            name="payment_icon_ids"
+            eval="[(6, 0, [
+                ref('payment.payment_icon_cc_american_express'),
+                ref('payment.payment_icon_cc_bancontact'),
+                ref('payment.payment_icon_cc_diners_club_intl'),
+                ref('payment.payment_icon_cc_discover'),
+                ref('payment.payment_icon_cc_eps'),
+                ref('payment.payment_icon_cc_ideal'),
+                ref('payment.payment_icon_cc_jcb'),
+                ref('payment.payment_icon_cc_maestro'),
+                ref('payment.payment_icon_cc_mastercard'),
+                ref('payment.payment_icon_cc_p24'),
+                ref('payment.payment_icon_cc_visa'),
+            ])]"
+        />
+        <field name="code">worldline</field>
+        <field name="redirect_form_view_id" ref="redirect_form"/>
+        <field name="allow_tokenization">True</field>
+    </record>
+
+</odoo>
diff --git a/addons/payment_worldline/models/__init__.py b/addons/payment_worldline/models/__init__.py
new file mode 100644
index 0000000000000..08dfb8af3427c
--- /dev/null
+++ b/addons/payment_worldline/models/__init__.py
@@ -0,0 +1,4 @@
+# Part of Odoo. See LICENSE file for full copyright and licensing details.
+
+from . import payment_provider
+from . import payment_transaction
diff --git a/addons/payment_worldline/models/payment_provider.py b/addons/payment_worldline/models/payment_provider.py
new file mode 100644
index 0000000000000..ac6c745344f38
--- /dev/null
+++ b/addons/payment_worldline/models/payment_provider.py
@@ -0,0 +1,194 @@
+# Part of Odoo. See LICENSE file for full copyright and licensing details.
+
+import base64
+import hashlib
+import hmac
+import logging
+import pprint
+from wsgiref.handlers import format_date_time
+
+import requests
+
+from odoo import _, api, fields, models
+from odoo.exceptions import ValidationError
+from odoo.fields import Datetime
+
+from odoo.addons.payment_worldline import const
+
+_logger = logging.getLogger(__name__)
+
+
+class PaymentProvider(models.Model):
+    _inherit = 'payment.provider'
+
+    code = fields.Selection(
+        selection_add=[('worldline', "Worldline")], ondelete={'worldline': 'set default'}
+    )
+    worldline_pspid = fields.Char(string="Worldline PSPID", required_if_provider='worldline')
+    worldline_api_key = fields.Char(string="Worldline API Key", required_if_provider='worldline')
+    worldline_api_secret = fields.Char(
+        string="Worldline API Secret", required_if_provider='worldline'
+    )
+    worldline_webhook_key = fields.Char(
+        string="Worldline Webhook Key", required_if_provider='worldline'
+    )
+    worldline_webhook_secret = fields.Char(
+        string="Worldline Webhook Secret", required_if_provider='worldline'
+    )
+
+    # === COMPUTE METHODS === #
+
+    def _compute_feature_support_fields(self):
+        """ Override of `payment` to enable additional features. """
+        super()._compute_feature_support_fields()
+        self.filtered(lambda p: p.code == 'worldline').update({
+            'support_tokenization': True,
+        })
+
+    # === BUSINESS METHODS === #
+
+    @api.model
+    def _setup_provider(self, code):
+        """Override of `payment` to migrate Ogone data including tokens to Worldline."""
+        super()._setup_provider(code)
+        if code != 'worldline':
+            return
+
+        ogone_providers = self.env['payment.provider'].search(
+            [('code', '=', 'ogone'), ('state', '!=', 'disabled')]
+        )
+        if not ogone_providers:
+            return
+
+        default_worldline_provider = self.env.ref(
+            'payment_worldline.payment_provider_worldline', raise_if_not_found=False
+        )
+        if not default_worldline_provider:
+            return
+
+        # Migrate data from each Ogone provider to Worldline.
+        for ogone_provider in ogone_providers:
+            company = ogone_provider.company_id
+
+            # Create a new Worldline provider for every Ogone provider in the same company.
+            worldline_provider = default_worldline_provider.copy({'company_id': company.id})
+
+            # Copy the credentials from Ogone to Worldline.
+            worldline_provider.write({
+                'name': _(
+                    "Worldline (migrated from %(ogone_provider_name)s)",
+                    ogone_provider_name=ogone_provider.name,
+                ),
+                'allow_tokenization': ogone_provider.allow_tokenization,
+                'maximum_amount': ogone_provider.maximum_amount,
+                'available_country_ids': ogone_provider.available_country_ids.ids,
+                'worldline_pspid': ogone_provider.ogone_pspid,
+                'worldline_api_key': ogone_provider.ogone_userid,
+                'worldline_api_secret': ogone_provider.ogone_password,
+            })
+
+            # Transfer tokens from Ogone to Worldline.
+            tokens = self.env['payment.token'].search([('provider_id', '=', ogone_provider.id)])
+            if tokens:
+                tokens.provider_id = worldline_provider.id
+                _logger.info(
+                    "Transferred %d token(s) from Ogone provider %s to Worldline provider %s",
+                    len(tokens), ogone_provider.name, worldline_provider.name
+                )
+
+        ogone_providers.with_context(skip_token_archival=True).state = 'disabled'
+
+        # Remove the Ogone account payment method.
+        account_payment_method = self.env.get('account.payment.method')
+        if account_payment_method:
+            account_payment_method.search([('code', '=', 'ogone')]).unlink()
+
+    def _worldline_make_request(self, endpoint, payload=None, method='POST', idempotency_key=None):
+        """ Make a request to Worldline API at the specified endpoint.
+
+        Note: self.ensure_one()
+
+        :param str endpoint: The endpoint to be reached by the request.
+        :param dict payload: The payload of the request.
+        :param str method: The HTTP method of the request.
+        :param str idempotency_key: The idempotency key to pass in the request.
+        :return: The JSON-formatted content of the response.
+        :rtype: dict
+        :raise ValidationError: If an HTTP error occurs.
+        """
+        self.ensure_one()
+
+        api_url = self._worldline_get_api_url()
+        url = f'{api_url}/v2/{self.worldline_pspid}/{endpoint}'
+        content_type = 'application/json; charset=utf-8' if method == 'POST' else ''
+        dt = format_date_time(Datetime.now().timestamp())  # Datetime in locale-independent RFC1123
+        signature = self._worldline_calculate_signature(
+            method, endpoint, content_type, dt, idempotency_key=idempotency_key
+        )
+        authorization_header = f'GCS v1HMAC:{self.worldline_api_key}:{signature}'
+        headers = {
+            'Authorization': authorization_header,
+            'Date': dt,
+            'Content-Type': content_type,
+        }
+        if method == 'POST' and idempotency_key:
+            headers['X-GCS-Idempotence-Key'] = idempotency_key
+        try:
+            response = requests.request(method, url, json=payload, headers=headers, timeout=10)
+            try:
+                if response.status_code not in const.VALID_RESPONSE_CODES:
+                    response.raise_for_status()
+            except requests.exceptions.HTTPError:
+                _logger.exception(
+                    "Invalid API request at %s with data:\n%s", url, pprint.pformat(payload)
+                )
+                msg = ', '.join(
+                    [error.get('message', '') for error in response.json().get('errors', [])]
+                )
+                raise ValidationError(
+                    "Worldline: " + _("The communication with the API failed. Details: %s", msg)
+                )
+        except (requests.exceptions.ConnectionError, requests.exceptions.Timeout):
+            _logger.exception("Unable to reach endpoint at %s", url)
+            raise ValidationError(
+                "Worldline: " + _("Could not establish the connection to the API.")
+            )
+        return response.json()
+
+    def _worldline_get_api_url(self):
+        """ Return the URL of the API corresponding to the provider's state.
+
+        :return: The API URL.
+        :rtype: str
+        """
+        if self.state == 'enabled':
+            return 'https://payment.direct.worldline-solutions.com'
+        else:  # 'test'
+            return 'https://payment.preprod.direct.worldline-solutions.com'
+
+    def _worldline_calculate_signature(
+        self, method, endpoint, content_type, dt_rfc, idempotency_key=None
+    ):
+        """ Compute the signature for the provided data.
+
+        See https://docs.direct.worldline-solutions.com/en/integration/api-developer-guide/authentication.
+
+        :param str method: The HTTP method of the request
+        :param str endpoint: The endpoint to be reached by the request.
+        :param str content_type: The 'Content-Type' header of the request.
+        :param datetime.datetime dt_rfc: The timestamp of the request, in RFC1123 format.
+        :param str idempotency_key: The idempotency key to pass in the request.
+        :return: The calculated signature.
+        :rtype: str
+        """
+        # specific order required: method, content_type, date, custom headers, endpoint
+        values_to_sign = [method, content_type, dt_rfc]
+        if idempotency_key:
+            values_to_sign.append(f'x-gcs-idempotence-key:{idempotency_key}')
+        values_to_sign.append(f'/v2/{self.worldline_pspid}/{endpoint}')
+
+        signing_str = '\n'.join(values_to_sign) + '\n'
+        signature = hmac.new(
+            self.worldline_api_secret.encode(), signing_str.encode(), hashlib.sha256
+        )
+        return base64.b64encode(signature.digest()).decode('utf-8')
diff --git a/addons/payment_worldline/models/payment_transaction.py b/addons/payment_worldline/models/payment_transaction.py
new file mode 100644
index 0000000000000..472ff8e175f49
--- /dev/null
+++ b/addons/payment_worldline/models/payment_transaction.py
@@ -0,0 +1,357 @@
+# Part of Odoo. See LICENSE file for full copyright and licensing details.
+
+import logging
+import pprint
+
+from werkzeug import urls
+
+from odoo import _, models
+from odoo.exceptions import UserError, ValidationError
+
+from odoo.addons.payment import utils as payment_utils
+from odoo.addons.payment_worldline import const
+from odoo.addons.payment_worldline.controllers.main import WorldlineController
+
+_logger = logging.getLogger(__name__)
+
+
+class PaymentTransaction(models.Model):
+    _inherit = 'payment.transaction'
+
+    def _compute_reference(self, provider_code, prefix=None, separator='-', **kwargs):
+        """ Override of `payment` to ensure that Worldline requirement for references is satisfied.
+
+        Worldline requires for references to be at most 30 characters long.
+
+        :param str provider_code: The code of the provider handling the transaction.
+        :param str prefix: The custom prefix used to compute the full reference.
+        :param str separator: The custom separator used to separate the prefix from the suffix.
+        :return: The unique reference for the transaction.
+        :rtype: str
+        """
+        reference = super()._compute_reference(
+            provider_code, prefix=prefix, separator=separator, **kwargs
+        )
+
+        # Return if not Worldline or within 30 chars Worldline transaction merchantReference limit
+        if provider_code != 'worldline' or len(reference) <= 30:
+            return reference
+
+        prefix = payment_utils.singularize_reference_prefix(prefix='WL')
+        return super()._compute_reference(
+            provider_code, prefix=prefix, separator=separator, **kwargs
+        )
+
+    def _get_specific_processing_values(self, processing_values):
+        """ Override of `payment` to redirect failed token-flow transactions.
+
+        If the financial institution insists on user authentication,
+        this override will reset the transaction, and switch the flow to redirect.
+
+        Note: self.ensure_one() from `_get_processing_values`.
+
+        :param dict processing_values: The generic processing values of the transaction.
+        :return: The dict of provider-specific processing values.
+        :rtype: dict
+        """
+        res = super()._get_specific_processing_values(processing_values)
+        if (
+            self.provider_code == 'worldline'
+            and self.operation == 'online_token'
+            and self.state == 'error'
+            and self.state_message.endswith('AUTHORIZATION_REQUESTED')
+        ):
+            # Tokenized payment failed due to 3-D Secure authentication request.
+            # Reset transaction to draft and switch to redirect flow.
+            self.write({'state': 'draft', 'operation': 'online_redirect'})
+            res['force_flow'] = 'redirect'
+        return res
+
+    def _get_specific_rendering_values(self, processing_values):
+        """ Override of `payment` to return Worldline-specific processing values.
+
+        Note: self.ensure_one() from `_get_processing_values`.
+
+        :param dict processing_values: The generic processing values of the transaction.
+        :return: The dict of provider-specific processing values.
+        :rtype: dict
+        """
+        res = super()._get_specific_rendering_values(processing_values)
+        if self.provider_code != 'worldline':
+            return res
+
+        checkout_session_data = self._worldline_create_checkout_session()
+        return {'api_url': checkout_session_data['redirectUrl']}
+
+    def _worldline_create_checkout_session(self):
+        """ Create a hosted checkout session and return the response data.
+
+        :return: The hosted checkout session data.
+        :rtype: dict
+        """
+        self.ensure_one()
+
+        base_url = self.provider_id.get_base_url()
+        return_route = WorldlineController._return_url
+        return_url_params = urls.url_encode({'provider_id': str(self.provider_id.id)})
+        return_url = f'{urls.url_join(base_url, return_route)}?{return_url_params}'
+        first_name, last_name = payment_utils.split_partner_name(self.partner_name)
+        payload = {
+            'hostedCheckoutSpecificInput': {
+                'locale': self.partner_lang or '',
+                'returnUrl': return_url,
+                'showResultPage': False,
+            },
+            'cardPaymentMethodSpecificInput': {
+                'authorizationMode': 'SALE',  # Force the capture.
+                'tokenize': self.tokenize,
+            },
+            'order': {
+                'amountOfMoney': {
+                    'amount': payment_utils.to_minor_currency_units(self.amount, self.currency_id),
+                    'currencyCode': self.currency_id.name,
+                },
+                'customer': {  # required to create a token and for some redirected payment methods
+                    'billingAddress': {
+                        'city': self.partner_city or '',
+                        'countryCode': self.partner_country_id.code or '',
+                        'state': self.partner_state_id.name or '',
+                        'street': self.partner_address or '',
+                        'zip': self.partner_zip or '',
+                    },
+                    'contactDetails': {
+                        'emailAddress': self.partner_email or '',
+                        'phoneNumber': self.partner_phone or '',
+                    },
+                    'personalInformation': {
+                        'name': {
+                            'firstName': first_name or '',
+                            'surname': last_name or '',
+                        },
+                    },
+                },
+                'references': {
+                    'descriptor': self.reference,
+                    'merchantReference': self.reference,
+                },
+            },
+        }
+        country_code = self.partner_country_id and self.partner_country_id.code
+        currency_name = self.currency_id and self.currency_id.name
+
+        # Filter payment method codes based on country and currency
+        available_product_codes = [
+            pmt['code'] for pmt in const.PAYMENT_METHOD_TYPES
+            if (not pmt['countries'] or country_code in pmt['countries'])
+            and (not pmt['currencies'] or currency_name in pmt['currencies'])
+        ]
+
+        # Construct the payload dynamically
+        payload['hostedCheckoutSpecificInput']['paymentProductFilters'] = {
+            'restrictTo': {
+                'groups': ['cards'],
+                'products': available_product_codes,
+            },
+        }
+
+        _logger.info(
+            "Sending '/hostedcheckouts' request for transaction with reference %s:\n%s",
+            self.reference, pprint.pformat(payload)
+        )
+        checkout_session_data = self.provider_id._worldline_make_request(
+            'hostedcheckouts', payload=payload
+        )
+        _logger.info(
+            "Response of '/hostedcheckouts' request for transaction with reference %s:\n%s",
+            self.reference, pprint.pformat(checkout_session_data),
+        )
+        return checkout_session_data
+
+    def _send_payment_request(self):
+        """ Override of `payment` to send a payment request to Worldline.
+
+        Note: self.ensure_one()
+
+        :return: None
+        :raise UserError: If the transaction is not linked to a token.
+        """
+        super()._send_payment_request()
+        if self.provider_code != 'worldline':
+            return
+
+        # Prepare the payment request to Worldline.
+        if not self.token_id:
+            raise UserError("Worldline: " + _("The transaction is not linked to a token."))
+
+        payload = {
+            'cardPaymentMethodSpecificInput': {
+                'authorizationMode': 'SALE',  # Force the capture.
+                'token': self.token_id.provider_ref,
+                'unscheduledCardOnFileRequestor': 'merchantInitiated',
+                'unscheduledCardOnFileSequenceIndicator': 'subsequent',
+            },
+            'order': {
+                'amountOfMoney': {
+                    'amount': payment_utils.to_minor_currency_units(self.amount, self.currency_id),
+                    'currencyCode': self.currency_id.name,
+                },
+                'references': {
+                    'merchantReference': self.reference,
+                },
+            },
+        }
+
+        # Make the payment request to Worldline.
+        response_content = self.provider_id._worldline_make_request(
+            'payments',
+            payload=payload,
+            idempotency_key=payment_utils.generate_idempotency_key(
+                self, scope='payment_request_token'
+            ),
+        )
+
+        # Handle the payment request response.
+        _logger.info(
+            "Response of /payment request for transaction with reference %s:\n%s",
+            self.reference, pprint.pformat(response_content),
+        )
+        self._handle_notification_data('worldline', response_content)
+
+    def _get_tx_from_notification_data(self, provider_code, notification_data):
+        """ Override of `payment` to find the transaction based on Worldline data.
+
+        :param str provider_code: The code of the provider that handled the transaction.
+        :param dict notification_data: The notification data sent by the provider.
+        :return: The transaction if found.
+        :rtype: payment.transaction
+        :raise ValidationError: If inconsistent data are received.
+        :raise ValidationError: If the data match no transaction.
+        """
+        tx = super()._get_tx_from_notification_data(provider_code, notification_data)
+        if provider_code != 'worldline' or len(tx) == 1:
+            return tx
+
+        # In case of failed payment, paymentResult could be given as a separate key
+        payment_result = notification_data.get('paymentResult', notification_data)
+        payment_output = payment_result.get('payment', {}).get('paymentOutput', {})
+        reference = payment_output.get('references', {}).get('merchantReference', '')
+        if not reference:
+            raise ValidationError(
+                "Worldline: " + _("Received data with missing merchant reference.")
+            )
+
+        tx = self.search([('reference', '=', reference), ('provider_code', '=', 'worldline')])
+        if not tx:
+            raise ValidationError(
+                "Worldline: " + _("No transaction found matching reference %s.", reference)
+            )
+
+        return tx
+
+    def _process_notification_data(self, notification_data):
+        """ Override of `payment' to process the transaction based on Worldline data.
+
+        Note: self.ensure_one()
+
+        :param dict notification_data: The notification data sent by the provider.
+        :return: None
+        :raise ValidationError: If inconsistent data are received.
+        """
+        super()._process_notification_data(notification_data)
+        if self.provider_code != 'worldline':
+            return
+
+        # In case of failed payment, paymentResult could be given as a separate key
+        payment_result = notification_data.get('paymentResult', notification_data)
+        payment_data = payment_result.get('payment', {})
+
+        # Update the provider reference.
+        self.provider_reference = payment_data.get('id', '').rsplit('_', 1)[0]
+
+        # Update the payment state.
+        status = payment_data.get('status')
+        if not status:
+            raise ValidationError("Worldline: " + _("Received data with missing payment state."))
+
+        payment_output = payment_data.get('paymentOutput', {})
+        if 'cardPaymentMethodSpecificOutput' in payment_output:
+            payment_method_data = payment_output['cardPaymentMethodSpecificOutput']
+        else:
+            payment_method_data = payment_output.get('redirectPaymentMethodSpecificOutput', {})
+        has_token_data = 'token' in payment_method_data
+        if status in const.PAYMENT_STATUS_MAPPING['pending']:
+            if status == 'AUTHORIZATION_REQUESTED' and self.operation in ('online_token', 'offline'):
+                self._set_error("Worldline: " + status)
+            elif (
+                self.operation == 'validation'
+                and status in {'PENDING_CAPTURE', 'CAPTURE_REQUESTED'}
+                and has_token_data
+            ):
+                self._worldline_tokenize_from_notification_data(payment_method_data)
+                self._set_done()
+            else:
+                self._set_pending()
+        elif status in const.PAYMENT_STATUS_MAPPING['done']:
+            if self.tokenize and has_token_data:
+                self._worldline_tokenize_from_notification_data(payment_method_data)
+            self._set_done()
+        else:
+            error_code = None
+            errors = payment_data.get('statusOutput', {}).get('errors')
+            if errors:
+                error_code = errors[0].get('errorCode')
+            if status in const.PAYMENT_STATUS_MAPPING['cancel']:
+                self._set_canceled("Worldline: " + _(
+                    "Transaction cancelled with error code %(error_code)s.",
+                    error_code=error_code,
+                ))
+            elif status in const.PAYMENT_STATUS_MAPPING['declined']:
+                self._set_error("Worldline: " + _(
+                    "Transaction declined with error code %(error_code)s.",
+                    error_code=error_code,
+                ))
+            else:  # Classify unsupported payment status as the `error` tx state.
+                _logger.info(
+                    "Received data with invalid payment status (%(status)s) for transaction with "
+                    "reference %(ref)s.",
