From 4a1037c0c3aaad6b0df347ee0ceb6e1f9666f928 Mon Sep 17 00:00:00 2001
From: Kevin Martens <kmartens@cloudbees.com>
Date: Tue, 15 Oct 2024 15:20:07 -0400
Subject: [PATCH 1/4] Adding 2.479.1 changelog & upgrade guide

---
 content/_data/changelogs/lts.yml              | 463 ++++++++++++++++++
 content/_data/upgrades/2-479-1.adoc           | 101 ++++
 .../post-images/2024/10/jvm-options-ssh.png   | Bin 0 -> 17789 bytes
 3 files changed, 564 insertions(+)
 create mode 100644 content/_data/upgrades/2-479-1.adoc
 create mode 100644 content/images/post-images/2024/10/jvm-options-ssh.png

diff --git a/content/_data/changelogs/lts.yml b/content/_data/changelogs/lts.yml
index ea22e4c72735..35b4bda431b3 100644
--- a/content/_data/changelogs/lts.yml
+++ b/content/_data/changelogs/lts.yml
@@ -11672,6 +11672,469 @@
       - url: /security/advisory/2024-10-02/#SECURITY-3373
         title: SECURITY-3373
 
+- version: "2.479.1"
+  date: 2024-10-30
+  lts_predecessor: "2.462.3"
+  lts_baseline: "2.479"
+  changes: # compared to lts_baseline 2.479 - extracted from the RC commit(s)
+
+  - type: major bug
+    category: bug
+    pull: 9760
+    issue: 73760
+    authors:
+      - basil
+    pr_title: "[JENKINS-73760] Updates fail due to invalid JSON from HTTP Update Center"
+    message: |-
+      Migrate from (<a href="http://updates.jenkins-ci.org">http://updates.jenkins-ci.org</a>) to (<a href="https://updates.jenkins.io">https://updates.jenkins.io</a>) when the initial installation version was 2.76 or older.
+  - type: bug
+    category: bug
+    pull: 9797
+    issue: 73838
+    authors:
+      - basil
+    pr_title: "[JENKINS-73838] Compatibility for Jenkins#doSafeRestart(StaplerRequest, String)"
+    message: |-
+      Restore compatibility with plugins calling <code>Jenkins#doSafeRestart(StaplerRequest, String)</code>.
+  - type: bug
+    category: bug
+    pull: 9764
+    issue: 73801
+    authors:
+      - basil
+    pr_title: "[JENKINS-73801] Nested Views plugin overrides View#doConfigDotXml(StaplerRequest)"
+    message: |-
+      Restore compatibility with plugins contributing new views with custom XML, like Nested Views plugin.
+  - type: bug
+    category: bug
+    pull: 9693
+    issue: 73437
+    authors:
+      - ridemountainpig
+    pr_title: "[JENKINS-73437] Fix build history no automatic line wrapping"
+    message: |-
+      Wrap long lines in the build history.
+  - type: bug
+    category: bug
+    pull: 9827
+    issue: 73867
+    authors:
+      - basil
+    pr_title: "Override the outdated managed dependency on asm in guice-parent"
+    message: |-
+      Prevent an old version of ASM from appearing as a managed dependency in plugin builds.
+  - type: bug
+    category: bug
+    pull: 9834
+    issue: 73917
+    authors:
+      - markewaite
+    pr_title: "Update dependency io.jenkins.plugins:asm-api to v9.7.1-95.v9f552033802a_"
+    message: |-
+      Update ASM to 9.7.1 to match most recent release of the ASM API and Jenkins ASM API plugin.
+
+  lts_changes: # compared to lts_predecessor 2.462.3 (selected by personal review)
+
+  - type: major rfe
+    category: rfe
+    authors:
+      - basil
+    pr_title: "Require Java 17 or newer"
+    references:
+      - pull: 9358
+      - issue: 67907
+      - url: https://www.jenkins.io/blog/2024/06/11/require-java-17/
+        title: Java 17 requirement blog post
+    message: |-
+      Require Java 17 or newer.
+  - type: major rfe
+    category: rfe
+    authors:
+      - basil
+    pr_title: "[JENKINS-73278] Migrate core from EE 8 to EE 9"
+    references:
+      - url: https://github.com/spring-projects/spring-framework/releases/tag/v6.0.23
+        title: Spring Framework 6.0.23 release notes
+      - url: https://github.com/spring-projects/spring-framework/releases/tag/v6.1.12
+        title: Spring Framework 6.1.12 release notes
+      - url: https://github.com/spring-projects/spring-security/releases/tag/6.2.6
+        title: Spring Security 6.2.6 release notes
+      - url: https://github.com/spring-projects/spring-security/releases/tag/6.3.2
+        title: Spring Security 6.3.2 release notes
+      - url: https://github.com/spring-projects/spring-security/releases/tag/6.3.3
+        title: Spring Security 6.3.3 release notes
+      - url: https://projects.eclipse.org/releases/jakarta-ee-9
+        title: Jarkata EE 9 release page
+      - url: https://github.com/jenkinsci/ldap-plugin/releases/tag/733.vd3700c27b_043
+        title: LDAP plugin 733.vd3700c27b_043
+      - url: https://github.com/jenkinsci/cas-plugin/releases/tag/cas-plugin-1.7.0
+        title: CAS plugin 1.7.0
+      - url: https://www.jenkins.io/doc/book/platform-information/support-policy-servlet-containers/
+        title: Servlet Container Support Policy
+      - pull: 9672
+      - issue: 73278
+    message: |-
+      Upgrade Spring Framework from 5.3.39 to 6.1.12, upgrade Spring Security from 5.8.14 to 6.3.3, and upgrade Java EE from 8 to 9.
+      Users of the LDAP plugin must upgrade it to version 733.vd3700c27b_043 in combination with upgrading Jenkins core.
+      Users of the CAS plugin must upgrade it to version 1.7.0 in combination with upgrading Jenkins core.
+      Users of third-party servlet containers must upgrade the servlet container to an EE 9 version in accordance with the Jenkins Servlet Container Support Policy.
+  - type: major rfe
+    category: major rfe
+    authors:
+      - basil
+    pr_title: "[JENKINS-73130] Upgrade core from Jetty 10.x to 12.x (EE 8)"
+    references:
+      - pull: 9590
+      - issue: 73130
+      - url: https://github.com/jetty/jetty.project/releases/tag/jetty-12.0.10
+        title: Jetty 12.0.10 release notes
+      - url: https://github.com/jetty/jetty.project/releases/tag/jetty-12.0.11
+        title: Jetty 12.0.11 release notes
+      - url: https://github.com/jetty/jetty.project/releases/tag/jetty-12.0.12
+        title: Jetty 12.0.12 release notes
+    message: |-
+      Upgrade Jetty from 10.0.24 to 12.0.12.
+  - type: major rfe
+    category: major rfe
+    pull: 9405
+    issue: 68822
+    authors:
+      - madisparn
+    pr_title: "JENKINS-68822 added support for removing all builds with LogRotator"
+    message: |-
+      Allow all builds to be removed by the build discarder.
+  - type: major rfe
+    category: major rfe
+    authors:
+      - markewaite
+    pr_title: "[JENKINS-73129] Remove Windows path traversal escape hatch from SECURITY-2481"
+    references:
+      - pull: 9387
+      - issue: 73129
+      - url: /security/advisory/2021-10-06/#SECURITY-2481
+        title: Path traversal vulnerability on Windows - SECURITY-2481
+    message: |-
+      Remove Windows path traversal vulnerability escape hatch that was provided with the SECURITY-2481 fix..
+  - type: major bug
+    category: bug
+    pull: 9428
+    issue: 73381
+    authors:
+      - basil
+    pr_title: "[JENKINS-73381] Downloading tar.gz artifacts in Firefox is broken"
+    message: |-
+      Fix download of <code>.tar.gz</code> artifacts in Firefox.
+  - type: rfe
+    category: rfe
+    authors:
+      - janfaracik
+      - mawinter69
+      - timja
+    pr_title: "Refine content and appearance of the user account screen"
+    references:
+      - pull: 9521
+      - pull: 9707
+      - pull: 9461
+      - pull: 9411
+      - pull: 9393
+      - pull: 9381
+    message: |-
+      Enhancements and refinements for several pages' appearance in Jenkins.
+  - type: rfe
+    category: rfe
+    authors:
+      - zbynek
+      - janfaracik
+    pr_title: "Refine form controls appearance"
+    references:
+      - pull: 9453
+      - pull: 9380
+      - pull: 9365
+      - pull: 9395
+    message: |-
+      Refinements and modernizations for parts of Jenkins UI.
+  - type: rfe
+    category: rfe
+    pull: 7268
+    issue: 69869
+    authors:
+      - Wadeck
+      - timja
+    pr_title: "[JENKINS-69869] Categorize the user properties"
+    message: |-
+      User properties are now categorized in different pages.
+  - type: rfe
+    category: rfe
+    pull: 9148
+    authors:
+      - janfaracik
+    pr_title: "Rewrite the build history widget"
+    message: |-
+      Update the design of the build history widget.
+  - type: rfe
+    category: rfe
+    pull: 9724
+    authors:
+      - janfaracik
+    pr_title: "Use Notice component for views lacking jobs"
+    message: |-
+      Use Notice component for views lacking jobs.
+  - type: rfe
+    category: rfe
+    pull: 9648
+    issue: 73669
+    authors:
+      - mawinter69
+    pr_title: "[JENKINS-73669] don't change unrelated checkboxes in rowSelectionCont…"
+    message: |-
+      Don't change unrelated checkboxes in <code>rowSelectionController</code>.
+  - type: rfe
+    category: rfe
+    pull: 9591
+    authors:
+      - jglick
+    pr_title: "Friendlier handling of DeploymentHandshakeException from CLI in -webSocket mode"
+    message: |-
+      Better display HTTP handshake errors (such as authentication issues) from the CLI in <code>-webSocket</code> mode.
+  - type: rfe
+    category: rfe
+    pull: 9665
+    authors:
+      - Vlatombe
+    pr_title: "Add -webSocket option by default when creating an inbound agent"
+    message: |-
+      Use websocket in the inbound agent command line sample.
+  - type: rfe
+    category: rfe
+    pull: 9150
+    authors:
+      - krisstern
+    pr_title: "Add doCheckDisplayNameOrNull to jenkins core"
+    message: |-
+      Move <code>doCheckDisplayNameOrNull</code> from <code>AbstractProject</code> to <code>TopLevelItemDescriptor</code> to allow reuse in pipeline.
+  - type: rfe
+    category: rfe
+    pull: 9616
+    authors:
+      - zbynek
+    pr_title: "Allow plugins to customize number of suggestions in autocomplete"
+    message: |-
+      Allow plugins to customize maximum number of suggestions in autocomplete text fields.
+  - type: rfe
+    category: rfe
+    pull: 9594
+    issue: 73597
+    authors:
+      - jeromepochat
+    pr_title: "[JENKINS-73597] Remove RekeySecretAdminMonitor and related resources"
+    message: |-
+      Remove obsolete <code>RekeySecretAdminMonitor</code>.
+  - type: rfe
+    category: rfe
+    pull: 9511
+    issue: 73563
+    authors:
+      - mawinter69
+    pr_title: "[JENKINS-73563] create a jenkins-button instead of a yui button in makeButton"
+    message: |-
+      Use <code>makeButton</code> to create a <code>jenkins-button</code> on the fly instead of using YUI.
+  - type: rfe
+    category: rfe
+    pull: 9502
+    issue: 73495
+    authors:
+      - markewaite
+    pr_title: "[JENKINS-73495] Clarify the plugin incompatibility message"
+    message: |-
+      Clarify that the plugin incompatibility message applies to the current plugin.
+  - type: rfe
+    category: rfe
+    pull: 9501
+    authors:
+      - markewaite
+    pr_title: "Add end of life dates for Alpine 3.20, Ubuntu 24.04, Fedora 40"
+    message: |-
+      Add end of life dates for Alpine 3.20, Ubuntu 24.04, and Fedora 40.
+      Correct several end of life dates, including CentOS 8.
+  - type: rfe
+    category: rfe
+    pull: 9476
+    authors:
+      - basil
+    pr_title: "Use detached plugins as a cache for the Update Center"
+    message: |-
+      Avoid unnecessary download of bundled plugins during the setup wizard.
+  - type: rfe
+    category: rfe
+    pull: 9488
+    authors:
+      - mawinter69
+    pr_title: "scroll fields from added hetero-list entry into viewport"
+    message: |-
+      Scroll fields from added hetero-list entry into viewport.
+  - type: rfe
+    category: rfe
+    pull: 9465
+    authors:
+      - mawinter69
+    pr_title: "modernise build time trend page"
+    message: |-
+      Modernize the build time trend page with a time since column, a link to the console, and allow the table to be resized.
+      Remove the agent column for the Pipeline build trend.
+  - type: rfe
+    category: rfe
+    pull: 9483
+    authors:
+      - jglick
+    pr_title: "Lifecycle.onBootFailure"
+    message: |-
+      When using <code>ExitLifecycle</code>, exit the process immediately upon a boot failure.
+      Allow custom lifecycles to react similarly.
+  - type: rfe
+    category: rfe
+    pull: 9449
+    authors:
+      - Vlatombe
+    pr_title: "Show plugin source URL when downloading it"
+    message: |-
+      Display the source URL in logs when installing a plugin.
+  - type: rfe
+    category: rfe
+    pull: 9437
+    authors:
+      - Vlatombe
+    pr_title: "Allow administrative monitors to be displayed for users with Overall/MANAGE permission"
+    message: |-
+      Allow some administrative monitors to be displayed for users with <code>Overall/MANAGE</code> permission.
+  - type: rfe
+    category: rfe
+    pull: 9440
+    authors:
+      - basil
+    pr_title: "Increase minimum required Remoting version from 4.13 to 3107.v665000b_51092"
+    message: |-
+      Increase the minimum required Remoting version to 3107.v665000b_51092.
+  - type: rfe
+    category: rfe
+    authors:
+      - basil
+    pr_title: "Delegate compression to servlet container"
+    references:
+      - pull: 9379
+      - url: https://github.com/jenkinsci/stapler/releases/tag/1881.vd39f3ee5c629
+        title: Stapler 1881.vd39f3ee5c629 release notes
+      - url: https://github.com/jenkinsci/winstone/releases/tag/winstone-6.20
+        title: Winstone-Jetty 6.20 release notes
+    message: |-
+      Update Stapler from 1880.vb_6d94a_3b_05db_ to 1881.vd39f3ee5c629 and Winstone-Jetty from 6.19 to 6.20 to let Jetty handle HTTP response compression.
+      A new command-line option <code>--compression</code> can be used to disable compression if desired.
+  - type: rfe
+    category: rfe
+    pull: 9177
+    authors:
+      - mawinter69
+    pr_title: "remove idle executors from widget"
+    message: |-
+      Remove idle executors from Build Executor widget.
+  - type: rfe
+    category: rfe
+    pull: 7037
+    issue: 14789
+    authors:
+      - das7pad
+    pr_title: "[JENKINS-14789] Configurable interval for computer retention check"
+    message: |-
+      The latency for bringing up offline agents can be improved using a new global config option <strong>Computer Retention Check Interval</strong> and setting an <strong>In demand delay</strong> of zero on the agents.
+  - type: bug
+    category: bug
+    authors:
+      - scherler
+      - janfaracik
+    pr_title: "[JENKINS-73695] Prevent unnecessary horizontal scrollbar in Firefox"
+    references:
+      - pull: 9695
+      - issue: 73695
+      - pull: 9667
+      - pull: 9654
+      - issue: 73330
+      - pull: 9649
+      - pull: 9625
+      - pull: 9658
+      - issue: 73302
+    message: |-
+      Several bug fixes for Jenkins UI.
+  - type: bug
+    category: bug
+    pull: 9737
+    issue: 73785
+    authors:
+      - daniel-beck
+    pr_title: "[JENKINS-73785] Restore ContextMenu#from with StaplerRequest/Response args"
+    message: |-
+      Restore compatibility with plugins contributing new objects with context menus, like Nested Views plugin.
+  - type: bug
+    category: bug
+    pull: 9653
+    issue: 73687
+    authors:
+      - dwnusbaum
+    pr_title: "[JENKINS-73687] Make deserialization of Map fields in XML files more robust"
+    message: |-
+      Make deserialization of <code>Map</code> fields in XML files more robust.
+  - type: bug
+    category: bug
+    pull: 9696
+    authors:
+      - basil
+    pr_title: "Compatibility for ChainedServletFilter"
+    message: |-
+      Restore compatibility with the OpenId Connect Authentication and Reverse Proxy Authentication plugins.
+  - type: bug
+    category: bug
+    pull: 9152
+    issue: 72988
+    authors:
+      - mawinter69
+    pr_title: "[JENKINS-72988] validate displayname against items in the same ItemGroup"
+    message: |-
+      Validate display name only against items in the same ItemGroup.
+  - type: bug
+    category: bug
+    pull: 9463
+    authors:
+      - timja
+    pr_title: "Disable dependents toggle in plugin manager with system read"
+    message: |-
+      Correct styling for plugins that can't be disabled in plugin manager when user has system read permission.
+  - type: bug
+    category: bug
+    pull: 9624
+    issue: 73613
+    authors:
+      - mawinter69
+    pr_title: "[JENKINS-73613] refresh buildhistory widget in all cases"
+    message: |-
+      Refresh build history widget in all cases, including on background tabs or hidden tabs.
+  - type: bug
+    category: bug
+    authors:
+      - mawinter69
+    pr_title: "[JENKINS-73554] fix jelly exception"
+    references:
+      - pull: 9519
+      - issue: 73554
+    message: |-
+      Fix <code>IndexOutOfBoundsException</code> in cloud management pages when controller has no executors.
+  - type: bug
+    category: bug
+    pull: 9485
+    issue: 73467
+    authors:
+      - basil
+    pr_title: "[JENKINS-73467] No facility to try unsupported Remoting versions when using inbound agents"
+    message: |-
+      Fix the <code>hudson.slaves.SlaveComputer.allowUnsupportedRemotingVersions</code> escape hatch, which was previously not working with inbound agents.
+
 # DO NOT EDIT THIS FILE DIRECTLY
 # ALL CHANGES MUST GO THROUGH PULL REQUESTS
 # MALFORMED FILE CONTENTS WILL BREAK THE SITE BUILD
diff --git a/content/_data/upgrades/2-479-1.adoc b/content/_data/upgrades/2-479-1.adoc
new file mode 100644
index 000000000000..8b196ba6bfe7
--- /dev/null
+++ b/content/_data/upgrades/2-479-1.adoc
@@ -0,0 +1,101 @@
+==== Require Java 17
+
+Beginning with Jenkins 2.479.1, Jenkins requires Java 17 or newer on both the controller JVM and agent JVMs.
+
+Therefore, it is critical to upgrade both the controller _and_ agents to Java 17 or newer prior to upgrading Jenkins to 2.479.1.
+Use the link:https://plugins.jenkins.io/versioncolumn/[Versions Node Monitors] plugin to verify that agents are running a compatible version of Java.
+In addition to upgrading your controller and agents, you must ensure that all plugins have been updated both *before and after* upgrading.
+This ensures up-to-date plugins that remain compatible.
+If plugins are not updated both before and after the upgrade, compatibility issues may present themselves.
+
+The official Jenkins Docker images for link:https://hub.docker.com/r/jenkins/jenkins/[the controller] and link:https://hub.docker.com/r/jenkins/inbound-agent/[agents] have been based on Java 17 for several months, while also supporting Java 21 as an alternative.
+With the release of Jenkins 2.479.1, the Java 11 images have been retired and the Java 17 images have full support.
+Users of the official Docker images do not need to install or configure Java on their own, as it comes preinstalled in the Docker images.
+
+If your application build still requires Java 8 or 11, and you are using a Docker image to run the agent Java process `remoting.jar` simultaneously, you will need to provide a Java 17 or newer runtime for the Jenkins agent process and a Java 8 or 11 environment for your application build.
+
+Users of the official Jenkins OS packages for Debian, Red Hat, and SUSE Linux distributions should note that these packages are agnostic to the Java vendor.
+This means you must bring your own Java package.
+One straightforward way to do this is installing Java 17 from your Linux distribution, as described on the package download site:
+
+* link:https://pkg.jenkins.io/debian-stable/[Debian]
+* link:https://pkg.jenkins.io/redhat-stable/[Red Hat]
+* link:https://pkg.jenkins.io/opensuse-stable/[SUSE]
+
+This does not require any custom repositories, so this is the simplest method and was used by the Jenkins project's packaging tests.
+However, it does not give the user a high degree of control over the Java runtime environment.
+The official Jenkins Docker images and the Jenkins infrastructure project use Adoptium/Eclipse Temurin.
+Enthusiastic users can install Java from Adoptium or another vendor.
+Adoptium recently began providing Linux installation packages, as described in link:https://blog.adoptium.net/2021/12/eclipse-temurin-linux-installers-available/[a piece by George Adams].
+The choice of Java vendor is up to you, as long as that vendor provides Java 17 or Java 21.
+Refer to your chosen Java vendor for installation instructions.
+
+Once you have installed a suitable version of Java, configuring Jenkins to use that Java runtime is easy.
+The most straightforward way is to configure that version of Java as the default version, is at the operating system (OS) level:
+
+Debian:: `update-alternatives --config java`
+Red Hat:: `alternatives --config java`
+SUSE:: `update-alternatives --config java`
+
+Alternatively, users who do not wish to change the default version of Java can customize the `JAVA_HOME` or `JENKINS_JAVA_CMD` environment variable as part of the Jenkins `systemd(1)` service unit.
+Refer to the link:/doc/book/system-administration/systemd-services/[Managing systemd services] section of the Jenkins documentation for more information.
+
+If you are using the Environment Injector plugin and receive a `WARNING: An illegal reflective access operation has occurred` message, there are two workarounds for affected users:
+
+If all you need to do is update an existing environment variable (such as PATH) but have no need to add or remove environment variables, upgrade to link:https://github.com/jenkinsci/envinject-plugin/releases/tag/2.919.v009a_a_1067cd0[version 2.919.v009a_a_1067cd0] of the plugin:envinject[Environment Injector plugin].
+
+If you need to add (set) or remove (unset) environment variables, consider unchecking *Prepare jobs environment* or *Unset System Environment Variables* in the plugin:envinject[Environment Injector plugin].
+This would mean reducing or eliminating usage of the plugin and instead implementing this in your shell by starting the agent process (the process started by running java -jar agent.jar […]) in the desired environment (clearing the environment and defining FOO with env - FOO=BAR java -jar agent.jar […]).
+In general, mutating environment variables in a Unix process is tricky business, and it is always more reliable to start the process with the desired environment than to try to change the environment later.
+Changing the environment after a Unix process has started often results in race conditions and the Environment Injector plugin is no exception.
+
+If you need to add (set) or remove (unset) environment variables and must do this using the plugin:envinject[Environment Injector] plugin, then specify the --add-opens JVM option for your agent:
+
+When you have outbound agents that connect via SSH you need to specify the JVM options on the agent configuration page:
+image::/images/post-images/2024/10/jvm-options-ssh.png[Specifying the JVM options for your agent that connects via SSH.]
+
+For inbound agents you must add the argument to the JVM there.
+It should look like this:
+[source,bash]
+----
+java --add-opens java.base/java.lang=ALL-UNNAMED --add-opens=java.base/java.lang.reflect=ALL-UNNAMED -jar agent.jar -url http://localhost:9090/ -secret <secret> -name inbound -workDir <workdir>
+----
+
+==== Upgrade Spring Security, Spring Framework, and servlet containers
+
+In addition to Java 17, 2.479.1 includes upgrades to Spring Security 6, Spring Framework 6, and Jakarta EE 9.
+When upgrading your Jenkins controller and agents, you must also ensure that all plugins have been updated accordingly.
+Prior to upgrading Jenkins, make sure that all plugins have been brought up to date as far as possible.
+After completing the Jenkins upgrade, update your plugins once more to ensure that they are in line with the latest LTS build.
+
+Users of the LDAP plugin must upgrade it to link:https://plugins.jenkins.io/ldap/releases/#version_733.vd3700c27b_043[version 733.vd3700c27b_043] in tandem with upgrading Jenkins core.
+Users of the CAS plugin must upgrade it to link:https://plugins.jenkins.io/cas-plugin/releases/#version_1.7.0[version 1.7.0] in tandem with upgrading Jenkins core.
+Users of third-party servlet containers must upgrade the servlet container to an EE 9 version in accordance with the link:https://www.jenkins.io/doc/book/platform-information/support-policy-servlet-containers/[Jenkins Servlet Container Support Policy].
+
+To upgrade the LDAP plugin, follow these steps:
+
