13.0 republish (#479)

* Add changelog for 12.0.10 * Add changelog for 12.0.10 * fix: migrate from non-docker * fix: minimal install for mariadb in backup and recover * fix: fuse content missing in host * opt:adjusting migration strategy * Add changelog for pro 12.0.10 * Update security_features.md Update descriptions for encrypted library. * Update seahub_settings_py.md Update description for encrypted library versions. * docs: update Windows development setup instructions for vcpkg (#471) * Update drive-client-changelog.md 3.0.13 * update seasearch.yml * update * Update shibboleth_authentication.md * Update remote_user.md * fix: backup & restore command mysql -> mariadb * update backup and recovery commands and tip * opt: steps in recovering DB * update link of note of MDEV-30203 note from Mariadb * update link of note of MDEV-30203 note from Mariadb * opt: steps in recovering DB * Add changelog for 12.0.11-pro * Add changelog for v12.0.11 * republish 13.0 * fix: ce binary deployment format error --------- Co-authored-by: Daniel Pan <daniel.pan@seafile.com> Co-authored-by: Daniel Pan <freeplant@gmail.com> Co-authored-by: Jiaqiang Xu <jonathan.xu@seafile.com> Co-authored-by: rumtid <liwei.jiang@seafile.com> Co-authored-by: r350178982 <32759763+r350178982@users.noreply.github.com> Co-authored-by: lian <imwhatiam123@gmail.com>
2025-12-26 02:32:50 +00:00 · 2025-03-19 19:49:57 +08:00 · 2025-03-19 19:49:57 +08:00 · e5716cba11
parent 3bc9ab76bd
commit e5716cba11
43 changed files with 545 additions and 346 deletions
--- a/.github/workflows.bak/deploy-13.0.yml
+++ b/.github/workflows.bak/deploy-13.0.yml
--- a/manual/administration/backup_recovery.md
+++ b/manual/administration/backup_recovery.md
@ -53,6 +53,16 @@ mysqldump -h [mysqlhost] -u[username] -p[password] --opt seahub_db > /backup/dat
 ```
 !!! danger "`mysqldump`: command not found"
    You may encounter this problem on some machines with a minimal (from 10.5) or a newer (from 11.0) Mariadb server installed, of which the `mysql*` series of commands [have been gradually deprecated](https://jira.mariadb.org/browse/MDEV-30203). If you encounter this error, use the `mariadb-dump` command, such as:
    ```sh
    mariadb-dump -h [mysqlhost] -u[username] -p[password] --opt ccnet_db > /backup/databases/ccnet_db.sql.`date +"%Y-%m-%d-%H-%M-%S"`
    mariadb-dump -h [mysqlhost] -u[username] -p[password] --opt seafile_db > /backup/databases/seafile_db.sql.`date +"%Y-%m-%d-%H-%M-%S"`
    mariadb-dump -h [mysqlhost] -u[username] -p[password] --opt seahub_db > /backup/databases/seahub_db.sql.`date +"%Y-%m-%d-%H-%M-%S"`
    ```
 ### Backing up Seafile library data
@ -87,7 +97,6 @@ Now supposed your primary seafile server is broken, you're switching to a new ma
 Now with the latest valid database backup files at hand, you can restore them.
 **MySQL**
 ```
 mysql -u[username] -p[password] ccnet_db < ccnet_db.sql.2013-10-19-16-00-05
@ -96,6 +105,14 @@ mysql -u[username] -p[password] seahub_db < seahub_db.sql.2013-10-19-16-01-05
 ```
 !!! danger "`mysql`: command not found"
    You may encounter this problem on some machines with a minimal (from 10.5) or a newer (from 11.0) Mariadb server installed, of which the `mysql*` series of commands [have been gradually deprecated](https://jira.mariadb.org/browse/MDEV-30203). If you encounter this error, use the `mariadb` command, such as:
    ```sh
    mariadb -u[username] -p[password] ccnet_db < ccnet_db.sql.2013-10-19-16-00-05
    mariadb -u[username] -p[password] seafile_db < seafile_db.sql.2013-10-19-16-00-20
    mariadb -u[username] -p[password] seahub_db < seahub_db.sql.2013-10-19-16-01-05
    ```
 ## Backup and restore for Docker based deployment
@ -119,11 +136,23 @@ The data files to be backed up:
 ```bash
 # It's recommended to backup the database to a separate file each time. Don't overwrite older database backups for at least a week.