+                    {'status': status, 'ref': self.reference},
+                )
+                self._set_error("Worldline: " + _(
+                    "Received invalid transaction status %(status)s with error code "
+                    "%(error_code)s.",
+                    status=status,
+                    error_code=error_code,
+                ))
+
+    def _worldline_tokenize_from_notification_data(self, pm_data):
+        """ Create a new token based on the notification data.
+
+        Note: self.ensure_one()
+
+        :param dict pm_data: The payment method data sent by the provider
+        :return: None
+        """
+        self.ensure_one()
+        payment_product_id = pm_data.get('paymentProductId')
+
+        # Skip generating tokens for payment methods other than Card.
+        for pmt in const.PAYMENT_METHOD_TYPES:
+            if pmt['code'] == payment_product_id:
+                _logger.info(
+                    "Skipping token creation for '%s' (code: %s)", pmt['name'], pmt['code']
+                )
+                return
+
+        token = self.env['payment.token'].create({
+            'provider_id': self.provider_id.id,
+            'payment_details': pm_data.get('card', {}).get('cardNumber', '')[-4:],  # Padded with *
+            'partner_id': self.partner_id.id,
+            'provider_ref': pm_data['token'],
+            'verified': True,
+        })
+        self.write({'token_id': token, 'tokenize': False})
+        _logger.info(
+            "Created token with id %(token_id)s for partner with id %(partner_id)s from "
+            "transaction with reference %(ref)s",
+            {'token_id': token.id, 'partner_id': self.partner_id.id, 'ref': self.reference},
+        )
diff --git a/addons/payment_worldline/static/description/icon.png b/addons/payment_worldline/static/description/icon.png
new file mode 100644
index 0000000000000..b925454678838
Binary files /dev/null and b/addons/payment_worldline/static/description/icon.png differ
diff --git a/addons/payment_worldline/static/description/icon.svg b/addons/payment_worldline/static/description/icon.svg
new file mode 100644
index 0000000000000..09d687e891d50
--- /dev/null
+++ b/addons/payment_worldline/static/description/icon.svg
@@ -0,0 +1 @@
+<svg width="50" height="50" viewBox="0 0 50 50" xmlns="http://www.w3.org/2000/svg"><path d="M43.105 4h.972V.818h1.108V0H42v.818h1.105V4Zm2.775 0h.858V1.453h.053L47.663 4h.555l.871-2.547h.056V4H50V0h-1.108l-.924 2.714h-.05L46.99 0h-1.11v4Z" fill="#D1D5DB"/><path d="M8.5 15.976a25.287 25.287 0 0 0-2.51 2.576c3.759 3.831 6.471 9.677 7.384 16.446h3.616c-.729-5.964-2.747-11.473-5.862-15.866A25.981 25.981 0 0 0 8.5 15.976ZM4.094 21.11a25.45 25.45 0 0 0-1.843 3.373C4.403 27.205 5.987 30.854 6.709 35h3.63c-.686-4.454-2.268-8.557-4.628-11.878a21.782 21.782 0 0 0-1.617-2.013ZM0 35h3.64c-.524-2.525-1.437-4.874-2.698-6.908A25.664 25.664 0 0 0 0 35Zm39.508-20.525a24.706 24.706 0 0 0-1.452-.986c-.226.24-.45.48-.67.728-2.898 3.264-6.18 8.26-7.92 15.29a51.47 51.47 0 0 0-2.233-8.181c1.886-4.284 4.23-7.595 6.39-10.042a25.325 25.325 0 0 0-1.775-.594 40.475 40.475 0 0 0-5.487 8.422c-1.214-2.861-2.686-5.532-4.4-7.955-.28-.396-.564-.78-.853-1.157a24.419 24.419 0 0 0-3.864.933c2.992 3.512 5.433 7.964 7.105 13.04a45.547 45.547 0 0 0-1.565 5.779c-1.178-5.448-3.296-10.449-6.24-14.607a31.325 31.325 0 0 0-2.376-2.967 24.84 24.84 0 0 0-3.191 1.858c4.729 4.857 8.08 12.34 9.027 20.964h3.745c.28-2.923.794-5.6 1.475-8.043A51.214 51.214 0 0 1 26.616 35h3.618c1.07-9.432 5.028-15.783 8.43-19.615.28-.315.561-.617.843-.91Zm4.697 4.472a25.448 25.448 0 0 0-1.15-1.322c-3.842 3.993-7.055 9.786-8.058 17.373h1.738c1.026-7.365 4.18-12.37 6.905-15.437.187-.21.376-.414.565-.614ZM41.523 35h1.746c.823-4.566 2.675-7.912 4.479-10.22a24.954 24.954 0 0 0-.833-1.728c-2.503 2.967-4.55 6.95-5.392 11.947Zm8.127-4.09A18.584 18.584 0 0 0 48.11 35H50c0-1.393-.122-2.758-.351-4.09Z" fill="#33B6B4"/></svg>
diff --git a/addons/payment_worldline/static/src/js/payment_form.js b/addons/payment_worldline/static/src/js/payment_form.js
new file mode 100644
index 0000000000000..ade6d379217f1
--- /dev/null
+++ b/addons/payment_worldline/static/src/js/payment_form.js
@@ -0,0 +1,29 @@
+/** @odoo-module */
+
+import checkoutForm from 'payment.checkout_form';
+import manageForm from 'payment.manage_form';
+
+const worldlineMixin = {
+
+    /**
+     * Allow forcing redirect to 3-D Secure authentication for Ogone token flow.
+     *
+     * @override method from payment.payment_form_mixin
+     * @private
+     * @param {string} provider_code - The code of the token's provider
+     * @param {number} tokenId - The id of the token handling the transaction
+     * @param {object} processingValues - The processing values of the transaction
+     * @return {undefined}
+     */
+    _processTokenPayment: function (provider_code, tokenId, processingValues) {
+        if (provider_code === 'worldline' && processingValues.force_flow === 'redirect') {
+            delete processingValues.force_flow;
+            this._processRedirectPayment(...arguments);
+        } else {
+            this._super(...arguments);
+        }
+    }
+};
+
+checkoutForm.include(worldlineMixin);
+manageForm.include(worldlineMixin);
diff --git a/addons/payment_worldline/tests/__init__.py b/addons/payment_worldline/tests/__init__.py
new file mode 100644
index 0000000000000..12f4e0fbe15f1
--- /dev/null
+++ b/addons/payment_worldline/tests/__init__.py
@@ -0,0 +1,4 @@
+# Part of Odoo. See LICENSE file for full copyright and licensing details.
+
+from . import common
+from . import test_worldline
diff --git a/addons/payment_worldline/tests/common.py b/addons/payment_worldline/tests/common.py
new file mode 100644
index 0000000000000..be9a0c606bdcd
--- /dev/null
+++ b/addons/payment_worldline/tests/common.py
@@ -0,0 +1,155 @@
+# Part of Odoo. See LICENSE file for full copyright and licensing details.
+
+from odoo.addons.payment import utils as payment_utils
+from odoo.addons.payment.tests.common import PaymentCommon
+
+
+class WorldlineCommon(PaymentCommon):
+
+    @classmethod
+    def setUpClass(cls):
+        super().setUpClass()
+
+        cls.worldline = cls._prepare_provider('worldline', update_values={
+            'worldline_pspid': 'dummy',
+            'worldline_api_key': 'dummy',
+            'worldline_api_secret': 'dummy',
+            'worldline_webhook_key': 'dummy',
+            'worldline_webhook_secret': 'dummy',
+        })
+
+        cls.provider = cls.worldline
+        cls.currency = cls.currency_euro
+        cls.notification_amount_and_currency = {
+            'amount': payment_utils.to_minor_currency_units(cls.amount, cls.currency),
+            'currencyCode': cls.currency.name,
+        }
+
+        cls.notification_data = {
+            'payment': {
+                'paymentOutput': {
+                    'references': {
+                        'merchantReference': cls.reference,
+                    },
+                    'cardPaymentMethodSpecificOutput': {
+                        'paymentProductId': 1,
+                        'card': {
+                            'cardNumber': "******4242"
+                        },
+                        'token': 'whateverToken'
+                    },
+                    'amountOfMoney': cls.notification_amount_and_currency,
+                },
+                'id': '1234567890_0',
+                'status': 'CAPTURED',
+            },
+        }
+
+        cls.notification_data_insufficient_funds = {
+            'errorId': 'ffffffff-fff-fffff-ffff-ffffffffffff',
+            'errors': [{
+                'category': 'IO_ERROR',
+                'code': '9999',
+                'errorCode': '30511001',
+                'httpStatusCode': 402,
+                'id': 'EXTERNAL_ACQUIRER_ERROR',
+                'message': '',
+                'retriable': False,
+            }],
+            'paymentResult': {
+                'creationOutput': {
+                    'externalReference': 'aaaaaaaa-5555-eeee-eeee-eeeeeeeeeeee',
+                    'isNewToken': False,
+                    'token': 'aaaaaaaa-5555-eeee-eeee-eeeeeeeeeeee',
+                    'tokenizationSucceeded': False,
+                },
+                'payment': {
+                    'id': '7777777000_0',
+                    'paymentOutput': {
+                        'acquiredAmount': {'amount': 0, 'currencyCode': 'EUR'},
+                        'amountOfMoney': cls.notification_amount_and_currency,
+                        'cardPaymentMethodSpecificOutput': {
+                            'acquirerInformation': {'name': "Test Pay"},
+                            'card': {
+                                'bin': '50010000',
+                                'cardNumber': '************7777',
+                                'countryCode': 'BE',
+                                'expiryDate': '1244',
+                            },
+                            'fraudResults': {'cvvResult': 'P', 'fraudServiceResult': 'accepted'},
+                            'paymentProductId': 3,
+                            'threeDSecureResults': {'eci': '9', 'xid': 'zOMTQ5TcODUxMg=='},
+                            'token': 'aaaaaaaa-5555-eeee-eeee-eeeeeeeeeeee',
+                        },
+                        'customer': {'device': {'ipAddressCountryCode': '99'}},
+                        'paymentMethod': 'card',
+                        'references': {'merchantReference': cls.reference},
+                    },
+                    'status': 'REJECTED',
+                    'statusOutput': {
+                        'errors': [{
+                            'category': 'IO_ERROR',
+                            'code': '9999',
+                            'errorCode': '30511001',
+                            'httpStatusCode': 402,
+                            'id': 'EXTERNAL_ACQUIRER_ERROR',
+                            'message': '',
+                            'retriable': False,
+                        }],
+                        'isAuthorized': False,
+                        'isCancellable': False,
+                        'isRefundable': False,
+                        'statusCategory': 'UNSUCCESSFUL',
+                        'statusCode': 2,
+                    },
+                },
+            },
+        }
+
+        cls.notification_data_expired_card = {
+            'apiFullVersion': 'v1.1',
+            'apiVersion': 'v1',
+            'created': '2025-02-20T03:09:47.3706109+01:00',
+            'id': 'ffffffff-fff-fffff-ffff-ffffffffffff',
+            'merchantId': 'MyCompany',
+            'payment': {
+                'id': '9999999999_0',
+                'paymentOutput': {
+                    'acquiredAmount': {'amount': 0, 'currencyCode': 'EUR'},
+                    'amountOfMoney': cls.notification_amount_and_currency,
+                    'cardPaymentMethodSpecificOutput': {
+                        'acquirerInformation': {'name': "Test Pay"},
+                        'card': {
+                            'bin': '47777700',
+                            'cardNumber': '************9999',
+                            'countryCode': 'FR',
+                            'expiryDate': '1234',
+                        },
+                        'fraudResults': {'cvvResult': 'P', 'fraudServiceResult': 'accepted'},
+                        'paymentProductId': 1,
+                        'threeDSecureResults': {'eci': '9'},
+                        'token': 'ODOO-ALIAS-eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee'},
+                    'customer': {'device': {'ipAddressCountryCode': '99'}},
+                    'paymentMethod': 'card',
+                    'references': {'merchantReference': cls.reference},
+                },
+                'status': 'REJECTED',
+                'statusOutput': {
+                    'errors': [{
+                        'category': 'PAYMENT_PLATFORM_ERROR',
+                        'code': '9999',
+                        'errorCode': '30331001',
+                        'httpStatusCode': 402,
+                        'id': 'INVALID_CARD',
+                        'message': '',
+                        'retriable': False,
+                    }],
+                    'isAuthorized': False,
+                    'isCancellable': False,
+                    'isRefundable': False,
+                    'statusCategory': 'UNSUCCESSFUL',
+                    'statusCode': 2
+                },
+            },
+            'type': 'payment.rejected',
+        }
diff --git a/addons/payment_worldline/tests/test_worldline.py b/addons/payment_worldline/tests/test_worldline.py
new file mode 100644
index 0000000000000..0433eec77351e
--- /dev/null
+++ b/addons/payment_worldline/tests/test_worldline.py
@@ -0,0 +1,160 @@
+# Part of Odoo. See LICENSE file for full copyright and licensing details.
+
+import hashlib
+import hmac
+import json
+from base64 import b64encode
+from unittest.mock import patch
+
+from werkzeug.exceptions import Forbidden
+
+from odoo.tests import tagged
+from odoo.tools import mute_logger
+
+from odoo.addons.payment.tests.http_common import PaymentHttpCommon
+from odoo.addons.payment_worldline.controllers.main import WorldlineController
+from odoo.addons.payment_worldline.tests.common import WorldlineCommon
+
+
+@tagged('post_install', '-at_install')
+class WorldlineTest(WorldlineCommon, PaymentHttpCommon):
+
+    @mute_logger('odoo.addons.payment_worldline.controllers.main')
+    def _webhook_notification_flow(self, payload):
+        """ Send a notification to the webhook, ignore the signature, and check the response. """
+        url = self._build_url(WorldlineController._webhook_url)
+        with patch(
+            'odoo.addons.payment_worldline.controllers.main.WorldlineController'
+            '._verify_notification_signature'
+        ):
+            response = self._make_json_request(url, data=payload)
+        self.assertEqual(
+            response.json(), '', msg="The webhook should always respond ''.",
+        )
+
+    @mute_logger('odoo.addons.payment_worldline.controllers.main')
+    def test_webhook_notification_confirms_transaction(self):
+        """ Test the processing of a webhook notification. """
+        tx = self._create_transaction('redirect')
+        self.assertFalse(tx.tokenize, "No token should be asked.")
+        self._webhook_notification_flow(self.notification_data)
+        self.assertFalse(tx.token_id, "No token should be created.")
+        self.assertEqual(tx.state, 'done')
+        self.assertEqual(tx.provider_reference, '1234567890')
+
+    @mute_logger('odoo.addons.payment_worldline.controllers.main')
+    def test_webhook_notification_creates_token(self):
+        """ Test the processing of a webhook notification when creating a token. """
+        tx = self._create_transaction('redirect', tokenize=True)
+        self.assertTrue(tx.tokenize, "A token should be asked.")
+        self._webhook_notification_flow(self.notification_data)
+        self.assertEqual(tx.state, 'done')
+        self.assertFalse(tx.tokenize, "No token should be asked any more.")
+        self.assertTrue(tx.token_id, "A token should have been created and linked to the tx.")
+        self.assertEqual(tx.token_id.provider_ref, 'whateverToken')
+        self.assertEqual(tx.token_id.payment_details, '4242')
+
+    @mute_logger('odoo.addons.payment_worldline.controllers.main')
+    def test_failed_webhook_notification_set_tx_as_error_1(self):
+        """ Test the processing of a webhook notification for a failed transaction. """
+        tx = self._create_transaction('redirect')
+        test = self.notification_data_insufficient_funds
+        self._webhook_notification_flow(test)
+        self.assertEqual(tx.state, 'error')
+        self.assertEqual(
+            tx.state_message,
+            "Worldline: Transaction declined with error code 30511001.",
+        )
+
+    @mute_logger('odoo.addons.payment_worldline.controllers.main')
+    def test_failed_webhook_notification_set_tx_as_error_2(self):
+        """ Test the processing of a webhook notification for a failed transaction. """
+        tx = self._create_transaction('redirect')
+        test = self.notification_data_expired_card
+        self._webhook_notification_flow(test)
+        self.assertEqual(tx.state, 'error')
+        self.assertEqual(
+            tx.state_message,
+            "Worldline: Transaction declined with error code 30331001.",
+        )
+
+    @mute_logger('odoo.addons.payment_worldline.controllers.main')
+    def test_failed_webhook_notification_set_tx_as_cancel(self):
+        """Test the processing of a webhook notification for a cancelled transaction."""
+        tx = self._create_transaction('redirect')
+        test = {
+            'payment': {
+                'paymentOutput': self.notification_data['payment']['paymentOutput'],
+                'hostedCheckoutSpecificOutput': {
+                    'hostedCheckoutId': '123456789',
+                },
+                'status': 'CANCELLED',
+                'statusOutput': {
+                    'errors': [{
+                        'errorCode': '30171001',
+                    }],
+                },
+            },
+        }
+        self._webhook_notification_flow(test)
+        self.assertEqual(tx.state, 'cancel')
+        self.assertEqual(
+            tx.state_message,
+            "Worldline: Transaction cancelled with error code 30171001.",
+        )
+
+    @mute_logger('odoo.addons.payment_worldline.controllers.main')
+    def test_webhook_notification_triggers_signature_check(self):
+        """ Test that receiving a webhook notification triggers a signature check. """
+        self._create_transaction('redirect')
+        url = self._build_url(WorldlineController._webhook_url)
+        with patch(
+            'odoo.addons.payment_worldline.controllers.main.WorldlineController'
+            '._verify_notification_signature'
+        ) as signature_check_mock, patch(
+            'odoo.addons.payment.models.payment_transaction.PaymentTransaction'
+            '._handle_notification_data'
+        ):
+            self._make_json_request(url, data=self.notification_data)
+            self.assertEqual(signature_check_mock.call_count, 1)
+
+    def test_accept_notification_with_valid_signature(self):
+        """ Test the verification of a notification with a valid signature. """
+        tx = self._create_transaction('redirect')
+        unencoded_result = hmac.new(
+            self.worldline.worldline_webhook_secret.encode(),
+            json.dumps(self.notification_data).encode(),
+            hashlib.sha256,
+        ).digest()
+        expected_signature = b64encode(unencoded_result)
+        self._assert_does_not_raise(
+            Forbidden,
+            WorldlineController._verify_notification_signature,
+            json.dumps(self.notification_data).encode(),
+            expected_signature,
+            tx,
+        )
+
+    @mute_logger('odoo.addons.payment_worldline.controllers.main')
+    def test_reject_notification_with_missing_signature(self):
+        """ Test the verification of a notification with a missing signature. """
+        tx = self._create_transaction('redirect')
+        self.assertRaises(
+            Forbidden,
+            WorldlineController._verify_notification_signature,
+            json.dumps(self.notification_data).encode(),
+            None,
+            tx,
+        )
+
+    @mute_logger('odoo.addons.payment_worldline.controllers.main')
+    def test_reject_notification_with_invalid_signature(self):
+        """ Test the verification of a notification with an invalid signature. """
+        tx = self._create_transaction('redirect')
+        self.assertRaises(
+            Forbidden,
+            WorldlineController._verify_notification_signature,
+            json.dumps(self.notification_data).encode(),
+            'dummy',
+            tx,
+        )
diff --git a/addons/payment_worldline/views/payment_provider_views.xml b/addons/payment_worldline/views/payment_provider_views.xml
new file mode 100644
index 0000000000000..0f74828d30edd
--- /dev/null
+++ b/addons/payment_worldline/views/payment_provider_views.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="utf-8"?>
+<odoo>
+
+    <record id="payment_provider_form" model="ir.ui.view">
+        <field name="name">Worldline Provider Form</field>
+        <field name="model">payment.provider</field>
+        <field name="inherit_id" ref="payment.payment_provider_form"/>
+        <field name="arch" type="xml">
+            <group name="provider_credentials" position='inside'>
+                <group attrs="{'invisible': [('code', '!=', 'worldline')]}">
+                    <field
+                        name="worldline_pspid"
+                        string="PSPID"
+                        attrs="{
+                            'required':[('code', '=', 'worldline'), ('state', '!=', 'disabled')]
+                        }"
+                    />
+                    <field
+                        name="worldline_api_key"
+                        string="API Key"
+                        attrs="{
+                            'required':[('code', '=', 'worldline'), ('state', '!=', 'disabled')]
+                        }"
+                    />
+                    <field
+                        name="worldline_api_secret"
+                        string="API Secret"
+                        attrs="{
+                            'required':[('code', '=', 'worldline'), ('state', '!=', 'disabled')]
+                        }"
+                        password="True"
+                    />
+                    <field
+                        name="worldline_webhook_key"
+                        string="Webhook Key"
+                        attrs="{
+                            'required':[('code', '=', 'worldline'), ('state', '!=', 'disabled')]
+                        }"
+                    />
+                    <field
+                        name="worldline_webhook_secret"
+                        string="Webhook Secret"
+                        attrs="{
+                            'required':[('code', '=', 'worldline'), ('state', '!=', 'disabled')]
+                        }"
+                        password="True"
+                    />
+                </group>
+            </group>
+        </field>
+    </record>
+
+</odoo>
diff --git a/addons/payment_worldline/views/payment_worldline_templates.xml b/addons/payment_worldline/views/payment_worldline_templates.xml
new file mode 100644
index 0000000000000..28813d66c9b4b
--- /dev/null
+++ b/addons/payment_worldline/views/payment_worldline_templates.xml
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="utf-8"?>
+<odoo>
+
+    <template id="redirect_form">
+        <form t-att-action="api_url" method="post"/>
+    </template>
+
+</odoo>
diff --git a/addons/point_of_sale/static/tests/tours/point_of_sale.js b/addons/point_of_sale/static/tests/tours/point_of_sale.js
index fe2b376f90a0d..04452e6a3475a 100644
--- a/addons/point_of_sale/static/tests/tours/point_of_sale.js
+++ b/addons/point_of_sale/static/tests/tours/point_of_sale.js
@@ -98,8 +98,8 @@ odoo.define('point_of_sale.tour.pricelist', function (require) {
         content: "open partner list",
         trigger: "button.set-partner",
     }, {
-        content: "select Deco Addict",
-        trigger: ".partner-line:contains('Deco Addict')",
+        content: "select Acme Corporation",
+        trigger: ".partner-line:contains('Acme Corporation')",
     }, {
         content: "click pricelist button",
         trigger: ".control-button.o_pricelist_button",
diff --git a/addons/point_of_sale/tests/test_frontend.py b/addons/point_of_sale/tests/test_frontend.py
index 9690a20526368..3ccfcda44f9bb 100644
--- a/addons/point_of_sale/tests/test_frontend.py
+++ b/addons/point_of_sale/tests/test_frontend.py
@@ -50,7 +50,7 @@ def setUpClass(cls, chart_template_ref=None):
         })
 