+. Stop the Jenkins service with `systemctl stop jenkins`
+. Download the LDAP plugin from link:https://updates.jenkins.io/latest/ldap.hpi[]
+. Move ldap.hpi into $JENKINS_HOME/plugins/ldap.jpi and give it the correct ownership and permissions
+. Start the Jenkins service with `systemctl start jenkins`
+
+To upgrade the CAS plugin, use one of these methods:
+
+* Using the Plugin Installation Manager Tool for Jenkins run `jenkins-plugin-cli --plugins cas-plugin:1.7.0`.
+* Use the following link:https://updates.jenkins.io/download/plugins/cas-plugin/1.7.0/cas-plugin.hpi[direct download link]
+
+// Intentionally not describing servlet container upgrade. Is that okay?
+
+==== Remove Windows escape hatch
+
+The `hudson.model.DirectoryBrowserSupport.allowAbsolutePath` system property that allows the Windows path traversal vulnerability escape hatch has been removed.
+Users that rely on it will need to adapt their usage to no longer require the Windows path traversal vulnerability.
+No other workaround is planned.
+Refer to link:https://www.jenkins.io/security/advisory/2021-10-06/#SECURITY-2481[SECURITY-2481] for details.
+
+==== Increase minimum required Remoting version
+
+The minimum required Remoting version has been updated to link:https://github.com/jenkinsci/remoting/releases/tag/3107.v665000b_51092[3107.v665000b_51092].
+When an agent with a Remoting version older than 3107.v665000b_51092 connects to the Jenkins controller, the agent connection is rejected.
+Ensure that all agents are running a recent version of Remoting prior to upgrading.
+Agents with unsupported Remoting versions can be allowed to connect to the controller by setting the `hudson.slaves.SlaveComputer.allowUnsupportedRemotingVersions` system property to `true`.
\ No newline at end of file
diff --git a/content/images/post-images/2024/10/jvm-options-ssh.png b/content/images/post-images/2024/10/jvm-options-ssh.png
new file mode 100644
index 0000000000000000000000000000000000000000..0ef8b6a8bf063b3999863da920a814808cd7d797
GIT binary patch
literal 17789
zcmaHT1ymc|^Jt)@g;I*PK%r2eIE3O3#ob+kI|Ygax8lX!3baUYf?Lp*;!bdPNGNW_
zU;6#zy?4(0zjLz5%$?btxwH4q+?~0bFRIEiIL}@`0{{Rxa<Y=@0Kj7y0DvBd`3Tig
z?y;7S`gv?ErX&UcRL5c8nqr`EG*@*QaR79L9DzbUsw!$q$$U~|Vc|r5NJ%MB-_$gW
zWMpqyS-G&WU!bEu;@}cuWMnfkvXhh3(AT%35mhB3BGJ+^5fhW==l{S60L;&?P%!gy
ze~gy-aoy81@F9ChtbCOM0I02PIy^j!jEwvCEguZ_Qc%^GX+E;^G!H<@edMODtO3x<
z`t_*hI{@$&ASWrN={f&<X+L(M{1wKkJkKglL#Wv8>Qm$9hbSQ*K{@N|Qokvh?jl6S
zdEJIdFlR{_(7}-IiU$pF3vOQ{008o^0f2D~K;SMqK$7^sXao@O7wv43PIKuYDRTaT
zwyGkPrqMBX>Zdb0Jx@{rZt4MivUR&F6`#o2Et-Q&iu&ZV%<JAuS;T_?pPbzi9=u#w
z8!APIfqBhwl-@Zlob+j#K3_)kL(856bfnVqgt^t{GxY59y^uv#){6z%=Z*7>@=AqS
zobuT+F>ovLhF6hx>a~kgE+fZKO}$L(sGh>)lb<+-mVhQ8O#20c3@-AxxVbJ*bzyFD
z)F?xoz`-|t)a&_0jnd`ry8a-nLbY-^?>Bm2S-$<e%fLd84wJ)X&L3GhugS#IAI;MW
zauTtbiSk3-=gFM7My^a@-b`_&3focBE-v-7E^c0i)_^7sSj1_mi>5Qbmi}<_3*~$c
zrf_vSh1R5ze7zTaeVWbqBmNW*(LgL9;TKMzO9Vg4V1|OGi>{?|dCbmkwmG=+IT*{E
zl41E#`faSfTykJ{I`Yf20a_g;1Uy9T=it5=#e37ofeQI$&KCvz&TcWa$jAhVQr}qU
zFZ}wIkq=SF<kO?O^L$f$u-km3x=Y&fke}j2XN~4x)e2JAu}nDXxAnba8r*ZRP9E2|
z79NMN>%>A+$|?+9?WzmiwLv`ne|m~U^Y*gX=Mh=&%}h}W5`!|u8Jo)?XF!kEYuy$N
zKh@E#)$nP#eye1YK_(eqyXGaIhQwwwdtdFA$~{;bC@S#_O(YP|!~&yh8xz%${)6x_
z=ojz;ivV+E1D<Qdg{j9)5y5F%4xT4s1Ax&`xzU~>JNFT#0Y1G%0j1hZi{lcF<?PF<
zES*|^iY?PfpX4Ns=7oMe%2D?x#QyiM0niwz4qTq`F)`rQ^4}xzgBx1sgNmCiAP^fw
z0P?=pr9=Z9xkSwnOQz|VJ_0l;dd_`i_tj5CZukQLhBmnOQ{!91ud~nrP0EWK_S?~v
zqFqgkjsqx~Z0N?8)(k~f1{wfpZn$WC+R!g5nI`Ur_Md?t0X3FRt7h{Go%ZE2=i+qw
zeKk3~euxVgKS%Cz5Z)nMU;%zg)3-<H2)&=A%!d*TU!_hp$WDs)0qx4VOZF);{VpIk
z(l*|`=;|y<X@5>ET60ie*TRi`GbKC6DtRy4VB+@h+z%N;o3F4##ubGQHD*6@ha4>f
zdJE!C9XV*|yQk%OQTc=F3Tk@vp^2^7$j!-LO3*xpf*-6`7Zd$#p>?%6Uo*cZ$Zz1x
z==;W252jAn&aUqcG;h@xY3nQ09+wanMgxq4Q%0fj1KYc5uZ%(DAjgJ$jDW{4V@YE1
z=^T3a2m<7OH;wZgN*FYL@WHO@X5W>yH0YVlT5vphS@GO}I%c4MTVvzhp6zkSF8Uww
zaoTV6uhQaA%%E{V8p=OO9}ikN)kheQct@1<gS(2IcN})wU?<f?E=(nj17NLfjXzl*
zgv?S*!yAA_*~PN%=XI4&^RQPHQb6@b$*kke>vzb~!HjWxAIX_j@e+%?7zujobt42z
z=(ND5>e@&SLu2iCj#}k?_Z*%Pl}xSbBL!pcfm`doERP6aU?q*byPV71-XR#n9(zU?
zH6a)-7hjR_$M8Y&G*wGnUv}%!h3c|#C?D@8OdKtaZb;~lnp$KRYRLmr<Q0VMC8scs
zLizfkx3bWv{3wRW4~F2E$|VUel*ynClOyBZajwPc;m$j&rDX~0Fa_oH-9*j&T^;4B
z{qmNApU=pSG56%w$D~71b}@79=_=_Jy;jJNvIYwm87|0XNH8q%rQ|K{4P2JmGnP!=
zx6WvtIBQ!AS$`CI^U;EJOR_~1BouwSO2z+4M?l|&^FADZwahXt=Non&)KJOklHFa{
zoy>-eeRjABuP<iGA=O}nuLHW+-)0M0m@UH7TC}P^Xq7l2Viyn@#--S{>KZL7S|IuC
zIVlvrd*p$21gY8Eu(k(A19!f(QjOB)&_S{?V-iD+2FuACEijl^Q@vBMEGLChaR(Sq
zT4^w*_~l=)DCZ=68=aMV<;B?D_ROi`(UBJDnlpN3_;UDGSNp*xo2J~z$LWmx!f)+P
zIA!FV?9}xEu8|=_4|oeRx*NgoNMQ}LFIj1|4lPFyd=PWH+g6Cc_gFw%9hI4>Ub}+<
zR!?@l_kG}dw7*{fR^^cmS2NPY;WN&X*nm$Np1%*a#<$KJDgl7BIj4gyN~*zEF)B@u
z1F^4&X=mcbA@sN?E`(*f5&#hJ2IWxSqT(_h2mn9@B$QM55BfJ+{RjQuF5@363O%CF
zAKWMfbQ%+bkR7+hRB^?R0!80|G8@PcE275Cyn>;7n1BEQSS)4!UinXdtw?@*^XTcf
zt$@{vJO#qzR1wOX;u<UaJZj4dDR;C^GO4seKby*4W&J_ZWta34>tRdkrTJ>zU{rMB
zjReX-q#f+3y1qbC=vCTQY86gDCg{uCZl(UHe;n8t38a<}jc|?JiTN7Ky^^os=%$9y
z6qHgVMOz)tD<itkGqkT^of?W!<nYPz%CVszU>s^%zyKV+0twNUx6Sa_^@BlinTHSg
zeLpNcd-@0m`lz<6+OYx44nJpIsiBq9@*t}?<?Dj!8aoFCu40t&m+}VfG<-_JEBLR~
zb#mBp#vv9zi!XjOcjLrFVF3<_K%6D|3{#noJATmHrWwe-*SGc&b+_TBRKO9>I3&$s
zYYCihc^lr=GVVw?gU%qtDNZ2cLf)Nh@d=2Ybs5l`&^cmUWa|{fo^vqzqUV=$i)?M$
z_s3yxdAn32DS057VIW4m7Ki1X?(f*0krU^>Ty4sfVhY}cU8mLOB8`L53o+&L0A~3#
zj*Y|jnP-3OT&@e0r%K5?x-d-~5Z74y!q%~XPY#HIoxOF`J)cPh0^WiE?=@i00Yj$!
zZlqf1o#e@SKoDev-uX#jr3)QPDzs|Bkr!|TUT9%rNdjsd@U;AV)HyTvwE}xE8g}Mh
z<bVd?9ODg_k_HvJef<d~e;^NJHubBYQh*G`6>aDrX1k&3q(G}Ci}yys3;1k-Zfz<$
z_0<983&sW5Z$Smv00cD%AWMuu|9gCZ$r1x5q+tIX@xTd;K(_?o-vdw(<%af`9d)3f
z|6rZn6I-&xf&B3LSxasd;Kc&gi$R!KIWFl;tv*u&5Odx%D)hOmDF99l#iv=_u;vOT
z4IRll$+I#_3_B8m`SO5tF;%N(H%KVp{ZmM)A~B#G`>z^+K-6^je*=Ft!~mca|1SVc
z20B&L=HQ_>Ny3)DrA`qY+7}dIz&vZm1ky(H4~5D|JJ%5t^6y%`zO**0=ktombNa1M
z?bW$XL!?sO(R4*X`kPjl0$MIJAB~I>CA6Pw*`=lCg11iTCmPJO95Z<^hHSOD0;S*(
zNSXP^U)~O_mp!_qW@$NvdX;TyEz1r)7|Pd8*votH?`7&=XQyK{M{4rWSTdlR(AkeL
zBW3x77QVhH5p9>M-ns0o20HAWtU0%dNk&jC=p67$F>PFZ#ylmnup$#ya`Ns4m68Vt
z-s4VazQo;CsEmDW6E1L(SF|s+^O0$0M6iJbjpZx!`<`}r5)TgubXjd{_HAOSV9w2H
zVYa?n#UTDGj~_4wrrrxX-qUDGETuTPphloq*}#$u-1xsu&@w70W%uaS#4PbG$go%M
z<+UpyO82sWGrumj)1khng1oWqvnG$LOkkR^({GW56<a`uXY*fYWr@Rys`7Tt`F=s;
zwt+8fYipDdump$9!SK&p!;(d~!{1%HbjJayifN3XH+!v?=``9iC7QOr+-LCe0yi96
zGIn>Rk0-_U<i0Tojtwz<-gDKOGVIO?#6YhD*e`%YKtq1Uoky4qCXu<nUx?kXP>AvM
zVD%bG){w0<c<%Ob##7dgN<c+#6p*Tv#$hFZX_kov=ghW-*SsH&RZ+%8{@L<gRQV>t
zKpfZ&heWfrj{9e-4fyQG2(S*;dWne`Y87F4U7ZrYy6PZhHHZQL<DqQtrB4H*08myC
zQ%I-4lTV-BFjB&lzrnVAteTuRdK_9=)1f{d*nrdYJ=KzLg;Af-(&2a1h=Hw%hev_@
zi=$J}IQYwxZyOX8XeLi?!kg#MondYi%fcf2XeKXIZpdG{Zo6%Xr7eqQIsx8?FZ8yl
z=<$2N7WePE;A>wW1(Is6P*9w{GUq#elHW3g8(?oRyS_Znwi0FRKg<%aNPjQiow2eX
zOiZ+6NZ&oWT=eJn<>1KK9n-7ZQk7O~=db`)%8q`BHX?2r8MX2~jg2?FDEO<n^-OO*
zbb%d&0T}vGA~gXyC{mlrIP!b!&#BGIkF1GxLrc#!#D?rORql;)mJ}0r7Vr7yLq$hI
z+|VBGbeoTR7n`MIK$ivBooQiui2)<o1kxY?G&BjSv|nmrlie8g_f(Vv_+tng@ZIW?
zZ>Yw%CIzE4rJCwE&d{aU-#S|x69<;XH@rNR(zl#97%j%`JdbY48SHKc0(5FS22;9^
zt+UloEVgN)cg3!T#DROqCrKkHHg2A1Ka{L0kU}g>2!Z}dD<5iWJY#IV&Om(hwcb9r
zwjg$=(Br~zr=%gPl<ZH;EM!FKTP5Zu#ie2Q<4(nkn;Q&ZS+3J*mHh(%;OgnCxDaLC
z@xuI`t!EN?2VX(CP?Z~l#$QvFDg9p|8{AcBt7V4JFPu9nY19UQZEl%n|4g9efgT)S
z#o0T(URl80iw&^KRnlbvF#$S-lJ$WgKo!Sde~BJARlv+}Dpzg-NR!t&nmR~gTE|!w
zM@$G7iI$Y=b_0NkP?Iu~6YY%$ztJi4S&UV6#P#oXls8??%m2rxqW$$py-y9I<ED$g
zG@^{1iE=IElnM#QYLd);S@a-)b|$cSA%)*0yijYve(Ayt;uOO{M^cf3^3~dDK(?i~
z0>WqPj_+{V%(4rWxWveqsRx)RFi<h(89&JKHFygA(K3RaN4;0~=KVCwG}$;xM(M=M
z(srktc8{7EkVcWsc{Re^SSDK<WJzd#X^2wGgf$=7247lr_X<hr(U*AbIi)18OLiIy
zRi9TDx`6@89fQ?&aHLZjh|S@@=#<Rih5dZU34Nm!)Ns&MgN4O-Hrsk96fPC8>#!+h
zD*NoTZLeYim=)79WA~m>L*u`^rYE1lFlj@`i%k>-?_yUvBv?H&AR<qEW-^T6h+Hv!
z{0RfGUcd{0x=cd81t6}M4ox~TW>A{zPi%Q?U!BA`u|4sEbzBb(a=tuCtBFK2d<T-(
zN+}bu)_FY59ynN_pr_O9CaPQt|J`y^)_Y8&#AQ!{icl}bNqgcbmpXiehHJyn3|T<7
zS7*ohHy&|tp_^SaLoN{DU-9N&(GdOL(FO7U0scnJ89kDbwr8tZ2zjUcHl7u>J9LL^
z*J%w@fc47)?!$lW@orFXvrgPEF%KVajVeekw`Pp5G!EJvwt0j2PB->2UjmJ_S*M~D
zaL@|&^4&-ixL%G|rlmV0SHc)sv3gZv3!b~oIME7q^du*yrXJ3xEN@X>j8v4k7>57E
z6?CWGQI|9H9t(E5dJsKf;UD92!+~>lSr*1lhgIz}xG=1i(WZSFSE|grk2f?=|HRe<
zOzIyy2g1m;GU(Y-!kpc3MdNA>*mi{F@_ItY_MTRzP*HCLCkj1zJVG<&>&TDo)Z})d
z{Afd*meOY9nP){cO_j?l4-mzhgV=d#qOeDXOMGSTkvL3mnGa&N($%>1hiy1WVfT0-
zPKZ#_=$BRZzJ0p{zVY8*GB^&~9?_rWZ;At>8cf@5%64<>rDHO#t<BDs9abt&0Y=Jl
z<T~CHP&K&5gy7ZvW`7SJg#z>^(Xe}lVi;6ZEUgHu&W`cr>(a^0X60C2^%q>)j4}en
zTAKbWlP-el`o*c51GM}puZv|P|19c{lxY27m!qe))3=rMA7iuxHWg4Ib@8})TXR`y
zCAFSU)R~+Y6Yi8HMC935QRehp?0VyZN@14UhU%%B<LYi(t?`6Ua#s6Se+YyUu(4#t
zW$|xeKuiYco8CoXx}qi9#mXjn_3-o6Wh83~imUQ+^rh&b>BNULQc&x874N#BHQ2vf
z^ZL~??(a#Ll)ESFmZI(=_426*t?FL0$>Se@mr^?G*q=y=*s}n1?_WGAw_+txkpA-2
zIFy6!X|lJ64+5W2rG-W+Lxys9Ccn;vNGb8;nQ}$*8V4&b*qvg%uyAn95@qORnKWf5
z#A8B6uk=yhd<8orec%iM8p|@}L3LL;Yhs#%;OD%|%S=#z1XcFaM_&YBb$)0dtmsUN
zxG@zb7y(dhGLT`-oZmjjO_ro;etc`nK6K7w)Dk2AuR$n5rj#yr`ZrVhw8rnXaEs`^
ztknSO!+2A+Dat-3CW~voP|7x<_topJ&(azG?$8>i2O{P_Vn*|1c-4Z_m60n038A`D
z?sN9eDa1V;2>oc8_V=p9pxDT!{-Qj8Y~@I)6<R6fJS`+G3o`?_lbBy$7bo=zb$S2t
z=J>m?UoM|jYbdCtenwnKmr$Q?;`Ia?uSLc(B)&7EuC^n1UZ7O~YrV0Wbd<79QUd=S
zBp%}s>~%^%Ib__{vr7W6I9_<0r|HM{ifwuD+Iw5)kUear<7$=BJ&FU~o6~`CJq;gk
zy{FFfzD5dSxgge}^aHu;12k}K6omlDsc_JO!>uhCO8J1f8P+a)X2e(uIz0gM+r8EF
z+3~{>pzs*_?anK7fD7tH?wC@vQtlL8yvg-i{Iug%3-y$m?83#Q>=kx7(6aQ?8>sw^
zbUl;)_tf*3AoLsPqI2hVf^TTK1diO_&0BEzVZz)m`5BIHx~}e~0?ZFbAMPADGM<AT
z@IZ7)D6?^7DAGxw?05YjnZ}!;SQt01lV^`=L;*9o_Ln==C^}qp#@U|~cHt#B4L7=|
zNox~Xtq0wgje*~cSa4*BNOn0N7zaW9W`7E0qL^iDL~tKo?w)AqZvXg)?7Fx(+A!Gl
z#p@qAI`+OXK+#L#+^0@|g+GwGA*?Q{MH`m<h+#kZ!d76efD6PC{mPotuXM%22M(C;
z3Vm;qh{UAdYnZq%|Gl>;ylY%xZ+|ZB#o|tc%_ZGChRb!_Ki%w}nHy!#&2KRr*~7l6
zKL|ym`qbEIcT0+0ImTVQBG0mS#M{t+1#*j#BoR2<sN~&A-S{|KG1nn{BVOv&yvWD4
zXYWqs)r5P=D-#RlQ1zs$r=<7(szq5K(DCltizKQ4%xN6-A=G$$ON~{1Efl^oM|jOU
z{<4^E5^{%G%V`r@YJ>%TGoSG8<@6j+y~=T<Ih(O{ok>iO>r|yTk2jR)vYlP}@ENkH
zhw<ezZ$56@hzV_FZnaA-fkm$?x;|pCq%gWB`<LXZ<v68oh7IqFEIS<V89kddM@G9A
z*B<2tSB%p*1ibz!R3aB(==%!xj`taGNADZC=!HygSJ02Q;LH47@i+nc`9J;ycNFe1
zR7bISB0oih+;q6UD-8JYmm03((Gw=MoWw1=Q5%%Bjl+3!X)zqamY@8fld}iK&x;Db
zHNHgfof~>0|2&GaLCGC)QA_DBX$iU{G0s<@oT0d#Q<^be$v$HHt^mj#f<o$=)K?Sq
z=gjruA{!&2({#r3MC!^4%=IjFZ|SD!7CXFGi$q$W^B?NmiFmnvfzfm}Q%Td)FZ#i@
z@Q6uz5zvHHr`K2s?i<6&;qVvR6Kt|z2hSDGUEN)<4>PWLTK`!EC+Hr)k6xd3{d~+|
z=H+5yo#&0>3~eX&3klXQDoZ^0#)!VRGFwXHT35L~?_xXQiIDS((bsu_&@dZ0`aSn(
zB1-j;(Rbecd4j!mKjhRERG!Hrs=t^t>HqlPn4+*HyymN4tGV>>nncM|3YlrIAhl_t
zS8CPS2ZNi#hqO5|6<0pCC|8vw+23M--st)1+#C~*Ytf=f{+<b$S7T2t?Yt=V8IT(1
zc4i!y2}Njr63WFkQlcUP)AY2MxcwCWPM(!l5Uld_#c|{;ksGD-vq%B;I@=$`O$$w<
z+YYdC8k?tMxhx^W6Z%AsIPS{2*wVwDd_E_689GkTL5pig_llv>O>bePO2U~xf<~~r
zlW$?bKn1&vm_0P?DF#LufIJ~d5H>~wAataqKo+`T>n^>0bsyPD$d@lk=rI%ORB(P*
zp&&E$N0-leS4{4QYd-eXTJO8vDqK&t*qiG|An0h-nw{hiyO%kT1K~$DC8XX~H{I+R
z?Rxm>o^&&N-T1Z8oq43dEe`x#XG|)~8t^XMr3KiOS8H{~(zq8yyFM6-b+C)vk@I}?
zQ+4mN1kvb#H9TlMUzO--goCw7_8lddsRD`DdqfBe?897mRTm<}PSXDHZjcZ*;(}95
zFQu^uXvR(7eO7F4@8~o7v4fWm-gpC)LG`*e(}<Xe4=E^dqar~(P>o*sP8qu+wNCkQ
zX5t82F33I!(<xMtJUho2z@Zs%WMLZ)iA0}BFw$rEGfAx@+>vYlTBd-lb>j2)3T**P
z+q|o&-N)(P{D!QKKd$UkBn~Zg$7M+h)}eXR8Ri?_xwT$(fg^&oD6c{3W8Jt!S1C1)
z9sf&umC9r{2penjGN7-vq0=$5@WHX2&w3d43)5CX4$j|D75MNP#I@26f!=WDKCDvr
ztmr1rd*nqeLf|j43yE#x8o?M6;gt?TC*%mB*qNuD`nJEwKw|i?5!<^Ss#h0E;lX0x
zA=k|kPtSQ6szD%UQ?Th{Be66y*-r%Jd@(lQln6KIIYE#oGu`ec{yEp<SOwl^+vOXq
z98{YfX*xFzu%K}RJFio=L-O&J)bA9OPn+_;ckExbv9g2j)Xw=1kYsJG<5PoOai#mt
z-T4Qen|k2ta3GDaeiJNJvob<xLkF3=@n;U~^H}h8lfj$cNXCZ{y=~Y?jvO%+<&bHm
zllSS$O66dN^RB<jt3SXe54*T%R1LX?Ta=P?A->{Zgj8sUPvcWXoQ2+-ZgZyjhoruc
z_|YQh^xY4=;{a#srK!(HM8Z^*@t5kvhe|4#UO#={r(ZsV#9RAPj~$asi(`5{KD;FF
z*+9(r-g8rJR(|ul%Teig@`frzDC|-*jW#5{_b3NR9TJcGWJ(G%7lug{g2M1hqwvJR
z_~MwTHY!cx|J_y${M&}2{008Q?duKpGr0I8c!Ve37d&;oUvU(i<@Q-rM!c_AbLIrO
zX8Ysfly4(6rl<vzic%e9stc>6AevO}+HxU94xfZyJ#6(_o@XRitR3P|spLcNnZa{|
zn~p`WA)%o)_oICc;|^Dmq4wM-b&VqiHwtPFd)3^=S}?6U%l-65v#<A^YDOVK`LK_?
zxZ8vI!WONIv7uw3P7gB%SLZ6M4wurFh>yY*7iO5tb_fsj-HfJBhx6&%A7A_1zFmpJ
zac%ZLW@3Xy#TRMLfMGj&F*tXtBXCd;iR=d0eNxH%GU}kFra;UngUZl~6fQD+$uOmo
zb`?|n`fY{@5G-47pYUEe`^97twP<7Pvx6Gn(@EO0Z4Qp7S|kBrOfPY8KUW(cHzoNb
zL?)&n%aveH*vg~5d-_ig-<PtpS+VNKF3*+M<PON5y&MOJVDn|c=53|ulAHPO>=haK
zoZBH4_G-ixKU-srF5}*}kKo%2vDqs}J&&01v98;z=zHDW2t4y5Ua<)j5YiCrUC93+
z6OLy!2i4J>Y>%zZNm8;f*l*efyZaqpwMg{QtIuRA1aT#AqY8nNFoZW-bxd1DY1L(n
zTfI@mcjO5Jd;J*$*{jbAVOQ;MCFFA)Z?<=#%^0zAzDG9dQ3+MK2rgR|HL#eZb)0bz
zrnqYy_ht}<@h=hOG%?+%0vr4Q(|M^r*V4V~H(;rZ+#I4A(yw)?$pz(p^WoeT?s0nn
zR!Ch>;yTdhSK$F@h8pY8oMqmq;XLxu;4`J)wo0}V0*ysV4J3^O=9y-(3)LO@HBV}#
z3t!$HWM1}z-(2WtxjVq<W7@d6_a^+Y%_@n5)w-E`Ug=Z@Q%DBWG+b!OcsyoryfX7i
z!P&@%VP1VC?BSNK?Gdg_U#aj49=vG%RbTvq;|!mRdm*2K+yr81w(QDsBxa}-1eDgA
ziT8-ouYRJ}m?bZbxl~vKN#>r8Cw#Gb2Th6O!Zys$HLK3#pK6$in0D4R|L|J~A%qvK
zh!rXRhks9&yHr~2M<99($WHTJJh!aym6eZDi$L}lpl9#O8*ve}=@gft?(K-=Cs=U9
zsd_QcC$WTLqpxHo0!fU-P1H`#-OIT^@-KQzV`kPGSX2X<QboS!p{aQpsW3}{%bAxy
z6qTk{Ns{x;b*5f|qlCGnq-+S6-Ubs454Z{Kav^hr+%xS>#~5e&ZP>wvBp5-4F8q^_
zgJ)7jQ9>#zee{DcYL`-cM;q(g8Oo9JG954uvhcueubjj3Y0PGYrc^;D*f!OC+V_V+
zQEfff+S1}A|1LJTIqTJMBXq|<1lFouAuwMCo7VtIO}#9It=8XZrpe1;G_URELi3RN
z-E|~lTHh;ZWDxiTBP1ZO4v1{cGczY%B^it;^2rqk(1rYGFTfOnSo3o;nM*0Gf>3%&
zzFhxHDO7t3Yz4w{8B8ZJJ4sCd@2|Je=A%WLeHQ=DRKhm2^L|vK!mU4EZD}SWcRb@e
z7I(xd*aFmCYA@B$SO%M>*>eGtTTa1%E0Yk8U%Nfgq#FhBzBZfRd!=Fxr9e<Tth1zc
zK58b5@FWCzZ3WUHi=AF@EcorOaKqv=!8t#B;K)q#%t8SXRBpYX+WWm=bry2aAAhl5
zEOZz=OOv<)r%?Uv;aS-(FK_t)5~Ta6K|((L-GRFp4UP0D)SjE>)L&}SnUdRgzG`Xg
z<D|KEud|eKRrZs4RRufA=!49&%>X7DW8&wJ#6~E;Kx3=A+CMowrW!4US{_}}eq9^1
z^Jbn{e8s=I=Lt>Xo95DWH6}N0*H1HXRCxEh+3p7qcO*{lH3lJ)s`Yk|$K}8rJ}Iqj
zu8(7!R=&*CwzzCY>1X@Mb#HFPzRhOU>E+k2Ezx6!Awngv*Y-sUPRh4`wq8qboL8QY
zEELvn=>Mu`I0X;en%9w>%7dilzyIQ^uonk4BI91>>3@HdmuR$aST;RXdTu#CouxH?
zF<be=E?>Wce`Q|ZuuCxC+-8{chNM@I*9K8dp{?MscTl~=dT}Sndrd{dX8LYZZwjMU
zv5R<ndw5~F)r)^U$vkGw7AT%04I19Vj+NNhPMT>v@x~txXul1)q@&r)m^|+RskbO2
zDVJ$e@J`gGx_#h;;yJ3IkpBjrT-d*&&A%ehU&`O8^q;`<H!A&y`#)`eLzgNDMcF(p
z9wd42I8q}DiNDlNJ9oJ8*cSH@d5FS0fg*#NZ&%<aC1oM;9-1@eLl_?Hhtwgh-(W-L
zLy)-o?YOUaCq_u`<R<@k_i@{h_@`xq*S*KW&R7p`FsX30XUI;wm+v}Npbx^}IlP{Q
z+WHE9ZME4-LUxgYRJ;>nBr*+IuDyA4;F8^HGj^{DYN&-IYk<(lymnt>vH4DcZ^NlW
zZcAWUvY*<)h0k%?8!B8`+f6pW8Y_H)AMbA!YrtlUDwCEiRSxRg$~SfJ_e0qUxm*ic
zzusa?R41r6b$-J;2}dF=qol5v<qc7(#q&3cR*Fw$u3m5i7aOuM-fT$7rQ7e3T}puG
zMv@igp6pMA`L7&lTg-0G4;`h@nTlzG4E4k?uV}zOB-y+4I7Zk*yID3KW?Q~)H8`^b
z{=_B#uzjfhP*c?z^k@7=bQ6%c<P4(+C2WLD3|%FU)miW}HX|o7l;j-s=o{z2nt7>%
zoAbXmFWW+nbAZec?t_iR^Ob>=G#-ooJHoHoeX8~&?T*cpwvM!}`>usRz&FLTgx9g3
z95l3KWughpvDRkAWq(Y+s^<?=-60Zx--u!UwZrUYLo{prdc$QYHEMa=@KS#}E8L~R
z%YKW={%ij;4dOtR!a@1x8cYUEX>Q4%l)M<(hY{%-FH9HAm>7Fj&6`+BZiXOXulTOq
z%kK{#njUnajcyJOW0|L8EwuY^p`93W5J2QBRIQoE7@`Z;`dJ-L(tu}P%Gi<$r6v$(
zbO73S!yto-=hWII*Bd1Y3fVr*trW||(P=*#r%dmeLCd>_;X{)ctF8z;4Nayi+4>3s
zI8`;S@uizX3CJ%wG1lBxkZLIoOgcVIO1}{o3r5&h7EU873>}ah%~MXJ4zm+iH9HGX
z1Nm*;e>x+}FFC2U<4LY(X9)S_QZ7?3b1uW8@x_^9LAjZ75B9A|;QkM9w0`Psu3@&F
zF|doTL<}L<Vq4>gw?$`#vZ;cOXxZSrngwzvMjzk7kv@K4)51<i;bF4He`z#F>2SYv
zv*mQ#FW;$X`o=%CjiPWt#$OR-0-&`6S)RMO`@+Tbm-B}GdgevH#=E8Aro)S!Z<w3i
zwRn$@3?|M6jrqk-^Y8)w3a}@<_ZP%%Xn~c=#BAJ{s~GTet$njy^doxsIk$rJ0LJQQ
zp}p$eexLuBjo~4{EyC?whwYA=d>j2}2hROTn<0=GRVIx8r*itQn&tneSomMkJu7JQ
zc_((Ez4z|INogq{hZ^+t=8Bw=H@0<;I`9;}wc~f)Pr_)v-)^wy>4uh-1HAEr-Cwv*
zUsv)nYfS6YOw3z)dZG#G!3u8NV~8Ir41<~V%1sZ@k2Dbz%iVbET3PI+xF!R@3x5p*
z)>7^e&FjVPV<2EO8QKp~Rd0$hf;zbnAnc_b_JQ03_#s^&Kn|+%^hQ0gq*o2HsV*+y
zc&Xu#ZKKpu;vMUb<_UExF@Tx%m9XOM#Q(%s&sw-^t!V@K3^?qfY7m`CtRx1N>M;)e
zBxWnAsNpUuzml2a0Vm`+0X*_7EnyC6ZTPq}G1bu9Xb$R$HE0(YtRz7bT9}+7jxHV6
zmr>+iEQH=vLrs6v%M3MQ&~%tSJ~Bj{2)uIEmnUoAWLR$`*}kkU8#YK=2vR%#gYKE<
zhI5y!In@DEyPKRuR1#`BJw@Imebxn{d&1nB7i1wrvnp~9mt?({U%|$l4gTz|Xeh!R
zSw$ALA;5?Qv_I(e0|=;0`{$+|X(1*6N9oqGY2N^=RK^!iguf}LUAiwce_H#wl@N77
zUo=<-Mhkqpf4^B`4~o$+Z2Giz0#CcJHYgWm2YJuG+IbETk_17ml|lMY9ZP9|XNdDn
zp0d)6JPhE=1j_kWp}O-y0ajkW-(k-B=FyP=qQ<DeQsLJ)N{K`uvpqD=aOCDg3!qgR
zR{m`RKa!mN$>1W!D))qC7)1Vs&r2*l7ExjVTeS(7_eTT=oG%dwU`v9I4=lclRyHH@
z@5fw~ny{oT;wVvw5DbR_T4iD7ld4khC>$hEh&(J-HCDaLnS2V4IxPX14{dIqY$y?8
z$LzE(u;+qR5J{cmU`wMkf!_a?vOgsAX95_}{!@jB2O6!Cb`louO*T%=ri~xF0**+)
z%{f=GANEhdOIPdw&xkgb?L{}7>zX0JQG{i^bw}v$_x#v^xc6PeDSN~dkh{l#xT9bZ
zVbH!k+A4lm+Eof_vzgp~OXdF;fU5KVzo*e^06Qr249&CJ&DOe{JJuVGj~Dbno>!+%
z33a7hVNh@DC~e=Mdiu!>R(HEGC~2X7xO9DRp$)8McEZ_5|6~Wd-Qu|0ht7C4I9)ot
z6pU;g1;J7V2P|_GZ~8LvJ8co_1o<RWsS%~DL<{QUI0km5(F3+xr6K+|3(u|gMN;Bp
zb6H7cDBJ+_h0J}~7ngB90&Y#l&5#NBdArqbncd#_9k+dEnI0gZNEyT);ww2P&Oe_c
zA5LBphPR!rjzv{?lc{!TZrGwub?sk(8W4QkAP6hE0&H9JW|{U4cXz`A52GX1R($k~
zQ#kBGr11P0Rm9?B1wkS9HX1tm;$PIx+xQ_w4vs!*2iQG{4GWhXezS?{mW?bVXjy4M
z+QitzdGzu6dNbkc<%w6(`^f1En|777J!Waw<}>5>F6k7VdI<FjP1|9{g1RZ9%?92^
zH@z<<Dj)}{D=Lsf_blq1$hLZg<L{67=t25+dQx`Kxog8iAD<klej}HPn&kP$xvQI#
z8u~KrVZ<3=#PB_`f$KN@P?YCgJMXzG)!C#+N~^=&LK{eQc8ifXPy^0gd{5Nf;CxBX
z3~MNI8rA=30J&yu+;2P-%=F`>DU$+N7w$RhpO*3hj8K(KRK@G>_KwvDTF`3%g_}35
z?%QJk1^X2ozO`hD5h!Em5#R``TiH2B2gEf2(_B%_t&9NAXb?|;8SKnWF9j{Ix7cCI
zx=>-djDrRs^s~uN?cWm*RUk!`(Eiyp@?d(n*kI6I&2SA!oF(wYB=H`5gpMj$)y%wd
zcL9!+yrbXOj5C5WI>X<j%K~-8{+%!Q&$8{`NrHc83;vx@C<gumsQn*{xqleiV-B^6
zA6Cvn;#Kgbo$dnQ9^)}(SiWsoRGW_;6K*2}S1?2NEwf&UV_xB%er&(lpYd-;WgEhE
z+pS=KP;0JrJQSzI^QFeJy|PU?%&UjB!Pa9hlnQ-~fA#vm7l{AU5)+w+N`L&%>q_Hb
zoHo}VN91_oImJ*D#WAV(%ID@;!hV}S<Bo^E+Hox3fX~}^Ok(j)xWIa74V*AMLZt=d
zP@ts;JcXMlvemS3H5->2^UabJrdJ}Y{P&Ij^CwX-Eq3+BC|#Pp>NnES)qnQh_3U>(
z(XKc^%r7sb4_0*5y?NAQB&_m?YLg$yk$9qpSHD^Du9!Im<V~s|N6YHKz|&+%D*+N<
z5qxT`eUSftr|pe~@>i3QzC%>9WmH{fq>x;Fuqj2|l1)`7KDpd*@KrBlWVVrYkV$=y
z3C=eqr&GyFc9&;g9KKnAd?tj8${dw2i)q%poKqi|4T6O+TQr#X_0E?4{<G6b#WDcd
z&oF6L8Y%(amD)2CcahRiZQ3HAl|u7b(vP>?3hV{G1BZw`^ww(L3?^IQH0B$=Z(dXg
zol)0s+a}P`T~;E2R$NO7kD|Imimb_#fGW(r{bsnG{Iv-7GMLFWZ$fPjQev-wp7Eyp
zY>R|2%yOrA5MgZyKI_IpNn%9SI4@4AH@}Ml1cZkdky{1IgpRng$hW5s7va!U>El6<
z^t06yUR>$E0cY&7H?9$P6w-$XNq|T+QhrB&P!lNlc~bKMR2bZHc5^N9AiPl^-4#O6
z;<A`@i3miFsOb=!lsmG3$4rR>W>NQOAf&ohI$#@b|GQ{<V;5e<z1g5UHJV0GJ_{cO
zgtzCpSyse-sfb&b-Dav0eROUpxf{NC4g|`_r6u*4U0iQ$*0zq%?FBMZG9X;w7iJMo
zM3n4niS;FoD(#!noRz=KMbMG<u#5W{p7L!qiG_ws5L<%LNfi&5*EzZCKV(r;c0FH}
zx{Gg^QaO*s`#Quy@dQ4orwq}ef2ZFz%TP}WvZ%D$+RArmE@ued3I6Z2xji^Ca!`ms
zyicY{k;=akw(h2PJAf;CdvuyG>U%});inE7H*Up3aZ?R}ua&`i%|<bMs0l>VRAn^O
zSZZI0ng`$1bqfBO4*#SD?*+^E(yVss@ef?R1Rg%S+$P;1SdQ2t&kxF8@64pA@Siwo
z>U@G;QmtN}uhoYQV|D1X@@~g4FI|~<KX^(UzI!LhPrajbj_dKt?CYglzV3`5^I^ob
zffqE1ms-T8;rYRS)>6iu0)At=>-}QM9hhQfb=jLZ8tb*tZ)N&*{pv%PG#^d#o8q1W
zF~h7R(UhPrf+dMj+o+MA`&qXogcJ6q2K=V>Zhw<{S6Jx-_%0NdMHxgKGSbf<ajf)4
zcR%Q6ior3H!Wfb1{j5<!)Jbv^*i{#C>_RRUUq-f0+0x4bKglr?0%kXEtaXV-V;d3&
zILMP<%A|_thp(tFwDs`H2lA;kNqJ!0<SjKgQ(%ha9maG!vcLG;AR=u&V|zTEuTvhN
zy43cfsx9oWDRb!PX2kD+0&_TQZDzcI?BWg=!k1NJ?%O|zvu@P#sgu9zvP`Nvm*1Ae
z|MzDD%5Jex)<P$G;?MZ7DCBi3to5T;Jk5@hn}gKSlci=kQ3%r>lAWrHYt%=Pd{dTx
zhaD>7d3Z)__s2fG6>e^u)-b-pqi@Ek&Gr((lg>Pq6|dW1u{b|LJxTh-$sm)~mxDg0
zV(w<@%Al2!^0JIh?=FNR)l{X7r*Plxo|f0cs<1?dOX;jCd~^EMICf$#$hx%l6VBL4
zU5J*!^tYJlY(%`2;93qO%&3=OzF=;)RiV6DEB`$EP3<tFK$`tj<F7aTFSz#~%?s=8
zOE>0zA;vj5$yao&C-$rO^IElBMCMjO<(#bywRb3VnxN9asLWmZAm-v;p>o-Pp*JkE
zq20MMX3%=&%zDGu!08RN%zJ>V(x5U--ypXFAseA>{HVs^oJ#|WPezE0c?6^<^qt-=
z>i?5`Y{O-{ceWWjf0BKW2NS6P?hI?js$M9Rn3s^Kg<86`FCjT6F^-0QaXF1?`C&YT
zb}>I8pq5r{U3{UGM|?F(CbH|tOfxNLh`_U$p8063;IhqK5!>s=+%VQp8$+<ZKh_rQ
z`OWXFLi*_2^NQB_$*B|0HQGi`y5DseBe7a=xAf0?h!F;#X^Gd&i)BGpQ(V(p8V%KX
zL2Ib@HE0@@k1oJ(lJ?6FJ-VDphzNpc>JpaHgD7<2Mhg04)>WzP!M4nH`I<u1&94YA
zFCCUcf9c;TM-5kWmM4H#n4GmOn>_UG5nkFb`?hnM9MWoT8WLfTZ2P6cY6EO7n+;$0
z(q>xz(fXdf1uN_>ekJlcV%6T$@~~8NdU!V0M!Kr3lIs|`X8v|2(|q$VB>LK7j6(O!
zxiGGpHf2thwRxsArYYhKJ-4M8s!}o-`XcQzmj3&^^vZp(U?H+4=*%Uysi&b8hbAYn
z+L6rh9rx>l4fC|S^lEF-D%Y8pQGMP~u`tsS9P(7l1&tryU*yvWMQhBt4hZ~_bsUh5
zGVN^GahNcjqteF&TEA<KbR_2!I&4l!DBHyr3PLEBC2V)pzuvBswjT<rx13X*eyKmO
zv1k`v+*_3gdllYWG0+sl;5u$)&RFYM4lA@3SoDNjRl#P42R>g|D$b8>B9^gy6kJSL
zuwE4isQ=ak4S$z59`Vu8QKngh*>|jmbril4m+k_8PfgvX`^CjPzZ$%+xLZEOvkH~z
ziZ!tLSf!6Ow7^v^pglfSHqBor|Hu2ezWG_h3Q}()p1a7=p3yZ2I{&3_f*iFBnor#f
zao&AIQq@e9b`ne(y?_4@x9DoIn^Qp7ub8ORP$R$%Cj~aplD>IIGZEUeu>K?|VwjeC
ztN*DYvEcJ3gwa`(K^qXyA^p4xTz$-wo$O#`o2RY0P$(G?X(mfMiGlt8HaI3I`_XTc
zqw%ii-=QT%T3I4!s>o|BWDv<h1I>}B$A<Q31k(b4=oT7ra9YkMm!_G-PXU`V?B1R=
zmYQg3=yKV5?Ul}vJISkQ5L0B(X%l<@lc2gQmO0Lz5B^(8kBulM!$R0C!U^wOuIGAj
zjss-^_(+#kg)ni1*W_2m+1({Y_cxj(3~w(mYBo31d{ap-K3$wP;Cuppn(0^hLwG{|
zOy`4Q|CsOs*Le2vOi(T!VC~QPY4FAg!!F0o#fLF41(w-6XF;x$)JZTY+EaHoEQ22z
z377G|e+ct}>rWdDCqreQBa>i-u0h(ECm)DDe?%kveY9rt$!ho+Kkn@k!{*}{sus4o
z&KfZ@+3nVE`NW(`79xtH>EvE?B8i8L)#;AnxF#V};cs%;csr?Vu`>F(d!(Oo<rEP?
zKIM%C^q%$*(wK+s^c`U)$@AY5{G>WnZdU)nYVnOmOH?sEGC(cO=i^Nhj0g9My^Sx>
zv|IXxtG|gr(2vdSezxosKCQVAC3~lnTThw~MewlaUN-6&_FSO#1j$h4e1?A({{Zw0
z`NrP%lXeGR2}7EbU-6TcH|xQu(B|O44aaD(b#fS4lZ%JjyD#hGg75JNq@j(EFJhMS
z_&A{Mf1c!XIg#bK1*WHN(i)UReOf2iHp9N9NM?`~2{Z6K#?+=3VO2NmH$}JE2x;N`
z5V99dpl9*RCv+t4&)`!!&oFz{JaQran&CteAYXcDLE0=P`<q8fuc_#fT_OBl{jc|7
zH}MIWF3wM5XUU}bq9JtZoH%IAW}jwphQ&PJn=;^;KkcAnS9pqsv-7#*O(>C%mA}ic
z4=E;Fomtr8R*#{2A5(@?H0W0%esR3q{UO+!f!6Q*Xq)dD4qDGrXOGX6#VO|>q@q&2
zQlKS;i?Jzec~F^@g~K$&=5ucHT8*}W46AiCeV;>8l21=wmFUJah6REYY?<KG`cbo(
zs02HK(n7*wXT>M70yUyP{G4^ZlOgGskM9gk{-QvsNb&|j3+YZ04S{ixTJ><Jhrq0k
z67faWX(Ky>JzSjdKv%FIZ-;3@tH}Y$9PyDS+ihcJ%C^u+TI+d+)?V@*wAbh=^$ipa
z(X36G=sFHf>a+wHda|FRg6s<}-zdw7S{J4eWZ7BycpiK}uJdkrOAAYjvk3^DuEVO=
zj2oy{-XR`GW5*?ZD1<oww0!)Fu*O}=>8a8WDUCB6o#5}w^<%_MrVwU#c;oU@i$TV3
zM@}Is5f`z7rUi>Vr1noWW(Y`!`#)lWonsJkAY7Ghf+Qu(Bh2=fR1FGdzxs^U1wZ-I
z5E+4a^ccAK3vYHKGRfak10~dsNFd{3ErF`U)YJ!c6McR9#KEgE6D|+I+EH21U#cG)
zXY5ETNf3@=PgjRFY|-ZXj&UVpP0O)1Sde@AY3ehhtnkZ&cs9`4+3$^^rlMHd-vp4R
z7({x(`=%e%Uj1&*4Fj6a)|mffT-J8lJ0DsC1HUp(eE3C^uLAB$NqV}bCmj6Tibc$3
zC&VDSNseA5%8Y<9XFr409Zt&PG9L6!Gc_i0(@-4baJMc~Q2v?VGZ#MD6&99xKojt>
zB>w&v28`Q`bPe&!bouhhlnfiOIhG2EAaxRsDI7VM1krJPxyL4?P3O%u_&w=zAQFPd
z*!d=J4|O6Y1nne@juqSE)rn;r)xCDRB|gs!0+k2-KHE~Lv(I9T>&wx257cNcMOon`
ziOXAMN@0r3T0AEIajlvh#A2K5o6RxWGesXQWo0Vpm1KhZomQ7-8ppl6E?^rjm7AO7
zs=EDJ3o^))0(-B^*QmNVC!d2%c1C)!^$jV|i|B)w+@FCo_CndOCn>0z=&)@ImqwFt
z+5TvTg>`bHNvSAv=L1DNSdE1ZwHUyDrF?l#)V19tgYOHn_Gnl=C2IC_czXb+K?^RX
zE;>za6j5(He#^!AHnpY?DN-qyb=%?_Wh#AbCW*!2w0I0mTDu<#V}=d)Q)@9bcj52}
zW<~n_VKfA=>81YKC%5ctkdyro-`p=ZN>*pU8|wr)&562l{OtqJ>p=S~HzduW(AStp
z_})S%EzjAk_uSSt`-D0LJ?dj0o=G)>X}sL;4D0|0>3qhK<|_PM+u756>-pM~jMd%m
zZ=~ghLTtVc2`K6_&H>Y=K00S`L=m_s<H+Jj=#BkIjg!pp@6}-6{iG@jw1)$4$vX)-
zun4>ks+g01iJeJiWG6SiW20wNoe_{XTvtpOiipvK%3xzs4M&6=<J$=7>bzEJ{-i!;
zGg4a-u&yko75=l2ht~aTGqkttmsqdb!1~FHoDsP~CUx@&0Sl(OtvA`d`0HKhp*(gb
z`Tcat1-aFpeimgzkjZmq+LDM<y_EM&`riTJtxV;;*N>OnW+aYVQh&%vedczz;Pz4S
z!3*I!0r+j5o{J5T_vnK<HRkV`d`yTPO-MuBCI&PDZpjrJj@B&pwdKj5*lOMIwHF7c
ztVb{@dI%3W+2edR-ThQ=dR|n4&ZiND!&h9=jWc^!>ef_-8>X8ncw_tPNxkCF+1xT}
zeiB+7kJ4av9WSZXFZxU#h=FI5j`f#0$54QnKf`ODi5r9N9-Vr*im=_vdwscm>1z9c
z6nVq?3lDJcz9Fl0Zq~LI;_W%n;)tPUzMtLUlsvV>15-K!XQ8)=sbqkT*_k@FMift2
z1F|m-U-#*)G}z+{OubEe9;dF;<m<h_+n~!z)0F09nE#g4TkZGL0@7DJdoUL!r^+hD
z>QqjOrZ4U+k|}nIC8ut_MZwnZ1?HAO^aEi!b9C5bxb)d)qxe00J59`>Z-NCr+u^Ag
zspPqlYH_U~q6G9o{Z6I;ictYA&ZqBy^*CFom;9K~d1vIwkeY+MOImtNWFGZJZ!Y>0
z4e$*#bMsg%Q)(fPw8<r1o3n`q<e&Che!Z|%V$W?g_0k-4nN<_8g`Au+J>2F^YZJ9>
zd7WFE>wn`e{9W+kr+}*LqShBDzw5HSG#8HW2K+sj9fp^UAKxY2XQ?m>_?Is(EeF@@
z=<R9k`YgJ>wd|zc(<!|KBiXQ<7NpZwTMJ|F=fra-&yD@=GM!F+_wbw!Hx4<5Z2~M2
zscf08G&@cH?|DBvk+$5gYPLY#Z{cWNyhic`E<HSyno#cP`_(Nq>HO@($n|fz(8Ie+
z^p5imt=)i%#{0Y1GMC2_y_DE*?U4bunO7I_-`>x~sZ@-oi64)uritgO-hz>@FNO^(
z$C-$pb<3Du>>v7PWaw?Hb>M2`s`|d@btzvmzN3(CWci9>_I);ZpVlGXV9?^H%|H~X
zl6$8#bPk`yc&?qR${-TF=D|Kwsj5??%0To@;#Bkl=vk=vapU(%h$=%ej0lC4D4_WM
z0oDJ?W&ksyTK@r&>PU44BKf~(<o=8Qe_&%EdIkZanEn)%>^0ucL_G^#e~5&^#&6~B
z-*0nQ`DWCOmuRA7h<pH9k@pfCyOq@&Q~C_jWjDvQ%6ys`XKT52{BG$)isQKlFsw{K
zsWEwOj!dk)+|8*lRPG`(LwnuQ4#~V(@i1$QiWnjW`G0FxFQE@=_U8Tm@_wrS@3q@i
zKo7Qu&)vzpKLflwdDx#=1o<BQ=-GS_bt%hov%ln68oK!S;wA^r;nSQg7UFyCN(Ab!
z3nKphFF;8o->O+({q}Gim29_F)^L5nI(>hZq!=zj$njKUR*k6{FB-Hxwxv0-UBOBB
zxZ<o%<-#$e!ab*?uq$q(_sTjDOSneGvYh-&rSE_dJ$Zrd;zq^<%fT~4CBWplJ$UJ(
zQbnP)J8g*fAM@0XL;(LcyTM*PW835dmy=*OmU^C;E50R~ywSOZRoo1Y#${5G<@xRV
z@d&@7U`f!07I40zAyJ5y27tVdg+)4@f0U_aCDwUoY-eq66q}EFl9nm;5^)h}`&Fku
z=!V@+>zr;ZpU~&iAMRAKxgWobm%l5ElndCTHrF3CfCuI$LpJ9Ii^??;^83Fvw@z9X
z7(O2?v09WeGgL-ti`wo4g=Q(2yoRVIXBU_8IA>(>tk-!jN`b5yOQ2eWTxw|r3MJ*|
z$pwnf1{fiRxDIq$GrKx+i-l@E+nR@Z5-yZ1Xf>=S{I+l_#EtcjVq>6k(k)Gr{E#%1
z9@PWO>6hvi=UI?@!h`~@FCGOI^5Z{`6wmoeJ!OBp+VRlZCe->vw~Dujd|n=>U>3`j
z%-VIhPEFMtI1DNhtdtUtLe`TSE=5v&B?*-LUqx>eoVX;;?-S|~qpmHmCy(&-tX56-
zwKL!W>z*bCd{O_&;FzGO0OQ72P{O^#<031|w5R}qdi}`Y;jnk+^4@!jwfrk7+NJ!W
zQ?#|&Qj_3f*hCR52#Cm3)C`R&#s+}>Qoto<L8S^D6^RSWQ?vq!@Gjx4@+&RJ`T`?~
z{}o*VqWx;nev5h!OzO%iC1zS=pSP#FB>f6jZ`0@0ijG-CS6y8?UvHP^RGM|2TAw}(
zMypwu+0&s}7po%xP}djgimo(o{F-M!mXzm7YBs%x?puj2wv>tsCC`#A<+&W*&pA(i
zksxRCvE?EK;ha;6MQ`lKITshLKXcOi@kwv(%lT~AKDZT$*-I{E?KkixqR6<OWA${)
zl;cLd2!Oi2w<Oi}wWl_|mMyr~ss{I5t{S8N#A#o2HytCL=X`4Z^;}pHp35tS&n2m^
zY3ys+g*L2y^XUI}<o(lJgDyp#CV$hik&6j{y1rCb|H+OsZs<!=2czpnLl}bAabX;T
zlf85W<22HZL8E)i>X(PRw`SDvXw6{9zMNFf7#(Kp>%7y!QQN@<BU2eYl86vK)}Oku
z{}PA=sQ{?!Pd_>0+dugE7FOh?wgUjv^+(m^ocr0wOt6d|0Cn-GK>$Eq005{90N~%L
z3zGrBHGb}4?7y$Bcmn{q$lKKwr^gBaaE0yuZgs``{I~-ETwz%^_f~a9Gw;?0Ha0f4
zOWSsjZ&a7NEt?$y0Im`4Ka_U;rn>z0u%iJ0xJ203pLv`y>H>iOj1hGK0O~?r0D!sx
z08keIpf1z}0H_N90CfQX>Ox%rfVxl@0H7`aKwYQ{08kg|0szzn0D!sx0Ck}*06<*;
z0H_N9P#4dp2Y~<ev+0Kz=DP&|xW@S2Hv$b#-@~{709;~yy!Snf!*Cmy4FKR0`@7$M
qEqT`s0N^5TSC@nW09@p!)b$sy!`(*7o+T#$0000<MNUMnLSTZH3fTex