 cd /backup/databases
-docker exec -it seafile-mysql mysqldump  -u[username] -p[password] --opt ccnet_db > ccnet_db.sql
+docker exec -it seafile-mysql mariadb-dump  -u[username] -p[password] --opt ccnet_db > ccnet_db.sql
-docker exec -it seafile-mysql mysqldump  -u[username] -p[password] --opt seafile_db > seafile_db.sql
+docker exec -it seafile-mysql mariadb-dump  -u[username] -p[password] --opt seafile_db > seafile_db.sql
-docker exec -it seafile-mysql mysqldump  -u[username] -p[password] --opt seahub_db > seahub_db.sql
+docker exec -it seafile-mysql mariadb-dump  -u[username] -p[password] --opt seahub_db > seahub_db.sql
 ```
 !!! tip
    The default image of database is ***Mariadb 10.11*** from Seafile 12, you may not be able to find these commands in the container (such as `mysqldump: command not found`), since commands of `mysql*` series [have been gradually deprecated](https://jira.mariadb.org/browse/MDEV-30203). So we recommend that you use the `mariadb*` series of commands. 
    However, **if you still use the *MySQL* docker image**, you should continue to use `mysqldump` here:
    ```sh
    docker exec -it seafile-mysql mysqldump  -u[username] -p[password] --opt ccnet_db > ccnet_db.sql
    docker exec -it seafile-mysql mysqldump  -u[username] -p[password] --opt seafile_db > seafile_db.sql
    docker exec -it seafile-mysql mysqldump  -u[username] -p[password] --opt seahub_db > seahub_db.sql
    ```
 ###  Backing up Seafile library data
 #### To directly copy the whole data directory
@ -147,11 +176,22 @@ docker cp /backup/databases/ccnet_db.sql seafile-mysql:/tmp/ccnet_db.sql
 docker cp /backup/databases/seafile_db.sql seafile-mysql:/tmp/seafile_db.sql
 docker cp /backup/databases/seahub_db.sql seafile-mysql:/tmp/seahub_db.sql
-docker exec -it seafile-mysql /bin/sh -c "mysql -u[username] -p[password] ccnet_db < /tmp/ccnet_db.sql"
+docker exec -it seafile-mysql /bin/sh -c "mariadb -u[username] -p[password] ccnet_db < /tmp/ccnet_db.sql"
-docker exec -it seafile-mysql /bin/sh -c "mysql -u[username] -p[password] seafile_db < /tmp/seafile_db.sql"
+docker exec -it seafile-mysql /bin/sh -c "mariadb -u[username] -p[password] seafile_db < /tmp/seafile_db.sql"
-docker exec -it seafile-mysql /bin/sh -c "mysql -u[username] -p[password] seahub_db < /tmp/seahub_db.sql"
+docker exec -it seafile-mysql /bin/sh -c "mariadb -u[username] -p[password] seahub_db < /tmp/seahub_db.sql"
 ```
 !!! tip
    The default image of database is ***Mariadb 10.11*** from Seafile 12, you may not be able to find these commands in the container (such as `mysql: command not found`), since commands of `mysql*` series [have been gradually deprecated](https://jira.mariadb.org/browse/MDEV-30203). So we recommend that you use the `mariadb*` series of commands. 
    However, **if you still use the *MySQL* docker image**, you should continue to use `mysql` here:
    ```sh
    docker exec -it seafile-mysql /bin/sh -c "mysql -u[username] -p[password] ccnet_db < /tmp/ccnet_db.sql"
    docker exec -it seafile-mysql /bin/sh -c "mysql -u[username] -p[password] seafile_db < /tmp/seafile_db.sql"
    docker exec -it seafile-mysql /bin/sh -c "mysql -u[username] -p[password] seahub_db < /tmp/seahub_db.sql"
    ```
 ### Restore the seafile data
 ```bash
--- a/manual/administration/security_features.md
+++ b/manual/administration/security_features.md
@ -13,25 +13,42 @@ There are a few limitation about this feature:
 1. File metadata is NOT encrypted. The metadata includes: the complete list of directory and file names, every files size, the history of editors, when, and what byte ranges were altered.
 2. The client side encryption does currently NOT work while using the web browser and the cloud file explorer of the desktop client. When you are browsing encrypted libraries via the web browser or the cloud file explorer, you need to input the password and the server is going to use the password to decrypt the "file key" for the library (see description below) and cache the password in memory for one hour. The plain text password is never stored or cached on the server.
 3. If you create an encrypted library on the web interface, the library password and encryption keys will pass through the server. If you want end-to-end protection, you should create encrypted libraries from desktop client only.
-4. For encryption protocol version 3 or newer, each library use its own salt to derive key/iv pairs. However, all files within a library shares the same salt. Likewise, all the files within a library are encrypted with the same key/iv pair. With encryption protocol version <= 2, all libraries use the same salt, but separate key/iv pairs.