         env['res.partner'].create({
-            'name': 'Deco Addict',
+            'name': 'Acme Corporation',
         })
 
         env['res.partner'].create([{
diff --git a/addons/purchase/models/purchase.py b/addons/purchase/models/purchase.py
index 4d1b1bda2fa33..3bbea4b0a26a6 100644
--- a/addons/purchase/models/purchase.py
+++ b/addons/purchase/models/purchase.py
@@ -11,7 +11,7 @@
 from odoo.osv import expression
 from odoo.tools import DEFAULT_SERVER_DATETIME_FORMAT, format_amount, format_date, formatLang, get_lang, groupby
 from odoo.tools.float_utils import float_compare, float_is_zero, float_round
-from odoo.exceptions import UserError, ValidationError
+from odoo.exceptions import AccessDenied, UserError, ValidationError
 
 
 class PurchaseOrder(models.Model):
@@ -697,6 +697,8 @@ def retrieve_dashboard(self):
         """ This function returns the values to populate the custom dashboard in
             the purchase order views.
         """
+        if not self.env.user._is_internal():
+            raise AccessDenied()
         self.check_access_rights('read')
 
         result = {
diff --git a/addons/sale_loyalty/models/sale_order.py b/addons/sale_loyalty/models/sale_order.py
index a62722d00d50d..5f28785d1783f 100644
--- a/addons/sale_loyalty/models/sale_order.py
+++ b/addons/sale_loyalty/models/sale_order.py
@@ -1107,7 +1107,16 @@ def _try_apply_code(self, code):
 
         if not program or not program.active:
             return {'error': _('This code is invalid (%s).', code), 'not_found': True}
-        elif (program.limit_usage and program.total_order_count >= program.max_usage) or\
+
+        # Lock the loyalty program row to block several processes that try to
+        # read it at the same time. We also use NOWAIT to make sure we trigger a
+        # serialization error when the processes don't have the lock and thus,
+        # trigger a retry of the transaction.
+        self.env.cr.execute("""
+            SELECT id FROM loyalty_program WHERE id=%s FOR UPDATE NOWAIT
+        """, (program.id,))
+
+        if (program.limit_usage and program.total_order_count >= program.max_usage) or\
             (program.date_to and program.date_to < fields.Date.context_today(self)):
             return {'error': _('This code is expired (%s).', code)}
 
diff --git a/addons/sale_timesheet/data/sale_service_demo.xml b/addons/sale_timesheet/data/sale_service_demo.xml
index e6eecf9883a2c..fc04ae09fbc6b 100644
--- a/addons/sale_timesheet/data/sale_service_demo.xml
+++ b/addons/sale_timesheet/data/sale_service_demo.xml
@@ -224,10 +224,10 @@
             <field name="product_uom_qty">4</field>
         </record>
 
-        <!-- Sale Order 'sale_order_3' (DECO) -->
+        <!-- Sale Order 'sale_order_3' (ACME) -->
         <record id="sale_order_3" model="sale.order">
             <field name="partner_id" ref="base.res_partner_2"/>
-            <field name="client_order_ref">DECO</field>
+            <field name="client_order_ref">ACME</field>
             <field name="user_id" ref="base.user_admin"/>
             <field name="tag_ids" eval="[Command.link(ref('sales_team.categ_oppor7'))]"/>
         </record>
@@ -348,7 +348,7 @@
             }"/>
         </function>
 
-        <!-- Assign DECO & to demo, clear description and set dates -->
+        <!-- Assign ACME to demo, clear description and set dates -->
         <function model="project.project" name="write">
             <value model="project.project" search="[('sale_line_id', '=', ref('sale_line_32'))]"/>
             <value eval="{
diff --git a/addons/stock/tests/test_multicompany.py b/addons/stock/tests/test_multicompany.py
index ffe43b9c65599..95ecfed706f43 100644
--- a/addons/stock/tests/test_multicompany.py
+++ b/addons/stock/tests/test_multicompany.py
@@ -519,7 +519,7 @@ def test_intercom_lot_pull(self):
         supplier_location = self.env.ref('stock.stock_location_suppliers')
         intercom_location = self.env.ref('stock.stock_location_inter_wh')
         intercom_location.write({'active': True})
-        partner = self.env['res.partner'].create({'name': 'Deco Addict'})
+        partner = self.env['res.partner'].create({'name': 'Acme Corporation'})
         self.warehouse_a.resupply_wh_ids = [(6, 0, [self.warehouse_b.id])]
         resupply_route = self.env['stock.route'].search([('supplier_wh_id', '=', self.warehouse_b.id),
                                                                   ('supplied_wh_id', '=', self.warehouse_a.id)])
diff --git a/addons/stock/tests/test_packing_neg.py b/addons/stock/tests/test_packing_neg.py
index 1df6d31f0f880..fce5f76a4606f 100644
--- a/addons/stock/tests/test_packing_neg.py
+++ b/addons/stock/tests/test_packing_neg.py
@@ -8,8 +8,8 @@ class TestPackingNeg(TransactionCase):
 
     def test_packing_neg(self):
         res_partner_2 = self.env['res.partner'].create({
-            'name': 'Deco Addict',
-            'email': 'deco.addict82@example.com',
+            'name': 'Acme Corporation',
+            'email': 'acme.corportation82@example.com',
         })
 
         res_partner_4 = self.env['res.partner'].create({
diff --git a/addons/stock/tests/test_warehouse.py b/addons/stock/tests/test_warehouse.py
index f0fb1c92df350..0190631c5f8b3 100644
--- a/addons/stock/tests/test_warehouse.py
+++ b/addons/stock/tests/test_warehouse.py
@@ -12,7 +12,7 @@ class TestWarehouse(TestStockCommon):
     @classmethod
     def setUpClass(cls):
         super().setUpClass()
-        cls.partner = cls.env['res.partner'].create({'name': 'Deco Addict'})
+        cls.partner = cls.env['res.partner'].create({'name': 'Acme Corporation'})
 
     def test_inventory_product(self):
         self.product_1.type = 'product'
diff --git a/addons/stock/tests/test_wise_operator.py b/addons/stock/tests/test_wise_operator.py
index 4e1766c94b18e..d6c078de74cad 100644
--- a/addons/stock/tests/test_wise_operator.py
+++ b/addons/stock/tests/test_wise_operator.py
@@ -17,7 +17,7 @@ def test_wise_operator(self):
             'uom_po_id': self.ref('uom.product_uom_unit'),
         })
 