literal 0
HcmV?d00001


From af354bedfdf7d925ff3dd219a58a10e8dd28e562 Mon Sep 17 00:00:00 2001
From: Kevin Martens <kmartens@cloudbees.com>
Date: Tue, 15 Oct 2024 15:28:15 -0400
Subject: [PATCH 2/4] adjust image and source code block

---
 content/_data/upgrades/2-479-1.adoc | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/content/_data/upgrades/2-479-1.adoc b/content/_data/upgrades/2-479-1.adoc
index 8b196ba6bfe7..5b9645637945 100644
--- a/content/_data/upgrades/2-479-1.adoc
+++ b/content/_data/upgrades/2-479-1.adoc
@@ -52,13 +52,16 @@ Changing the environment after a Unix process has started often results in race
 If you need to add (set) or remove (unset) environment variables and must do this using the plugin:envinject[Environment Injector] plugin, then specify the --add-opens JVM option for your agent:
 
 When you have outbound agents that connect via SSH you need to specify the JVM options on the agent configuration page:
+
 image::/images/post-images/2024/10/jvm-options-ssh.png[Specifying the JVM options for your agent that connects via SSH.]
 
 For inbound agents you must add the argument to the JVM there.
 It should look like this:
 [source,bash]
 ----
-java --add-opens java.base/java.lang=ALL-UNNAMED --add-opens=java.base/java.lang.reflect=ALL-UNNAMED -jar agent.jar -url http://localhost:9090/ -secret <secret> -name inbound -workDir <workdir>
+java --add-opens java.base/java.lang=ALL-UNNAMED --add-
+opens=java.base/java.lang.reflect=ALL-UNNAMED -jar agent.jar -url
+http://localhost:9090/ -secret <secret> -name inbound -workDir <workdir>
 ----
 
 ==== Upgrade Spring Security, Spring Framework, and servlet containers

From f098e6ceffeb60562d3cb1eced63ee4b632ad28f Mon Sep 17 00:00:00 2001
From: Kevin Martens <kmartens@cloudbees.com>
Date: Tue, 15 Oct 2024 15:47:48 -0400
Subject: [PATCH 3/4] update and compress image for upgrade guide

---
 .../post-images/2024/10/jvm-options-ssh.png   | Bin 17789 -> 21145 bytes
 1 file changed, 0 insertions(+), 0 deletions(-)