+4. For encryption protocol version 4, each library use its own salt to derive key/iv pairs. However, all files within a library shares the same salt. Likewise, all the files within a library are encrypted with the same key/iv pair. With encryption protocol version 2, all libraries use the same salt, but separate key/iv pairs.
 5. Encrypted library doesn't ensure file integrity. For example, the server admin can still partially change the contents of files in an encrypted library. The client is not able to detect such changes to contents.
-The client side encryption works on iOS client since version 2.1.6. The Android client support client side encryption since version 2.1.0.
+The client side encryption works on iOS client since version 2.1.6. The Android client support client side encryption since version 2.1.0. But since version 3.0.0, the iOS and Android clients drop support for client side encryptioin. You need to send the password to the server to encrypt/decrypt files.
 ## How does an encrypted library work?
 When you create an encrypted library, you'll need to provide a password for it. All the data in that library will be encrypted with the password before uploading it to the server (see limitations above).
-The encryption procedure is:
+### Encryption/Decryption procedure
 There are currently two supported encryption protocol versions for encrypted libraries, version 2 and versioin 4. The two versions shares the same basic procedure so we first describe the procedure.
 1. Generate a 32-byte long cryptographically strong random number. This will be used as the file encryption key ("file key").
-2. Encrypt the file key with the user provided password. We first use PBKDF2 algorithm (1000 iterations of SHA256) to derive a key/iv pair from the password, then use AES 256/CBC to encrypt the file key. The result is called the "encrypted file key". This encrypted file key will be sent to and stored on the server. When you need to access the data, you can decrypt the file key from the encrypted file key.
+2. Encrypt the file key with the user provided password. We first use a secure hash algorithm to derive a key/iv pair from the password, then use AES 256/CBC to encrypt the file key. The result is called the "encrypted file key". This encrypted file key will be sent to and stored on the server. When you need to access the data, you can decrypt the file key from the encrypted file key.
-3. All file data is encrypted by the file key with AES 256/CBC. We use PBKDF2 algorithm (1000 iterations of SHA256) to derive key/iv pair from the file key. After encryption, the data is uploaded to the server.
+3. A "magic token" is derived from the password and library id, with the same secure hash algorithm. This token is stored with the library and will be use to check passwords before decrypting data later.
 4. All file data is encrypted by the file key with AES 256/CBC. We use PBKDF2-SHA256 with 1000 iterations to derive key/iv pair from the file key. After encryption, the data is uploaded to the server.
 The only difference between version 2 and version 4 is on the usage of salt for the secure hash algorithm. In version 2, all libaries share the same fixed salt. In version 4, each library will use a separate and randomly generated salt.
 ### Secure hash algorithms for password verification
 A secure hash algorithm is used to derive key/iv pair for encrypting the file key. So it's critical to choose a relatively costly algorithm to prevent brute-force guessing for the password.
 Before version 12, a fixed secure hash algorithm (PBKDF2-SHA256 with 1000 iterations) is used, which is far from secure for today's standard.
 Since Seafile server version 12, we allow the admin to choose proper secure hash algorithms. Currently two hash algorithms are supported.
 * PBKDF2: The only available parameter is the number of iterations. You need to increase the the number of iterations over time, as GPUs are more and more used for such calculation. The default number of iterations is 1000. As of 2023, the recommended iterations is 600,000.
 * Argon2id: Secure hash algorithm that has high cost even for GPUs. There are 3 parameters that can be set: time cost, memory cost, and parallelism degree. The parameters are seperated by commas, e.g. "2,102400,8", which the default parameters used in Seafile. Learn more about this algorithm on https://github.com/P-H-C/phc-winner-argon2 .
 ### Client-side encryption and decryption
 The above encryption procedure can be executed on the desktop and the mobile client. The Seahub browser client uses a different encryption procedure that happens at the server. Because of this your password will be transferred to the server.
-When you sync an encrypted library to the desktop, the client needs to verify your password. When you create the library, a "magic token" is derived from the password and library id. This token is stored with the library on the server side. The client use this token to check whether your password is correct before you sync the library. The magic token is generated by PBKDF2 algorithm with 1000 iterations of SHA256 hash.
+When you sync an encrypted library to the desktop, the client needs to verify your password. When you create the library, a "magic token" is derived from the password and library id. This token is stored with the library on the server side. The client use this token to check whether your password is correct before you sync the library. The magic token is generated by the secure hash algorithm chosen when the library was created.
 For maximum security, the plain-text password won't be saved on the client side, too. The client only saves the key/iv pair derived from the "file key", which is used to decrypt the data. So if you forget the password, you won't be able to recover it or access your data on the server.