-        self.partner = self.env['res.partner'].create({'name': 'Deco Addict'})
+        self.partner = self.env['res.partner'].create({'name': 'Acme Corporation'})
 
         warehouse = self.env['stock.warehouse'].search([('company_id', '=', self.env.company.id)], limit=1)
         self.shelf2 = self.env['stock.location'].create({
diff --git a/addons/test_mail/data/test_mail_data.py b/addons/test_mail/data/test_mail_data.py
index 0c5d787c31ce4..088d5a1226949 100644
--- a/addons/test_mail/data/test_mail_data.py
+++ b/addons/test_mail/data/test_mail_data.py
@@ -1395,6 +1395,7 @@
 
 ------=_Part_4200734_24778174.1344608186754
 Content-Type: {pdf_mime}; name="scan_soraya.lernout_1691652648.pdf"
+Content-Disposition: attachment; filename="scan_soraya.lernout_1691652648.pdf"
 Content-Transfer-Encoding: base64
 
 JVBERi0xLjEKJcKlwrHDqwoKMSAwIG9iagogIDw8IC9UeXBlIC9DYXRhbG9nCiAgICAgL1BhZ2VzIDIgMCBSCiAgPj4KZW5kb2JqCgoyIDAgb2JqCiAgPDwgL1R5cGUgL1BhZ2VzCiAgICAgL0tpZHMgWzMgMCBSXQogICAgIC9Db3VudCAxCiAgICAgL01lZGlhQm94IFswIDAgMzAwIDE0NF0KICA+PgplbmRvYmoKCjMgMCBvYmoKICA8PCAgL1R5cGUgL1BhZ2UKICAgICAgL1BhcmVudCAyIDAgUgogICAgICAvUmVzb3VyY2VzCiAgICAgICA8PCAvRm9udAogICAgICAgICAgIDw8IC9GMQogICAgICAgICAgICAgICA8PCAvVHlwZSAvRm9udAogICAgICAgICAgICAgICAgICAvU3VidHlwZSAvVHlwZTEKICAgICAgICAgICAgICAgICAgL0Jhc2VGb250IC9UaW1lcy1Sb21hbgogICAgICAgICAgICAgICA+PgogICAgICAgICAgID4+CiAgICAgICA+PgogICAgICAvQ29udGVudHMgNCAwIFIKICA+PgplbmRvYmoKCjQgMCBvYmoKICA8PCAvTGVuZ3RoIDU1ID4+CnN0cmVhbQogIEJUCiAgICAvRjEgMTggVGYKICAgIDAgMCBUZAogICAgKEhlbGxvIFdvcmxkKSBUagogIEVUCmVuZHN0cmVhbQplbmRvYmoKCnhyZWYKMCA1CjAwMDAwMDAwMDAgNjU1MzUgZiAKMDAwMDAwMDAxOCAwMDAwMCBuIAowMDAwMDAwMDc3IDAwMDAwIG4gCjAwMDAwMDAxNzggMDAwMDAgbiAKMDAwMDAwMDQ1NyAwMDAwMCBuIAp0cmFpbGVyCiAgPDwgIC9Sb290IDEgMCBSCiAgICAgIC9TaXplIDUKICA+PgpzdGFydHhyZWYKNTY1CiUlRU9GCg==
diff --git a/addons/test_mail/security/test_mail_security.xml b/addons/test_mail/security/test_mail_security.xml
index 293777ddbe73c..770ba7956afe1 100644
--- a/addons/test_mail/security/test_mail_security.xml
+++ b/addons/test_mail/security/test_mail_security.xml
@@ -1,6 +1,15 @@
 <?xml version="1.0" encoding="utf-8"?>
 <odoo noupdate="1">
 
+    <!-- Having rules triggers call to check_access_rules and allow to spot crashes
+    notably when records are unlinked. Without rule, method is not called and
+    some crashes are not trigerred in tests. -->
+    <record id="ir_rule_mail_test_simple_dummy" model="ir.rule">
+        <field name="name">Dummy rule, just to enable rule evaluation, shows some specific errors</field>
+        <field name="model_id" ref="test_mail.model_mail_test_simple"/>
+        <field name="domain_force">[('email_from', '!=', 'donotsetmewiththisvalue')]</field>
+    </record>
+
     <record id="ir_rule_mail_test_access_public" model="ir.rule">
         <field name="name">Public: public only</field>
         <field name="model_id" ref="test_mail.model_mail_test_access"/>
diff --git a/addons/test_mail/tests/test_mail_activity.py b/addons/test_mail/tests/test_mail_activity.py
index ac107104b21fe..d0f3a940ff797 100644
--- a/addons/test_mail/tests/test_mail_activity.py
+++ b/addons/test_mail/tests/test_mail_activity.py
@@ -23,7 +23,10 @@ class TestActivityCommon(TestMailCommon):
     @classmethod
     def setUpClass(cls):
         super(TestActivityCommon, cls).setUpClass()
-        cls.test_record = cls.env['mail.test.activity'].with_context(cls._test_context).create({'name': 'Test'})
+        cls.test_record, cls.test_record_2 = cls.env['mail.test.activity'].create([
+            {'name': 'Test'},
+            {'name': 'Test_2'},
+        ])
         # reset ctx
         cls._reset_mail_context(cls.test_record)
 
@@ -339,7 +342,7 @@ def test_activity_mixin(self):
             self.test_record.activity_feedback(
                 ['test_mail.mail_act_test_todo'],
                 user_id=self.user_admin.id,
-                feedback='Test feedback',)
+                feedback='Test feedback 1')
             self.assertEqual(self.test_record.activity_ids, act2 | act3)
 
             # Reschedule all activities, should update the record state
@@ -353,19 +356,20 @@ def test_activity_mixin(self):
             # Perform todo activities for remaining people
             self.test_record.activity_feedback(
                 ['test_mail.mail_act_test_todo'],
-                feedback='Test feedback')
+                feedback='Test feedback 2')
 
             # Setting activities as done should delete them and post messages
             self.assertEqual(self.test_record.activity_ids, act2)
-            self.assertEqual(len(self.test_record.message_ids), 2)
-            self.assertEqual(self.test_record.message_ids.mapped('subtype_id'), self.env.ref('mail.mt_activities'))
+            self.assertEqual(len(self.test_record.message_ids), 3)
+            feedback2, feedback1, _create_log = self.test_record.message_ids
+            self.assertEqual((feedback2 + feedback1).subtype_id, self.env.ref('mail.mt_activities'))
 
             # Perform meeting activities
             self.test_record.activity_unlink(['test_mail.mail_act_test_meeting'])
 
             # Canceling activities should simply remove them
             self.assertEqual(self.test_record.activity_ids, self.env['mail.activity'])
-            self.assertEqual(len(self.test_record.message_ids), 2)
+            self.assertEqual(len(self.test_record.message_ids), 3, 'Should not produce additional message')
 
     @mute_logger('odoo.addons.mail.models.mail_mail')
     def test_activity_mixin_archive(self):
@@ -429,7 +433,7 @@ def test_feedback_w_attachments(self):
         # Checking if the attachment has been forwarded to the message
         # when marking an activity as "Done"
         activity.action_feedback()
-        activity_message = test_record.message_ids[-1]
+        activity_message = test_record.message_ids[0]
         self.assertEqual(set(activity_message.attachment_ids.ids), set(attachments.ids))
         for attachment in attachments:
             self.assertEqual(attachment.res_id, activity_message.id)
@@ -694,6 +698,106 @@ def test_my_activity_flow_employee(self):
             self.assertEqual(test_record_1, record)
 
 
+@tests.tagged("mail_activity", "post_install", "-at_install")
+class TestActivitySystray(TestActivityCommon):
+    """Test for systray_get_activities"""
+
+    @classmethod
+    def setUpClass(cls):
+        super().setUpClass()
+        cls.test_lead_records = cls.env['mail.test.multi.company.with.activity'].create([
+            {'name': 'Test Lead 1'},
+            {'name': 'Test Lead 2'},
+            {'name': 'Test Lead 3 (to remove)'}
+        ])
+        cls.deleted_record = cls.test_lead_records[2]
+        cls.dt_reference = datetime(2024, 1, 15, 8, 0, 0)
+
+        # records and leads and free activities
+        # have 1 record (or activity) for today, one for tomorrow
+        cls.test_activities = cls.env['mail.activity']
+        for record, summary, dt in (
+            (cls.test_record, "Summary Today'", cls.dt_reference),
+            (cls.test_record_2, "Summary Tomorrow'", cls.dt_reference + timedelta(days=1)),
+            (cls.test_lead_records[0], "Summary Today'", cls.dt_reference),
+            (cls.test_lead_records[1], "Summary Tomorrow'", cls.dt_reference + timedelta(days=1)),
+            (cls.test_lead_records[2], "Summary Tomorrow'", cls.dt_reference + timedelta(days=1)),
+        ):
+            cls.test_activities += record.with_user(cls.user_employee).activity_schedule(
+                "test_mail.mail_act_test_todo_generic",
+                date_deadline=dt.date(),
+                summary=summary,
+                user_id=cls.user_employee.id,
+            )
+        cls.test_lead_activities = cls.test_activities[2:]
+
+        # add atttachments on lead-like test records
+        cls.lead_act_attachments = cls.env['ir.attachment'].create(
+            cls._generate_attachments_data(1, 'mail.activity', cls.test_lead_activities[-3]) +
+            cls._generate_attachments_data(1, 'mail.activity', cls.test_lead_activities[-2]) +
+            cls._generate_attachments_data(1, 'mail.activity', cls.test_lead_activities[-1])
+        )
+
+        # In the mean time, some FK deletes the record where the message is
+        # scheduled, skipping its unlink() override
+        cls.env.cr.execute(
+            f"DELETE FROM {cls.test_lead_records._table} WHERE id = %s", (cls.deleted_record.id,)
+        )
+        cls.env.invalidate_all()
+
+    @users("employee")
+    def test_systray_activities_for_various_records(self):
+        """Check that activities made on archived or not archived records, as
+        well as on removed record, to check systray activities behavior and
+        robustness. """
+        # archive record 1
+        self.test_record.action_archive()
+        self.assertFalse(self.test_activities[0].exists())
+
+        with freeze_time(self.dt_reference):
+            data = self.env['res.users'].with_user(self.user_employee).systray_get_activities()
+        self.assertEqual(len(data), 2, 'Should have activities for 2 test models')
+        for model_name, msg, (exp_total, exp_today, exp_planned, exp_overdue) in [
+            (self.test_record._name, 'Archiving removes activities', (0, 0, 1, 0)),
+            (self.test_lead_records._name, 'Planned do not count in total', (1, 1, 1, 0)),
+        ]:
+            with self.subTest(model_name=model_name, msg=msg):
+                group_values = next(values for values in data if values['model'] == model_name)
+                self.assertEqual(group_values['total_count'], exp_total)
+                self.assertEqual(group_values['today_count'], exp_today)
+                self.assertEqual(group_values['planned_count'], exp_planned)
+                self.assertEqual(group_values['overdue_count'], exp_overdue)
+
+        # check search results with removed records
+        self.env.invalidate_all()
+        test_with_removed = self.env['mail.activity'].sudo().search([
+            ('id', 'in', self.test_activities.ids),
+            ('res_model', '=', self.test_lead_records._name),
+        ])
+        self.assertEqual(len(test_with_removed), 3, 'Without ACL check, activities linked to removed records are kept')
+        test_with_removed = self.env['mail.activity'].search([
+            ('id', 'in', self.test_activities.ids),
+            ('res_model', '=', self.test_lead_records._name),
+        ])
+        self.assertEqual(len(test_with_removed), 2, 'Should filter out activities linked to removed records')
+
+        # be sure activities on removed records do not crash when managed, and that
+        # lost attachments are removed as well
+        self.env.invalidate_all()
+        lead_activities = self.test_lead_activities.with_user(self.user_employee)
+        lead_act_attachments = self.lead_act_attachments.with_user(self.user_employee)
+        self.assertEqual(len(lead_activities), 3, 'Simulate UI where activities are still displayed even if record removed')
+        self.assertEqual(len(lead_act_attachments), 3, 'Simulate UI where activities are still displayed even if record removed')
+        messages, _next_activities = lead_activities._action_done()
+        self.assertEqual(len(messages), 2, 'Should have posted one message / live record')
+        self.assertFalse(lead_activities.exists(), 'Mark done should unlink activities')
+        self.assertEqual(
+            set(lead_act_attachments.exists().mapped('res_id')), set(messages.ids),
+            'Mark done should clean up attachments linked to removed record, and linked other attachments to messages')
+        self.assertEqual(
+            set(lead_act_attachments.exists().mapped('res_model')), set(['mail.message'] * 2))
+
+
 @tests.tagged('mail_activity')
 class TestORM(TestActivityCommon):
     """Test for read_progress_bar"""
diff --git a/addons/test_mail/tests/test_mail_gateway.py b/addons/test_mail/tests/test_mail_gateway.py
index 3a2261adac2a5..9c177606d616c 100644
--- a/addons/test_mail/tests/test_mail_gateway.py
+++ b/addons/test_mail/tests/test_mail_gateway.py
@@ -41,6 +41,21 @@ def test_message_parse_and_replace_binary_octetstream(self):
              "Content-Type 'binary/octet-stream', assuming 'application/octet-stream'"),
         ])
 
+    def test_message_parse_and_replace_wildcard(self):
+        """Incoming email containing a wrong Content-Type (*/*) as described in RFC2046/section-3"""
+        mail_with_wildcard_mime = self.format(test_mail_data.MAIL_PDF_MIME_TEMPLATE, pdf_mime="*/*")
+        self.assertIn("Content-Type: */*", mail_with_wildcard_mime, "Wildcard for content-type not found")
+        with self.assertLogs("odoo.addons.mail.models.mail_thread", level="WARNING") as capture:
+            extracted_mail = self.env['mail.thread'].message_parse(self.from_string(mail_with_wildcard_mime))
+
+        self.assertEqual(len(extracted_mail['attachments']), 1)
+        attachment = extracted_mail['attachments'][0]
+        self.assertEqual(attachment.fname, 'scan_soraya.lernout_1691652648.pdf')
+        self.assertEqual(capture.output, [
+            ("WARNING:odoo.addons.mail.models.mail_thread:Message containing an unexpected "
+             "Content-Type '*/*', assuming 'application/octet-stream'"),
+        ])
+
     def test_message_parse_body(self):
         # test pure plaintext
         plaintext = self.format(test_mail_data.MAIL_TEMPLATE_PLAINTEXT, email_from='"Sylvie Lelitre" <test.sylvie.lelitre@agrolait.com>')
diff --git a/addons/test_mail/tests/test_mail_message.py b/addons/test_mail/tests/test_mail_message.py
index 8001be40ed108..67cce70cd663d 100644
--- a/addons/test_mail/tests/test_mail_message.py
+++ b/addons/test_mail/tests/test_mail_message.py
@@ -1,10 +1,132 @@
 # -*- coding: utf-8 -*-
 # Part of Odoo. See LICENSE file for full copyright and licensing details.
 