diff --git a/content/images/post-images/2024/10/jvm-options-ssh.png b/content/images/post-images/2024/10/jvm-options-ssh.png
index 0ef8b6a8bf063b3999863da920a814808cd7d797..02ef4e25792e8ea777ee434b3a5de24f2b9f7bea 100644
GIT binary patch
literal 21145
zcmZ_0bwJeJw=X=Ps3@V5Gn6Qu(hUMK<N!lTHw-P^p$G^JAl)Dg-Q6h&(hS`p-Q9JE
z=XcJz&%O73|B=0RuDx>4cYn4)it>`!&q2=t006eM)JG)%00RsFp!Ym`gsSP5@$g3d
zd2A*M5d{Fs!e87NV4!F;2PH`{K=A<SCW^3Clv9zA{4B@B#6d|($G|EK1d^l5Ow61l
zByZ5s9~l@}Gcd4maf@hanMq44<Gm)NqGF(>Wl~nwd;T1ol9E<LMCv^|-&<a(cORhi
z005PQhG@aU!oo^fSyfNZU~FuXOxHcPLo_J>aB_0t<@H78&;9Y_i@pcG9F^pi0TNUA
z;eY)S0f09E>5rl+uG2enGqFj$guYA7i=}))enT--EJN2V%T_`5s*&=;()?$AKkf^3
zqp>IRoX4-;5$NBmq5<ywTU;>#zHoE^5Cg#e9AJzO_y9)x-}D7VcP?AwDB#ZqYlW;1
zYb+570C-#VoqJDA3T;*haeR{^G;?Og?Ohn}Ao`RCYk;|N9<Y}Jjo8mrTG7JX-Cf{m
zE-5v6!%$RtWxa;+^z%AAF}isQsb&~mGSD*v`S_J*tV?`m%V?jSFvagYW$X~v%ZRgB
z4IDdjE7`S-(+!LZk#F^wIXfPXQ+1l(h)ovNQX6R6V>`b!%>F^;-f&`V(rYx+T;dsh
z$(FT1olNg;pozPv@CU}2Fm~A#!Bfpt<@c5*T$ZA*DqSGla@l#V#?AHW4=ha*p}Muw
z18YaEwg%M644Kanq+eJ@{{FEq=cann*45S*>1eX^6*q)*o}xfxP?1~SHk>RYJRBa2
zIPr^d4Rcf4cm0hvD~ymF<<)HBOQB2=PHsLld!{q`DOEI?)NK{G>_%FDC-@7f+;`qy
ztaanIdl?ILxwUZ=R3?W<LIE{{xf}&J%!8*9NUAmpeoNM<t0H60Rp}dghoCG%=cc`F
z!8=|7ujnv25t>umbvTYW>q5flqgoFzmoL8$E09c>J+T<Rch>_G&KxZ^6TX>u67SA0
ziA_dICl4BppTk+QQcqLQUXP}#leUI()VukRZo*SUa$IRrO5)(DbDJY&Yw%{smIJt7
z#q@+8J_mF{n0t+C@go$3Mb4NJtCh&~OqWG58UW8=ZqT}0=jW>pT8R0HI=E@%eJVYL
z<CQU|1q}tamv5S8%FOyP*a_giaVxImy|dhiw9jpx3ePip|9o*CsCqm+&5(9n`6)t|
zVTR>Wdq^#_TB}*9vav-<S7Wd5tpjrsa&A|Ng_@wKaAnTKLqxn%ZjFS#!egNM>F0eo
zsKUAvG?Lh(re!H-(&I7PKUN)cUf(dkzqcE}Hg2O;z->e>5S-9!RB-OnX?eY!;l6Ic
z@EoPoqUoEkx4TA>dQA((&2FKv>)+#Nj14pOq^5trx&zJ!H!3Qvd!_In4F3ld@CNZ<
z_=~B)Ro<7r4cEIV*Gz~@IV2%qZyS^1{O)q|yr170@Y!fvKQ#_Hjx|^Rs5PZ%**G;8
z$`L-&c<`G@&vWj|lGx|i^(4y0bvnDOgalAqWulqJ1+q5LS<imrD_|Mx<!K6L24Z|Z
zh7X_|?GGK`rVZ#6O^9+SZ?FfCCr1o~^*(-@wFbBN{`<lEji_xyx`JzijY}<zgGldY
z7KGPGPfge)Pm}D3h+}11i!1z(hh$1_R(CIdiF2COBVV)H?4eMHlHObnoljaWUI&tQ
zemcs+F~xA|^==AwLGRph79V|`=8=ssH@=;TN5yH)c3!+kW{f<Suk1UB&zU=jO?7sw
z8y9VXt;d}|)hyJH-t}*@Gi>g_9g6<!<ma2`J6FdLPv9o~*^3H$)2o0Gmr?JG8{1iH
zEboz(F5{{nhlzz+YbPn2A3JPLa$Jo1Q+BZUPe}r)!0gW#gT$eHVtX4u7iuDliA+W<
z!82T0URo1bdO2R2Be_TtWlb-cJWa<IzAX8IsVtimV=41(b)9Mc3!{7`(0VpSj&~}U
zN9D2(ZrSlP!Q>#TfDNTLg+UlU7l$U2L%Yh&0Q@w?+XIm>GQS!A$_d}yRmYuzGk|4q
zkSpF~F3&EszT8T485lJ%y{z`u-0-`>hy-cujfnl9w@Y%vEATxMAjZMhFkJ#`-DD^a
zyem(rkv)+!=yD>XKfg}SyQ+BMJbEJQM!;8FoY^XRPg{U>d#XEHb~^{EZpkX(#R3HB
zEI0Ij8wt;-3q3sCe*_Se5P>1YiZ?zNxoUuCOotCw-5O0s1uzc}dYe}kLbsgBEXZ{O
z<3T;%ryxn@zprpN9S2Gxu!ZG2PeVk)ayi_{Mz<U`MKJt?lk_ajGi;qWH97L09$3{O
z>M~dbm*~wL2{3g#TFe|-fic@Jqf9HyL4)Nse>P7HwrI}(Y!o&~*m5QERbFcJIGDdb
zPLOwR|9-l8HAjbl0tWXtDEHNInzp2FBkC7Xx;)Ls2?$Sy>RnHgNi)WWuWXm9tY3ML
zJ0123xJU{+j;7=tOA>W1TJPqco-~|ZT@=H?+dq>|s#%PFN4Nt@5+(#Lb2lv6HJza5
zn_^Otahgq@<-T(6X4ol?230mAOPR%5PR*&|!keWIBXh@Via2bcNtTJ+q{EFuveUE4
zxI#`QeA0ZjCyR|Jm97hK_7xNxD$%fJYCBWKL?><=>l6}C1Y5h;tTOw_-{Xq(Pc(yM
z@`?k$_s7x36hzObnmBmXdFC<qPT3LQ`QCq>XyghaIWwpw^wOxO)PpVXxaT09Ruix1
zV^WUHq5K)7XFBI&im`z!UAk_46MeYF&8Y>=&2c6p4iF*V8Pm!eX_1TL6^^6h@8$PM
zQf`sM6TrcJ5|ZNfi{qYceB7fqh?bk`ep_2jbbxVmc;%x5T4ToqRA8{CnEMr2f?iwY
zt(#-!CEui}&Z7mWEvZZEymA9__3{@3KASD`#&5YHpvt?Aod6r_G#>{EkwKWMH9Ekh
zT6N5UV;a4+Nk{+z_^)h?3KA$Q|KHgeMgQ;Y{C{U_6n&7yZh=+u0&o)oA2=-$#5=_J
z01i>hw!7ZM^(seYaE=mM0Q;3Juqw3SlP(lse8LE95{^7MjyZdmQ1Qf(?!L}H4iyt`
zJ-`x<W!*&E<N{OLNJ!zzAswCvs&_AZ;Ps9E%0UB@Q&CD~eWi}s!dVXiS9e-^&oVNW
zhyXQ`9dS5Igt=ZBbcO5Tf{3RXexg`Acf@hy_b8Irckf{Cp38gxr}WHNH8@m_cd))w
zu>jj?u-PvWwmT5BIo6CQ&s6v|>g-3R`m3BA02E4qZm#Kb5ID`{sxYkkafwGZZ2#W-
z0prfMOGEmmJokl@n~f41S+i?e?)>PX)v>kKQ<z9f%~HrL_bY&nlq#eBKrX}2yv(dj
z;Yv+Fs~i>c1;W#QVT4!7Rsb9wrAUp@oNNb*40*znP-DmY!karTggg9%6JDPC^aEHy
z=r?}Bz<6h2G+T@&P`SmdGMODDiCjV#Ky6iM02V0=PC`CE--%?}_OLA9bYJp@vT8tF
z-{Aq+-QOb8L4m)NkwdwT#7Z&P?X~vnCU;(>%$;_cqZ|)QOYR#!kLk&&_|>Fe>1dYj
zakw#a?wA-BmOsV`KiYZ__eK9te-B7gEC*TF^o!nFtku8gMAHp%VKl`V!UQPIvR;DS
z{P$^~X*{DSn<VmXfwE$W(>$p4=;265{ZCT+kG=S|jP@TpuMHaZ9B<~i0$lBD?llh9
zO*mQ0InjOB)u}Jvu_rz?j~N3T+>~>A{NdD8mB0iz{K(`<l^py7tCbn1!2#&w1Q*s{
zb8c}*57rcT0(c3dovwbs3HwKukm!pl;1EfZlkE`$a*P9Ylat<xOE4JiMiqEVV_=`N
zejzC@hXCBw!-a|1QA+zqxCvmiAJG4z0PH=SsCv}F$T(U;=zpmHw{Ikr@D!CgN9X|T
zGN|#$5fNaeyb=3zeR3dk#kJXJuV1Bivk?MYM3S(zthTVc;Xc_NC|PlmW`<`8;8p6-
z*jf-llotgv0OG%JLhSd^fTu^_QgHQgEWDP3Q<I>q>VWr;7zaHR!A&m#Ym0XOJ{~+s
z@;?swpX0(m{Qh_G|C0BE|Du`>R)AymLmfZ>uu1V1r@WjLiskcdj4Rg_&w}jxw1WD8
zai?L<L>(Oc2;i8+#_f%Rw0KtZ-6cb6&e5%eQ|;$PhD3asOKdWX(muEh(eJHwOQ+><
zvY0}5gRzy7sxFr9mW7X-4Eg!Ry_J24!fiArR)l6&Qx#4Ba`_JokHV%>4GCvOyPe*E
z+JoNra*_m7@|VpNxdWyQXSkAL;_67x$|g1&Cg!P4Kx{0O*{gDHDBOmMdG1rbP?l0R
z%zN^uO1e8D5p}$cfR7iPA6CT&Aj^~y{VVpZ@=r?};b+y(d8C~N(d0N)+B;9WbD2g>
z+Fv@gTU44#Q6msDR6tex(Ayqi=RsELER{;F?u=AbA>S+$l>#}!ZOF^3PVB5~9<L!S
zqn#f>K8l7-doycRlcKro+={XpP@P}S<z1D05O<S30m_tP<B&4!pg{ijG_r-8?lav~
z{Pm8`DZ2s!3`VovWGrNX^S5GFR#|6(qB-U&{L>PAK#bB3ctAnN8N>Og%vv|Jd`g<;
zor{%<JA>@Sz|~&shA<+6O&R6Dlfp?hIkRS!D%USaNia$);qLyCWy)?wRKTLlT!u(#
z6>JtnP;jLDzying%x%1;iM_u~qU0%ONI(oQTS91X^wB46aQp0j(RXbzfx4mfYa>KV
z*~pin4z9`ya1X!c6qW3)oOd^=?kE1Dt>r=rg2DG_pNzpK8YP_u#7%Z8=?yA*#__4K
zgT@8H0b<=Hf3kaoltn&@QzflfY%Z-{E>*^#k2%6B_0t}G(gintb|;C-QK|J2kJ2U6
zW!hq4j0xONI@@<q8ex<{{eZ08he0IJn79$TpE~T8VpzV~OM7Sz^lXYRZ7Olc>JrD<
zC<BSIVj&}A^FG&0=Gne3DE?vK5<)@~jh7Fx!=6uoq&1QwQE!`u2OYqZhrH!T+-83^
zK9TbEjjo>8yJTLwzm9YCEH+Kt!nBAw-4ZQ8e4vx(Jv^2rqokx{ZvoeGLB3?a=AhlW
ziq@v;cF@Ut_GX!O7dbXP5mn=~6?LZGvK-fP4QD-ZNt#i<UJgGW);;RFTjiQY9537y
z>&>2aop+RoSckV{pZ#t5a^^~LdnP(_=jL&J?03=b6Mc3Pdsg_gFNk&Xf_uR8S&BD)
z@)d55(6ubT)9%^Vz&{eImxF$lxBY2{9k&ol?ENHU<L7hG%?kj>&pGYdW?S%_SMl=P
z6M(7yIjC}*yVeYR3}%?NsowDfRFuxu<!=g@az-0ePFfWZp`wIg&7Ac3-)oamGNAQ}
zu3n^56sM&;N(SzG$~Waxk9manue!`Dt@MuP&a&)84o9B)(oQt)aPR7HB+7#C=XN-r
z104QrR5x97{u8jabC8P_hcz$s=SMbZUx4_Z>yM9YObnjwQiwg*9~jxFVNKhaQAeGZ
z*ZyYntyH+3a9(W!Z+~$<U&Ld`SL;7vQ$a%oKTlW87JHGJ$#6UZY<_(ZhHtp33bwPN
zbOysn0X;h^)E=OTBKQUJ8`)`sP;qu~nG9Q7lEWyt^pGM7nvFUEHWj)Y=dxwl{C#Q?
zZI0i1T(W(=R+NDn__?iKH^!F01U2W2HDt}iJVz*ctI2WheJh+j6g{2*HQ2TMq4)+-
zlK>V$otoe8o1cudTziR2p!GR`n5V0M2rx%J0i^03mCqFJCqZ}1o2D88txPI2Iz!cM
zWGJyz`^`C5Jo4q6tT(7+-b;XLjMa!%P2JhP04Ug2Xf2!#ZKQE*xqWHqE%(CkU8m)W
z%G|s*9d+2WnLq_+<w2X;Oc7Ru?ksw%)vP0-5C@_z>{5@|H=)-0<6vLzH_mfZrn1qk
z;6O?Kf1-1%7>E0=fktX3dg%^40OFMrkb<p`1VXk7np1KqhM)l10hsRSRlTa4?s(!H
zwtgKjbo)T&YWn4)*1sG*drwfwb}ix|JDKAHY~rCsxD-hr_C;bx+}a-UR%!(F*5_=X
zxB;RQlELcBt^Wd;PU|Hob$>51U$xp18g-IfT_@xe#U;t~K?;4wsLx7T|LoR6;T7<z
z`a6YVF9(SFn<C;qAKF3@cxr)^m1%QdAIOt_Pn-E&GDY~0qcNw<vvhC^0xBYH$?m?K
zIXZ3pnr{NGSUE;zgbPJOK*gSMT{VMMqlW1C4|EN`@nx;Re{+#F6|W>W9>T$xl%pG3
zp;x!FnhZrLg?(JB-z$G*7v&6X2zO~(y79@$guWKbMG}FUq9bMKD`Hf%@;UCrAbG_O
z`=hphjZ#dOC+R4^fxK#zZO?M#Z)t!AInN!1DVd4_!$Mg)dF%TA@^b$VfAsA9=3Lw-
ztFm$C+j$#Ux77<;(a3*>b9HkL^0$q?{yH2vz>J7v#V~I;TWwl*LVSB^adHhB>vs1^
zDW@QcXwq9;ao=(y!b7cj>k^7H@!4TS>x0e#3sV#cA;e8V2vxtzD)>t5kDvK}rp`j`
za3zjwYch}a+Yelr<NGcP_`THo`r?~POiH~^h<0aB{3nQSKUj;9ZMCcKc)iC_<zi%;
zH`YU`q!_v6=OFj(<<S_|Rpou$-80kz)Zbo;p``MROXeBnD2jbW6qjPTC^@I2*7~Q}
zBKo1?KmYz8)oED&)&1Y&e+(8ug|~xHlX|zN+dQX~BWZz%{b{!tEy!r}P&a69*_*7+
z5vsw$pN3D}Y)>b-<w&f1_xvTt(U~B~TR)e6<|Y>kib$OmvYdBP-+Sx*vW~T6rhc7o
z!jK@zUT?q}tUK`yzbN*&SC;x}m7=jePa@@$d-ThrQV<t=jr9*@hqF+|3Fp@%(_R>J
z^Wn~J&Y8>-V#RrVfAzTE<T$#mLRqyKcWaLst*&pOPY{GL9Eob-_TNwwd<V@@O|(np
zn`y*i2<=$|Z=Y~oLDmvW5r1l#k^+9Xy5Wmx(N{@-2-EWX4)j;5i*?8iR}%ycvEy+o
z_E=A%h3Fa<RV9xwy*O$VZy46s(ivGJs?7OP>H&J5qK|C){VAyv@uCHaQl<s|t8@#M
zGI708tSV821Y~P9n1u+cClgjfN<B6+UgcAQy)$?XQJ|EJwj7qv8aRSW%v0X}oN<`9
zezOFEuVn@b5Qn`MBUeWpZx(_eY}wM!hqW!i-=7C|KI@`nW*%VgqG^9FuA85at;M$*
ztyI7jizU7mk84d0d&E3A{i*q<O0YRkabWfETNzrFkMRjhDpp0gyhcyMwCy7>)<)6L
z$$;2PKLRXB$*8{xmVyN+$KV5Q1@ti)7RN)d&@P;iUj<n%2gqYdw~v_)VbtRlAU0E`
zN@bCW_+bpqv7+x_O(e~-?;PyItoHyHH&tChC9Di6ki<=>Pzo#jv^o8;X5Klp82rw#
z3O32qqAd1D+@i8SM}?Kma-VcfJWfE^X$t{j8pmo{g&DrC5w#y8cc#QUG-3^rzs;&v
zc~rkbZKfjjN3$|{13e38g<046aT-M6RMRd%``s1}ge0V?tHgtqes6r1Gx*K91+q0n
z5|a`)A6jrHC>qJH$k+aL+uBNH?n&9e@z<BHw&%qQ_-GurBkDxcl_xg%^|CNuz5UsL
zmjpHdNArpzY$mUB%_m^74seD^m8wlQ;W+o<cbXlUn$ESlocU35Mzz1>g(z1<x!hg<
zF#TM>Mys|DI{dI8a3QQrv5m20A#3LMQw6?>CqaN7T9ip%<s2&i^3ByPU2ZSaMp1h#
zztl@3*J0R?Xqo*(T5K<~jXFsLFO$r<pXGvx!M6Kuv|BKE#BCF_$|Lj4O)50IRueMd
zWtgXMncEYVZi!z$(i?p=y&iaFB72~dMwh?93F=ZN(x=$&^CIT5ILPON$m(QR;D=6l
zj;D_%n@A=Q3o*3*teVKnM{0;KZFkoRx2ya$8PRQ8ewhD5=r2`wp==jjW8kUgg%c5@
ze2U2lKh)zp9HCtjwB=qgqYve`V%KIps+`F%DVlu$hGJ?OVE@sx^+gtZzRvh#wP;CD
zB35}JT#fLZ^Jr&jwD6B<+W6E^H?r4rC)HQ)4_}}xDjQtXL^HqNa9%pIh^?09EE+b+
z20KYu;qNlq(SIWHXU{{YvG_%WXy&|BNx+lB(-{_150)%0m+dB?a|nd=F&A<Ohc%>%
zQu1TDWbqW%V9rK6kLwuSKRR%VrCEy=bn6pr;Z9JloBMTHIWo(2SoDR5Z((b;>dyX)
zr=C4ad*txR-(sZ-L21Wy36yCRASv3;8$!HUZ*^%McX#J7-Ff5@%Ty?>vQBI)<}3)e
zFK2fr7?1*8UW*AM{)vkZk@z7x{*WBarTq3|ur+Ns7w9bZ?DFxXNEULg<SFI1n_Ic@
zyH}yp%Z`bts9mz|Sbx*v6MGRzZeBxi%*TWZ!xJ1uaUu7QkQ>hY*AXwpgwbpS$<A8F
z>AoUIc;#<SFe%e~yHi;2-8l1sB+N3;E~!95@+F1qO?QQ)58+xQ6S*4$E@@G_`I7ei
zfh|1^#BCh+gwbs)9$OwN(x{JbOj4}V9HE8ZC4+Mserv^+hFN~{KG}sqi;mW;<x9f8
zj+yH$ke)Ri$J2n)ULGMpV>xw@>Xqt}mK#85+DNWmwl|^8RhWbXO@vwaTQ%Kzj`gD2
z9RtjUMz=V5Tpm6jfu6NrH05=1{^ReP`NB<}tL>yDl!=zSKJv$0>IN>6g>F^&t4A4y
z%^~*AEgkvMJN%<QE#UI{MH?$ce2%hkrT!xkuvty6gy+S5R6ZMG!xx6pFtN<%qcO3R
zJn~96UkwX=boI0a$k$I4bIB6|(%68CHQOBUS%Dgv4S@5=jqJ9KMAIN?oWjI~LgeBg
z+l=|{;HqHQyH*=Ur4H{;S|`~a(smOS8l6sLv<uVtYFR|ja_ysmua?u<=(oU?@2Kmg
zXZY0~$G^~gG5pu6{ReU=|0&-I*_!7YqcKAm%xRtdU5VKS{YKDDcvFR?E#5@N0XF#c
zvo9~}hr2MY?(Yu^nRhrxGDoOV<mG8C$J*XhR~w7$ZBwH?*+^k;R?RnuPKRy`lUnI?
zCaENWnV@uxwrQ?E>9)eNVWnLx#+XQXR<`<6zY}-HZd(fSu@*c;&V^*1awE)}NfOw7
z9;*EqanMZ{UzR1#O1}J#pX-ORO+M2h5jbSlUgJ!LFpn5#g&1pkSc<wTG47Mms&1dU
z3>Re-n|fOeh!Z1<);d#%n#Vel_x)w6&Kich*`fvkpA1w_Y*F#ZJuGRmnAbZT=`G#|
zTse@Z1GVpW<{r@#>}sM9ThK!$60g~Fr)9VNk<(}C<D%#lqFCrJGfB{oG>oY|Y9=E0
zZB#tqdu2dHXbot^>FJI1&ls?#^{L#atshYJ*BIR=bhR#zvB1<H&gY9G<ge@vi86jQ
z>j%lzlo|_s^lqlxVys0vNq6tR+tF*dn`v=GQ~>goPxRVg@_$cd!aiv6>&tS)eo&|P
zi~a;0eWdG-Mk%SM#Nj(hp#R!;TIr176=tjDW#eqFg2`{wZeM-hS1DD}?5aq`cm2L+
z=uFw=zDs}NNotc5jU&;eTh7B;=}Mkv%)Q;s9;Q;MS7{p@U&jFLaQ+?Ij3Lg-Wli4z
zf5yk>Iyd5CT?3n_?C;f>tKXx8+v?xE@G>qXYkbVb_HC~sx~?4ygNB({+ty3b)?ZWT
zXZIVj7?X^VWB?^M3r{e5n+-un!b%`-eY7<@tTXL%o@V}=pMb&;tnmr}F=nQIY#o}p
z=mkmp<GAPS=ifjVf}zq)c)l*01}g9B8KMer9HFCeL-+)|4EQN}2_&j<B>k%y8@3`!
z3v8NrKd3YDOXzrC2hjU=&(1B+N5uJ?|56xX+cG9-v|=0kuKo?`R&Lk)-u-V<MhYDx
z2bOsoPe3DGH`SLSm0faT49qwJFkWas8KU*H{9JRcbH17mAmP^>g{Sk?T8PR+><1|6
zWixff2wZ7&Vre7!TZTgW&Hf<C@1Mfq6ci&ZL<lY_wy%cwJ5wz1aVoW!kB(LwjW{30
zdwAL-gaC8|gYI?Eq9#)IdfY9CBb-%DO!HO8yvZD%-<-eP(Gk~=5HuQd>mn4yG06Kb
zU%Zii`i_z9>b?cFNSgjObRI`6D5%?i%9}ZFCu02r^nru-tk)w3t1X5qp%bcdE&AYv
zQ0NCMoWDm`KbwslrK!`{-89IFt8z$Rhxo=$ioU@^D~++2%KI+FM7^)UK8wq?TG23z
z^)}l)m`4S&p5gKH)3|W%K5m|>hesr4@<-9M)15G<z3UgVX54Wk612GS6S~-3_WVV$
zK(w$;`YlE~#}^AvelF-KFYxi-qf0FKA?*@p*qI2$jS955Oxd{M{gzruT+^ebja*vC
z@`cOri=wgLq&0K0t&~s4Coo<p7m%IN98x|({RjuW9;g0}7Nbt`)abqNc~v5ss8&U~
zTQvQg`>kmq6&KA3x_^wce4wUv(dkf)T9Zb0K~zH?xV$~r(Cp}^<qGB{{%IC|8f3ZY
z!aqm2INa{$!1iy;IzzVIaBFHv6#3OuvVn`ehEm7px!v1Y2-gPm>C>+1@NePvk?ZbJ
z$6|9VX4V-9&B2D)c0(cWWbmn@+Gh2*V@eQJ-1o23xiylHL*0q9`U?opHs>V#SG@^3
zyd<&sIWibQkaOp*f~ZgY-FsF|o8GTQ$CH65S1BMOCR3TLJ|(hYI%>AudM8C7FeT7v
zq!;%hd{34>;aq##>6uyd>ja$mYYcUVodO=Vp+6&*r!RE63O>iRpC8)%YM_r{IGopy
zmObez@b<J&ecriAK4N(?yD&{g0V$THx8G@5iD}UlgLZ7_?M+|Gx)5Aqi$wG6m4;H(
zm0>->{ckLQ6pXa_wy=BOb-yE7K5C8Y3||6%hx$(Vac7}xja69l(AqXtdrqVWckj^e
zBea8V|My2I{wW*WChZIIw)EXTmJD>%=P@Gfv)PcrGiOXZ3Fv5A$qcvmFR!iNVTsf|
zyL@!P8FyB5INR;CwaB*qaZqqZu85wqM&Mv;?)2Cx2Wmm6Pc;pX=X3B=u3E2kKV0F9
zi)D&?UWtWZD84ej#O+f~PjWDQa0Z=WbOv28aTZ<h+XwPH6jk+qk^kvI{XfnB8WHr+
z{a^IM3`nzUUB>H_76u4vPYb^`?#ln{UZu|+-e#gEz9oUzo4Y~xI)95)er!&|^&8;%
zf*PW}SUO1Kspm>;d3&42CA%n)U(MF(s&y%^h|hNQ1YY0Hw5_}oT*L$4Uf3V4KFD7s
z2`I%l4ZBIFRT|{*^gzF#AE}@K4sgwL9WnZ&=1VhD(YW^%Q(-lAw+gT$r9BOYyQYk9
zsfJ+`ow|^!`b6pdO55FMT&Rv2w-pu@y*)6o5*xbYH5H6NJgDk1qDR7k_teURv+M3L
z^({l(Xz}UwlWrS}Giu2;wVZH^=H9i;B?_pcsH<yb36-Dyqw2ZS@|i<$7{mJP_7HYT
z2IB@!SlEp#6vaLsJVW1GIM^kMk7W^KPDa}8iw2ew?V<*KAqG!QA&*u1PS3cwJF(0t
z0l!q?*6#w{fx?NU=RaNtX*khO=ir5IaA~hbvRFiIsSb0@3BY&XENL{XTKK3&wuKh7
z<DJbr3MJ{5OnRt~#=JS<4$Lw6Ou3~^GvP<x(7-R@q7@8mg${%(q4?l{cTyNQVni$P
zjg;=O@8QfP2JepW$4*bE10!6tFwI>2gCcg)`M)biQ`TB(6aOZZ`Pz_LHK5VT^JZog
z8&-lrH9dS15PHhq;l-^I3I0aH=_qymhy4VLzGvi35)s&AXGnm^U3-JfQO1g?88g}O
zS>}LAjFZc5vqEh!FeQcWkf7X(W0y|i6`~~oir~1zF+zjbnu<_3JI(J$O<QT>G!d7W
z7`7IVZ+}nx&Lw|s)Olsl<#lLN^K6S4+u6>h?8@|g*m-YRA>PqMZ4pj_)#q_05a4*3
zFtbTw-#fv>=e_5-RK<FQv<t0MMVnTQf+Z83W{nVW#|yAuWWDa`z-IeX!6N75Cwy-;
zo!#G?qCgwjkj;MLECe=T_f_wFJ<u9R#)jh@y)N{iH%4OX`eaL4_Q-+tgn?Lv5@n>>
z*<?O}2ZN`PK(E`HV=CD21w$4GS(AHYuvtok!3aHet~K?V&rZse^DG152R%+-Q_Rhv
zCDEIEkuyFildf$V`Qf~orsQdlDG&fn^>CW+jf(0f&6Vetf7aQ^7L6<<GEqjR)}kEr
zC)R;E)mYIdV2P>eh|N55f;($bD0iZHFY(nXd$-iG#+Au_k?}@}BTMgm$yvVKJ}*QE
zIO=kg_^T5_1K_;M0TDE1%6l)<Bef`+k-6XLLxiG4x}>@IgB5=Zdc4Nf#C*AWF%BD$
z&ZLQD5V!Zp-iYe>skEv~l_U|Y#!%T13-1D&(MMCscolSW+MB~N3rDB;lsQ4yu3<`k
z(TQ2I(nlXFrZ%w5KRw+XiKt9{?`}RHZtvtqU0&6mUj_DYWtD`!T@*_78z9#P3Aua4
zSU^!9>A?3=2&4yXy5<S=>G_!-*hzQfnm7a;HQ5KGpc;;jS6xxN4g~vUx-!q_-F>By
z@p_B;uxL0guQWIx&k(H-&1Ws<GOcxvR1C49Z4#8eKF&f?P2fl%8VKo$3c$EU&K#Qd
zBl=Ep4%WK-8k&SPpd5%)y$ys3Su&ts>!Db3hULZpGEu}uG4c^n&A-g>oV|#j4K>m!
zmMApe?W35{woT|>Ag%;F9|`5MFd;6<KKgBR%+z^g@LDx-UYfZEd|iRhT$P&<0&eHC
z@Ic!37a>(&;7>JKIx>T}OsvxSvyfn=k3ET>J$PdEdCfms_d#_B$4vCXN`!?uw^%~Q
zi|fvAywH9k(_oeNatMpKm(+9w30s~S@Y2(@Te8r-3B#;a2*M1W75&GWbtFe=Ja)GT
z=@~rx6+fg2jJQijiqp!J_@i}hPYO<5cO*$PP6ufy@TK*nxGQI)$#8BtX?_r!`NXeg
zoIjHInhJNi&H+mTp}vzW+bdrqts9PY0NJ!HH(@y&hN%_^#p&o0D<c4~6CzIjJn&37
zXl{NyRC6TY^EcuOmbc8Bp_GsDhFPRdqe;gSSrlc`6S(-Yc{BCH6nlE0bs4y;gjcV`
z1gz~<hq+{~l9s2Xk*YV`x=!oFg`;LhSWVHB$;JY-)*WxqEJ#CVu6}e5XF+>pY3*wh
zrMYo5)k;#%hwDh4Hxsqr1dT_>X2BW-)Hm%|ZsWqV@4YG~9DY)6l4Xa9u%fKF4qRYP
z4nDq9G`4j1klR;a+Z0pOG1Z9u9-HuSRc16sVxl79oB^57MAH=OE<Zs{-LCz+U^`*R
zvK!_xwp-kIxf^x0cck94QaqNq=l*=u>iBdKdGe_$UskoomX&cZId<8ip<rrO3y*r)
z;-0}rD35EQ<-FlD_IBtJ<%2shf{L<{XEP`I1%ao`y_=E_qdGHWRR!95oqO!_yRrGH