@ -39,6 +56,8 @@ For maximum security, the plain-text password won't be saved on the client side,
 When a file download link is clicked, a random URL is generated for user to access the file from fileserver. This url can only be access once. After that, all access will be denied to the url. So even if someone else happens to know about the url, he can't access it anymore.
 This was changed in Seafile server version 12. Instead of a random URL, a URL like 'https://yourserver.com/seafhttp/repos/{library id}/file_path' is used for downloading the file. Authorization will be done by checking cookies or API tokens on the server side. This makes the URL more cache-friendly while still being secure.
 ## How does Seafile store user login password?
 User login passwords are stored in hash form only. Note that user login password is different from the passwords used in encrypted libraries. In the database, its format is
--- a/manual/changelog/changelog-for-seafile-professional-server.md
+++ b/manual/changelog/changelog-for-seafile-professional-server.md
@ -8,6 +8,28 @@
 Please check our document for how to upgrade to [12.0](../upgrade/upgrade_notes_for_12.0.x.md)
 ### 12.0.11 (2025-03-20)
 * [fix] Fix a stored XSS issue
 * [fix] Do not show Wiki libraries in clients and WebDAV
 * Add library name in "share admin -> folders"
 * [fix] Fix set of library history keep days
 * [fix] Fix support for enforcing Two-Factor Authentication
 * Update support for working with SeaSearch 0.9.1
 ### 12.0.10 (2025-03-05)
 * [fix] Fix seaf-fuse support
 * [fix] Fix "save to" button in external link
 * [fix] Search library text in system admin page is incorrect
 * [fix] Fix library path displays issue in read-only shared
 * Improve icons for creating Wiki and inviting links
 * [fix] Fix a bug in Collabora integration: Interface in English despite Seafile interface in French
 * Delete temp files if zip download failed
 * Create a record in social_auth table when user login via SSO even if SSO_LDAP_USE_SAME_UID enabled
 * [fix] Cannot create a share link with the “cloud edit” permission for OpenDocument (odt, ods, odp, odg)
 ### 12.0.9 beta (2025-02-12)
 * [fix] Fix a bug related to smart-link in mutli-tenancy mode
--- a/manual/changelog/drive-client-changelog.md
+++ b/manual/changelog/drive-client-changelog.md
@ -1,6 +1,16 @@
 # SeaDrive Client Changelog
-### 3.0.12 (2024/12/03)¶
+### 3.0.13 (2025/03/06)
 * Support PDF previews
 * Don't timeout for fs-id-list requests
 * Upgrade OpenSSL
 * \[mac] Fix handling of "._DS" files
 * \[win] Add user name in the SeaDrive entry in Windows Explorer
 * \[linux] Support importing CA certificates from OS
 * \[linux] Auto lock Office files opened by LibreOffice and WPS
 ### 3.0.12 (2024/12/03)
 * Handle changes of invisible sub-folder permissions
 * Support encrypted library with custom password hash algorithms
 * [mac] Add back file search UI
--- a/manual/changelog/server-changelog.md
+++ b/manual/changelog/server-changelog.md
@ -9,6 +9,24 @@
 Please check our document for how to upgrade to [12.0](../upgrade/upgrade_notes_for_12.0.x.md)
 ### 12.0.11 (2025-03-19)
 * [fix] Fix a stored XSS issue
 * [fix] Do not show Wiki libraries in clients and WebDAV
 * Add library name in "share admin -> folders"
 * [fix] Fix set of library history keep days
 * [fix] Fix support for enforcing Two-Factor Authentication
 ### 12.0.10 (2025-03-03)
 * [fix] Fix seaf-fuse support
 * [fix] Fix "save to" button in external link
 * [fix] Search library text in system admin page is incorrect  
 * [fix] Fix library path displays issue in read-only shared
 * Improve icons for creating Wiki and inviting links
 * [fix] Fix a bug in Collabora integration: Interface in English despite Seafile interface in French
 ### 12.0.9 (2025-02-14)
 * Improve consistency of format of logs
--- a/manual/config/env.md
+++ b/manual/config/env.md
@ -1,64 +1,6 @@
 # .env
-The `.env` file will be used to specify the components used by the Seafile-docker instance and the environment variables required by each component. The default contents list in below
+The [`.env`](../repo/docker/pro/env) file will be used to specify the components used by the Seafile-docker instance and the environment variables required by each component.