+import json
+
+from odoo.addons.base.models.ir_mail_server import MailDeliveryException
+from odoo.addons.mail.tests.common import mail_new_test_user
 from odoo.addons.test_mail.tests.common import TestMailCommon
 from odoo.exceptions import UserError
 from odoo.tools import is_html_empty, mute_logger, formataddr
-from odoo.tests import tagged, users
+from odoo.tests import tagged, users, HttpCase
+
+
+@tagged('mail_message', 'mail_controller', 'post_install', '-at_install')
+class TestMessageHelpersRobustness(TestMailCommon, HttpCase):
+    """ Test message helpers robustness, currently mainly linked to records
+    being removed from DB due to cascading deletion, which let side records
+    alive in DB. """
+
+    @classmethod
+    def setUpClass(cls):
+        super().setUpClass()
+
+        cls.user_employee_2 = mail_new_test_user(
+            cls.env,
+            email='eglantine@example.com',
+            groups='base.group_user',
+            login='employee2',
+            notification_type='email',
+            name='Eglantine Employee',
+        )
+        cls.partner_employee_2 = cls.user_employee_2.partner_id
+
+        cls.test_records_simple, _partners = cls._create_records_for_batch(
+            'mail.test.simple', 3,
+        )
+
+    def setUp(self):
+        super().setUp()
+        # cleanup db
+        self.env['mail.notification'].search([('author_id', '=', self.partner_employee.id)]).unlink()
+
+        # handy shortcut variables
+        self.deleted_record = self.test_records_simple[2]
+
+        # generate crashed notifications
+        with mute_logger('odoo.addons.mail.models.mail_mail'), self.mock_mail_gateway():
+            def _send_email(*args, **kwargs):
+                raise MailDeliveryException("Some exception")
+            self.send_email_mocked.side_effect = _send_email
+
+            for record in self.test_records_simple.with_user(self.user_employee):
+                record.message_post(
+                    body="Setup",
+                    message_type='comment',
+                    partner_ids=self.partner_employee_2.ids,
+                    subtype_id=self.env.ref('mail.mt_comment').id,
+                )
+
+        # In the mean time, some FK deletes the record where the message is
+        # # scheduled, skipping its unlink() override
+        self.env.cr.execute(
+            f"DELETE FROM {self.test_records_simple._table} WHERE id = %s", (self.deleted_record.id,)
+        )
+        self.env.invalidate_all()
+
+    def test_assert_initial_values(self):
+        notifs_by_employee = self.env['mail.notification'].search([('author_id', '=', self.partner_employee.id)])
+        self.assertEqual(
+            set(notifs_by_employee.mapped('mail_message_id.res_id')),
+            set(self.test_records_simple.ids)
+        )
+        self.assertEqual(len(notifs_by_employee), 3)
+        self.assertTrue(all(notif.notification_status == 'exception' for notif in notifs_by_employee))
+        self.assertTrue(all(notif.res_partner_id == self.partner_employee_2 for notif in notifs_by_employee))
+
+    def test_load_message_failures(self):
+        self.authenticate(self.user_employee.login, self.user_employee.login)
+        response = self.opener.post(
+            self.env.user.get_base_url() + '/mail/load_message_failures',
+            json={},
+        )
+        result = json.loads(response.content)['result']
+        self.assertEqual({r['res_id'] for r in result}, set(self.test_records_simple[:2].ids))
+        self.assertEqual(
+            set(self.env['mail.notification'].search([('author_id', '=', self.partner_employee.id)]).mapped('mail_message_id.res_id')),
+            set((self.test_records_simple - self.deleted_record).ids),
+            'Should have cleaned notifications linked to unexisting records'
+        )
+
+    def test_message_fetch(self):
+        # set notifications to unread, so that we can simulate inbox usage
+        p2_notifications = self.env['mail.notification'].search([('res_partner_id', '=', self.partner_employee_2.id)])
+        p2_notifications.is_read = False
+
+        self.authenticate(self.user_employee_2.login, self.user_employee_2.login)
+        response = self.opener.post(
+            self.env.user.get_base_url() + '/mail/inbox/messages',
+            json={},
+        )
+        result = json.loads(response.content)['result']
+        self.assertEqual(
+            {r['res_id'] for r in result}, set(self.test_records_simple.ids),
+            'Currently reading message on missing record, crash avoided'
+        )
+        p2_notifications.with_user(self.user_employee_2).mail_message_id.set_message_done()
+
+        response = self.opener.post(
+            self.env.user.get_base_url() + '/mail/history/messages',
+            json={},
+        )
+        result = json.loads(response.content)['result']
+        self.assertEqual(
+            {r['res_id'] for r in result}, set(self.test_records_simple.ids),
+            'Currently reading message on missing record, crash avoided'
+        )
+
+    def test_notify_cancel_by_type(self):
+        """ Test canceling notifications, notably when having missing records. """
+        self.env.invalidate_all()
+        notifs_by_employee = self.env['mail.notification'].search([('author_id', '=', self.partner_employee.id)])
+
+        # do not crash even if removed record
+        self.test_records_simple.with_user(self.user_employee).notify_cancel_by_type('email')
+        self.env.invalidate_all()
+
+        notifs_by_employee = notifs_by_employee.exists()
+        self.assertEqual(len(notifs_by_employee), 3, 'Currently keep notifications for missing records')
+        self.assertTrue(all(notif.notification_status == 'canceled' for notif in notifs_by_employee))
 
 
 @tagged('mail_message')
diff --git a/addons/test_mail/tests/test_message_post.py b/addons/test_mail/tests/test_message_post.py
index fec97e23de404..f055ad7850e14 100644
--- a/addons/test_mail/tests/test_message_post.py
+++ b/addons/test_mail/tests/test_message_post.py
@@ -49,6 +49,9 @@ def setUpClass(cls):
             'name': 'Test',
             'email_from': 'ignasse@example.com'
         })
+        cls.test_records_simple, _partners = cls._create_records_for_batch(
+            'mail.test.simple', 3,
+        )
         cls.test_record_container = cls.env['mail.test.container.mc'].create({
             'name': 'MC Container',
         })
@@ -879,43 +882,69 @@ def test_message_post_schedule(self):
         scheduled_datetime = now + timedelta(days=5)
         self.user_admin.write({'notification_type': 'inbox'})
 
-        test_record = self.test_record.with_env(self.env)
-        test_record.message_subscribe((self.partner_1 | self.partner_admin).ids)
+        test_records = self.test_records_simple.with_env(self.env)
+        test_records.message_subscribe((self.partner_1 | self.partner_admin).ids)
+
+        # handy shortcut variables
+        deleted_record = test_records[2]
+        remaining_records = test_records - deleted_record
 
+        messages = self.env['mail.message']
         with freeze_time(now), \
              self.assertMsgWithoutNotifications(), \
              self.capture_triggers(cron_id) as capt:
-            msg = test_record.message_post(
-                body='<p>Test</p>',
-                message_type='comment',
-                subject='Subject',
-                subtype_xmlid='mail.mt_comment',
-                scheduled_date=scheduled_datetime,
-            )
-        self.assertEqual(capt.records.call_at, scheduled_datetime,
-                         msg='Should have created a cron trigger for the scheduled sending')
+            for test_record in test_records:
+                messages += test_record.message_post(
+                    body=f'<p>Test on {test_record.name}</p>',
+                    message_type='comment',
+                    subject=f'Subject for {test_record.name}',
+                    subtype_xmlid='mail.mt_comment',
+                    scheduled_date=scheduled_datetime,
+                )
+        self.assertEqual(
+            capt.records.mapped('call_at'), [scheduled_datetime] * 3,
+            msg='Should have created a cron trigger / scheduled post')
         self.assertFalse(self._new_mails)
         self.assertFalse(self._mails)
 
-        schedules = self.env['mail.message.schedule'].sudo().search([('mail_message_id', '=', msg.id)])
-        self.assertEqual(len(schedules), 1, msg='Should have scheduled the message')
-        self.assertEqual(schedules.scheduled_datetime, scheduled_datetime)
+        schedules = self.env['mail.message.schedule'].sudo().search([('mail_message_id', 'in', messages.ids)])
+        self.assertEqual(len(schedules), 3, msg='Should have one scheduled record / message to post')
+        self.assertEqual(schedules.mapped('scheduled_datetime'), [scheduled_datetime] * 3)
 
         # trigger cron now -> should not sent as in future
         with freeze_time(now):
             self.env['mail.message.schedule'].sudo()._send_notifications_cron()
-        self.assertTrue(schedules.exists(), msg='Should not have sent the message')
+        self.assertTrue(schedules.exists(), msg='Should not have sent the messages')
+
+        # In the mean time, some FK deletes the record where the message is
+        # # scheduled, skipping its unlink() override
+        test_record_names = test_records.mapped('name')
+        self.env.cr.execute(
+            f"DELETE FROM {test_records._table} WHERE id = %s", (deleted_record.id,)
+        )
+        test_records.invalidate_recordset()
 
         # Send the scheduled message from the cron at right date
         with freeze_time(now + timedelta(days=5)), self.mock_mail_gateway(mail_unlink_sent=True):
             self.env['mail.message.schedule'].sudo()._send_notifications_cron()
-        self.assertFalse(schedules.exists(), msg='Should have sent the message')
+        self.assertFalse(schedules.exists(), msg='Should have sent the messages')
+
         # check notifications have been sent
-        recipients_info = [{'content': '<p>Test</p>', 'notif': [
-            {'partner': self.partner_admin, 'type': 'inbox'},
-            {'partner': self.partner_1, 'type': 'email'},
-        ]}]
-        self.assertMailNotifications(msg, recipients_info)
+        for msg, test_record, test_record_name in zip(messages, test_records, test_record_names):
+            with self.subTest(test_record_name=test_record_name):
+                if test_record != deleted_record:
+                    # unlinked record -> skip notification
+                    self.assertMailNotifications(msg, [{
+                        'content': f'Test on {test_record_name}',
+                        'email_values': {
+                            'subject': f'Subject for {test_record_name}',
+                        },
+                        'notif': [
+                            {'partner': self.partner_admin, 'type': 'inbox'},
+                            {'partner': self.partner_1, 'type': 'email'},
+                        ],
+                    }])
+        self.assertEqual(len(self._new_mails), len(remaining_records), 'Should have skipped unlinked record')
 
         # manually create a new schedule date, resend it -> should not crash (aka
         # don't create duplicate notifications, ...)
@@ -932,7 +961,7 @@ def test_message_post_schedule(self):
         with freeze_time(now), \
              self.mock_mail_gateway(mail_unlink_sent=False), \
              self.capture_triggers(cron_id) as capt:
-            msg = test_record.message_post(
+            msg = test_records[0].message_post(
                 body='<p>Test</p>',
                 message_type='comment',
                 subject='Subject',
diff --git a/addons/test_mail/tests/test_performance.py b/addons/test_mail/tests/test_performance.py
index f892f7f1730cd..bc7de09e29b9a 100644
--- a/addons/test_mail/tests/test_performance.py
+++ b/addons/test_mail/tests/test_performance.py
@@ -272,7 +272,7 @@ def test_adv_activity_full(self):
             # voip module read activity_type during create leading to one less query in enterprise on action_feedback
             _category = activity.activity_type_id.category
 
-        with self.assertQueryCount(admin=15, employee=15):
+        with self.assertQueryCount(admin=16, employee=16):
             activity.action_feedback(feedback='Zizisse Done !')
 
     @warmup
@@ -307,7 +307,7 @@ def test_adv_activity_mixin(self):
 
         record.write({'name': 'Dupe write'})
 
-        with self.assertQueryCount(admin=17, employee=17):
+        with self.assertQueryCount(admin=18, employee=18):
             record.action_close('Dupe feedback')
 
         self.assertEqual(record.activity_ids, self.env['mail.activity'])
@@ -333,7 +333,7 @@ def test_adv_activity_mixin_w_attachments(self):
 
         record.write({'name': 'Dupe write'})
 
-        with self.assertQueryCount(admin=21, employee=21):  # com+tm 20/20
+        with self.assertQueryCount(admin=22, employee=22):  # com+tm 20/20
             record.action_close('Dupe feedback', attachment_ids=attachments.ids)
 
         # notifications
@@ -404,7 +404,7 @@ def test_mail_composer_form_attachments(self):
                 composer_form.attachment_ids.add(attachment)
             composer = composer_form.save()
 
-        with self.assertQueryCount(admin=54, employee=54):  # tm+com 47/47
+        with self.assertQueryCount(admin=55, employee=55):  # tm+com 47/47
             composer._action_send_mail()
 
         # notifications
@@ -525,7 +525,7 @@ def test_mail_composer_w_template_form(self):
             )
             composer = composer_form.save()
 
-        with self.assertQueryCount(admin=50, employee=50):
+        with self.assertQueryCount(admin=51, employee=51):
             composer._action_send_mail()
 
         # notifications
@@ -555,7 +555,7 @@ def test_mail_composer_w_template_form_attachments(self):
             )
             composer = composer_form.save()
 
-        with self.assertQueryCount(admin=71, employee=71):
+        with self.assertQueryCount(admin=72, employee=72):
             composer._action_send_mail()
 
         # notifications
@@ -585,7 +585,7 @@ def test_message_assignation_email(self):
     @warmup
     def test_message_assignation_inbox(self):
         record = self.env['mail.test.track'].create({'name': 'Test'})
-        with self.assertQueryCount(admin=20, employee=20):
+        with self.assertQueryCount(admin=21, employee=21):
             record.write({
                 'user_id': self.user_test.id,
             })
@@ -635,7 +635,7 @@ def test_message_log_with_view(self):
     def test_message_log_with_post(self):
         record = self.env['mail.test.simple'].create({'name': 'Test'})
 
-        with self.assertQueryCount(admin=7, employee=7):
+        with self.assertQueryCount(admin=8, employee=8):
             record.message_post(
                 body='<p>Test message_post as log</p>',
                 subtype_xmlid='mail.mt_note',
@@ -646,7 +646,7 @@ def test_message_log_with_post(self):
     def test_message_post_no_notification(self):
         record = self.env['mail.test.simple'].create({'name': 'Test'})
 
-        with self.assertQueryCount(admin=7, employee=7):
+        with self.assertQueryCount(admin=8, employee=8):
             record.message_post(
                 body='<p>Test Post Performances basic</p>',
                 partner_ids=[],
@@ -671,7 +671,7 @@ def test_message_post_one_email_notification(self):
     def test_message_post_one_inbox_notification(self):
         record = self.env['mail.test.simple'].create({'name': 'Test'})
 
-        with self.assertQueryCount(admin=18, employee=18):
+        with self.assertQueryCount(admin=20, employee=20):
             record.message_post(
                 body='<p>Test Post Performances with an inbox ping</p>',
                 partner_ids=self.user_test.partner_id.ids,
@@ -902,7 +902,7 @@ def test_complex_message_post_view(self):
             }).create({})
             composer._onchange_template_id_wrapper()
 
-        with self.assertQueryCount(admin=141, employee=141):
+        with self.assertQueryCount(admin=151, employee=151):
             messages_as_sudo = test_records.message_post_with_view(
                 'test_mail.mail_template_simple_test',
                 values={'partner': self.user_test.partner_id},
@@ -1204,7 +1204,7 @@ def test_message_format(self):
             ]
         }])
 
-        with self.assertQueryCount(employee=6):
+        with self.assertQueryCount(employee=7):
             res = messages.message_format()
             self.assertEqual(len(res), 2)
             for message in res:
@@ -1213,7 +1213,7 @@ def test_message_format(self):
         self.env.flush_all()
         self.env.invalidate_all()
 
-        with self.assertQueryCount(employee=19):
+        with self.assertQueryCount(employee=20):
             res = messages.message_format()
             self.assertEqual(len(res), 2)
             for message in res:
@@ -1234,14 +1234,14 @@ def test_message_format_group_thread_name_by_model(self):
             'res_id': record.id
         } for record in records])
 
-        with self.assertQueryCount(employee=5):
+        with self.assertQueryCount(employee=7):
             res = messages.message_format()
             self.assertEqual(len(res), 6)
 
         self.env.flush_all()
         self.env.invalidate_all()
 
-        with self.assertQueryCount(employee=14):
+        with self.assertQueryCount(employee=16):
             res = messages.message_format()
             self.assertEqual(len(res), 6)
 
diff --git a/addons/test_mail_full/tests/test_mail_performance.py b/addons/test_mail_full/tests/test_mail_performance.py
index 0d37eb0254822..82ad20615ebde 100644
--- a/addons/test_mail_full/tests/test_mail_performance.py
+++ b/addons/test_mail_full/tests/test_mail_performance.py
@@ -81,7 +81,7 @@ def test_message_post_w_followers(self):
         record_ticket = self.env['mail.test.ticket.mc'].browse(self.record_ticket.ids)
         attachments = self.env['ir.attachment'].create(self.test_attachments_vals)
 
-        with self.assertQueryCount(employee=91):  # tmf: 60
+        with self.assertQueryCount(employee=92):  # tmf: 60
             new_message = record_ticket.message_post(
                 attachment_ids=attachments.ids,
                 body='<p>Test Content</p>',
diff --git a/addons/test_mail_full/tests/test_rating.py b/addons/test_mail_full/tests/test_rating.py
index 057dc73ebb7f0..55206bcf27e29 100644
--- a/addons/test_mail_full/tests/test_rating.py
+++ b/addons/test_mail_full/tests/test_rating.py
@@ -141,7 +141,7 @@ def test_rating_last_value_perfs(self):
         partners = self.env['res.partner'].sudo().create([
             {'name': 'Jean-Luc %s' % (idx), 'email': 'jean-luc-%s@opoo.com' % (idx)} for idx in range(RECORD_COUNT)])
 
-        with self.assertQueryCount(employee=1516):  # tmf 1516 / com 5510
+        with self.assertQueryCount(employee=1614):  # tmf 1614
             record_ratings = self.env['mail.test.rating'].create([{
                 'customer_id': partners[idx].id,
                 'name': 'Test Rating',
@@ -149,13 +149,13 @@ def test_rating_last_value_perfs(self):
             } for idx in range(RECORD_COUNT)])
             self.flush_tracking()
 