zTK$%m{Si&cOirqi+gavu^5F%mpH^V8jP+-CwV9gj4Xdy<8H+rs39ceSr&DB=Y~Bo6
z%E%dK76TV^7RRb~h`PGCjeS;DwN0`%4benzN|8xH!Hk0rL*BZy9>n}|S~sO2796(U
zGp|<zQ=!PyyI4m5fDoC0ag{ieQ4~7o`kY`YD06rc-{1e{Ewilo97PTYz2h+AANR==
zh*<A`5AO{Zp|xfAY{LUI)`DAXyEboo<MS0ntVRu>fDb6JgD)5jFhmCcfH3~QNEm)7
zI^ZV?2EqCKe|rA^le$WX-A2bj{RBHsK;uvFOq~Zg$G!ldF%dkI<w5fTjULb#4^Fd$
z{zYA6aD~?IP4UjV16-*?SrjHVere$XSTm8;9>QsTVby)f=&gF$&~sMUNffk+%@rS@
zD~jkk#8W2k_en=Ov$tOyz_v-FasdZ5=9QbQUgMpkX$n4xyCmV<E!jxt>GJ*pI~Q$>
zzRaguT-Fp%u17jr$N-*@Q0~9gf1z;>*9nqw?`F23KW+LB89_0hIB7Z77)evk42Z+b
z=Q}xPn6L#x6;3q(Q5^4l02h%UYZ{U$y2A~geaM27m%~X@Dg`L3$8Kc9ZNg<4Soxt0
zrmit^qm7^@tm50xdQ?Qmm8JT2nC<l1V!W-kJ3gNvJ=h9~x;c^vC8tS7oqg=I;GG+P
zbR_3PZRDCZ-ZaMa&j#&z)`|~l79VXcjZ#=vres_7Q?6N+q)PRfGgN3Yg2>LJ1Bz;@
z=aR|3qwbU}Eh?QG!VNnZx>>Saci5;|o3Wr#+lyYh2;8O@!l|~Pn4MEdzQ`!7fgoh<
zFcqj8dUkCZ^*D<qhmE?S*Dh93r3Qu%X#NStjT%5oMhy}V#1Arw(EE=Bb1c^daC~EO
z7xKIL76>K@lJMa0KFPh7XW9yupg51)6TM9>1P)t8b!PKvTuKW$psu?lxTfPb90bD`
zdw<S9<&$Dd)i^U$VawW~QjA#~t*qg}HCncDo;q{5O#t^xhUofTna8r-T@)jocCDvT
zmiM5Qk<Sd$hQpArO2GD<LNnY@@E9z<i{9O+1vuJZ#7A?yISaEKx4IH+)TsQ37~jhn
zNM2(CK@bpU;_K+Z4rUs_MKEZLM6OPtv1T1ONS7_>5-L2%G%c3{$vM{mUkk^L)(D)M
zP<lJud_=gFE@)O-@D#Xg#U)#(23nmZJ7qY&x9s_d+6pz7raGT$MOj|8sEXPceFH<_
zYgRQ&5Cq5Ekv{qzCUwr*M4Dlusok=TaOU>zz4dUBFlBvA3Td<n+RY4FE72%yf_P*!
zkZrE2FK=XI#vWp#sq=J|vyE(x;XnY_Z!ho?hCF%?)9NlMZeW$&*Mh)gp94_CHcsE%
zBDd{5gc@UKDZJj%LiDzeuIu-%?HxU@hHhOrYawA@_yIS&pj#f1CCotd)`fhe&(bmY
zlAGqif7FggxO(E)&{}29D{u9@FN6TC3pvP~!7%$YGJvieLg9>#5W_ca1U4pY>+NXz
z5#?#QNK57$jt?1tgAA1C|J%L)U-AP2Wh{Vy2Ld-Uz`ujWLo-T~t@nC}NdmxPIA{H>
z^X&-dA<ZKIs40ebzl9{MK1=ID*aQ_~)H}zu&b49&yCedo&;X&{dWhAAZ6B5Mw@-F4
zrugPJ?@L`=nnJfM0RFas7EhqxQcow*+Wmc(byDRBvQm<ESBk`Wd?bLKDikcLS^gyx
z1(2o%szyRusz&bAkd8I|kCZwQsLC{;YVUOQE&~O5kuvunmlgvk+0q&m?)(p=ngYo6
z+R*-cUXr|O%4W7OX?U1(RtDQn*b)lca^(bW-<VZfJ2MFo>3EYZ$d3z-d-pwjRW53&
z3UwDL(z_AC&sW_rBYD_%EyS<KGBOC9b5Gh6aun_!wYz<oKm+{LZtpwGYK04Z`lgv8
zAHsxYfyW4xa)!FG{Qz$1$#pn9u#0;4Wc}lGc+?f?@cRjq-zcb=@ks@IuQ}#+Cuhb)
zn#)TYFqTY~GI6}#VTtVv_l`ws<a=hA&lx4LCqBvY796BWi3=sSjdCA&03hil8|D)&
z8_Ctl0jp-n&yS;i_7pbjidzC7&`xP)mBY8Qn~suKF_6((3u;qh3Q18};iO}T99Ib^
zis7jwQKIgCmFh-n6{@1G#+xBzmG*AOi-%<okyPP^)1INq3B5CVEd_FX4JyZNRDeIQ
z(-hnuMz5-5ZFJO@(jH*E{{hybHgch08jUA~(m^<TKH4If(5nt!d<+28u-RT20#gEC
z0rre+)V<Q-`6i^*m;f7NGIy^O_?G#noF^zEaedoZg;}e?i3>0*X*8Z*uL$-)UCEmQ
zQ~n$OgIWi88v@*|_TFvaXPuHpEi?k$<z{}Xr5uZ;fI|70anv&xE%;43EA)oWJ@$nQ
z$00jUJf5+sm`F=LG)p2($v&Rx#ASU(<rSb8J0cWni35v^O??oSLYkq4J7#gwk$rCb
zgJcK8z$AxzKX$dtlK?-Ev<ht2<qfJw<#AyzQXgoJ`tDcZWjej~Yrh^eI0fHwR=9!2
z7MM>$QG7Xcff>68sQn(AHqS?SyvnWJx>w~<P^Pp46k{mN)dNsTZ!mXFVH&Mg3*7IT
z4p*B#dK!y1D=XB$?0<&>GIpk?Wp|^ul4a^<wQV@3!)c5J!aWaBuxFP`(7M6cSQdN!
zwHv^9hPa_c8%cpub?;lx<9?n6o=e@>79Au?`AUG#@5WA1s3_LZe?K?)L-#)~5B?GD
ze;y(HOUnOUe86WvyieFmgqjqoHeR4Mc0Os-%P)qye!ugXD)jN-uV_key+vWlj@M~S
zB5V59G$O(W)fuMGg~(7AkH>6y@A~!cA-?(Uv+WYvN)yt=YVJ$gV-$Qf1<Htcp_EgW
zBhx<USkdWd&r5VJdh|nO%8rm?X4OkqZ>!F&CT<DVMGiRl3rs=8QHL^*KsFtS87TLJ
z>+=eE26Es7Zz-N2ns!)fb<_e-o(~&<k^E{5fNmkk#9_+da7WAaN<LaA)Gv_FD)l#=
z(H!}|-h{*LDH#Cl7Q>|TWb`?bSRR_T;n7fv@banO?3|&Sd!EA5X|(Yj{59Ok#wh#l
zg`GSTe#!|M%W2#S*B)r1Pnw9QJrzyX%0J0;=jQ+!mh`ki!3cmZKSFt6V`r9JJh59~
zVSOwbxp6ZZ+iwP5kDioSrxj8do#B?dMS=4g-NC9c;eJ<i)>t7kbBoLMYjE<n<z0fk
zA{_jUW|a(wR^ykAfEEK>fa?-m-oAE2NjgQgY<BtX6XZ1d&f1~=a`NH%0dIYFd06)P
z5S=g4U~Wv?wW`WNphza9hPo)g=&a~d(O`cduB5x-Gq;1pRSwyFY!i9CibsIPvrJ*V
z_Z9{AUtrC0qr&s8j?Mm?UJl+v*ZznY8M0l*^bC{~?}j2YRr4*g-Se%YOgFL<>ZQ3>
z4NNLhxuZl9J3L)mloBV-FB75dy|{~G99Iwv_LQa4hv4U>X{q}Fprn1Ir0f1)uUZxt
z26EATN$Rx0s#VVbvz_*Ja297Wv_<YK89hdXI~ib6ehsWghj8otqyYF#G9yUrm5$6!
zl+@xuQ7H*ssEDvxwA+A!^3TBfc=gPb(s-=MJTO{Q*!hbd{g)9(KREA0X!sZO5>@;^
zjQk<|cK-wG{Rf<aDn1|?{~OhdD$a5v)?|Q1jyxyXORP+fY9nNCO@>C1ZmDulQQ_;f
zJ-;Lx%F$<uiz0A*+}>Zc!?VM}#9yGu!Yxgps-}Y6Yrt%vX1=8fC$1FQqA-I~6CAx&
z_T9hGp#R5`sAoSYz5)O8!+#b34L?4)y)07Qd5My1l2wyQfDZa%6??vgWqsFRe{9TN
zV>{>R$&7f;rq7K?ee{s`?nvbF6M!x~!Xn~hmL7wZ2ECtb()}&Dyk)fT{)IMq@Y&nM
zFm%@<cs3**TU4F>iu*z>yYh8mvC>Ds^T6Di^=Okr-DdtX^CM5;+fK?l#0~*~H44h;
za3YKoa^YHAEBlVJ-ZUZBJ3J^(I_p(_gb_u@uHmpqHm7ryd1d~v;%QO28&mzxK;64=
zNj~A{C}#OP-u#{Yn_>Aodo>%<V=-OZCEimga_jKN;jX;c=@Pofn`SBlw7$CiF*@fn
z*-*VJWk+=(hAHh^yCog>^yL1&_La11mDlv%S>KNQ%r<<)^jox40zJMl;d@fLtx7ul
zU|R_U7Kh{=ZI%^DHO;s0e>kUI*AkE1#)JP<#v1Ave(R|p{ZK?F8>nkDY+IdaXQoy%
zC`6ARyf1;cgr7R<k3?FvnPMt6?d0a0iB>Q4XiTV}PjW=5$ck_F6+Jn7y`quxg>oBA
zs0vc0!(RvhuZMX~y)>uEJbu#^Ya#DYikBZ~@-8$CW_zk#RH>D&X69f|ulkNB<!cM9
zQbwkPGhdOe88`H7oS$Yb@4)o6y@&CM16t@?97qLqOQgtl5b=pC1hJ^&m+KhSAZL#t
z7X%rq{Ik?|u*<f6z0F8kV_mc&-J3rqTCG3n<2b&E$wJI~&78$5s@`)_hmOMogg$59
zrj8QPe=HfvKrQw(bf7VPw6MnbPjQ@<6t*#MAUW2H*Zr?L5|!<pnWb(x7(_FxvtKDS
z0>_HA<R%2<a-+KTPcJ?E#ST*<ueuoJCL73M)BCn;-Qp0T4CL}<W|Wu8^scUfo*-{e
zP5eofJE~_Bta3X}VjiJ)F}^N{D0R6$eX`Na)Z4c%nbNfT_WK!`YV;Q6*x>Qe&YsNn
zQ^+R4^WQuO<U)E)G0xIE7r1-(_94%9G9CW&ETp>m{aM@f-fiQBgbyJ~#xjVKGFA#7
zclvKX@lgAT2H&HdxIz8J(jP>LYL!7eM=@YK3`0@DC4TpJC4u)R@7_}O>87K0k9D>i
zg@k>|M$+Ry{~g!HdzuyuZf7s<`ibhT_hh8jn+2pZ;fACVO;_|J>$4O5wVsY#>@r~E
zLHyI9x6(Tm7EOR$z<=)lce|CTEBBvOebT^YSr0rYKBxx8w8BS(F!?<mvnT0f5wK5W
z!}!87-=I%qOS<gT=3<v40XxWG$g=wHeJa>!B`pX^La3*<psUsh`=akT@yVQ9<m_*V
z4P+(l*#)eKER*^!_K^4I<;HMzEMmu*hvKzQ?`uEd8-ekr^zY$Gx74b$DVuukC;1$v
zwE~G`*A%)f$-mUDdgCW-yoB6s&5qyS__=oN98^!OkyR9NwH)sCv5pb@c(^^enFOwQ
zzQ<h`#3&6qufB+ObC+p!xb!E%Lny(AH`218?BJapoAp1cCxv@V+)Z9lhG)081R+^m
zek#Rip0ms?`;HU?Co}!CZ+sKms%LAlys%n~1V0<L>{Eo88^WqMO!c-;(8yO8@65`Y
zst>ZiblOy32U+}GvpCrgH-*vi%v&k^EfbP)&S4c4WMv-$KVJO-{QH^kc8)a!`#ONn
zy&bcRVw;l$M1J?Hs<UxvZEK!;X6DV--OiTYHE#g@1pk?ce8J`K(@rMAP(d>a@6dDQ
z$LR6<B=Fx%(^-Bk5}g;apn*f!#?O)Y>)kk7gqZos!cSx^7WGVVOme4A^Wo*2c1=^8
zzh5i+-t&aqUF}8o=SBbh@U2t!rT>{(K~Qy8q<xDX1<__W)>1%el-I==HjfsiqBV?u
znSz&;z`6mqb)R4Qg6&W4Y#_VN@{eUEJueWP(|%Ds^KH2>c{SC>c+H4T!S*~}V%Cf-
z(lw6a{Y9DLx22b2Bx;}v(XwTh<&t_?yd;jIS6r)skDwCnhji>#M!zBUQ(Zd?XG+fG
z7L=bpGFEgbwWVe8T^LT5DF<`9l(l4zJZsifl=YdY8Y=SkM%gKo!>375fS*uDAnnZy
zNQXM-O`h_Kin3(T!QZ*TPO&&~EN{6>lWXSKhAH?>W36=GfFl=maT}eGc3D>6>ws@t
zoA#4g6Dv5!nfC-XXL#;mI>i|R@@e)=lRJWx;*5;AL<w$REBRz_Ud0uuyc1N?gxGu2
zhckrUb;Izfo-{AjY`joId<!(yzzQ;0qhUYqbnCV53jc~zuIXk!<DX8t{RU4lR?Yrz
z@Bli_RNs#t<buB)uhe7NLF<*l#6p3QZ_pl0P*wH1;;@0SoMq^a*30+C6RxHH?v8$=
zGD$uO>dMe>Gzp%@I`uHeAF15tG30@eFnFXjdzj!wkc!_@|LLZ3sTiQBjVi3HYeqco
zkN-kGf?{oe{gdIq)^Dw+mJ#h4E)M4Nl5YMGLa$$<2Q!o%@60~RWg<tXF`JW>=Z7^m
zlV9!))5eo3M>5f)Fh-?aN_`>m6Q4f=3#fVY0uZ($`ZT}ZP}rTu&12EL>JGli8Xac{
z_nmrnY(@03$0}~h@#O9B$uOatxntbav)7OvlSp26@GNV^?ugZ0^M~!FMwY_O$@I%#
zOME;V-ILp6!iSncb3NOC0zxi7r-YenmTDYnFbzbNrEW&1pA0Dk#bG54x@S(4jq2y+
zF+7Nx4fUy7RP(WHgm{^*){LFS+U}cP>&f@$#a^EYfEUw>XX=yDy~xtqnIY{WRGyKn
zp7uivO;IAz=?yDH$-8|L{4M=cL}uV<Cf25WwPeu{nwP}NRZ<z(gqOpl?JYakRv9)n
zen3l1=(sp>LQUP<c7qM=0hY-swT-9#7WPZ6hFNzFPGKUHOzC2@^e*G8{Cjq($!Yqt
z^W$DNVZZgI5YfqYJC$yu{q|JMWj4=qg~z!EmHj-)inp<GtMDL`LQky=v_CNsc|DPx
zHOE&8{ILIB0R*XCyNEXXm}Irby2+fw={xa(X7WWXLnS1c#P-nUu&?bri%4rf;P^gT
zKmC`hIeXuzaR?K|iCu%wTMykid4I2@wWiQ_!CLqgY*DXn$w{)>+jp$y*bw~nYu8oS
zbXOX)Wy1Zb>)0la8+^*!VZ~y?5%!!6fguFd%(RZKUez-fO0T4ve<BTd$vOGWvYD7E
zLBGwVf$xUjxwvSXZ~1x)SbXLiqwA*&y?X`XI{I?;o*m~`ohu<`EE5rS$?ZVsWD%yB
zaQ@4W)p&J2bsK<JA3&7ei<O-siXTiE2}8y41G2&~REB%T+Vlf{spfLft_?~J^=Kp%
zketNji_(*QZ~edk+<qivK(*;t@HnvEPG*O^xAgOyl|AjN7eO+A7sUu9NpaTDUQt@S
zdhKx*jfZFUM<rHNZ$k|$Xs1O?xm0D~^|Yfu4PRi47Pq6C+^ecqulAtFBx8-F2k-e_
zX6fLhbYQAbtU<E0fwW?i_&!6qkFEU_-=6xqytH!;;*9S#B_9@h=YK~&(*|>V=9u$s
zDUw)ai<vuXEK9Dv=&@(UHJ1jv*Ow@jCsJ=Qf69*z1^-ec)Nybp>4u}g#%CBZE^$*v
z7TZ&wLd9W^g6Z|t3C@PeO+#jCP+x4UwIcIn4kTWsS2iAI9x2}4i==*+Dr)ZAsVn5D
zsQ19GJKHPH25{hEzGbuf^%XiqSM>z(Z2tUqJ|lW;THM<_olfxE04uSovBNJ|yDVSp
z23W!6$bYO;XEmtov;K_c#ut!kIsyYM@)$hV)P7R;MOU~Uc>Xp+YUm3C9wCRJ*X-7|
z40?w(SkC%Y_Zf1UW*!p}QL(-x)Ux|6t`>o3fbZKFsh&kdY@*mwlrG;cR``bYH~tE4
z0i^hxcPQSA+05K@LD6)1e$uc34QndBGkWjE58NI5-Z95F!{WH9FQ2NC^AH-neO*@V
z6xq|+w4WLkO+w6>`N&I4!@bbhz9VqcI9y+c5zzHADF^^~_4DEX1qhBx`i$#OGyof_
zIt^gBDCxZh0fSk#{1<*<6hst8h{03zSMb0_62EmPVUyzx`X^_wDx1@M2<~g=#xsEJ
z6Ne$|fZtu%?<Ouuid_qze}fp{z`FjB4uw1!0$(`beX_STk$K^?Rm;Pm#rAgAoDYj|
zB8sz}ZrV4jis%dICh9k$Q{0q<M3t48u{aXTLah}RO*Aw{I3BTF>p<#~;n^_g&39Y=
zYBi3Q1QKC%`3*@nUFi$u)i(<ynOktuJgD`gF08$_Z-eRSSGI0+wQdZV1o+HmJvHlK
z$Nh`H_UPQB+WgJOH}T|;DST&M+a}_ZnT}H$YjYa4vb<8R@2CroC)1bs@W}0NvUX~W
znf$cV=U&0D_{Bom7<uzziNU>ANx84sZ1x+j85F5V@`gqkGsz@cJc+oHGDu#!uN{7<
zoZS5z4ZLw!UuFX^ht%B8pYD_<O7}SuJRYEO+irfmYhjc8x5B+cQjvG4Sv#FVNzn1p
zb=%3A>fz}#!$QMfPd;N&G@R_1aE8@~VUp+J^n5q5Q2*@xYlB^p?H3H6gp84eC*}vb
zo`@yh<Di0%Qde0ST4)HX&<kEk9lM!80I|mLWB*O;Q8}TQZ9_9cqwek<z~SMN7Ckk$
z#dC`5@tsZ<gEJN666f<OEv~q!q6>lX58f#(72V*?vR43^b8vl%)yct{<<X>r<5Fz!
z3u}RJC4-=jwx=4al|Rf_BaASKAyI9)YI=0Rs=kX}<HE#fA75-WVVoY^H9bB>89QC>
zMAVlEPO0PIq+m~N$0w&j=d^YOud|Dj4j}<*-#G95gDUXA`(*dUCAQ2;XBjbAMd#M|
zPOA`w=C#o8pSMGZO*~B!2T*U+T+dx%jwppNbM>Q16%yV1y@jzr#m^?<3nJLx3)-rK
zd#BZn5rmIuKgElF&oyb$<drWka!s5ebpN`Bp`-a2=bZ_Oro6k=Z^o$Ps(0B=B@)Jm
zv;=qzDIdv%Rbzj7>-XdULLLVuVa%^nYx4Wz+w^nre4ltajz5Oe0EjtNAhsqrI0|}6
zu}EBQ(bC>hinOe0b-?^tZ2Yq+{0YKQ$qD0BbE?v$l!g0$m2uutO(@L*kJwP!RZyD9
z6_nlyAVs;BAV>{eDONC{NrwQzLc2;6BE1Qb&<PSkuTp|Qgis~)9!Ll!1_%*&@xJeU
z?|tX}IkU5S&d%B0IcMiL)2L+T=F7XV(fEh=ZE35!J{J^);(IB^9Y;=d{pB5#bl4Cf
z(q$V%`4eVs*5b!GT9Oq_TIJeMyrUtn#qKkDj^mT$A#%t3U5fu?c+g3teR;1qiVZ2s
z_*=Tu%CukggYP2hN<u_@YPFxlw|N`R*t)TI1L^i$9c;C4yLn%|i}g5#jK}*ETkp!B
zS{OQt1^V&CC5f_U_}qTPne;B0t>VJiwYJ`gTD$7k5;g05`#&gB-*~o{5wUS4!?tPx
zAA=BLq7QF@q_+U|xs0&*RCBH1Ja0`i4Kuk)u&p1}W!h|i*8gi<`S_)ZH)-|CpYCd$
z22MCxaj3vW>&9B2qK}}XvD|e<MQx-?J1*W*wGoP0<=Qz8xd-OYugY*$m}?f_6QC2}
zj>Vc%CvIN;DGw1KVtIm$({6-xbR^gn?g}l9E0eb$`x2}5@DuHvE1O)hPd;AUz~}RI
zmp@#@IX5p5v6ZX(%X<T-pf9+?#>@J;A|CG;JELXROfYuxb-qmZ8Och=ILO4!s*;}m
z1U~il_8M1_@us0>?zcI~=LVE*Z)R~ig<GQIxw*|0a2WNF?Y{~uulc6mWBoolbVJ?{
zc>09Py4FX-Bl??_F{&10L%_P>8qL~b{Odt??Y%|~@p>mUDkb--v3%%KYTZjAu{>ol
zgee@)WixZ>-q0eeg!%N(@|L3Q4_g;@>E<(+>I79u>&o(^<5^2*+MH8x(#U{e!Obl5
zaFlk2TMg&qz8Yp#1$Bax@z)LIbFjMO`n@?uEdjKc<jD@i8l<jHoQJ)}@7A@cfe)E0
zsXSElQ#_>YW34f+3>=wORnX2)ym&!$I#m%6Tx`PM<DQWw{UQG3l5hIu#=Vn;)ju_D
zq}%v^+AYVs3kLpenEfU?MJZsytKS{rocbZ-qs%bs(QNkQ^Xi4mN|ZqOerd|I?+a%T
z#M{!OC}lV+3>)E`cg4y>QtF$mO@bEG=N4Y}qm9vx)(bv8DjC&mpUg7i78Ty0&t=U(
z$tt&y3>D#WYYP|R*9c$(-VD}g>L#R=DWH<3WeDON0uvMy4o!}S4yyQYpBj#E)at9y
z-Km{USUE9MT`FQLyn9yfW(^%PHFxJ0fpy~9kvjUe*CM(MaH>s%B}tJ*chqDu<-!nG
zrWu)nMs4RoVH@C9qg(DM)I(@;NYA2RC<;=Plk6juYAC=^R+2=VR)@Xy+JsZ&4}e*q
zxxSGY-UsRFf!QwvQ^}f{FeDnY(O#6CpZ+}=d}nNI&Gw43c`q@D+W*ng<B}9vS;w86
z#C<mZCn*)KmT(O>%@yM*+<P|vLO_W!-4Rw2`g(sa#1@ck(rJEuL_0zl)}|9iyo2}f
z4e!&NE#;D&L^S5bEnzh-x&jib()uq=>{DvfiAi@pe4iuFB|5Htdhz}gk3*m#qjWGo
zlT!A)q?+rLA$`)fFb`popMZ&{Yz<Pm-L*V~DQ%VD{FDYJtm5vBD%bTJ7<ibuRl92o
z1edKABs_gJ>5}|<4mK^9bIgct*kEhM3UpDZnbSDTU!1X;#};Vo7lX**p`@wvi%Q|=
zEE}fPb7#Jct_obv|JI-deq^xmjlDFv)V0JuCkmQpak790GJg}XGaj+${ULH|d3M;q
zNT!92v5O{rdXJLQHV+MeFLj;Q%jh&wK6dmZ%*hdT=F3yN2f~_S^7nfzZ<j%H`%#Y;
zZncl<q^VyS2aAfFyq)7B6FuK2eh&w0RPL6=Iw&_oP}MsR6I!2HRYqMXCoX4q4}qhh
zKQGEt<_pdi%&nYE)2WZw0)Hkb^*h|?rg()q`2#WJy(+bv@hb9&mLWG0ka>d0pbDlv
zdfecQ<9bKNyiRwgkK-6AyP#yA76DZGF<dFSmDZO@vC~><<Qc;F56ap?hLcq6cR(C5
zp@$ke4u~<$fCK-R&3mZn40D?nG-Z;fe7io*r(MNl(SvF%yb@})g7Idb%SaBAHor9W
zF?28t>viIfm9FnclTWV1JUcjCl2}&XefrL)MHN8R9%<3$eDN(Qo;q3M!O?qtx5c@-
zEFWqg*oZ$EgJcE3gmAE+^z~-Hxd3_p72B~5Dki6XDN8q+PvGFZVh{5Pa#O=GYB_Q_
zKGT%Jvt(cR^<|wHkf!J<$}jYj*{0#Jmta$}|1$Lkux0#Zg4ogJn9z>;qZBlw!G1X)
zb@23z@2kO*7H5+uk)T5nfprVvUJPCg^gcvd;K1@oMd~?ad3!^aU)p?;!$6>m%6p(q
zms?#6PWWviXt3Z;(&ZIiPqF()z9#5!RP=V=B|W8FpQUJy=~&}Il8(5L#%c_fJs(3w
z#cD({49v$`?sGSPqA5F)rIp?`HGD((Jua>E@H1=TNxf)3mO(4z_oA#_J_>$Ox%g+?
zi2;t==c8>;NG2a=k!2>RO}6qiYU*k>yAI9K@=58n2M1zK6|w)xbNqjR<6of1|4Hfo
z#z6iN4{a)91@8?#j8g(k+9B1u0->%PybIVi(PE0?tK5x#t)ts^jm{Zhsa`L)>m2}3
z*VwiA;i%=w<$dh|V{|_;x-WgF?$6zZtLx(L+}?KVYn&elSP(M+x^^N@;sgL5r358^
zzo|xd$W(<9(=qbJ8)0%#pF(rUxB{nNMGIL88?P`-*B*X!ZmKc7ui2Z>W#y+BFMnDP
z;88*tEt{w|ZV;Zx`_c)?v#W+pfBrKX#)p9(%<tTYc2_t~K|yG4kJKjk7ECe%j7RUU
zs3WE$uqfqcy!BY#misFPZv(!^z!0FJ#jg7krONmp_kHArWAR2vS|Y68X$_%Qww#A@
ze2!Q7b`SQ7RcKm97%@d~H#;OB7Ib2*$eF+Dx)|<T<hAN?P|DelP;YpjkQIeOw48ey
zc-K=wAG8!RYWP%}Y54<H)couZv=99HJ{eJ<XGb8-E=%V~+9bxYwc^$48(=h=7J9w0
z&mfjLi7%l=vwQM`wV+D)rFyv%gmYr4htJB>g=D9+xB5P5`3$M1iHF7f8wJMcL_Ob(
z57`YgT615!%mt?0khh7Gxur{vgB||70u(r=47VFu^CdvOgMT+Xs!F_Ck=RzF?>2qW
z@3V_vNpcaVI;r*HseOdLXIfRrpoF31s#8r_aN_1wx&nO%8k$oL^-KKr-hRS5$gm%7
zYNaJ9A_1=)p^5on!zZe}jp^!8U!#=O3?*Zjf{=)2538L@?E4{W@yqr#AU~-yv-L2+
zTGMGYbrLfJYBocqRhI2n7pb4IZrC@GSxo!25hbR9e_`lHO9i@|g{8)yDq;6?t6{J!
zzN6mM*8$fmc#RFyH4AltLI;-g-^?IjceF63&=ou-_ttJ#3~K4q*NI(CZ|Lrq95N7+
zA*#k|DPgR8=-ZZXTW{m0ktDKpi4@0~dPo4?7W84i!l-)mdB8xv{+s6&2#D_}47+84
zlz{mHtrDfef&jHOdfF@dT22WV8dF?2i4PnjRkTPU-$C|{qKgSCf9suoMqe9JIPPm8
z9_0{4BTne5)#H8?rfMr5Kf0D8M<0L~36(t?EL8AHudkxO$F-V9>Gd5~$01n%&TbJ_
z3M(L%s&Z%@+w~x^mp)L){e@pJEn3zhH)hA?n+`%x6|ON%_LEE#@G7#FGYRgG(vwA}
zY(_uEx(N;5urMAZ?F^IrpCboVosgAxS5=KIcIxM#a#)biuunTLVA2{{jXn@?gM>_-
z#!E0~Wi|GmpdIRX&gbu_kh`WDTtq`03|~KPQoQ|$@uTX&k^@OkB*CVEr%v?qE~&nW
zTE?|aikco7w0m!8!zd*P7)uyR!>6fMD;$psdV)4wj)s|A)Iw2x7G^XpG@_x4g?fG`
zrrxY$G=5RtSw-rvdVovlIJ}_=4Ycxg0b`^-RR}ad6=|@FGgn3Cx0EF^JXDQ`jK0!$
zAh}HzzdUseXz-A`y82-ZWm1-D<TFly#%N)o0(SW2A78#CL<u-`tpP_mQ16H`J@zs4
zL`q<?6OKQ%$|LKim{oC&(7lWf@ik;X@t1oP%HLicDSxTZN{vh_eQrKXjAm<HSKF_F
zEtVhc`Hx$h6B?J8;A69|9FPxyU7POy|034@_raSzGDIE&%m#N;@IaS45EjygzOu7B
zSjgq>z{;SbbBou@fI`G#;rqXZ^7>$C6*)cm78@Xh@F}!3(o-}xGEZh=QUJk$1L~TJ
zc1pbZC2~aEBrG{FOEu6Q%Y2I>>sz~lz~!o0@l7mUwvchIJ990YydxLt9#QAf2b;Le
z(LX~zq-@*g?6yPkeRcF;*Y8_+wO=@`kQ24O>bgCBI0Q}ako`bLH!fPUjOLftLXFSi
z(4wnt(BT^~y@`07w69~o;g1!t@(SFO$V@R=@tJR0F~N~>p};XQnpdE1{JT1e@3X^A
zB^@#z*VX9%v)^3}o!Vs|m(Q@JkqwyaE`9ytTU+T$V`E?a@W!Dx-{75EQbk{k^_R6|
zUlJ|Y!&U#P%wsS+lye%$zlfSS4;XYcNT?h0+2H6Dyb>%gz;PU~d1G<iEEf!TePoa1
z`nQ8wh>#En$#OdjcKaWo@SgzmTl?Q3<~L2qy50X7mRRQhX#dS3!ui7qDWLC9j=feK
zB$b5<T9VfGm}n{+U@|dpeNFhlq$znAbqug~k@%$~-Lt?A$aw+KszF$qvku!YjlaVM
z*i`#CuIol<DFbKFxdF4TBn-t_DCsHSwc@<!7^wxI#_pd$mbSgf>gfnD0GZq^zy0{_
Fe*s%TA6WnZ