 ```shell
 COMPOSE_FILE='seafile-server.yml,caddy.yml'
 COMPOSE_PATH_SEPARATOR=','
 SEAFILE_IMAGE=seafileltd/seafile-pro-mc:12.0-latest
 SEAFILE_DB_IMAGE=mariadb:10.11
 SEAFILE_MEMCACHED_IMAGE=memcached:1.6.29
 SEAFILE_ELASTICSEARCH_IMAGE=elasticsearch:8.15.0 # pro edition only
 SEAFILE_CADDY_IMAGE=lucaslorentz/caddy-docker-proxy:2.9-alpine
 SEAFILE_VOLUME=/opt/seafile-data
 SEAFILE_MYSQL_VOLUME=/opt/seafile-mysql/db
 SEAFILE_ELASTICSEARCH_VOLUME=/opt/seafile-elasticsearch/data # pro edition only
 SEAFILE_CADDY_VOLUME=/opt/seafile-caddy
 SEAFILE_MYSQL_DB_HOST=db
 INIT_SEAFILE_MYSQL_ROOT_PASSWORD=ROOT_PASSWORD
 SEAFILE_MYSQL_DB_USER=seafile
 SEAFILE_MYSQL_DB_PASSWORD=PASSWORD
 SEAFILE_MYSQL_DB_SEAFILE_DB_NAME=seafile_db
 SEAFILE_MYSQL_DB_CCNET_DB_NAME=ccnet_db
 SEAFILE_MYSQL_DB_SEAHUB_DB_NAME=seahub_db
 TIME_ZONE=Etc/UTC
 JWT_PRIVATE_KEY=
 SEAFILE_SERVER_HOSTNAME=seafile.example.com
 SEAFILE_SERVER_PROTOCOL=https
 INIT_SEAFILE_ADMIN_EMAIL=me@example.com
 INIT_SEAFILE_ADMIN_PASSWORD=asecret
 INIT_S3_STORAGE_BACKEND_CONFIG=false # pro edition only
 INIT_S3_COMMIT_BUCKET=<your-commit-objects> # pro edition only
 INIT_S3_FS_BUCKET=<your-fs-objects> # pro edition only
 INIT_S3_BLOCK_BUCKET=<your-block-objects> # pro edition only
 INIT_S3_KEY_ID=<your-key-id> # pro edition only
 INIT_S3_SECRET_KEY=<your-secret-key> # pro edition only
 CLUSTER_INIT_MODE=true # cluster only
 CLUSTER_INIT_MEMCACHED_HOST=<your memcached host> # cluster only
 CLUSTER_INIT_ES_HOST=<your elasticsearch server HOST> # cluster only
 CLUSTER_INIT_ES_PORT=9200 # cluster only
 CLUSTER_MODE=frontend # cluster only
 SEADOC_IMAGE=seafileltd/sdoc-server:1.0-latest
 SEADOC_VOLUME=/opt/seadoc-data
 ENABLE_SEADOC=false
 SEADOC_SERVER_URL=http://seafile.example.com/sdoc-server
 NOTIFICATION_SERVER_IMAGE=seafileltd/notification-server:12.0-latest
 NOTIFICATION_SERVER_VOLUME=/opt/notification-data
 ```
 ## Seafile-docker configurations
@ -94,6 +36,20 @@ NOTIFICATION_SERVER_VOLUME=/opt/notification-data
 - `SEAFILE_MYSQL_DB_CCNET_DB_NAME`: The name of ccnet database name, default is `ccnet_db`
 - `SEAFILE_MYSQL_DB_SEAHUB_DB_NAME`: The name of seahub database name, default is `seahub_db`
 ## Cache configurations
 - `CACHE_PROVIDER`: The type of cache server used for Seafile. The available options are `redis` and `memcached`. Since Seafile 13, it is recommended to use `redis` as the cache service to support new features, and `memcached` will no longer be integrated into Seafile Docker by default. Default is `redis`
 ### Redis configurations
 This part of configurations is only valid in `CACHE_PROVIDER=redis`
 - `REDIS_SERVER`: Redis server host, default is `redis`
 - `REDIS_PORT`: Redis server port, default is `6379`
 - `REDIS_PASSWORD`: Redis server password. You need to uncheck the mark of the `command` part of the `redis` service in `seafile-server.yml` to enable this feature if you are using the integrated Redis server in Seafile Docker.