-        with self.assertQueryCount(employee=2004):  # tmf 2004
+        with self.assertQueryCount(employee=2104):  # tmf 2104
             for record in record_ratings:
                 access_token = record._rating_get_access_token()
                 record.rating_apply(1, token=access_token)
             self.flush_tracking()
 
-        with self.assertQueryCount(employee=2003):  # tmf 2003
+        with self.assertQueryCount(employee=2103):  # tmf 2103
             for record in record_ratings:
                 access_token = record._rating_get_access_token()
                 record.rating_apply(5, token=access_token)
diff --git a/addons/web/controllers/database.py b/addons/web/controllers/database.py
index 7168a5d2eebdf..ddafd973e8fd4 100644
--- a/addons/web/controllers/database.py
+++ b/addons/web/controllers/database.py
@@ -126,6 +126,8 @@ def backup(self, master_pwd, name, backup_format='zip'):
             dispatch_rpc('db', 'change_admin_password', ["admin", master_pwd])
         try:
             odoo.service.db.check_super(master_pwd)
+            if name not in http.db_list():
+                raise Exception("Database %r is not known" % name)
             ts = datetime.datetime.utcnow().strftime("%Y-%m-%d_%H-%M-%S")
             filename = "%s_%s.%s" % (name, ts, backup_format)
             headers = [
diff --git a/addons/web/controllers/pivot.py b/addons/web/controllers/pivot.py
index 331daee43487b..1404afaf97046 100644
--- a/addons/web/controllers/pivot.py
+++ b/addons/web/controllers/pivot.py
@@ -30,8 +30,8 @@ def export_xlsx(self, data, **kw):
         header_plain = workbook.add_format({'pattern': 1, 'bg_color': '#AAAAAA'})
         bold = workbook.add_format({'bold': True})
 
-        measure_count = jdata['measure_count']
-        origin_count = jdata['origin_count']
+        measure_count = min(jdata['measure_count'], 100000)
+        origin_count = min(jdata['origin_count'], 100000)
 
         # Step 1: writing col group headers
         col_group_headers = jdata['col_group_headers']
@@ -50,11 +50,12 @@ def export_xlsx(self, data, **kw):
                     if cell['height'] > 1:
                         carry.append({'x': x, 'height': cell['height'] - 1})
                     x = x + measure_count * (2 * origin_count - 1)
-                for j in range(header['width']):
+                width = min(header['width'], 100000)
+                for j in range(width):
                     worksheet.write(y, x + j, header['title'] if j == 0 else '', header_plain)
                 if header['height'] > 1:
                     carry.append({'x': x, 'height': header['height'] - 1})
-                x = x + header['width']
+                x = x + width
             while (carry and carry[0]['x'] == x):
                 cell = carry.popleft()
                 for j in range(measure_count * (2 * origin_count - 1)):
diff --git a/addons/web/static/src/views/fields/many2many_binary/many2many_binary_field.js b/addons/web/static/src/views/fields/many2many_binary/many2many_binary_field.js
index 0397ee08d18e1..21a68e2cbb298 100644
--- a/addons/web/static/src/views/fields/many2many_binary/many2many_binary_field.js
+++ b/addons/web/static/src/views/fields/many2many_binary/many2many_binary_field.js
@@ -16,7 +16,18 @@ export class Many2ManyBinaryField extends Component {
     }
 
     get files() {
-        return this.props.value.records.map((record) => record.data);
+        const attachments = this.props.value.records.map((record) => record.data);
+        const attachmentsNotSupported = this.props.record.data[this.props.attachmentsNotSupportedField]
+
+        if (this.props.record.resModel == 'account.invoice.send' && attachmentsNotSupported) {
+            for (const attachment of attachments) {
+                if (attachment.id && attachment.id in attachmentsNotSupported) {
+                    attachment.tooltip = attachmentsNotSupported[attachment.id];
+                }
+            }
+        }
+
+        return attachments;
     }
 
     getUrl(id) {
@@ -52,6 +63,7 @@ Many2ManyBinaryField.components = {
 Many2ManyBinaryField.props = {
     ...standardFieldProps,
     acceptedFileExtensions: { type: String, optional: true },
+    attachmentsNotSupportedField: { type: String, optional: true },
     className: { type: String, optional: true },
     uploadText: { type: String, optional: true },
 };
@@ -65,6 +77,7 @@ Many2ManyBinaryField.isEmpty = () => false;
 Many2ManyBinaryField.extractProps = ({ attrs, field }) => {
     return {
         acceptedFileExtensions: attrs.options.accepted_file_extensions,
+        attachmentsNotSupportedField: attrs.options.attachments_not_supported_field,
         className: attrs.class,
         uploadText: field.string,
     };
diff --git a/addons/web/static/src/views/fields/many2many_binary/many2many_binary_field.xml b/addons/web/static/src/views/fields/many2many_binary/many2many_binary_field.xml
index c92e670dfb672..1567acb77e2b4 100644
--- a/addons/web/static/src/views/fields/many2many_binary/many2many_binary_field.xml
+++ b/addons/web/static/src/views/fields/many2many_binary/many2many_binary_field.xml
@@ -26,7 +26,7 @@
 
 <t t-name="Many2ManyBinaryField.attachment_preview" owl="1">
     <t t-set="editable" t-value="!props.readonly"/>
-    <div t-attf-class="o_attachment o_attachment_many2many #{ editable ? 'o_attachment_editable' : '' } #{upload ? 'o_attachment_uploading' : ''}" t-att-title="file.name">
+    <div t-attf-class="o_attachment o_attachment_many2many d-flex flex-row align-items-center gap-1 #{ editable ? 'o_attachment_editable' : '' } #{upload ? 'o_attachment_uploading' : ''}" t-att-title="file.name">
         <div class="o_attachment_wrap">
             <t t-set="ext" t-value="getExtension(file)"/>
             <div class="o_image_box float-start" t-att-data-tooltip="'Download ' + file.name">
@@ -48,6 +48,7 @@
             <div class="o_attachment_uploaded"><i class="text-success fa fa-check" role="img" aria-label="Uploaded" title="Uploaded"/></div>
             <div t-if="editable" class="o_attachment_delete" t-on-click.stop="() => this.onFileRemove(file.id)"><span class="text-white" role="img" aria-label="Delete" title="Delete">×</span></div>
         </div>
+        <i class="fa fa-fw o_button_icon fa-warning" t-if="file.tooltip" t-att-data-tooltip="file.tooltip"></i>
     </div>
 </t>
 
diff --git a/addons/web/static/src/webclient/barcode/crop_overlay.js b/addons/web/static/src/webclient/barcode/crop_overlay.js
index 7b38ac4e162d9..5bd4c93b13f45 100644
--- a/addons/web/static/src/webclient/barcode/crop_overlay.js
+++ b/addons/web/static/src/webclient/barcode/crop_overlay.js
@@ -2,6 +2,7 @@
 
 import { Component, useRef, onPatched } from "@odoo/owl";
 import { browser } from "@web/core/browser/browser";
+import { isIOS } from "@web/core/browser/feature_detection";
 import { clamp } from "@web/core/utils/numbers";
 
 export class CropOverlay extends Component {
@@ -17,6 +18,7 @@ export class CropOverlay extends Component {
         onPatched(() => {
             this.setupCropRect();
         });
+        this.isIOS = isIOS();
     }
 
     setupCropRect() {
diff --git a/addons/web/static/src/webclient/barcode/crop_overlay.scss b/addons/web/static/src/webclient/barcode/crop_overlay.scss
index 132ba6e7a73cd..a6d83ef103fec 100644
--- a/addons/web/static/src/webclient/barcode/crop_overlay.scss
+++ b/addons/web/static/src/webclient/barcode/crop_overlay.scss
@@ -6,13 +6,16 @@
         grid-column: 1 / -1;
     }
 
-    .o_crop_overlay {
+    .o_crop_overlay::after {
+        content: '';
+        display: block;
+    }
+
+    .o_crop_overlay:not(.o_crop_overlay_ios) {
         background-color: RGB(0 0 0 / 0.75);
         mix-blend-mode: darken;
 
         &::after {
-            content: '';
-            display: block;
             height: 100%;
             width: 100%;
             clip-path: inset(var(--o-crop-y, 0px) var(--o-crop-x, 0px));
@@ -20,6 +23,16 @@
         }
     }
 
+    .o_crop_overlay.o_crop_overlay_ios {
+        position: relative;
+
+        &::after {
+            position: absolute;
+            inset: var(--o-crop-y, 0px) var(--o-crop-x, 0px);
+            border: 1px solid black;
+        }
+    }
+
     .o_crop_icon {
         --o-crop-icon-width: 20px;
         --o-crop-icon-height: 20px;
diff --git a/addons/web/static/src/webclient/barcode/crop_overlay.xml b/addons/web/static/src/webclient/barcode/crop_overlay.xml
index 60001068eef44..907954b104e4a 100644
--- a/addons/web/static/src/webclient/barcode/crop_overlay.xml
+++ b/addons/web/static/src/webclient/barcode/crop_overlay.xml
@@ -9,7 +9,7 @@
         >
             <t t-slot="default"/>
             <t t-if="props.isReady">
-                <div class="o_crop_overlay"/>
+                <div class="o_crop_overlay" t-att-class="{'o_crop_overlay_ios': isIOS}"/>
                 <img class="o_crop_icon" src="/web/static/img/transform.svg" draggable="false"/>
             </t>
         </div>
diff --git a/addons/web/static/tests/legacy/control_panel/control_panel_tests.js b/addons/web/static/tests/legacy/control_panel/control_panel_tests.js
index 5b23b59774304..c1b3e213376de 100644
--- a/addons/web/static/tests/legacy/control_panel/control_panel_tests.js
+++ b/addons/web/static/tests/legacy/control_panel/control_panel_tests.js
@@ -55,7 +55,7 @@ odoo.define('web.control_panel_tests', function (require) {
                 env: {
                     session: {
                         async rpc() {
-                            return [[10, "Deco Addict"]];
+                            return [[10, "Acme Corporation"]];
                         },
                     },
                 },
@@ -65,8 +65,8 @@ odoo.define('web.control_panel_tests', function (require) {
             assert.deepEqual(
                 cpHelpers.getFacetTexts(controlPanel).map(t => t.replace(/\s/g, "")),
                 [
-                    "BarDecoAddict",
-                    "BarOpDecoAddict",
+                    "BarAcmeCorporation",
+                    "BarOpAcmeCorporation",
                     "Foofoo",
                     "FooOpfoo_op",
                     "SelecRed"
diff --git a/addons/web/views/report_templates.xml b/addons/web/views/report_templates.xml
index 40e3d13fae1c7..7d223e4ece8e6 100644
--- a/addons/web/views/report_templates.xml
+++ b/addons/web/views/report_templates.xml
@@ -113,7 +113,7 @@
                        <address class="mb-0" itemscope="itemscope"
                                 itemtype="http://schema.org/Organization">
                            <div>
-                               <span itemprop="name">Deco Addict</span>
+                               <span itemprop="name">Acme Corporation</span>
                            </div>
                            <div itemprop="address" itemscope="itemscope"
                                 itemtype="http://schema.org/PostalAddress">
diff --git a/addons/web_editor/static/src/js/editor/odoo-editor/src/OdooEditor.js b/addons/web_editor/static/src/js/editor/odoo-editor/src/OdooEditor.js
index 8898148786224..eca11f48b9c79 100644
--- a/addons/web_editor/static/src/js/editor/odoo-editor/src/OdooEditor.js
+++ b/addons/web_editor/static/src/js/editor/odoo-editor/src/OdooEditor.js
@@ -3552,7 +3552,23 @@ export class OdooEditor extends EventTarget {
                 this._compositionStep();
                 this.historyRollback();
                 ev.preventDefault();
-                getDeepRange(this.editable, { select: true, correctTripleClick: true });
+                const deepRange = getDeepRange(this.editable, { correctTripleClick: true });
+                const startEl = deepRange && closestElement(deepRange.startContainer);
+                const endEl = deepRange && closestElement(deepRange.endContainer);
+                if (startEl && endEl && startEl.isContentEditable && endEl.isContentEditable) {
+                    const { startContainer, startOffset, endContainer, endOffset } = deepRange;
+                    const direction = getCursorDirection(
+                        newSelection.anchorNode,
+                        newSelection.anchorOffset,
+                        newSelection.focusNode,
+                        newSelection.focusOffset
+                    );
+                    if (direction === DIRECTIONS.RIGHT) {
+                        setSelection(startContainer, startOffset, endContainer, endOffset);
+                    } else {
+                        setSelection(endContainer, endOffset, startContainer, startOffset);
+                    }
+                }
                 // To remove only the anchor cell's content when multiple table cells are selected on Enter,
                 // we need to change the selection to focus only on the anchor cell. This can't be done in `oEnter`
                 // because `deleteRange` responsible for removing content, execute before `oEnter` in `_applyRawCommand`.
diff --git a/addons/web_editor/static/src/js/editor/odoo-editor/src/commands/deleteBackward.js b/addons/web_editor/static/src/js/editor/odoo-editor/src/commands/deleteBackward.js
index 78cd048316479..b3a945184ad6a 100644
--- a/addons/web_editor/static/src/js/editor/odoo-editor/src/commands/deleteBackward.js
+++ b/addons/web_editor/static/src/js/editor/odoo-editor/src/commands/deleteBackward.js
@@ -63,7 +63,9 @@ HTMLElement.prototype.oDeleteBackward = function (offset, alreadyMoved = false,
         if (
             isDeletable(leftNode)
         ) {
+            const parentEl = leftNode.parentElement;
             leftNode.remove();
+            fillEmpty(parentEl);
             return;
         }
         if (!isBlock(leftNode) || isVisibleEmpty(leftNode)) {
diff --git a/addons/web_editor/static/src/js/editor/odoo-editor/src/commands/deleteForward.js b/addons/web_editor/static/src/js/editor/odoo-editor/src/commands/deleteForward.js
index a50634a4228bb..ca37db7229e3b 100644
--- a/addons/web_editor/static/src/js/editor/odoo-editor/src/commands/deleteForward.js
+++ b/addons/web_editor/static/src/js/editor/odoo-editor/src/commands/deleteForward.js
@@ -146,12 +146,14 @@ HTMLElement.prototype.oDeleteForward = function (offset) {
     if (firstLeafNode && (isFontAwesome(firstLeafNode) || isNotEditableNode(firstLeafNode))) {
         const nextSibling = firstLeafNode.nextSibling;
         const nextSiblingText = nextSibling ? nextSibling.textContent : '';
+        const parentEl = firstLeafNode.parentElement;
         firstLeafNode.remove();
         if (isEditorTab(firstLeafNode) && nextSiblingText[0] === '\u200B') {
             // When deleting an editor tab, we need to ensure it's related ZWS
             // il deleted as well.
             nextSibling.textContent = nextSiblingText.replace('\u200B', '');
         }
+        fillEmpty(parentEl);
         return;
     }
     if (
diff --git a/addons/web_editor/static/src/js/editor/odoo-editor/test/spec/editor.test.js b/addons/web_editor/static/src/js/editor/odoo-editor/test/spec/editor.test.js
index 14d6e9c7e63f6..9aa1d986995c5 100644
--- a/addons/web_editor/static/src/js/editor/odoo-editor/test/spec/editor.test.js
+++ b/addons/web_editor/static/src/js/editor/odoo-editor/test/spec/editor.test.js
@@ -1151,6 +1151,13 @@ X[]
                         contentAfter: unformat(`<div>a[]d</div>`),
                     });
                 });
+                it('should fill empty block with a <br>', async () => {
+                    await testEditor(BasicEditor, {
+                        contentBefore: '<p>[]<i class="fa fa-bug" contenteditable="false"></i></p>',
+                        stepFunction: deleteForward,
+                        contentAfter: '<p>[]<br></p>',
+                    });
+                });
             });
         });
         describe('Selection not collapsed', () => {
@@ -2791,6 +2798,11 @@ X[]
                         stepFunction: deleteBackward,
                         contentAfter: '<p>[]<br></p>',
                     });
+                    await testEditor(BasicEditor, {
+                        contentBefore: '<p><i class="fa fa-bug" contenteditable="false"></i>[]</p>',
+                        stepFunction: deleteBackward,
+                        contentAfter: '<p>[]<br></p>',
+                    });
                 });
                 it('should merge a paragraph with text into a paragraph with text removing spaces', async () => {
                     await testEditor(BasicEditor, {
@@ -3686,6 +3698,15 @@ X[]
                         contentAfter: '<p>abc</p><p>[]<br></p>',
                     });
                 });
+                it('inserts an empty paragraph when Enter is pressed before a non-editable element', async () => {
+                    await testEditor(BasicEditor, {
+                        contentBefore: '<p>[]<i class="fa fa-bug" contenteditable="false"></i></p>',
+                        stepFunction: async editor => {
+                            await triggerEvent(editor.editable, 'input', { data: 'Enter', inputType: 'insertParagraph' });
+                        },
+                        contentAfter: '<p><br></p><p>[]<i class="fa fa-bug" contenteditable="false"></i></p>',
+                    });
+                });
             });
             describe('Pre', () => {
                 it('should insert a line break within the pre', async () => {
@@ -4342,6 +4363,15 @@ X[]
                         contentAfter: '<p>abc<br>[]<br></p>',
                     });
                 });
+                it('inserts a <br> when a line break is inserted before a non-editable element', async () => {
+                    await testEditor(BasicEditor, {
+                        contentBefore: '<p>[]<i class="fa fa-bug" contenteditable="false"></i></p>',
+                        stepFunction: async editor => {
+                            await triggerEvent(editor.editable, 'input', { data: 'Enter', inputType: 'insertLineBreak' });
+                        },
+                        contentAfter: '<p><br>[]<i class="fa fa-bug" contenteditable="false"></i></p>',
+                    });
+                });
             });
             describe('Consecutive', () => {
                 it('should insert two <br> at the beggining of an empty paragraph', async () => {
diff --git a/addons/web_editor/static/src/js/wysiwyg/widgets/link_popover_widget.js b/addons/web_editor/static/src/js/wysiwyg/widgets/link_popover_widget.js
index dd28b24c964ed..def4a63b560b4 100644
--- a/addons/web_editor/static/src/js/wysiwyg/widgets/link_popover_widget.js
+++ b/addons/web_editor/static/src/js/wysiwyg/widgets/link_popover_widget.js
@@ -24,6 +24,7 @@ const LinkPopoverWidget = Widget.extend({
         this.$target = $(target);
         this.container = this.options.container || this.target.ownerDocument.body;
         this.href = this.$target.attr('href'); // for template
+        this.isDocument = !!$(target).attr("data-mimetype");
         this._dp = new DropPrevious();
     },
     /**
diff --git a/addons/web_editor/static/src/js/wysiwyg/wysiwyg.js b/addons/web_editor/static/src/js/wysiwyg/wysiwyg.js
index 31e9c917ff54a..b61cd025b309b 100644
--- a/addons/web_editor/static/src/js/wysiwyg/wysiwyg.js
+++ b/addons/web_editor/static/src/js/wysiwyg/wysiwyg.js
@@ -432,11 +432,10 @@ const Wysiwyg = Widget.extend({
 