literal 17789
zcmaHT1ymc|^Jt)@g;I*PK%r2eIE3O3#ob+kI|Ygax8lX!3baUYf?Lp*;!bdPNGNW_
zU;6#zy?4(0zjLz5%$?btxwH4q+?~0bFRIEiIL}@`0{{Rxa<Y=@0Kj7y0DvBd`3Tig
z?y;7S`gv?ErX&UcRL5c8nqr`EG*@*QaR79L9DzbUsw!$q$$U~|Vc|r5NJ%MB-_$gW
zWMpqyS-G&WU!bEu;@}cuWMnfkvXhh3(AT%35mhB3BGJ+^5fhW==l{S60L;&?P%!gy
ze~gy-aoy81@F9ChtbCOM0I02PIy^j!jEwvCEguZ_Qc%^GX+E;^G!H<@edMODtO3x<
z`t_*hI{@$&ASWrN={f&<X+L(M{1wKkJkKglL#Wv8>Qm$9hbSQ*K{@N|Qokvh?jl6S
zdEJIdFlR{_(7}-IiU$pF3vOQ{008o^0f2D~K;SMqK$7^sXao@O7wv43PIKuYDRTaT
zwyGkPrqMBX>Zdb0Jx@{rZt4MivUR&F6`#o2Et-Q&iu&ZV%<JAuS;T_?pPbzi9=u#w
z8!APIfqBhwl-@Zlob+j#K3_)kL(856bfnVqgt^t{GxY59y^uv#){6z%=Z*7>@=AqS
zobuT+F>ovLhF6hx>a~kgE+fZKO}$L(sGh>)lb<+-mVhQ8O#20c3@-AxxVbJ*bzyFD
z)F?xoz`-|t)a&_0jnd`ry8a-nLbY-^?>Bm2S-$<e%fLd84wJ)X&L3GhugS#IAI;MW
zauTtbiSk3-=gFM7My^a@-b`_&3focBE-v-7E^c0i)_^7sSj1_mi>5Qbmi}<_3*~$c
zrf_vSh1R5ze7zTaeVWbqBmNW*(LgL9;TKMzO9Vg4V1|OGi>{?|dCbmkwmG=+IT*{E
zl41E#`faSfTykJ{I`Yf20a_g;1Uy9T=it5=#e37ofeQI$&KCvz&TcWa$jAhVQr}qU
zFZ}wIkq=SF<kO?O^L$f$u-km3x=Y&fke}j2XN~4x)e2JAu}nDXxAnba8r*ZRP9E2|
z79NMN>%>A+$|?+9?WzmiwLv`ne|m~U^Y*gX=Mh=&%}h}W5`!|u8Jo)?XF!kEYuy$N
zKh@E#)$nP#eye1YK_(eqyXGaIhQwwwdtdFA$~{;bC@S#_O(YP|!~&yh8xz%${)6x_
z=ojz;ivV+E1D<Qdg{j9)5y5F%4xT4s1Ax&`xzU~>JNFT#0Y1G%0j1hZi{lcF<?PF<
zES*|^iY?PfpX4Ns=7oMe%2D?x#QyiM0niwz4qTq`F)`rQ^4}xzgBx1sgNmCiAP^fw
z0P?=pr9=Z9xkSwnOQz|VJ_0l;dd_`i_tj5CZukQLhBmnOQ{!91ud~nrP0EWK_S?~v
zqFqgkjsqx~Z0N?8)(k~f1{wfpZn$WC+R!g5nI`Ur_Md?t0X3FRt7h{Go%ZE2=i+qw
zeKk3~euxVgKS%Cz5Z)nMU;%zg)3-<H2)&=A%!d*TU!_hp$WDs)0qx4VOZF);{VpIk
z(l*|`=;|y<X@5>ET60ie*TRi`GbKC6DtRy4VB+@h+z%N;o3F4##ubGQHD*6@ha4>f
zdJE!C9XV*|yQk%OQTc=F3Tk@vp^2^7$j!-LO3*xpf*-6`7Zd$#p>?%6Uo*cZ$Zz1x
z==;W252jAn&aUqcG;h@xY3nQ09+wanMgxq4Q%0fj1KYc5uZ%(DAjgJ$jDW{4V@YE1
z=^T3a2m<7OH;wZgN*FYL@WHO@X5W>yH0YVlT5vphS@GO}I%c4MTVvzhp6zkSF8Uww
zaoTV6uhQaA%%E{V8p=OO9}ikN)kheQct@1<gS(2IcN})wU?<f?E=(nj17NLfjXzl*
zgv?S*!yAA_*~PN%=XI4&^RQPHQb6@b$*kke>vzb~!HjWxAIX_j@e+%?7zujobt42z
z=(ND5>e@&SLu2iCj#}k?_Z*%Pl}xSbBL!pcfm`doERP6aU?q*byPV71-XR#n9(zU?
zH6a)-7hjR_$M8Y&G*wGnUv}%!h3c|#C?D@8OdKtaZb;~lnp$KRYRLmr<Q0VMC8scs
zLizfkx3bWv{3wRW4~F2E$|VUel*ynClOyBZajwPc;m$j&rDX~0Fa_oH-9*j&T^;4B
z{qmNApU=pSG56%w$D~71b}@79=_=_Jy;jJNvIYwm87|0XNH8q%rQ|K{4P2JmGnP!=
zx6WvtIBQ!AS$`CI^U;EJOR_~1BouwSO2z+4M?l|&^FADZwahXt=Non&)KJOklHFa{
zoy>-eeRjABuP<iGA=O}nuLHW+-)0M0m@UH7TC}P^Xq7l2Viyn@#--S{>KZL7S|IuC
zIVlvrd*p$21gY8Eu(k(A19!f(QjOB)&_S{?V-iD+2FuACEijl^Q@vBMEGLChaR(Sq
zT4^w*_~l=)DCZ=68=aMV<;B?D_ROi`(UBJDnlpN3_;UDGSNp*xo2J~z$LWmx!f)+P
zIA!FV?9}xEu8|=_4|oeRx*NgoNMQ}LFIj1|4lPFyd=PWH+g6Cc_gFw%9hI4>Ub}+<
zR!?@l_kG}dw7*{fR^^cmS2NPY;WN&X*nm$Np1%*a#<$KJDgl7BIj4gyN~*zEF)B@u
z1F^4&X=mcbA@sN?E`(*f5&#hJ2IWxSqT(_h2mn9@B$QM55BfJ+{RjQuF5@363O%CF
zAKWMfbQ%+bkR7+hRB^?R0!80|G8@PcE275Cyn>;7n1BEQSS)4!UinXdtw?@*^XTcf
zt$@{vJO#qzR1wOX;u<UaJZj4dDR;C^GO4seKby*4W&J_ZWta34>tRdkrTJ>zU{rMB
zjReX-q#f+3y1qbC=vCTQY86gDCg{uCZl(UHe;n8t38a<}jc|?JiTN7Ky^^os=%$9y
z6qHgVMOz)tD<itkGqkT^of?W!<nYPz%CVszU>s^%zyKV+0twNUx6Sa_^@BlinTHSg
zeLpNcd-@0m`lz<6+OYx44nJpIsiBq9@*t}?<?Dj!8aoFCu40t&m+}VfG<-_JEBLR~
zb#mBp#vv9zi!XjOcjLrFVF3<_K%6D|3{#noJATmHrWwe-*SGc&b+_TBRKO9>I3&$s
zYYCihc^lr=GVVw?gU%qtDNZ2cLf)Nh@d=2Ybs5l`&^cmUWa|{fo^vqzqUV=$i)?M$
z_s3yxdAn32DS057VIW4m7Ki1X?(f*0krU^>Ty4sfVhY}cU8mLOB8`L53o+&L0A~3#
zj*Y|jnP-3OT&@e0r%K5?x-d-~5Z74y!q%~XPY#HIoxOF`J)cPh0^WiE?=@i00Yj$!
zZlqf1o#e@SKoDev-uX#jr3)QPDzs|Bkr!|TUT9%rNdjsd@U;AV)HyTvwE}xE8g}Mh
z<bVd?9ODg_k_HvJef<d~e;^NJHubBYQh*G`6>aDrX1k&3q(G}Ci}yys3;1k-Zfz<$
z_0<983&sW5Z$Smv00cD%AWMuu|9gCZ$r1x5q+tIX@xTd;K(_?o-vdw(<%af`9d)3f
z|6rZn6I-&xf&B3LSxasd;Kc&gi$R!KIWFl;tv*u&5Odx%D)hOmDF99l#iv=_u;vOT
z4IRll$+I#_3_B8m`SO5tF;%N(H%KVp{ZmM)A~B#G`>z^+K-6^je*=Ft!~mca|1SVc
z20B&L=HQ_>Ny3)DrA`qY+7}dIz&vZm1ky(H4~5D|JJ%5t^6y%`zO**0=ktombNa1M
z?bW$XL!?sO(R4*X`kPjl0$MIJAB~I>CA6Pw*`=lCg11iTCmPJO95Z<^hHSOD0;S*(
zNSXP^U)~O_mp!_qW@$NvdX;TyEz1r)7|Pd8*votH?`7&=XQyK{M{4rWSTdlR(AkeL
zBW3x77QVhH5p9>M-ns0o20HAWtU0%dNk&jC=p67$F>PFZ#ylmnup$#ya`Ns4m68Vt
z-s4VazQo;CsEmDW6E1L(SF|s+^O0$0M6iJbjpZx!`<`}r5)TgubXjd{_HAOSV9w2H
zVYa?n#UTDGj~_4wrrrxX-qUDGETuTPphloq*}#$u-1xsu&@w70W%uaS#4PbG$go%M
z<+UpyO82sWGrumj)1khng1oWqvnG$LOkkR^({GW56<a`uXY*fYWr@Rys`7Tt`F=s;
zwt+8fYipDdump$9!SK&p!;(d~!{1%HbjJayifN3XH+!v?=``9iC7QOr+-LCe0yi96
zGIn>Rk0-_U<i0Tojtwz<-gDKOGVIO?#6YhD*e`%YKtq1Uoky4qCXu<nUx?kXP>AvM
zVD%bG){w0<c<%Ob##7dgN<c+#6p*Tv#$hFZX_kov=ghW-*SsH&RZ+%8{@L<gRQV>t
zKpfZ&heWfrj{9e-4fyQG2(S*;dWne`Y87F4U7ZrYy6PZhHHZQL<DqQtrB4H*08myC
zQ%I-4lTV-BFjB&lzrnVAteTuRdK_9=)1f{d*nrdYJ=KzLg;Af-(&2a1h=Hw%hev_@
zi=$J}IQYwxZyOX8XeLi?!kg#MondYi%fcf2XeKXIZpdG{Zo6%Xr7eqQIsx8?FZ8yl
z=<$2N7WePE;A>wW1(Is6P*9w{GUq#elHW3g8(?oRyS_Znwi0FRKg<%aNPjQiow2eX
zOiZ+6NZ&oWT=eJn<>1KK9n-7ZQk7O~=db`)%8q`BHX?2r8MX2~jg2?FDEO<n^-OO*
zbb%d&0T}vGA~gXyC{mlrIP!b!&#BGIkF1GxLrc#!#D?rORql;)mJ}0r7Vr7yLq$hI
z+|VBGbeoTR7n`MIK$ivBooQiui2)<o1kxY?G&BjSv|nmrlie8g_f(Vv_+tng@ZIW?
zZ>Yw%CIzE4rJCwE&d{aU-#S|x69<;XH@rNR(zl#97%j%`JdbY48SHKc0(5FS22;9^
zt+UloEVgN)cg3!T#DROqCrKkHHg2A1Ka{L0kU}g>2!Z}dD<5iWJY#IV&Om(hwcb9r
zwjg$=(Br~zr=%gPl<ZH;EM!FKTP5Zu#ie2Q<4(nkn;Q&ZS+3J*mHh(%;OgnCxDaLC
z@xuI`t!EN?2VX(CP?Z~l#$QvFDg9p|8{AcBt7V4JFPu9nY19UQZEl%n|4g9efgT)S
z#o0T(URl80iw&^KRnlbvF#$S-lJ$WgKo!Sde~BJARlv+}Dpzg-NR!t&nmR~gTE|!w
zM@$G7iI$Y=b_0NkP?Iu~6YY%$ztJi4S&UV6#P#oXls8??%m2rxqW$$py-y9I<ED$g
zG@^{1iE=IElnM#QYLd);S@a-)b|$cSA%)*0yijYve(Ayt;uOO{M^cf3^3~dDK(?i~
z0>WqPj_+{V%(4rWxWveqsRx)RFi<h(89&JKHFygA(K3RaN4;0~=KVCwG}$;xM(M=M
z(srktc8{7EkVcWsc{Re^SSDK<WJzd#X^2wGgf$=7247lr_X<hr(U*AbIi)18OLiIy
zRi9TDx`6@89fQ?&aHLZjh|S@@=#<Rih5dZU34Nm!)Ns&MgN4O-Hrsk96fPC8>#!+h
zD*NoTZLeYim=)79WA~m>L*u`^rYE1lFlj@`i%k>-?_yUvBv?H&AR<qEW-^T6h+Hv!
z{0RfGUcd{0x=cd81t6}M4ox~TW>A{zPi%Q?U!BA`u|4sEbzBb(a=tuCtBFK2d<T-(
zN+}bu)_FY59ynN_pr_O9CaPQt|J`y^)_Y8&#AQ!{icl}bNqgcbmpXiehHJyn3|T<7
zS7*ohHy&|tp_^SaLoN{DU-9N&(GdOL(FO7U0scnJ89kDbwr8tZ2zjUcHl7u>J9LL^
z*J%w@fc47)?!$lW@orFXvrgPEF%KVajVeekw`Pp5G!EJvwt0j2PB->2UjmJ_S*M~D
zaL@|&^4&-ixL%G|rlmV0SHc)sv3gZv3!b~oIME7q^du*yrXJ3xEN@X>j8v4k7>57E
z6?CWGQI|9H9t(E5dJsKf;UD92!+~>lSr*1lhgIz}xG=1i(WZSFSE|grk2f?=|HRe<
zOzIyy2g1m;GU(Y-!kpc3MdNA>*mi{F@_ItY_MTRzP*HCLCkj1zJVG<&>&TDo)Z})d
z{Afd*meOY9nP){cO_j?l4-mzhgV=d#qOeDXOMGSTkvL3mnGa&N($%>1hiy1WVfT0-
zPKZ#_=$BRZzJ0p{zVY8*GB^&~9?_rWZ;At>8cf@5%64<>rDHO#t<BDs9abt&0Y=Jl
z<T~CHP&K&5gy7ZvW`7SJg#z>^(Xe}lVi;6ZEUgHu&W`cr>(a^0X60C2^%q>)j4}en
zTAKbWlP-el`o*c51GM}puZv|P|19c{lxY27m!qe))3=rMA7iuxHWg4Ib@8})TXR`y
zCAFSU)R~+Y6Yi8HMC935QRehp?0VyZN@14UhU%%B<LYi(t?`6Ua#s6Se+YyUu(4#t
zW$|xeKuiYco8CoXx}qi9#mXjn_3-o6Wh83~imUQ+^rh&b>BNULQc&x874N#BHQ2vf
z^ZL~??(a#Ll)ESFmZI(=_426*t?FL0$>Se@mr^?G*q=y=*s}n1?_WGAw_+txkpA-2
zIFy6!X|lJ64+5W2rG-W+Lxys9Ccn;vNGb8;nQ}$*8V4&b*qvg%uyAn95@qORnKWf5
z#A8B6uk=yhd<8orec%iM8p|@}L3LL;Yhs#%;OD%|%S=#z1XcFaM_&YBb$)0dtmsUN
zxG@zb7y(dhGLT`-oZmjjO_ro;etc`nK6K7w)Dk2AuR$n5rj#yr`ZrVhw8rnXaEs`^
ztknSO!+2A+Dat-3CW~voP|7x<_topJ&(azG?$8>i2O{P_Vn*|1c-4Z_m60n038A`D
z?sN9eDa1V;2>oc8_V=p9pxDT!{-Qj8Y~@I)6<R6fJS`+G3o`?_lbBy$7bo=zb$S2t
z=J>m?UoM|jYbdCtenwnKmr$Q?;`Ia?uSLc(B)&7EuC^n1UZ7O~YrV0Wbd<79QUd=S
zBp%}s>~%^%Ib__{vr7W6I9_<0r|HM{ifwuD+Iw5)kUear<7$=BJ&FU~o6~`CJq;gk
zy{FFfzD5dSxgge}^aHu;12k}K6omlDsc_JO!>uhCO8J1f8P+a)X2e(uIz0gM+r8EF
z+3~{>pzs*_?anK7fD7tH?wC@vQtlL8yvg-i{Iug%3-y$m?83#Q>=kx7(6aQ?8>sw^
zbUl;)_tf*3AoLsPqI2hVf^TTK1diO_&0BEzVZz)m`5BIHx~}e~0?ZFbAMPADGM<AT
z@IZ7)D6?^7DAGxw?05YjnZ}!;SQt01lV^`=L;*9o_Ln==C^}qp#@U|~cHt#B4L7=|
zNox~Xtq0wgje*~cSa4*BNOn0N7zaW9W`7E0qL^iDL~tKo?w)AqZvXg)?7Fx(+A!Gl
z#p@qAI`+OXK+#L#+^0@|g+GwGA*?Q{MH`m<h+#kZ!d76efD6PC{mPotuXM%22M(C;
z3Vm;qh{UAdYnZq%|Gl>;ylY%xZ+|ZB#o|tc%_ZGChRb!_Ki%w}nHy!#&2KRr*~7l6
zKL|ym`qbEIcT0+0ImTVQBG0mS#M{t+1#*j#BoR2<sN~&A-S{|KG1nn{BVOv&yvWD4
zXYWqs)r5P=D-#RlQ1zs$r=<7(szq5K(DCltizKQ4%xN6-A=G$$ON~{1Efl^oM|jOU
z{<4^E5^{%G%V`r@YJ>%TGoSG8<@6j+y~=T<Ih(O{ok>iO>r|yTk2jR)vYlP}@ENkH
zhw<ezZ$56@hzV_FZnaA-fkm$?x;|pCq%gWB`<LXZ<v68oh7IqFEIS<V89kddM@G9A
z*B<2tSB%p*1ibz!R3aB(==%!xj`taGNADZC=!HygSJ02Q;LH47@i+nc`9J;ycNFe1
zR7bISB0oih+;q6UD-8JYmm03((Gw=MoWw1=Q5%%Bjl+3!X)zqamY@8fld}iK&x;Db
zHNHgfof~>0|2&GaLCGC)QA_DBX$iU{G0s<@oT0d#Q<^be$v$HHt^mj#f<o$=)K?Sq
z=gjruA{!&2({#r3MC!^4%=IjFZ|SD!7CXFGi$q$W^B?NmiFmnvfzfm}Q%Td)FZ#i@
z@Q6uz5zvHHr`K2s?i<6&;qVvR6Kt|z2hSDGUEN)<4>PWLTK`!EC+Hr)k6xd3{d~+|
z=H+5yo#&0>3~eX&3klXQDoZ^0#)!VRGFwXHT35L~?_xXQiIDS((bsu_&@dZ0`aSn(
zB1-j;(Rbecd4j!mKjhRERG!Hrs=t^t>HqlPn4+*HyymN4tGV>>nncM|3YlrIAhl_t
zS8CPS2ZNi#hqO5|6<0pCC|8vw+23M--st)1+#C~*Ytf=f{+<b$S7T2t?Yt=V8IT(1
zc4i!y2}Njr63WFkQlcUP)AY2MxcwCWPM(!l5Uld_#c|{;ksGD-vq%B;I@=$`O$$w<
z+YYdC8k?tMxhx^W6Z%AsIPS{2*wVwDd_E_689GkTL5pig_llv>O>bePO2U~xf<~~r
zlW$?bKn1&vm_0P?DF#LufIJ~d5H>~wAataqKo+`T>n^>0bsyPD$d@lk=rI%ORB(P*
zp&&E$N0-leS4{4QYd-eXTJO8vDqK&t*qiG|An0h-nw{hiyO%kT1K~$DC8XX~H{I+R
z?Rxm>o^&&N-T1Z8oq43dEe`x#XG|)~8t^XMr3KiOS8H{~(zq8yyFM6-b+C)vk@I}?
zQ+4mN1kvb#H9TlMUzO--goCw7_8lddsRD`DdqfBe?897mRTm<}PSXDHZjcZ*;(}95
zFQu^uXvR(7eO7F4@8~o7v4fWm-gpC)LG`*e(}<Xe4=E^dqar~(P>o*sP8qu+wNCkQ
zX5t82F33I!(<xMtJUho2z@Zs%WMLZ)iA0}BFw$rEGfAx@+>vYlTBd-lb>j2)3T**P
z+q|o&-N)(P{D!QKKd$UkBn~Zg$7M+h)}eXR8Ri?_xwT$(fg^&oD6c{3W8Jt!S1C1)
z9sf&umC9r{2penjGN7-vq0=$5@WHX2&w3d43)5CX4$j|D75MNP#I@26f!=WDKCDvr
ztmr1rd*nqeLf|j43yE#x8o?M6;gt?TC*%mB*qNuD`nJEwKw|i?5!<^Ss#h0E;lX0x
zA=k|kPtSQ6szD%UQ?Th{Be66y*-r%Jd@(lQln6KIIYE#oGu`ec{yEp<SOwl^+vOXq
z98{YfX*xFzu%K}RJFio=L-O&J)bA9OPn+_;ckExbv9g2j)Xw=1kYsJG<5PoOai#mt
z-T4Qen|k2ta3GDaeiJNJvob<xLkF3=@n;U~^H}h8lfj$cNXCZ{y=~Y?jvO%+<&bHm
zllSS$O66dN^RB<jt3SXe54*T%R1LX?Ta=P?A->{Zgj8sUPvcWXoQ2+-ZgZyjhoruc
z_|YQh^xY4=;{a#srK!(HM8Z^*@t5kvhe|4#UO#={r(ZsV#9RAPj~$asi(`5{KD;FF
z*+9(r-g8rJR(|ul%Teig@`frzDC|-*jW#5{_b3NR9TJcGWJ(G%7lug{g2M1hqwvJR
z_~MwTHY!cx|J_y${M&}2{008Q?duKpGr0I8c!Ve37d&;oUvU(i<@Q-rM!c_AbLIrO
zX8Ysfly4(6rl<vzic%e9stc>6AevO}+HxU94xfZyJ#6(_o@XRitR3P|spLcNnZa{|
zn~p`WA)%o)_oICc;|^Dmq4wM-b&VqiHwtPFd)3^=S}?6U%l-65v#<A^YDOVK`LK_?
zxZ8vI!WONIv7uw3P7gB%SLZ6M4wurFh>yY*7iO5tb_fsj-HfJBhx6&%A7A_1zFmpJ
zac%ZLW@3Xy#TRMLfMGj&F*tXtBXCd;iR=d0eNxH%GU}kFra;UngUZl~6fQD+$uOmo
zb`?|n`fY{@5G-47pYUEe`^97twP<7Pvx6Gn(@EO0Z4Qp7S|kBrOfPY8KUW(cHzoNb
zL?)&n%aveH*vg~5d-_ig-<PtpS+VNKF3*+M<PON5y&MOJVDn|c=53|ulAHPO>=haK
zoZBH4_G-ixKU-srF5}*}kKo%2vDqs}J&&01v98;z=zHDW2t4y5Ua<)j5YiCrUC93+
z6OLy!2i4J>Y>%zZNm8;f*l*efyZaqpwMg{QtIuRA1aT#AqY8nNFoZW-bxd1DY1L(n
zTfI@mcjO5Jd;J*$*{jbAVOQ;MCFFA)Z?<=#%^0zAzDG9dQ3+MK2rgR|HL#eZb)0bz
zrnqYy_ht}<@h=hOG%?+%0vr4Q(|M^r*V4V~H(;rZ+#I4A(yw)?$pz(p^WoeT?s0nn
zR!Ch>;yTdhSK$F@h8pY8oMqmq;XLxu;4`J)wo0}V0*ysV4J3^O=9y-(3)LO@HBV}#
z3t!$HWM1}z-(2WtxjVq<W7@d6_a^+Y%_@n5)w-E`Ug=Z@Q%DBWG+b!OcsyoryfX7i
z!P&@%VP1VC?BSNK?Gdg_U#aj49=vG%RbTvq;|!mRdm*2K+yr81w(QDsBxa}-1eDgA
ziT8-ouYRJ}m?bZbxl~vKN#>r8Cw#Gb2Th6O!Zys$HLK3#pK6$in0D4R|L|J~A%qvK
zh!rXRhks9&yHr~2M<99($WHTJJh!aym6eZDi$L}lpl9#O8*ve}=@gft?(K-=Cs=U9
zsd_QcC$WTLqpxHo0!fU-P1H`#-OIT^@-KQzV`kPGSX2X<QboS!p{aQpsW3}{%bAxy
z6qTk{Ns{x;b*5f|qlCGnq-+S6-Ubs454Z{Kav^hr+%xS>#~5e&ZP>wvBp5-4F8q^_
zgJ)7jQ9>#zee{DcYL`-cM;q(g8Oo9JG954uvhcueubjj3Y0PGYrc^;D*f!OC+V_V+
zQEfff+S1}A|1LJTIqTJMBXq|<1lFouAuwMCo7VtIO}#9It=8XZrpe1;G_URELi3RN
z-E|~lTHh;ZWDxiTBP1ZO4v1{cGczY%B^it;^2rqk(1rYGFTfOnSo3o;nM*0Gf>3%&
zzFhxHDO7t3Yz4w{8B8ZJJ4sCd@2|Je=A%WLeHQ=DRKhm2^L|vK!mU4EZD}SWcRb@e
z7I(xd*aFmCYA@B$SO%M>*>eGtTTa1%E0Yk8U%Nfgq#FhBzBZfRd!=Fxr9e<Tth1zc
zK58b5@FWCzZ3WUHi=AF@EcorOaKqv=!8t#B;K)q#%t8SXRBpYX+WWm=bry2aAAhl5
zEOZz=OOv<)r%?Uv;aS-(FK_t)5~Ta6K|((L-GRFp4UP0D)SjE>)L&}SnUdRgzG`Xg
z<D|KEud|eKRrZs4RRufA=!49&%>X7DW8&wJ#6~E;Kx3=A+CMowrW!4US{_}}eq9^1
z^Jbn{e8s=I=Lt>Xo95DWH6}N0*H1HXRCxEh+3p7qcO*{lH3lJ)s`Yk|$K}8rJ}Iqj
zu8(7!R=&*CwzzCY>1X@Mb#HFPzRhOU>E+k2Ezx6!Awngv*Y-sUPRh4`wq8qboL8QY
zEELvn=>Mu`I0X;en%9w>%7dilzyIQ^uonk4BI91>>3@HdmuR$aST;RXdTu#CouxH?