 ### Redis configurations
 This part of configurations is only valid in `CACHE_PROVIDER=memcached`
 - `MEMCACHED_SERVER`: Memcached server host, default is `memcached`
 - `MEMCACHED_PORT`: Memcached server port, default is `11211`
 ## Seafile-server configurations
 - `JWT_PRIVATE_KEY`: JWT_PRIVATE_KEY, A random string with a length of no less than 32 characters, generate example: `pwgen -s 40 1`
--- a/manual/config/ldap_in_11.0_pro.md
+++ b/manual/config/ldap_in_11.0_pro.md
@ -428,7 +428,7 @@ MULTI_LDAP_1_DEPT_NAME_ATTR = ''
 ### SSO and LDAP users use the same uid
-If you sync users from LDAP to Seafile, when the user login via SSO (ADFS or OAuth), you want Seafile to find the existing account for this user instead of creating a new one, you can set
+If you sync users from LDAP to Seafile, when the user login via SSO (ADFS or OAuth or Shibboleth), you want Seafile to find the existing account for this user instead of creating a new one, you can set
 ```python
 SSO_LDAP_USE_SAME_UID = True
--- a/manual/config/remote_user.md
+++ b/manual/config/remote_user.md
@ -41,7 +41,7 @@ REMOTE_USER_ATTRIBUTE_MAP = {
    "HTTP_ORGANIZATION": 'institution',
    # for user role
-    'HTTP_Shibboleth-affiliation': 'affiliation',
+    'HTTP_SHIBBOLETH_AFFILIATION': 'affiliation',
 }
 # Map affiliation to user role. Though the config name is SHIBBOLETH_AFFILIATION_ROLE_MAP,
--- a/manual/config/seahub_settings_py.md
+++ b/manual/config/seahub_settings_py.md
@ -162,7 +162,9 @@ ENABLE_ENCRYPTED_LIBRARY = True
 # version for encrypted library
 # should only be `2` or `4`.
-# version 3 is insecure (using AES128 encryption) so it's not recommended any more.
+# version 3 is insecure (using AES128 encryption) so it's not supported any more.
 # refer to https://manual.seafile.com/latest/administration/security_features/#how-does-an-encrypted-library-work
 # for the difference between version 2 and 4.
 ENCRYPTED_LIBRARY_VERSION = 2
 # Since version 12, you can choose password hash algorithm for new encrypted libraries.
--- a/manual/config/shibboleth_authentication.md
+++ b/manual/config/shibboleth_authentication.md
@ -224,7 +224,7 @@ SHIBBOLETH_ATTRIBUTE_MAP  = {
    "HTTP_SN": (False, "surname"),
    "HTTP_MAIL": (False, "contact_email"),
    "HTTP_ORGANIZATION": (False, "institution"),
-    "HTTP_Shibboleth-affiliation": (False, "affiliation"),
+    "HTTP_SHIBBOLETH_AFFILIATION": (False, "affiliation"),
 }
 ```
--- a/manual/develop/windows.md
+++ b/manual/develop/windows.md
@ -19,21 +19,9 @@ The following setups are required for building and packaging Sync Client on Wind
    * Qt WebChannel
    * Qt WebEngine
 * Qt VS Tools
-* vcpkg
+* vcpkg (it is recommended to update to the latest version)
    * curl\[openssl\]:x64-windows
    * getopt:x64-windows
    * glib:x64-windows
    * jansson:x64-windows
    * libevent:x64-windows
    * libwebsockets:x64-windows
    * openssl:x64-windows
    * pthreads:x64-windows
    * sqlite3:x64-windows
    * zlib:x64-windows
    * argon2:x64-windows
-            # Example of the install command:
+    Note: Dependencies will be automatically downloaded and compiled when building VS projects.
            $ ./vcpkg.exe install curl[core,openssl]:x64-windows
 * Python 3.7
 * [wix](https://github.com/wixtoolset/wix3/releases/tag/wix3111rtm)
--- a/manual/extension/fuse.md
+++ b/manual/extension/fuse.md
@ -25,7 +25,11 @@ Add the following content
    ...
    volumes:
      ...