             if ($target.is(this.customizableLinksSelector)
                     && $target.is('a')
-                    && $target[0].isContentEditable
+                    && ($target[0].isContentEditable || $target.attr("data-mimetype"))
                     && !$target.attr('data-oe-model')
                     && !$target.find('> [data-oe-model]').length
-                    && !$target[0].closest('.o_extra_menu_items')
-                    && $target[0].isContentEditable) {
+                    && !$target[0].closest('.o_extra_menu_items')) {
                 if (ev.ctrlKey || ev.metaKey) {
                     window.open($target[0].href, '_blank');
                 }
@@ -1967,23 +1966,28 @@ const Wysiwyg = Widget.extend({
         // Unselect all media.
         this.$editable.find('.o_we_selected_image').removeClass('o_we_selected_image');
         if (isInMedia) {
-            this.odooEditor.automaticStepSkipStack();
-            // Select the media in the DOM.
-            const selection = this.odooEditor.document.getSelection();
-            const range = this.odooEditor.document.createRange();
-            range.selectNode(this.lastMediaClicked);
-            selection.removeAllRanges();
-            selection.addRange(range);
-            // Toggle the 'active' class on the active image tool buttons.
-            for (const button of this.toolbar.$el.find('#image-shape div, #fa-spin')) {
-                button.classList.toggle('active', $(e.target).hasClass(button.id));
-            }
-            for (const button of this.toolbar.$el.find('#image-width div')) {
-                button.classList.toggle('active', e.target.style.width === button.id);
+            // Hide the toolbar if the media has a data-mimetype (e.g. attachment).
+            if ($target.attr("data-mimetype")) {
+                this.odooEditor.toolbarHide();
+            } else {
+                this.odooEditor.automaticStepSkipStack();
+                // Select the media in the DOM.
+                const selection = this.odooEditor.document.getSelection();
+                const range = this.odooEditor.document.createRange();
+                range.selectNode(this.lastMediaClicked);
+                selection.removeAllRanges();
+                selection.addRange(range);
+                // Toggle the 'active' class on the active image tool buttons.
+                for (const button of this.toolbar.$el.find('#image-shape div, #fa-spin')) {
+                    button.classList.toggle('active', $(e.target).hasClass(button.id));
+                }
+                for (const button of this.toolbar.$el.find('#image-width div')) {
+                    button.classList.toggle('active', e.target.style.width === button.id);
+                }
+                this.toolbar.el.querySelector('#image-transform').classList.toggle('active', e.target.matches('[style*="transform"]'));
+                this._updateMediaJustifyButton();
+                this._updateFaResizeButtons();
             }
-            this.toolbar.el.querySelector('#image-transform').classList.toggle('active', e.target.matches('[style*="transform"]'));
-            this._updateMediaJustifyButton();
-            this._updateFaResizeButtons();
         }
         if (isInMedia) {
             // Handle the media/link's tooltip.
@@ -2518,7 +2522,7 @@ const Wysiwyg = Widget.extend({
             if (
                 isVisible &&
                 (
-                    (this.options.autohideToolbar && !this.odooEditor.document.getSelection().isCollapsed) ||
+                    (this.options.autohideToolbar && !this.odooEditor.document.getSelection().isCollapsed && !this.linkPopover.$target.attr("data-mimetype")) ||
                     !selectionInLink
                 )
             ) {
diff --git a/addons/web_editor/static/src/xml/wysiwyg.xml b/addons/web_editor/static/src/xml/wysiwyg.xml
index 1cf6ac024e55e..325a7e59c5e1e 100644
--- a/addons/web_editor/static/src/xml/wysiwyg.xml
+++ b/addons/web_editor/static/src/xml/wysiwyg.xml
@@ -173,14 +173,14 @@
                 <a href="#" class="mx-1 o_we_copy_link text-dark" data-bs-toggle="tooltip" data-bs-placement="top" title="Copy Link">
                     <i class="fa fa-clone"/>
                 </a>
-                <a href="#" class="mx-1 o_we_edit_link text-dark" data-bs-toggle="tooltip" data-bs-placement="top" title="Edit Link">
+                <a href="#" t-att-hidden="widget.isDocument ? true : undefined" class="mx-1 o_we_edit_link text-dark" data-bs-toggle="tooltip" data-bs-placement="top" title="Edit Link">
                     <i class="fa fa-edit"/>
                 </a>
-                <a href="#" class="ms-1 o_we_remove_link text-dark" data-bs-toggle="tooltip" data-bs-placement="top" title="Remove Link">
+                <a href="#" t-att-hidden="widget.isDocument ? true : undefined" class="ms-1 o_we_remove_link text-dark" data-bs-toggle="tooltip" data-bs-placement="top" title="Remove Link">
                     <i class="fa fa-chain-broken"/>
                 </a>
             </div>
-            <a href="#" target="_blank" class="o_we_full_url mt-1 text-muted d-none" t-esc="widget.href" title="Open in a new tab"/>
+            <a href="#" t-att-hidden="widget.isDocument ? true : undefined" target="_blank" class="o_we_full_url mt-1 text-muted d-none" t-esc="widget.href" title="Open in a new tab"/>
         </div>
     </div>
     <we-customizeblock-option t-name="wysiwyg.widgets.linkTools">
diff --git a/addons/website/controllers/main.py b/addons/website/controllers/main.py
index f21af9128ebf3..3fb015f8a7bec 100644
--- a/addons/website/controllers/main.py
+++ b/addons/website/controllers/main.py
@@ -7,6 +7,7 @@
 import logging
 import re
 import requests
+import urllib.parse
 import werkzeug.urls
 import werkzeug.utils
 import werkzeug.wrappers
@@ -58,9 +59,9 @@ def __call__(self, path=None, path_args=None, **kw):
                     paths[key] = u"%s" % value
             elif value:
                 if isinstance(value, list) or isinstance(value, set):
-                    fragments.append(werkzeug.urls.url_encode([(key, item) for item in value]))
+                    fragments.append(urllib.parse.urlencode([(key, item) for item in value]))
                 else:
-                    fragments.append(werkzeug.urls.url_encode([(key, value)]))
+                    fragments.append(urllib.parse.urlencode([(key, value)]))
         for key in path_args:
             value = paths.get(key)
             if value is not None:
@@ -632,7 +633,7 @@ def pagenew(self, path="", add_menu=False, template=False, redirect=False, **kwa
         # If that URL is also a menu, we update it accordingly.
         # NB: we don't want to slugify on menu creation as it could redirect
         # towards files (with spaces, apostrophes, etc.).
-        menu = request.env['website.menu'].search([('url', '=', '/' + path)])
+        menu = request.env['website.menu'].search([('url', '=', '/' + path), ('page_id', '=', False)])
         if menu:
             menu.page_id = page['page_id']
 
diff --git a/addons/website_customer/data/res_partner_demo.xml b/addons/website_customer/data/res_partner_demo.xml
index ab978cc81cf08..eca5f36794ba1 100644
--- a/addons/website_customer/data/res_partner_demo.xml
+++ b/addons/website_customer/data/res_partner_demo.xml
@@ -4,10 +4,10 @@
 
         <record id="base.res_partner_2" model="res.partner">
             <field name="is_published" eval="True"/>
-            <field name="website_short_description">Deco Addict designs, develops, integrates and supports HR and Supply Chain processes in order to make our customers more productive, responsive and profitable.</field>
+            <field name="website_short_description">Acme Corporation designs, develops, integrates and supports HR and Supply Chain processes in order to make our customers more productive, responsive and profitable.</field>
             <field name="website_description" type="html">
                 <p>
-                Deco Addict designs, develops, integrates and supports HR and Supply
+                Acme Corporation designs, develops, integrates and supports HR and Supply
                 Chain processes in order to make our customers more productive,
                 responsive and profitable.
                 </p><p>
@@ -17,7 +17,7 @@
                 installed IT software into account. That is why Idealis
                 Consulting delivers excellence in HR and SC Management.
                 </p><p>
-                Deco Addict integrates ERP for Global Companies and supports PME
+                Acme Corporation integrates ERP for Global Companies and supports PME
                 with Open Sources software to manage their businesses. Our
                 consultants are experts in the following areas:
                 </p>
@@ -62,10 +62,10 @@
         </record>
         <record id="base.res_partner_4" model="res.partner">
             <field name="is_published" eval="True"/>
-            <field name="website_short_description">Deco Addict designs, develops, integrates and supports HR and Supply Chain processes in order to make our customers more productive, responsive and profitable.</field>
+            <field name="website_short_description">Acme Corporation designs, develops, integrates and supports HR and Supply Chain processes in order to make our customers more productive, responsive and profitable.</field>
             <field name="website_description" type="html">
                 <p>
-                Deco Addict designs, develops, integrates and supports HR and Supply
+                Acme Corporation designs, develops, integrates and supports HR and Supply
                 Chain processes in order to make our customers more productive,
                 responsive and profitable.
                 </p><p>
@@ -75,7 +75,7 @@
                 installed IT software into account. That is why Idealis
                 Consulting delivers excellence in HR and SC Management.
                 </p><p>
-                Deco Addict integrates ERP for Global Companies and supports PME
+                Acme Corporation integrates ERP for Global Companies and supports PME
                 with Open Sources software to manage their businesses. Our
                 consultants are experts in the following areas:
                 </p>
diff --git a/addons/website_event/data/res_partner_demo.xml b/addons/website_event/data/res_partner_demo.xml
index c6bae7b287e1f..54ff9e77de941 100644
--- a/addons/website_event/data/res_partner_demo.xml
+++ b/addons/website_event/data/res_partner_demo.xml
@@ -23,7 +23,7 @@
 
     <record id="base.res_partner_2" model="res.partner">
         <field name="is_published">True</field>
-        <field name="website_short_description">Deco Addict brings honesty and seriousness to wood industry while helping customers deal with trees, flowers and fungi.</field>
+        <field name="website_short_description">Acme Corporation brings honesty and seriousness to wood industry while helping customers deal with trees, flowers and fungi.</field>
         <field name="website_description" type="html">
 <div><section class="s_text_image o_colored_level" data-snippet="s_image_text" data-name="Image - Text">
     <div class="container">
@@ -276,10 +276,10 @@
         </field>
     </record>
 
-    <!-- 3-4-31: children of 2 (Deco Addict) -->
+    <!-- 3-4-31: children of 2 (Acme Corporation) -->
     <record id="base.res_partner_address_3" model="res.partner">
         <field name="is_published">True</field>
-        <field name="website_short_description">Douglas Fletcher is a mighty functional consultant at Deco Addict</field>
+        <field name="website_short_description">Douglas Fletcher is a mighty functional consultant at Acme Corporation</field>
         <field name="website_description" type="html">
 <p>
     Douglas Fletcher works in IT sector <b>since 10 years</b>. He is known
@@ -289,7 +289,7 @@
     </record>
     <record id="base.res_partner_address_4" model="res.partner">
         <field name="is_published">True</field>
-        <field name="website_short_description">Floyd Steward is a mighty analyst at Deco Addict.</field>
+        <field name="website_short_description">Floyd Steward is a mighty analyst at Acme Corporation.</field>
         <field name="website_description" type="html">
 <p>
     Floyd Steward works in IT sector <b>since 10 years</b>. He is known
@@ -299,7 +299,7 @@
     </record>
     <record id="base.res_partner_address_31" model="res.partner">
         <field name="is_published">True</field>
-        <field name="website_short_description">Addison Olson is a mighty sales representative at Deco Addict.</field>
+        <field name="website_short_description">Addison Olson is a mighty sales representative at Acme Corporation.</field>
         <field name="website_description" type="html">
 <p>
     Addison Olson works in IT sector <b>since 10 years</b>. He is known
diff --git a/addons/website_event/static/src/js/website_event.js b/addons/website_event/static/src/js/website_event.js
index bfd6f75ad85bd..35e85c4d4f722 100644
--- a/addons/website_event/static/src/js/website_event.js
+++ b/addons/website_event/static/src/js/website_event.js
@@ -71,18 +71,7 @@ var EventRegistrationForm = Widget.extend({
             $button.attr('disabled', true);
             var action = $form.data('action') || $form.attr('action');
             var self = this;
-            return ajax.jsonRpc(action, 'call', post).then(async function (modal) {
-                const tokenObj = await self._recaptcha.getToken('website_event_registration');
-                if (tokenObj.error) {
-                    self.displayNotification({
-                        type: 'danger',
-                        title: _t('Error'),
-                        message: tokenObj.error,
-                        sticky: true,
-                    });
-                    $button.prop('disabled', false);
-                    return false;
-                }
+            return ajax.jsonRpc(action, 'call', post).then(function (modal) {
                 var $modal = $(modal);
                 $modal.find('.modal-body > div').removeClass('container'); // retrocompatibility - REMOVE ME in master / saas-19
                 $modal.appendTo(document.body);
@@ -96,12 +85,29 @@ var EventRegistrationForm = Widget.extend({
                 $modal.on('click', '.btn-close', function () {
                     $button.prop('disabled', false);
                 });
-                $modal.on('submit', 'form', function (ev) {
+                $modal.on('submit', 'form', async function (ev) {
+                    if (!self._recaptcha._publicKey) {
+                        return;
+                    }
+
+                    ev.preventDefault();
+                    const tokenObj = await self._recaptcha.getToken("website_event_registration");
+                    if (tokenObj.error) {
+                        $button.prop('disabled', false);
+                        self.displayNotification({
+                            type: 'danger',
+                            title: _t('Error'),
+                            message: tokenObj.error,
+                            sticky: true,
+                        });
+                        return;
+                    }
                     const tokenInput = document.createElement('input');
                     tokenInput.setAttribute('name', 'recaptcha_token_response');
                     tokenInput.setAttribute('type', 'hidden');
                     tokenInput.setAttribute('value', tokenObj.token);
                     ev.currentTarget.appendChild(tokenInput);
+                    ev.currentTarget.submit();
                 })
             });
         }
diff --git a/addons/website_event_exhibitor/data/event_sponsor_demo.xml b/addons/website_event_exhibitor/data/event_sponsor_demo.xml
index 6bb840446eb07..5d0b84a66827b 100644
--- a/addons/website_event_exhibitor/data/event_sponsor_demo.xml
+++ b/addons/website_event_exhibitor/data/event_sponsor_demo.xml
@@ -37,7 +37,7 @@
         <field name="event_id" ref="event.event_7"/>
         <field name="sponsor_type_id" ref="event_sponsor_type3"/>
         <field name="partner_id" ref="base.res_partner_2"/>
-        <field name="url">http://www.deco-addict.example.com</field>
+        <field name="url">http://www.acme-corp.example.com</field>
         <field name="is_published" eval="True"/>
         <field name="subtitle">You won't believe this sponsor</field>
         <field name="exhibitor_type">sponsor</field>
diff --git a/addons/website_sale_loyalty/tests/__init__.py b/addons/website_sale_loyalty/tests/__init__.py
index eeb2997e6de5e..656ff20aa930f 100644
--- a/addons/website_sale_loyalty/tests/__init__.py
+++ b/addons/website_sale_loyalty/tests/__init__.py
@@ -1,6 +1,7 @@
 # Part of Odoo. See LICENSE file for full copyright and licensing details.
 