zF<be=E?>Wce`Q|ZuuCxC+-8{chNM@I*9K8dp{?MscTl~=dT}Sndrd{dX8LYZZwjMU
zv5R<ndw5~F)r)^U$vkGw7AT%04I19Vj+NNhPMT>v@x~txXul1)q@&r)m^|+RskbO2
zDVJ$e@J`gGx_#h;;yJ3IkpBjrT-d*&&A%ehU&`O8^q;`<H!A&y`#)`eLzgNDMcF(p
z9wd42I8q}DiNDlNJ9oJ8*cSH@d5FS0fg*#NZ&%<aC1oM;9-1@eLl_?Hhtwgh-(W-L
zLy)-o?YOUaCq_u`<R<@k_i@{h_@`xq*S*KW&R7p`FsX30XUI;wm+v}Npbx^}IlP{Q
z+WHE9ZME4-LUxgYRJ;>nBr*+IuDyA4;F8^HGj^{DYN&-IYk<(lymnt>vH4DcZ^NlW
zZcAWUvY*<)h0k%?8!B8`+f6pW8Y_H)AMbA!YrtlUDwCEiRSxRg$~SfJ_e0qUxm*ic
zzusa?R41r6b$-J;2}dF=qol5v<qc7(#q&3cR*Fw$u3m5i7aOuM-fT$7rQ7e3T}puG
zMv@igp6pMA`L7&lTg-0G4;`h@nTlzG4E4k?uV}zOB-y+4I7Zk*yID3KW?Q~)H8`^b
z{=_B#uzjfhP*c?z^k@7=bQ6%c<P4(+C2WLD3|%FU)miW}HX|o7l;j-s=o{z2nt7>%
zoAbXmFWW+nbAZec?t_iR^Ob>=G#-ooJHoHoeX8~&?T*cpwvM!}`>usRz&FLTgx9g3
z95l3KWughpvDRkAWq(Y+s^<?=-60Zx--u!UwZrUYLo{prdc$QYHEMa=@KS#}E8L~R
z%YKW={%ij;4dOtR!a@1x8cYUEX>Q4%l)M<(hY{%-FH9HAm>7Fj&6`+BZiXOXulTOq
z%kK{#njUnajcyJOW0|L8EwuY^p`93W5J2QBRIQoE7@`Z;`dJ-L(tu}P%Gi<$r6v$(
zbO73S!yto-=hWII*Bd1Y3fVr*trW||(P=*#r%dmeLCd>_;X{)ctF8z;4Nayi+4>3s
zI8`;S@uizX3CJ%wG1lBxkZLIoOgcVIO1}{o3r5&h7EU873>}ah%~MXJ4zm+iH9HGX
z1Nm*;e>x+}FFC2U<4LY(X9)S_QZ7?3b1uW8@x_^9LAjZ75B9A|;QkM9w0`Psu3@&F
zF|doTL<}L<Vq4>gw?$`#vZ;cOXxZSrngwzvMjzk7kv@K4)51<i;bF4He`z#F>2SYv
zv*mQ#FW;$X`o=%CjiPWt#$OR-0-&`6S)RMO`@+Tbm-B}GdgevH#=E8Aro)S!Z<w3i
zwRn$@3?|M6jrqk-^Y8)w3a}@<_ZP%%Xn~c=#BAJ{s~GTet$njy^doxsIk$rJ0LJQQ
zp}p$eexLuBjo~4{EyC?whwYA=d>j2}2hROTn<0=GRVIx8r*itQn&tneSomMkJu7JQ
zc_((Ez4z|INogq{hZ^+t=8Bw=H@0<;I`9;}wc~f)Pr_)v-)^wy>4uh-1HAEr-Cwv*
zUsv)nYfS6YOw3z)dZG#G!3u8NV~8Ir41<~V%1sZ@k2Dbz%iVbET3PI+xF!R@3x5p*
z)>7^e&FjVPV<2EO8QKp~Rd0$hf;zbnAnc_b_JQ03_#s^&Kn|+%^hQ0gq*o2HsV*+y
zc&Xu#ZKKpu;vMUb<_UExF@Tx%m9XOM#Q(%s&sw-^t!V@K3^?qfY7m`CtRx1N>M;)e
zBxWnAsNpUuzml2a0Vm`+0X*_7EnyC6ZTPq}G1bu9Xb$R$HE0(YtRz7bT9}+7jxHV6
zmr>+iEQH=vLrs6v%M3MQ&~%tSJ~Bj{2)uIEmnUoAWLR$`*}kkU8#YK=2vR%#gYKE<
zhI5y!In@DEyPKRuR1#`BJw@Imebxn{d&1nB7i1wrvnp~9mt?({U%|$l4gTz|Xeh!R
zSw$ALA;5?Qv_I(e0|=;0`{$+|X(1*6N9oqGY2N^=RK^!iguf}LUAiwce_H#wl@N77
zUo=<-Mhkqpf4^B`4~o$+Z2Giz0#CcJHYgWm2YJuG+IbETk_17ml|lMY9ZP9|XNdDn
zp0d)6JPhE=1j_kWp}O-y0ajkW-(k-B=FyP=qQ<DeQsLJ)N{K`uvpqD=aOCDg3!qgR
zR{m`RKa!mN$>1W!D))qC7)1Vs&r2*l7ExjVTeS(7_eTT=oG%dwU`v9I4=lclRyHH@
z@5fw~ny{oT;wVvw5DbR_T4iD7ld4khC>$hEh&(J-HCDaLnS2V4IxPX14{dIqY$y?8
z$LzE(u;+qR5J{cmU`wMkf!_a?vOgsAX95_}{!@jB2O6!Cb`louO*T%=ri~xF0**+)
z%{f=GANEhdOIPdw&xkgb?L{}7>zX0JQG{i^bw}v$_x#v^xc6PeDSN~dkh{l#xT9bZ
zVbH!k+A4lm+Eof_vzgp~OXdF;fU5KVzo*e^06Qr249&CJ&DOe{JJuVGj~Dbno>!+%
z33a7hVNh@DC~e=Mdiu!>R(HEGC~2X7xO9DRp$)8McEZ_5|6~Wd-Qu|0ht7C4I9)ot
z6pU;g1;J7V2P|_GZ~8LvJ8co_1o<RWsS%~DL<{QUI0km5(F3+xr6K+|3(u|gMN;Bp
zb6H7cDBJ+_h0J}~7ngB90&Y#l&5#NBdArqbncd#_9k+dEnI0gZNEyT);ww2P&Oe_c
zA5LBphPR!rjzv{?lc{!TZrGwub?sk(8W4QkAP6hE0&H9JW|{U4cXz`A52GX1R($k~
zQ#kBGr11P0Rm9?B1wkS9HX1tm;$PIx+xQ_w4vs!*2iQG{4GWhXezS?{mW?bVXjy4M
z+QitzdGzu6dNbkc<%w6(`^f1En|777J!Waw<}>5>F6k7VdI<FjP1|9{g1RZ9%?92^
zH@z<<Dj)}{D=Lsf_blq1$hLZg<L{67=t25+dQx`Kxog8iAD<klej}HPn&kP$xvQI#
z8u~KrVZ<3=#PB_`f$KN@P?YCgJMXzG)!C#+N~^=&LK{eQc8ifXPy^0gd{5Nf;CxBX
z3~MNI8rA=30J&yu+;2P-%=F`>DU$+N7w$RhpO*3hj8K(KRK@G>_KwvDTF`3%g_}35
z?%QJk1^X2ozO`hD5h!Em5#R``TiH2B2gEf2(_B%_t&9NAXb?|;8SKnWF9j{Ix7cCI
zx=>-djDrRs^s~uN?cWm*RUk!`(Eiyp@?d(n*kI6I&2SA!oF(wYB=H`5gpMj$)y%wd
zcL9!+yrbXOj5C5WI>X<j%K~-8{+%!Q&$8{`NrHc83;vx@C<gumsQn*{xqleiV-B^6
zA6Cvn;#Kgbo$dnQ9^)}(SiWsoRGW_;6K*2}S1?2NEwf&UV_xB%er&(lpYd-;WgEhE
z+pS=KP;0JrJQSzI^QFeJy|PU?%&UjB!Pa9hlnQ-~fA#vm7l{AU5)+w+N`L&%>q_Hb
zoHo}VN91_oImJ*D#WAV(%ID@;!hV}S<Bo^E+Hox3fX~}^Ok(j)xWIa74V*AMLZt=d
zP@ts;JcXMlvemS3H5->2^UabJrdJ}Y{P&Ij^CwX-Eq3+BC|#Pp>NnES)qnQh_3U>(
z(XKc^%r7sb4_0*5y?NAQB&_m?YLg$yk$9qpSHD^Du9!Im<V~s|N6YHKz|&+%D*+N<
z5qxT`eUSftr|pe~@>i3QzC%>9WmH{fq>x;Fuqj2|l1)`7KDpd*@KrBlWVVrYkV$=y
z3C=eqr&GyFc9&;g9KKnAd?tj8${dw2i)q%poKqi|4T6O+TQr#X_0E?4{<G6b#WDcd
z&oF6L8Y%(amD)2CcahRiZQ3HAl|u7b(vP>?3hV{G1BZw`^ww(L3?^IQH0B$=Z(dXg
zol)0s+a}P`T~;E2R$NO7kD|Imimb_#fGW(r{bsnG{Iv-7GMLFWZ$fPjQev-wp7Eyp
zY>R|2%yOrA5MgZyKI_IpNn%9SI4@4AH@}Ml1cZkdky{1IgpRng$hW5s7va!U>El6<
z^t06yUR>$E0cY&7H?9$P6w-$XNq|T+QhrB&P!lNlc~bKMR2bZHc5^N9AiPl^-4#O6
z;<A`@i3miFsOb=!lsmG3$4rR>W>NQOAf&ohI$#@b|GQ{<V;5e<z1g5UHJV0GJ_{cO
zgtzCpSyse-sfb&b-Dav0eROUpxf{NC4g|`_r6u*4U0iQ$*0zq%?FBMZG9X;w7iJMo
zM3n4niS;FoD(#!noRz=KMbMG<u#5W{p7L!qiG_ws5L<%LNfi&5*EzZCKV(r;c0FH}
zx{Gg^QaO*s`#Quy@dQ4orwq}ef2ZFz%TP}WvZ%D$+RArmE@ued3I6Z2xji^Ca!`ms
zyicY{k;=akw(h2PJAf;CdvuyG>U%});inE7H*Up3aZ?R}ua&`i%|<bMs0l>VRAn^O
zSZZI0ng`$1bqfBO4*#SD?*+^E(yVss@ef?R1Rg%S+$P;1SdQ2t&kxF8@64pA@Siwo
z>U@G;QmtN}uhoYQV|D1X@@~g4FI|~<KX^(UzI!LhPrajbj_dKt?CYglzV3`5^I^ob
zffqE1ms-T8;rYRS)>6iu0)At=>-}QM9hhQfb=jLZ8tb*tZ)N&*{pv%PG#^d#o8q1W
zF~h7R(UhPrf+dMj+o+MA`&qXogcJ6q2K=V>Zhw<{S6Jx-_%0NdMHxgKGSbf<ajf)4
zcR%Q6ior3H!Wfb1{j5<!)Jbv^*i{#C>_RRUUq-f0+0x4bKglr?0%kXEtaXV-V;d3&
zILMP<%A|_thp(tFwDs`H2lA;kNqJ!0<SjKgQ(%ha9maG!vcLG;AR=u&V|zTEuTvhN
zy43cfsx9oWDRb!PX2kD+0&_TQZDzcI?BWg=!k1NJ?%O|zvu@P#sgu9zvP`Nvm*1Ae
z|MzDD%5Jex)<P$G;?MZ7DCBi3to5T;Jk5@hn}gKSlci=kQ3%r>lAWrHYt%=Pd{dTx
zhaD>7d3Z)__s2fG6>e^u)-b-pqi@Ek&Gr((lg>Pq6|dW1u{b|LJxTh-$sm)~mxDg0
zV(w<@%Al2!^0JIh?=FNR)l{X7r*Plxo|f0cs<1?dOX;jCd~^EMICf$#$hx%l6VBL4
zU5J*!^tYJlY(%`2;93qO%&3=OzF=;)RiV6DEB`$EP3<tFK$`tj<F7aTFSz#~%?s=8
zOE>0zA;vj5$yao&C-$rO^IElBMCMjO<(#bywRb3VnxN9asLWmZAm-v;p>o-Pp*JkE
zq20MMX3%=&%zDGu!08RN%zJ>V(x5U--ypXFAseA>{HVs^oJ#|WPezE0c?6^<^qt-=
z>i?5`Y{O-{ceWWjf0BKW2NS6P?hI?js$M9Rn3s^Kg<86`FCjT6F^-0QaXF1?`C&YT
zb}>I8pq5r{U3{UGM|?F(CbH|tOfxNLh`_U$p8063;IhqK5!>s=+%VQp8$+<ZKh_rQ
z`OWXFLi*_2^NQB_$*B|0HQGi`y5DseBe7a=xAf0?h!F;#X^Gd&i)BGpQ(V(p8V%KX
zL2Ib@HE0@@k1oJ(lJ?6FJ-VDphzNpc>JpaHgD7<2Mhg04)>WzP!M4nH`I<u1&94YA
zFCCUcf9c;TM-5kWmM4H#n4GmOn>_UG5nkFb`?hnM9MWoT8WLfTZ2P6cY6EO7n+;$0
z(q>xz(fXdf1uN_>ekJlcV%6T$@~~8NdU!V0M!Kr3lIs|`X8v|2(|q$VB>LK7j6(O!
zxiGGpHf2thwRxsArYYhKJ-4M8s!}o-`XcQzmj3&^^vZp(U?H+4=*%Uysi&b8hbAYn
z+L6rh9rx>l4fC|S^lEF-D%Y8pQGMP~u`tsS9P(7l1&tryU*yvWMQhBt4hZ~_bsUh5
zGVN^GahNcjqteF&TEA<KbR_2!I&4l!DBHyr3PLEBC2V)pzuvBswjT<rx13X*eyKmO
zv1k`v+*_3gdllYWG0+sl;5u$)&RFYM4lA@3SoDNjRl#P42R>g|D$b8>B9^gy6kJSL
zuwE4isQ=ak4S$z59`Vu8QKngh*>|jmbril4m+k_8PfgvX`^CjPzZ$%+xLZEOvkH~z
ziZ!tLSf!6Ow7^v^pglfSHqBor|Hu2ezWG_h3Q}()p1a7=p3yZ2I{&3_f*iFBnor#f
zao&AIQq@e9b`ne(y?_4@x9DoIn^Qp7ub8ORP$R$%Cj~aplD>IIGZEUeu>K?|VwjeC
ztN*DYvEcJ3gwa`(K^qXyA^p4xTz$-wo$O#`o2RY0P$(G?X(mfMiGlt8HaI3I`_XTc
zqw%ii-=QT%T3I4!s>o|BWDv<h1I>}B$A<Q31k(b4=oT7ra9YkMm!_G-PXU`V?B1R=
zmYQg3=yKV5?Ul}vJISkQ5L0B(X%l<@lc2gQmO0Lz5B^(8kBulM!$R0C!U^wOuIGAj
zjss-^_(+#kg)ni1*W_2m+1({Y_cxj(3~w(mYBo31d{ap-K3$wP;Cuppn(0^hLwG{|
zOy`4Q|CsOs*Le2vOi(T!VC~QPY4FAg!!F0o#fLF41(w-6XF;x$)JZTY+EaHoEQ22z
z377G|e+ct}>rWdDCqreQBa>i-u0h(ECm)DDe?%kveY9rt$!ho+Kkn@k!{*}{sus4o
z&KfZ@+3nVE`NW(`79xtH>EvE?B8i8L)#;AnxF#V};cs%;csr?Vu`>F(d!(Oo<rEP?
zKIM%C^q%$*(wK+s^c`U)$@AY5{G>WnZdU)nYVnOmOH?sEGC(cO=i^Nhj0g9My^Sx>
zv|IXxtG|gr(2vdSezxosKCQVAC3~lnTThw~MewlaUN-6&_FSO#1j$h4e1?A({{Zw0
z`NrP%lXeGR2}7EbU-6TcH|xQu(B|O44aaD(b#fS4lZ%JjyD#hGg75JNq@j(EFJhMS
z_&A{Mf1c!XIg#bK1*WHN(i)UReOf2iHp9N9NM?`~2{Z6K#?+=3VO2NmH$}JE2x;N`
z5V99dpl9*RCv+t4&)`!!&oFz{JaQran&CteAYXcDLE0=P`<q8fuc_#fT_OBl{jc|7
zH}MIWF3wM5XUU}bq9JtZoH%IAW}jwphQ&PJn=;^;KkcAnS9pqsv-7#*O(>C%mA}ic
z4=E;Fomtr8R*#{2A5(@?H0W0%esR3q{UO+!f!6Q*Xq)dD4qDGrXOGX6#VO|>q@q&2
zQlKS;i?Jzec~F^@g~K$&=5ucHT8*}W46AiCeV;>8l21=wmFUJah6REYY?<KG`cbo(
zs02HK(n7*wXT>M70yUyP{G4^ZlOgGskM9gk{-QvsNb&|j3+YZ04S{ixTJ><Jhrq0k
z67faWX(Ky>JzSjdKv%FIZ-;3@tH}Y$9PyDS+ihcJ%C^u+TI+d+)?V@*wAbh=^$ipa
z(X36G=sFHf>a+wHda|FRg6s<}-zdw7S{J4eWZ7BycpiK}uJdkrOAAYjvk3^DuEVO=
zj2oy{-XR`GW5*?ZD1<oww0!)Fu*O}=>8a8WDUCB6o#5}w^<%_MrVwU#c;oU@i$TV3
zM@}Is5f`z7rUi>Vr1noWW(Y`!`#)lWonsJkAY7Ghf+Qu(Bh2=fR1FGdzxs^U1wZ-I
z5E+4a^ccAK3vYHKGRfak10~dsNFd{3ErF`U)YJ!c6McR9#KEgE6D|+I+EH21U#cG)
zXY5ETNf3@=PgjRFY|-ZXj&UVpP0O)1Sde@AY3ehhtnkZ&cs9`4+3$^^rlMHd-vp4R
z7({x(`=%e%Uj1&*4Fj6a)|mffT-J8lJ0DsC1HUp(eE3C^uLAB$NqV}bCmj6Tibc$3
zC&VDSNseA5%8Y<9XFr409Zt&PG9L6!Gc_i0(@-4baJMc~Q2v?VGZ#MD6&99xKojt>
zB>w&v28`Q`bPe&!bouhhlnfiOIhG2EAaxRsDI7VM1krJPxyL4?P3O%u_&w=zAQFPd
z*!d=J4|O6Y1nne@juqSE)rn;r)xCDRB|gs!0+k2-KHE~Lv(I9T>&wx257cNcMOon`
ziOXAMN@0r3T0AEIajlvh#A2K5o6RxWGesXQWo0Vpm1KhZomQ7-8ppl6E?^rjm7AO7
zs=EDJ3o^))0(-B^*QmNVC!d2%c1C)!^$jV|i|B)w+@FCo_CndOCn>0z=&)@ImqwFt
z+5TvTg>`bHNvSAv=L1DNSdE1ZwHUyDrF?l#)V19tgYOHn_Gnl=C2IC_czXb+K?^RX
zE;>za6j5(He#^!AHnpY?DN-qyb=%?_Wh#AbCW*!2w0I0mTDu<#V}=d)Q)@9bcj52}
zW<~n_VKfA=>81YKC%5ctkdyro-`p=ZN>*pU8|wr)&562l{OtqJ>p=S~HzduW(AStp
z_})S%EzjAk_uSSt`-D0LJ?dj0o=G)>X}sL;4D0|0>3qhK<|_PM+u756>-pM~jMd%m
zZ=~ghLTtVc2`K6_&H>Y=K00S`L=m_s<H+Jj=#BkIjg!pp@6}-6{iG@jw1)$4$vX)-
zun4>ks+g01iJeJiWG6SiW20wNoe_{XTvtpOiipvK%3xzs4M&6=<J$=7>bzEJ{-i!;
zGg4a-u&yko75=l2ht~aTGqkttmsqdb!1~FHoDsP~CUx@&0Sl(OtvA`d`0HKhp*(gb
z`Tcat1-aFpeimgzkjZmq+LDM<y_EM&`riTJtxV;;*N>OnW+aYVQh&%vedczz;Pz4S
z!3*I!0r+j5o{J5T_vnK<HRkV`d`yTPO-MuBCI&PDZpjrJj@B&pwdKj5*lOMIwHF7c
ztVb{@dI%3W+2edR-ThQ=dR|n4&ZiND!&h9=jWc^!>ef_-8>X8ncw_tPNxkCF+1xT}
zeiB+7kJ4av9WSZXFZxU#h=FI5j`f#0$54QnKf`ODi5r9N9-Vr*im=_vdwscm>1z9c
z6nVq?3lDJcz9Fl0Zq~LI;_W%n;)tPUzMtLUlsvV>15-K!XQ8)=sbqkT*_k@FMift2
z1F|m-U-#*)G}z+{OubEe9;dF;<m<h_+n~!z)0F09nE#g4TkZGL0@7DJdoUL!r^+hD
z>QqjOrZ4U+k|}nIC8ut_MZwnZ1?HAO^aEi!b9C5bxb)d)qxe00J59`>Z-NCr+u^Ag
zspPqlYH_U~q6G9o{Z6I;ictYA&ZqBy^*CFom;9K~d1vIwkeY+MOImtNWFGZJZ!Y>0
z4e$*#bMsg%Q)(fPw8<r1o3n`q<e&Che!Z|%V$W?g_0k-4nN<_8g`Au+J>2F^YZJ9>
zd7WFE>wn`e{9W+kr+}*LqShBDzw5HSG#8HW2K+sj9fp^UAKxY2XQ?m>_?Is(EeF@@
z=<R9k`YgJ>wd|zc(<!|KBiXQ<7NpZwTMJ|F=fra-&yD@=GM!F+_wbw!Hx4<5Z2~M2
zscf08G&@cH?|DBvk+$5gYPLY#Z{cWNyhic`E<HSyno#cP`_(Nq>HO@($n|fz(8Ie+
z^p5imt=)i%#{0Y1GMC2_y_DE*?U4bunO7I_-`>x~sZ@-oi64)uritgO-hz>@FNO^(
z$C-$pb<3Du>>v7PWaw?Hb>M2`s`|d@btzvmzN3(CWci9>_I);ZpVlGXV9?^H%|H~X
zl6$8#bPk`yc&?qR${-TF=D|Kwsj5??%0To@;#Bkl=vk=vapU(%h$=%ej0lC4D4_WM
z0oDJ?W&ksyTK@r&>PU44BKf~(<o=8Qe_&%EdIkZanEn)%>^0ucL_G^#e~5&^#&6~B
z-*0nQ`DWCOmuRA7h<pH9k@pfCyOq@&Q~C_jWjDvQ%6ys`XKT52{BG$)isQKlFsw{K
zsWEwOj!dk)+|8*lRPG`(LwnuQ4#~V(@i1$QiWnjW`G0FxFQE@=_U8Tm@_wrS@3q@i
zKo7Qu&)vzpKLflwdDx#=1o<BQ=-GS_bt%hov%ln68oK!S;wA^r;nSQg7UFyCN(Ab!
z3nKphFF;8o->O+({q}Gim29_F)^L5nI(>hZq!=zj$njKUR*k6{FB-Hxwxv0-UBOBB
zxZ<o%<-#$e!ab*?uq$q(_sTjDOSneGvYh-&rSE_dJ$Zrd;zq^<%fT~4CBWplJ$UJ(
zQbnP)J8g*fAM@0XL;(LcyTM*PW835dmy=*OmU^C;E50R~ywSOZRoo1Y#${5G<@xRV
z@d&@7U`f!07I40zAyJ5y27tVdg+)4@f0U_aCDwUoY-eq66q}EFl9nm;5^)h}`&Fku
z=!V@+>zr;ZpU~&iAMRAKxgWobm%l5ElndCTHrF3CfCuI$LpJ9Ii^??;^83Fvw@z9X
z7(O2?v09WeGgL-ti`wo4g=Q(2yoRVIXBU_8IA>(>tk-!jN`b5yOQ2eWTxw|r3MJ*|
z$pwnf1{fiRxDIq$GrKx+i-l@E+nR@Z5-yZ1Xf>=S{I+l_#EtcjVq>6k(k)Gr{E#%1
z9@PWO>6hvi=UI?@!h`~@FCGOI^5Z{`6wmoeJ!OBp+VRlZCe->vw~Dujd|n=>U>3`j
z%-VIhPEFMtI1DNhtdtUtLe`TSE=5v&B?*-LUqx>eoVX;;?-S|~qpmHmCy(&-tX56-
zwKL!W>z*bCd{O_&;FzGO0OQ72P{O^#<031|w5R}qdi}`Y;jnk+^4@!jwfrk7+NJ!W
zQ?#|&Qj_3f*hCR52#Cm3)C`R&#s+}>Qoto<L8S^D6^RSWQ?vq!@Gjx4@+&RJ`T`?~
z{}o*VqWx;nev5h!OzO%iC1zS=pSP#FB>f6jZ`0@0ijG-CS6y8?UvHP^RGM|2TAw}(
zMypwu+0&s}7po%xP}djgimo(o{F-M!mXzm7YBs%x?puj2wv>tsCC`#A<+&W*&pA(i
zksxRCvE?EK;ha;6MQ`lKITshLKXcOi@kwv(%lT~AKDZT$*-I{E?KkixqR6<OWA${)
zl;cLd2!Oi2w<Oi}wWl_|mMyr~ss{I5t{S8N#A#o2HytCL=X`4Z^;}pHp35tS&n2m^
zY3ys+g*L2y^XUI}<o(lJgDyp#CV$hik&6j{y1rCb|H+OsZs<!=2czpnLl}bAabX;T
zlf85W<22HZL8E)i>X(PRw`SDvXw6{9zMNFf7#(Kp>%7y!QQN@<BU2eYl86vK)}Oku
z{}PA=sQ{?!Pd_>0+dugE7FOh?wgUjv^+(m^ocr0wOt6d|0Cn-GK>$Eq005{90N~%L
z3zGrBHGb}4?7y$Bcmn{q$lKKwr^gBaaE0yuZgs``{I~-ETwz%^_f~a9Gw;?0Ha0f4
zOWSsjZ&a7NEt?$y0Im`4Ka_U;rn>z0u%iJ0xJ203pLv`y>H>iOj1hGK0O~?r0D!sx
z08keIpf1z}0H_N90CfQX>Ox%rfVxl@0H7`aKwYQ{08kg|0szzn0D!sx0Ck}*06<*;
z0H_N9P#4dp2Y~<ev+0Kz=DP&|xW@S2Hv$b#-@~{709;~yy!Snf!*Cmy4FKR0`@7$M
qEqT`s0N^5TSC@nW09@p!)b$sy!`(*7o+T#$0000<MNUMnLSTZH3fTex