-      - /opt/seafile-fuse: /seafile-fuse
+      - type: bind
        source: /opt/seafile-fuse
        target: /seafile-fuse
        bind:
          propagation: rshared
    privileged: true
    cap_add:
      - SYS_ADMIN
--- a/manual/extension/setup_seadoc.md
+++ b/manual/extension/setup_seadoc.md
@ -69,8 +69,8 @@ If you deploy Seafile in a cluster or if you deploy Seafile with binary package,
 1. Download and modify the `.env` and `seadoc.yml` files to directory `/opt/seadoc`
    ```sh
-    wget https://manual.seafile.com/13.0/repo/docker/seadoc/1.0/standalone/seadoc.yml
+    wget https://manual.seafile.com/13.0/repo/docker/seadoc/seadoc.yml
-    wget -O .env https://manual.seafile.com/13.0/repo/docker/seadoc/1.0/standalone/env
+    wget -O .env https://manual.seafile.com/13.0/repo/docker/seadoc/env
    ```
 2. Then modify the `.env` file according to your environment. The following fields are needed to be modified:
--- a/manual/repo/docker/ce/env
+++ b/manual/repo/docker/ce/env
@ -1,37 +1,56 @@
 COMPOSE_FILE='seafile-server.yml,caddy.yml,seadoc.yml'
 COMPOSE_PATH_SEPARATOR=','
 # Seafile & Basic services
-SEAFILE_IMAGE=seafileltd/seafile-mc:12.0-latest
+## Images
 SEAFILE_IMAGE=seafileltd/seafile-mc:13.0-latest
 SEAFILE_DB_IMAGE=mariadb:10.11
-SEAFILE_MEMCACHED_IMAGE=memcached:1.6.29
+SEAFILE_REDIS_IMAGE=redis
 SEAFILE_CADDY_IMAGE=lucaslorentz/caddy-docker-proxy:2.9-alpine
 ## Persistent Storage
 SEAFILE_VOLUME=/opt/seafile-data
 SEAFILE_MYSQL_VOLUME=/opt/seafile-mysql/db
 SEAFILE_CADDY_VOLUME=/opt/seafile-caddy
 ## Database
 SEAFILE_MYSQL_DB_HOST=db
 INIT_SEAFILE_MYSQL_ROOT_PASSWORD=ROOT_PASSWORD
 SEAFILE_MYSQL_DB_USER=seafile
 SEAFILE_MYSQL_DB_PASSWORD=PASSWORD
-TIME_ZONE=Etc/UTC
+## Cache
 CACHE_PROVIDER=redis # or memcached
-JWT_PRIVATE_KEY=
+### Redis
 REDIS_SERVER=redis
 REDIS_PORT=6379
 REDIS_PASSWORD=
 ### Memcached
 MEMCACHED_SERVER=memcached
 MEMCACHED_PORT=11211
 ## Scheme
 SEAFILE_SERVER_HOSTNAME=seafile.example.com
 SEAFILE_SERVER_PROTOCOL=http
 ## Startup parameters
 TIME_ZONE=Etc/UTC
 JWT_PRIVATE_KEY=
 ## Initial variables (can be removed after firstime startup)
 INIT_SEAFILE_ADMIN_EMAIL=me@example.com
 INIT_SEAFILE_ADMIN_PASSWORD=asecret
-
+# Extension
 ## SeaDoc service
 ENABLE_SEADOC=true
 SEADOC_IMAGE=seafileltd/sdoc-server:1.0-latest
 SEADOC_VOLUME=/opt/seadoc-data
-ENABLE_SEADOC=true
+## Notification server
 NOTIFICATION_SERVER_IMAGE=seafileltd/notification-server:12.0-latest
 NOTIFICATION_SERVER_VOLUME=/opt/notification-data
--- a/manual/repo/docker/ce/seafile-server.yml
+++ b/manual/repo/docker/ce/seafile-server.yml
@ -24,15 +24,18 @@ services:
      timeout: 5s
      retries: 10
-  memcached:
+  redis:
-    image: ${SEAFILE_MEMCACHED_IMAGE:-memcached:1.6.29}
+    image: ${SEAFILE_REDIS_IMAGE:-redis}
-    container_name: seafile-memcached
+    container_name: seafile-redis
-    entrypoint: memcached -m 256
+    #command:
    #  - /bin/sh
    #  - -c
    #  - redis-server --requirepass "$${REDIS_PASSWORD:?Variable is not set or empty}"
    networks:
      - seafile-net
  seafile:
-    image: ${SEAFILE_IMAGE:-seafileltd/seafile-mc:12.0-latest}
+    image: ${SEAFILE_IMAGE:-seafileltd/seafile-mc:13.0-latest}
    container_name: seafile
    # ports:
    #   - "80:80"
@ -58,13 +61,19 @@ services:
      - SEAFILE_LOG_TO_STDOUT=${SEAFILE_LOG_TO_STDOUT:-false}
      - ENABLE_SEADOC=${ENABLE_SEADOC:-true}