 from . import test_apply_pending_coupon
+from . import test_concurrent_promo_code
 from . import test_free_product_reward
 from . import test_sale_coupon_multiwebsite
 from . import test_shop_loyalty_payment
diff --git a/addons/website_sale_loyalty/tests/test_concurrent_promo_code.py b/addons/website_sale_loyalty/tests/test_concurrent_promo_code.py
new file mode 100644
index 0000000000000..3be37736fd7d1
--- /dev/null
+++ b/addons/website_sale_loyalty/tests/test_concurrent_promo_code.py
@@ -0,0 +1,132 @@
+import threading
+import time
+from concurrent.futures import ThreadPoolExecutor
+from psycopg2 import OperationalError
+
+from odoo import SUPERUSER_ID, api, registry
+from odoo.tests import tagged
+from odoo.tests.common import BaseCase, get_db_name
+from odoo.tools import mute_logger
+
+
+@tagged('-standard', '-at_install', 'post_install', 'database_breaking')
+class TestConcurrencyPromoCode(BaseCase):
+
+    @classmethod
+    def setUpClass(cls):
+        super().setUpClass()
+
+        cls.registry = registry(get_db_name())
+
+        with cls.registry.cursor() as cr:
+            env = api.Environment(cr, SUPERUSER_ID, {})
+
+            cls.promo_code = "AZERTY123456"
+            cls.promo_code_program = env['loyalty.program'].create({
+                'name': 'FREE FOR ONE',
+                'program_type': 'promo_code',
+                'limit_usage': True,
+                'max_usage': 1,
+                'rule_ids': [(0, 0, {
+                    'minimum_qty': 0,
+                    'code': cls.promo_code,
+                })],
+                'reward_ids': [(0, 0, {
+                    'reward_type': 'discount',
+                    'discount_mode': 'percent',
+                    'discount_applicability': 'order',
+                    'discount': 100.0,
+                })]
+            })
+
+            cls.partner_1 = env['res.partner'].create([{
+                'name': 'Mitchel Notadmin',
+                'email': 'mitch.el@example.com',
+            }])
+            cls.partner_2 = env['res.partner'].create({
+                'name': 'John Smith',
+                'email': 'john.smith@example.com',
+            })
+
+            cls.product = env['product.product'].create({
+                'name': "TEST PRODUCT",
+                'standard_price': 100,
+            })
+
+            cls.order_partner_1 = env['sale.order'].create({'partner_id': cls.partner_1.id})
+            cls.order_partner_2 = env['sale.order'].create({'partner_id': cls.partner_2.id})
+
+            cls.order_lines = env['sale.order.line'].create([{
+                    'order_id': cls.order_partner_1.id,
+                    'product_id': cls.product.id,
+                    'product_uom_qty': 1,
+                }, {
+                    'order_id': cls.order_partner_2.id,
+                    'product_id': cls.product.id,
+                    'product_uom_qty': 3,
+                },
+            ])
+
+    def setUp(self):
+        super().setUp()
+
+        def reset():
+            with self.registry.cursor() as cr:
+                cr.execute("""
+                    DELETE FROM loyalty_card WHERE program_id = %(program_id)s;
+                    DELETE FROM loyalty_rule WHERE program_id = %(program_id)s;
+                    DELETE FROM loyalty_reward WHERE program_id = %(program_id)s;
+                    DELETE FROM loyalty_program WHERE id = %(program_id)s;
+                    DELETE FROM sale_order_line WHERE id IN %(sol_ids)s;
+                    DELETE FROM sale_order WHERE id IN %(so_ids)s;
+                    DELETE FROM res_partner WHERE id IN %(partner_ids)s;
+                    DELETE FROM product_product WHERE id = %(product_id)s;
+                """, {
+                    'program_id': self.promo_code_program.id,
+                    'sol_ids': tuple(self.order_lines.ids),
+                    'so_ids': (self.order_partner_1.id, self.order_partner_2.id),
+                    'partner_ids': (self.partner_1.id, self.partner_2.id),
+                    'product_id': self.product.id,
+                })
+        self.addCleanup(reset)
+
+    @mute_logger('odoo.sql_db')
+    def test_locked_update_promo_code(self):
+        """ Test that two cursors cannot lock the same row simultaneously """
+
+        # Commit the orders so that both cursors can read them
+        with self.registry.cursor() as cr:
+            cr.commit()
+
+        # A simple barrier to make sure threads start roughly at the same time
+        start_barrier = threading.Barrier(2)
+
+        def run(order_id):
+            with self.registry.cursor() as cr:
+                cr.execute("SELECT id FROM loyalty_rule WHERE code = %s", (self.promo_code,))
+                self.assertTrue(cr.fetchone())
+
+                env = api.Environment(cr, SUPERUSER_ID, {})
+                order = env['sale.order'].browse(order_id)
+
+                # Wait for the other threads to be ready
+                start_barrier.wait()
+
+                try:
+                    order._try_apply_code(self.promo_code)
+                    time.sleep(2)  # Hold the lock for a moment to ensure overlap
+                    return True
+
+                except OperationalError:
+                    # This catches the Postgres error when a row is locked
+                    return False
+
+        with ThreadPoolExecutor(max_workers=2) as executor:
+            future_1 = executor.submit(run, self.order_partner_1.id)
+            future_2 = executor.submit(run, self.order_partner_2.id)
+
+        # One should go through, the other should be locked (does not matter
+        # which thread)
+        res_1 = future_1.result(timeout=3)
+        res_2 = future_2.result(timeout=3)
+        self.assertNotEqual(res_1, res_2)
diff --git a/doc/cla/individual/anjeelharia.md b/doc/cla/individual/anjeelharia.md
new file mode 100644
index 0000000000000..a2a6838880902
--- /dev/null
+++ b/doc/cla/individual/anjeelharia.md
@@ -0,0 +1,11 @@
+India, 2025-12-03
+
+I hereby agree to the terms of the Odoo Individual Contributor License
+Agreement v1.0.
+
+I declare that I am authorized and able to make this agreement and sign this
+declaration.
+
+Signed,
+
+Anjeel bytemeasap@gmail.com https://github.com/ByteMeAsap
diff --git a/odoo/addons/base/data/res_partner_demo.xml b/odoo/addons/base/data/res_partner_demo.xml
index b0be7d4a5df32..9984f0dbf020a 100644
--- a/odoo/addons/base/data/res_partner_demo.xml
+++ b/odoo/addons/base/data/res_partner_demo.xml
@@ -57,7 +57,7 @@
             <field name="image_1920" type="base64" file="base/static/img/res_partner_1-image.png"/>
         </record>
         <record id="res_partner_2" model="res.partner">
-            <field name="name">Deco Addict</field>
+            <field name="name">Acme Corporation</field>
             <field eval="[Command.set([ref('base.res_partner_category_14')])]" name="category_id"/>
             <field name="is_company">1</field>
             <field name="street">77 Santa Barbara Rd</field>
@@ -65,9 +65,9 @@
             <field name="state_id" ref='state_us_5'/>
             <field name="zip">94523</field>
             <field name="country_id" ref="base.us"/>
-            <field name="email">deco.addict82@example.com</field>
+            <field name="email">acme.corp82@example.com</field>
             <field name="phone">(603)-996-3829</field>
-            <field name="website">http://www.deco-addict.com</field>
+            <field name="website">http://www.acme-example-company.com</field>
             <field name="image_1920" type="base64" file="base/static/img/res_partner_2-image.png"/>
         </record>
         <record id="res_partner_3" model="res.partner">
diff --git a/odoo/addons/base/static/img/res_partner_2-image.png b/odoo/addons/base/static/img/res_partner_2-image.png
index 1e9df902f8ae5..e7465708f9cf3 100644
Binary files a/odoo/addons/base/static/img/res_partner_2-image.png and b/odoo/addons/base/static/img/res_partner_2-image.png differ
diff --git a/odoo/addons/base/tests/common.py b/odoo/addons/base/tests/common.py
index 512c3b512f6d6..592513301ae16 100644
--- a/odoo/addons/base/tests/common.py
+++ b/odoo/addons/base/tests/common.py
@@ -182,7 +182,7 @@ def _load_partners_set(cls):
                     'name': 'Austin Kennedy', # Tom Ruiz
                 })],
             }, {
-                'name': 'Pepper Street', # 'Deco Addict',
+                'name': 'Pepper Street',  # 'Acme Corporation',
                 'state_id': cls.env.ref('base.state_us_2').id,
                 'child_ids': [Command.create({
                     'name': 'Liam King', # 'Douglas Fletcher',
diff --git a/odoo/addons/base/tests/test_expression.py b/odoo/addons/base/tests/test_expression.py
index f0ea01292c4fb..901d55e8526a7 100644
--- a/odoo/addons/base/tests/test_expression.py
+++ b/odoo/addons/base/tests/test_expression.py
@@ -818,14 +818,14 @@ def test_lp1071710(self):
 
         # indirect search via m2o
         Partner = self.env['res.partner']
-        deco_addict = self._search(Partner, [('name', '=', 'Pepper Street')])
+        acme_corp = self._search(Partner, [('name', '=', 'Pepper Street')])
 
         not_be = self._search(Partner, [('country_id', '!=', 'Belgium')])
-        self.assertNotIn(deco_addict, not_be)
+        self.assertNotIn(acme_corp, not_be)
 
         Partner = Partner.with_context(lang='fr_FR')
         not_be = self._search(Partner, [('country_id', '!=', 'Belgique')])
-        self.assertNotIn(deco_addict, not_be)
+        self.assertNotIn(acme_corp, not_be)
 
     def test_or_with_implicit_and(self):
         # Check that when using expression.OR on a list of domains with at least one
diff --git a/odoo/netsvc.py b/odoo/netsvc.py
index fa660ad0a9b0f..a068e98e1ee1f 100644
--- a/odoo/netsvc.py
+++ b/odoo/netsvc.py
@@ -145,6 +145,16 @@ def format(self, record):
         record.dbname = getattr(threading.current_thread(), 'dbname', '?')
         return logging.Formatter.format(self, record)
 
+    def formatMessage(self, record):
+        if record.munge_traceback:
+            return super().formatMessage(record).replace(
+                'Traceback (most recent call last):',
+                '_Traceback_ (most recent call last):',
+            )
+        else:
+            return super().formatMessage(record)
+
+
 class ColoredFormatter(DBFormatter):
     def format(self, record):
         fg_color, bg_color = LEVEL_COLOR_MAPPING.get(record.levelno, (GREEN, DEFAULT))
@@ -162,6 +172,7 @@ def init_logger():
     def record_factory(*args, **kwargs):
         record = old_factory(*args, **kwargs)
         record.perf_info = ""
+        record.munge_traceback = False
         return record
     logging.setLogRecordFactory(record_factory)
 
diff --git a/odoo/tests/common.py b/odoo/tests/common.py
index 7161a52bde0c0..c1453b985fcd6 100644
--- a/odoo/tests/common.py
+++ b/odoo/tests/common.py
@@ -1119,6 +1119,7 @@ def _chrome_start(self):
             '--remote-debugging-port': str(self.remote_debugging_port),
             '--no-sandbox': '',
             '--disable-gpu': '',
+            '--mute-audio': '',
             '--remote-allow-origins': '*',
             # '--enable-precise-memory-info': '', # uncomment to debug memory leaks in qunit suite
             # '--js-flags': '--expose-gc', # uncomment to debug memory leaks in qunit suite
diff --git a/odoo/tests/test_module_operations.py b/odoo/tests/test_module_operations.py
index eb9a216aa7515..bca13263f3fb7 100755
--- a/odoo/tests/test_module_operations.py
+++ b/odoo/tests/test_module_operations.py
@@ -231,5 +231,5 @@ def test_standalone(args):
     try:
         args.func(args)
     except Exception:
-        _logger.error("%s tests failed", args.func.__name__[5:])
-        raise
+        _logger.exception("%s tests failed", args.func.__name__[5:])
+        exit(1)
diff --git a/odoo/tools/_monkeypatches.py b/odoo/tools/_monkeypatches.py
index fce9ed4c28562..4876272ac1cdc 100644
--- a/odoo/tools/_monkeypatches.py
+++ b/odoo/tools/_monkeypatches.py
@@ -158,10 +158,15 @@ def pool_init(self, *args, **kwargs):
 
 def policy_clone(self, **kwargs):
     for arg in kwargs:
-        if arg.startswith("_") or "__" in arg:
+        if arg.startswith("_") or "__" in arg or arg == "clone":
             raise AttributeError(f"{self.__class__.__name__!r} object has no attribute {arg!r}")
     return orig_policy_clone(self, **kwargs)
 
 
+def policy_add(self, other):
+    return policy_clone(self, **other.__dict__)
+
+
 orig_policy_clone = _PolicyBase.clone
 _PolicyBase.clone = policy_clone
+_PolicyBase.__add__ = policy_add
diff --git a/odoo/tools/_monkeypatches_urls.py b/odoo/tools/_monkeypatches_urls.py
index 072e36b087ce8..35cf4bd4ffcb0 100644
--- a/odoo/tools/_monkeypatches_urls.py
+++ b/odoo/tools/_monkeypatches_urls.py
@@ -64,7 +64,6 @@ def _to_str(
     "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
     "0123456789"
     "-._~"
-    "$!'()*+,;"  # RFC3986 sub-delims set, not including query string delimiters &=
 )
 _always_safe = frozenset(_always_safe_chars.encode("ascii"))
 
diff --git a/odoo/tools/_vendor/useragents.py b/odoo/tools/_vendor/useragents.py
index 7627ccc973bf6..f0b8730deb484 100644
--- a/odoo/tools/_vendor/useragents.py
+++ b/odoo/tools/_vendor/useragents.py
@@ -75,11 +75,11 @@ class UserAgentParser(object):
     )
 
     def __init__(self):
-        self.platforms = [(b, re.compile(a, re.I)) for a, b in self.platforms]
-        self.browsers = [
+        self.platforms = tuple((b, re.compile(a, re.I)) for a, b in self.platforms)
+        self.browsers = tuple(
             (b, re.compile(self._browser_version_re % a, re.I))
             for a, b in self.browsers
-        ]
+        )
 
     def __call__(self, user_agent):
         for platform, regex in self.platforms:  # noqa: B007
diff --git a/odoo/tools/misc.py b/odoo/tools/misc.py
index 5dad940be5fca..558c51446c602 100644
--- a/odoo/tools/misc.py
+++ b/odoo/tools/misc.py
@@ -854,8 +854,8 @@ def emit(self, record):
         if record.levelno > self.max_level:
             record.levelname = f'_{record.levelname}'
             record.levelno = self.to_level
+            record.munge_traceback = True
             self.had_error_log = True
-            record.args = tuple(arg.replace('Traceback (most recent call last):', '_Traceback_ (most recent call last):') if isinstance(arg, str) else arg for arg in record.args)
 
         if logging.getLogger(record.name).isEnabledFor(record.levelno):
             for handler in self.old_handlers:
diff --git a/setup/win32/setup.nsi b/setup/win32/setup.nsi
index 7b5ff67a0a52b..1cb1f06a0472b 100644
--- a/setup/win32/setup.nsi
+++ b/setup/win32/setup.nsi
@@ -389,6 +389,7 @@ SectionEnd
 !insertmacro MUI_FUNCTION_DESCRIPTION_END
 
 Section "Uninstall"
+    SetRegView 64
     # Check if the server is installed
     !insertmacro IfKeyExists "HKLM" "${UNINSTALL_REGISTRY_KEY_SERVER}" "UninstallString"
     Pop $R0