From 619ea38110674fc85b7bc02e1869c44d555e95e9 Mon Sep 17 00:00:00 2001
From: Kevin Martens <kmartens@cloudbees.com>
Date: Wed, 16 Oct 2024 12:45:11 -0400
Subject: [PATCH 4/4] Apply suggestions from initial reviews

---
 content/_data/changelogs/lts.yml    | 53 +++++++++++++----------------
 content/_data/upgrades/2-479-1.adoc | 53 ++++++++++++++---------------
 2 files changed, 49 insertions(+), 57 deletions(-)

diff --git a/content/_data/changelogs/lts.yml b/content/_data/changelogs/lts.yml
index 35b4bda431b3..7b2cbaed685e 100644
--- a/content/_data/changelogs/lts.yml
+++ b/content/_data/changelogs/lts.yml
@@ -11686,7 +11686,7 @@
       - basil
     pr_title: "[JENKINS-73760] Updates fail due to invalid JSON from HTTP Update Center"
     message: |-
-      Migrate from (<a href="http://updates.jenkins-ci.org">http://updates.jenkins-ci.org</a>) to (<a href="https://updates.jenkins.io">https://updates.jenkins.io</a>) when the initial installation version was 2.76 or older.
+      Migrate from (<a href="http://updates.jenkins-ci.org">http://updates.jenkins-ci.org</a>) to (<a href="https://updates.jenkins.io">https://updates.jenkins.io</a>) if the initial installation version was 2.76 or older.
   - type: bug
     category: bug
     pull: 9797
@@ -11704,7 +11704,7 @@
       - basil
     pr_title: "[JENKINS-73801] Nested Views plugin overrides View#doConfigDotXml(StaplerRequest)"
     message: |-
-      Restore compatibility with plugins contributing new views with custom XML, like Nested Views plugin.
+      Restore compatibility with plugins contributing new views with custom XML, such as the Nested Views plugin.
   - type: bug
     category: bug
     pull: 9693
@@ -11731,7 +11731,7 @@
       - markewaite
     pr_title: "Update dependency io.jenkins.plugins:asm-api to v9.7.1-95.v9f552033802a_"
     message: |-
-      Update ASM to 9.7.1 to match most recent release of the ASM API and Jenkins ASM API plugin.
+      Update ASM to 9.7.1 to match the most recent release of the ASM API and Jenkins ASM API plugin.
 
   lts_changes: # compared to lts_predecessor 2.462.3 (selected by personal review)
 
@@ -11775,9 +11775,9 @@
       - issue: 73278
     message: |-
       Upgrade Spring Framework from 5.3.39 to 6.1.12, upgrade Spring Security from 5.8.14 to 6.3.3, and upgrade Java EE from 8 to 9.
-      Users of the LDAP plugin must upgrade it to version 733.vd3700c27b_043 in combination with upgrading Jenkins core.
-      Users of the CAS plugin must upgrade it to version 1.7.0 in combination with upgrading Jenkins core.
-      Users of third-party servlet containers must upgrade the servlet container to an EE 9 version in accordance with the Jenkins Servlet Container Support Policy.
+      Users of the LDAP plugin must upgrade to version 733.vd3700c27b_043 in combination with upgrading Jenkins core.
+      Users of the CAS plugin must upgrade to version 1.7.0 in combination with upgrading Jenkins core.
+      Users of third-party servlet containers must upgrade their servlet container to an EE 9 version in accordance with the Jenkins Servlet Container Support Policy.
   - type: major rfe
     category: major rfe
     authors:
@@ -11839,7 +11839,7 @@
       - pull: 9393
       - pull: 9381
     message: |-
-      Enhancements and refinements for several pages' appearance in Jenkins.
+      Enhancements and refinements for the appearance of several pages in Jenkins.
   - type: rfe
     category: rfe
     authors:
@@ -11851,8 +11851,9 @@
       - pull: 9380
       - pull: 9365
       - pull: 9395
+      - pull: 9641
     message: |-
-      Refinements and modernizations for parts of Jenkins UI.
+      Refinements and modernizations to sections of the Jenkins UI.
   - type: rfe
     category: rfe
     pull: 7268
@@ -11887,7 +11888,7 @@
       - mawinter69
     pr_title: "[JENKINS-73669] don't change unrelated checkboxes in rowSelectionCont…"
     message: |-
-      Don't change unrelated checkboxes in <code>rowSelectionController</code>.
+      Do not edit unrelated checkboxes in <code>rowSelectionController</code>.
   - type: rfe
     category: rfe
     pull: 9591
@@ -11895,7 +11896,7 @@
       - jglick
     pr_title: "Friendlier handling of DeploymentHandshakeException from CLI in -webSocket mode"
     message: |-
-      Better display HTTP handshake errors (such as authentication issues) from the CLI in <code>-webSocket</code> mode.
+      Improve display of HTTP handshake errors (such as authentication issues) from the CLI in <code>-webSocket</code> mode.
   - type: rfe
     category: rfe
     pull: 9665
@@ -11903,15 +11904,7 @@
       - Vlatombe
     pr_title: "Add -webSocket option by default when creating an inbound agent"
     message: |-
-      Use websocket in the inbound agent command line sample.
-  - type: rfe
-    category: rfe
-    pull: 9150
-    authors:
-      - krisstern
-    pr_title: "Add doCheckDisplayNameOrNull to jenkins core"
-    message: |-
-      Move <code>doCheckDisplayNameOrNull</code> from <code>AbstractProject</code> to <code>TopLevelItemDescriptor</code> to allow reuse in pipeline.
+      Use webSocket in the inbound agent command line sample.
   - type: rfe
     category: rfe
     pull: 9616
@@ -11919,7 +11912,7 @@
       - zbynek
     pr_title: "Allow plugins to customize number of suggestions in autocomplete"
     message: |-
-      Allow plugins to customize maximum number of suggestions in autocomplete text fields.
+      Allow plugins to customize the maximum number of suggestions in autocomplete text fields.
   - type: rfe
     category: rfe
     pull: 9594
@@ -11971,7 +11964,7 @@
       - mawinter69
     pr_title: "scroll fields from added hetero-list entry into viewport"
     message: |-
-      Scroll fields from added hetero-list entry into viewport.
+      Scroll fields from the added hetero-list entry into the viewport.
   - type: rfe
     category: rfe
     pull: 9465
@@ -11979,7 +11972,7 @@
       - mawinter69
     pr_title: "modernise build time trend page"
     message: |-
-      Modernize the build time trend page with a time since column, a link to the console, and allow the table to be resized.
+      Modernize the build time trend page with a "time since" column and a link to the console, and allow the table to be resized.
       Remove the agent column for the Pipeline build trend.
   - type: rfe
     category: rfe
@@ -11989,7 +11982,7 @@
     pr_title: "Lifecycle.onBootFailure"
     message: |-
       When using <code>ExitLifecycle</code>, exit the process immediately upon a boot failure.
-      Allow custom lifecycles to react similarly.
+      Also allow custom lifecycles to exit immediately.
   - type: rfe
     category: rfe
     pull: 9449
@@ -12013,7 +12006,7 @@
       - basil
     pr_title: "Increase minimum required Remoting version from 4.13 to 3107.v665000b_51092"
     message: |-
-      Increase the minimum required Remoting version to 3107.v665000b_51092.
+      Increase the minimum required Remoting version from 4.13 to 3107.v665000b_51092.
   - type: rfe
     category: rfe
     authors:
@@ -12035,7 +12028,7 @@
       - mawinter69
     pr_title: "remove idle executors from widget"
     message: |-
-      Remove idle executors from Build Executor widget.
+      Remove idle executors from the Build Executor widget.
   - type: rfe
     category: rfe
     pull: 7037
@@ -12062,7 +12055,7 @@
       - pull: 9658
       - issue: 73302
     message: |-
-      Several bug fixes for Jenkins UI.
+      Several bug fixes for the Jenkins UI.
   - type: bug
     category: bug
     pull: 9737
@@ -12071,7 +12064,7 @@
       - daniel-beck
     pr_title: "[JENKINS-73785] Restore ContextMenu#from with StaplerRequest/Response args"
     message: |-
-      Restore compatibility with plugins contributing new objects with context menus, like Nested Views plugin.
+      Restore compatibility with plugins contributing new objects with context menus, such as the Nested Views plugin.
   - type: bug
     category: bug
     pull: 9653
@@ -12105,7 +12098,7 @@
       - timja
     pr_title: "Disable dependents toggle in plugin manager with system read"
     message: |-
-      Correct styling for plugins that can't be disabled in plugin manager when user has system read permission.
+      Correct the styling for plugins that can't be disabled in plugin manager when user has system read permission.
   - type: bug
     category: bug
     pull: 9624
@@ -12114,7 +12107,7 @@
       - mawinter69
     pr_title: "[JENKINS-73613] refresh buildhistory widget in all cases"
     message: |-
-      Refresh build history widget in all cases, including on background tabs or hidden tabs.
+      Refresh the build history widget in all cases, including on background tabs or hidden tabs.
   - type: bug
     category: bug
     authors:
@@ -12124,7 +12117,7 @@
       - pull: 9519
       - issue: 73554
     message: |-
-      Fix <code>IndexOutOfBoundsException</code> in cloud management pages when controller has no executors.
+      Fix <code>IndexOutOfBoundsException</code> in cloud management pages when the controller has no executors.
   - type: bug
     category: bug
     pull: 9485
diff --git a/content/_data/upgrades/2-479-1.adoc b/content/_data/upgrades/2-479-1.adoc
index 5b9645637945..6ed4a453e702 100644
--- a/content/_data/upgrades/2-479-1.adoc
+++ b/content/_data/upgrades/2-479-1.adoc
@@ -6,57 +6,56 @@ Therefore, it is critical to upgrade both the controller _and_ agents to Java 17
 Use the link:https://plugins.jenkins.io/versioncolumn/[Versions Node Monitors] plugin to verify that agents are running a compatible version of Java.
 In addition to upgrading your controller and agents, you must ensure that all plugins have been updated both *before and after* upgrading.
 This ensures up-to-date plugins that remain compatible.
-If plugins are not updated both before and after the upgrade, compatibility issues may present themselves.
+If plugins are not updated both before and after the upgrade, compatibility issues may arise.
 
 The official Jenkins Docker images for link:https://hub.docker.com/r/jenkins/jenkins/[the controller] and link:https://hub.docker.com/r/jenkins/inbound-agent/[agents] have been based on Java 17 for several months, while also supporting Java 21 as an alternative.
 With the release of Jenkins 2.479.1, the Java 11 images have been retired and the Java 17 images have full support.
 Users of the official Docker images do not need to install or configure Java on their own, as it comes preinstalled in the Docker images.
 
-If your application build still requires Java 8 or 11, and you are using a Docker image to run the agent Java process `remoting.jar` simultaneously, you will need to provide a Java 17 or newer runtime for the Jenkins agent process and a Java 8 or 11 environment for your application build.
+If your application build still requires Java 8 or 11, and you are using a Docker image to run the agent Java process `remoting.jar` simultaneously, you must provide a Java 17 or newer runtime for the Jenkins agent process and a Java 8 or 11 environment for your application build.
 
-Users of the official Jenkins OS packages for Debian, Red Hat, and SUSE Linux distributions should note that these packages are agnostic to the Java vendor.
-This means you must bring your own Java package.
-One straightforward way to do this is installing Java 17 from your Linux distribution, as described on the package download site:
+Users of the official Jenkins OS packages for Debian, Red Hat, and SUSE Linux distributions must use their own Java package.
+These users may install Java 17 from their Linux distribution, as described on the package download site:
 
 * link:https://pkg.jenkins.io/debian-stable/[Debian]
 * link:https://pkg.jenkins.io/redhat-stable/[Red Hat]
 * link:https://pkg.jenkins.io/opensuse-stable/[SUSE]
 
-This does not require any custom repositories, so this is the simplest method and was used by the Jenkins project's packaging tests.
-However, it does not give the user a high degree of control over the Java runtime environment.
+The above downloads do not require any custom repositories, so this is the simplest method, and has been tested by the Jenkins project.
+However, the above method does not give the user a high degree of control over the Java runtime environment.
 The official Jenkins Docker images and the Jenkins infrastructure project use Adoptium/Eclipse Temurin.
 Enthusiastic users can install Java from Adoptium or another vendor.
-Adoptium recently began providing Linux installation packages, as described in link:https://blog.adoptium.net/2021/12/eclipse-temurin-linux-installers-available/[a piece by George Adams].
+Adoptium recently began providing Linux installation packages, as described in link:https://blog.adoptium.net/2021/12/eclipse-temurin-linux-installers-available/[a blog post by George Adams].
 The choice of Java vendor is up to you, as long as that vendor provides Java 17 or Java 21.
 Refer to your chosen Java vendor for installation instructions.
 
-Once you have installed a suitable version of Java, configuring Jenkins to use that Java runtime is easy.
-The most straightforward way is to configure that version of Java as the default version, is at the operating system (OS) level:
+Once you have installed a suitable version of Java, configure Jenkins to use that Java runtime.
+The most straightforward way is to configure that version of Java as the default version, at the operating system (OS) level:
 
 Debian:: `update-alternatives --config java`
 Red Hat:: `alternatives --config java`
 SUSE:: `update-alternatives --config java`
 
 Alternatively, users who do not wish to change the default version of Java can customize the `JAVA_HOME` or `JENKINS_JAVA_CMD` environment variable as part of the Jenkins `systemd(1)` service unit.
-Refer to the link:/doc/book/system-administration/systemd-services/[Managing systemd services] section of the Jenkins documentation for more information.
+Refer to the link:/doc/book/system-administration/systemd-services/[Managing systemd services] documentation for more information.
 
 If you are using the Environment Injector plugin and receive a `WARNING: An illegal reflective access operation has occurred` message, there are two workarounds for affected users:
 
-If all you need to do is update an existing environment variable (such as PATH) but have no need to add or remove environment variables, upgrade to link:https://github.com/jenkinsci/envinject-plugin/releases/tag/2.919.v009a_a_1067cd0[version 2.919.v009a_a_1067cd0] of the plugin:envinject[Environment Injector plugin].
+If you only need to update an existing environment variable (such as PATH), but do not need to add or remove environment variables, upgrade to link:https://github.com/jenkinsci/envinject-plugin/releases/tag/2.919.v009a_a_1067cd0[version 2.919.v009a_a_1067cd0] of the plugin:envinject[Environment Injector plugin].
 
-If you need to add (set) or remove (unset) environment variables, consider unchecking *Prepare jobs environment* or *Unset System Environment Variables* in the plugin:envinject[Environment Injector plugin].
-This would mean reducing or eliminating usage of the plugin and instead implementing this in your shell by starting the agent process (the process started by running java -jar agent.jar […]) in the desired environment (clearing the environment and defining FOO with env - FOO=BAR java -jar agent.jar […]).
-In general, mutating environment variables in a Unix process is tricky business, and it is always more reliable to start the process with the desired environment than to try to change the environment later.
-Changing the environment after a Unix process has started often results in race conditions and the Environment Injector plugin is no exception.
+If you need to add (set) or remove (unset) environment variables, consider unchecking *Prepare jobs environment* or *Unset System Environment Variables* in the plugin:envinject[Environment Injector plugin], to reduce or eliminate usage of this plugin..
+Instead, implement by starting the agent process (the process started by running java -jar agent.jar […]) in the desired environment (clearing the environment and defining FOO with env - FOO=BAR java -jar agent.jar […]) in your shell.
+Mutating environment variables in a Unix process can be problematic, so it is recommended that you start the process with the desired environment, rather than changing the environment later.
+Changing the environment after a Unix process has started often results in race conditions, and the Environment Injector plugin is no exception.
 
 If you need to add (set) or remove (unset) environment variables and must do this using the plugin:envinject[Environment Injector] plugin, then specify the --add-opens JVM option for your agent:
 
-When you have outbound agents that connect via SSH you need to specify the JVM options on the agent configuration page:
+For outbound agents that connect via SSH, you must specify the JVM options on the agent configuration page:
 
 image::/images/post-images/2024/10/jvm-options-ssh.png[Specifying the JVM options for your agent that connects via SSH.]
 
-For inbound agents you must add the argument to the JVM there.
-It should look like this:
+For inbound agents, you must also add the argument to the JVM on the agent configuration page.
+For example:
 [source,bash]
 ----
 java --add-opens java.base/java.lang=ALL-UNNAMED --add-
@@ -68,7 +67,7 @@ http://localhost:9090/ -secret <secret> -name inbound -workDir <workdir>
 
 In addition to Java 17, 2.479.1 includes upgrades to Spring Security 6, Spring Framework 6, and Jakarta EE 9.
 When upgrading your Jenkins controller and agents, you must also ensure that all plugins have been updated accordingly.
-Prior to upgrading Jenkins, make sure that all plugins have been brought up to date as far as possible.
+Prior to upgrading Jenkins, make sure that all plugins have been brought up to date as much as possible.
 After completing the Jenkins upgrade, update your plugins once more to ensure that they are in line with the latest LTS build.
 
 Users of the LDAP plugin must upgrade it to link:https://plugins.jenkins.io/ldap/releases/#version_733.vd3700c27b_043[version 733.vd3700c27b_043] in tandem with upgrading Jenkins core.
@@ -77,22 +76,22 @@ Users of third-party servlet containers must upgrade the servlet container to an
 
 To upgrade the LDAP plugin, follow these steps:
 
-. Stop the Jenkins service with `systemctl stop jenkins`
-. Download the LDAP plugin from link:https://updates.jenkins.io/latest/ldap.hpi[]
-. Move ldap.hpi into $JENKINS_HOME/plugins/ldap.jpi and give it the correct ownership and permissions
-. Start the Jenkins service with `systemctl start jenkins`
+. Stop the Jenkins service with `systemctl stop jenkins`.
+. Download the LDAP plugin from link:https://updates.jenkins.io/latest/ldap.hpi[].
+. Move ldap.hpi into $JENKINS_HOME/plugins/ldap.jpi and set the correct ownership and permissions.
+. Start the Jenkins service with `systemctl start jenkins`.
 
 To upgrade the CAS plugin, use one of these methods:
 
-* Using the Plugin Installation Manager Tool for Jenkins run `jenkins-plugin-cli --plugins cas-plugin:1.7.0`.
-* Use the following link:https://updates.jenkins.io/download/plugins/cas-plugin/1.7.0/cas-plugin.hpi[direct download link]
+* Run `jenkins-plugin-cli --plugins cas-plugin:1.7.0` using the Plugin Installation Manager Tool for Jenkins.
+* link:https://updates.jenkins.io/download/plugins/cas-plugin/1.7.0/cas-plugin.hpi[Download directly].
 
 // Intentionally not describing servlet container upgrade. Is that okay?
 
 ==== Remove Windows escape hatch
 
 The `hudson.model.DirectoryBrowserSupport.allowAbsolutePath` system property that allows the Windows path traversal vulnerability escape hatch has been removed.
-Users that rely on it will need to adapt their usage to no longer require the Windows path traversal vulnerability.
+Users that rely on it must adapt their usage to no longer require the Windows path traversal vulnerability.
 No other workaround is planned.
 Refer to link:https://www.jenkins.io/security/advisory/2021-10-06/#SECURITY-2481[SECURITY-2481] for details.