      - SEADOC_SERVER_URL=${SEAFILE_SERVER_PROTOCOL:-http}://${SEAFILE_SERVER_HOSTNAME:?Variable is not set or empty}/sdoc-server
      - CACHE_PROVIDER=${CACHE_PROVIDER:-redis}
      - REDIS_SERVER=${REDIS_SERVER:-redis}
      - REDIS_PORT=${REDIS_PORT:-6379}
      - REDIS_PASSWORD=${REDIS_PASSWORD:-}
      - MEMCACHED_SERVER=${MEMCACHED_SERVER:-memcache}
      - MEMCACHED_PORT=${MEMCACHED_PORT:-11211}
    labels:
      caddy: ${SEAFILE_SERVER_PROTOCOL:-http}://${SEAFILE_SERVER_HOSTNAME:?Variable is not set or empty}
      caddy.reverse_proxy: "{{upstreams 80}}"
    depends_on:
      db:
        condition: service_healthy
-      memcached:
+      redis:
        condition: service_started
    networks:
      - seafile-net
--- a/manual/repo/docker/cluster/env
+++ b/manual/repo/docker/cluster/env
@ -1,6 +1,6 @@
 COMPOSE_FILE='seafile-server.yml'
 COMPOSE_PATH_SEPARATOR=','
-SEAFILE_IMAGE=seafileltd/seafile-pro-mc:12.0-latest
+SEAFILE_IMAGE=seafileltd/seafile-pro-mc:13.0-latest
 SEAFILE_VOLUME=/opt/seafile/shared
 SEAFILE_SERVER_HOSTNAME=seafile.example.com
 SEAFILE_SERVER_PROTOCOL=http
--- a/manual/repo/docker/cluster/seafile-server.yml
+++ b/manual/repo/docker/cluster/seafile-server.yml
@ -1,6 +1,6 @@
 services:
  seafile:
-    image: ${SEAFILE_IMAGE:-seafileltd/seafile-pro-mc:12.0-latest}
+    image: ${SEAFILE_IMAGE:-seafileltd/seafile-pro-mc:13.0-latest}
    container_name: seafile
    ports:
      - 80:80
--- a/manual/repo/docker/pro/env
+++ b/manual/repo/docker/pro/env
@ -4,9 +4,9 @@ COMPOSE_PATH_SEPARATOR=','
 # Seafile & Basic services
 ## Images
-SEAFILE_IMAGE=seafileltd/seafile-pro-mc:12.0-latest
+SEAFILE_IMAGE=seafileltd/seafile-pro-mc:13.0-latest
 SEAFILE_DB_IMAGE=mariadb:10.11
-SEAFILE_MEMCACHED_IMAGE=memcached:1.6.29
+SEAFILE_REDIS_IMAGE=redis
 SEAFILE_ELASTICSEARCH_IMAGE=elasticsearch:8.15.0
 SEAFILE_CADDY_IMAGE=lucaslorentz/caddy-docker-proxy:2.9-alpine
@ -21,6 +21,18 @@ SEAFILE_MYSQL_DB_HOST=db
 SEAFILE_MYSQL_DB_USER=seafile
 SEAFILE_MYSQL_DB_PASSWORD=PASSWORD
 ## Cache
 CACHE_PROVIDER=redis # or memcached
 ### Redis
 REDIS_SERVER=redis
 REDIS_PORT=6379
 REDIS_PASSWORD=
 ### Memcached
 MEMCACHED_SERVER=memcached
 MEMCACHED_PORT=11211
 ## Scheme
 SEAFILE_SERVER_HOSTNAME=seafile.example.com
 SEAFILE_SERVER_PROTOCOL=http
@ -50,29 +62,31 @@ INIT_S3_AWS_REGION=us-east-1
 INIT_S3_HOST=s3.us-east-1.amazonaws.com
 INIT_S3_USE_HTTPS=true
-# SeaDoc service
+
 # Extension
 ## SeaDoc service
 ENABLE_SEADOC=true
 SEADOC_IMAGE=seafileltd/sdoc-server:1.0-latest
 SEADOC_VOLUME=/opt/seadoc-data
-# Notification server
+## Notification server
 NOTIFICATION_SERVER_IMAGE=seafileltd/notification-server:12.0-latest
 NOTIFICATION_SERVER_VOLUME=/opt/notification-data
-# SeaSearch
+## SeaSearch
-## Image
+### Image
 #SEASEARCH_IMAGE=seafileltd/seasearch-nomkl:latest # Apple's Chip
 SEASEARCH_IMAGE=seafileltd/seasearch:latest
-## Storage
+### Storage
 SS_STORAGE_TYPE=disk # disk (local storage), s3, oss
-### Local storage mode
+#### Local storage mode
 SS_DATA_PATH=/opt/seasearch-data # Persistent storage path
 SS_MAX_OBJ_CACHE_SIZE=10GB
-### S3 mode
+#### S3 mode
 SS_S3_USE_V4_SIGNATURE=false
 SS_S3_ACCESS_ID=<your access id>
 SS_S3_ACCESS_SECRET=<your access secret>
@ -83,11 +97,11 @@ SS_S3_PATH_STYLE_REQUEST=true
 SS_S3_AWS_REGION=us-east-1
 SS_S3_SSE_C_KEY=<your SSE-C key>
-## Log
+### Log
 SS_LOG_TO_STDOUT=false
 SS_LOG_OUTPUT=true
 SS_LOG_LEVEL=info
-## Initial variables (can be removed after firstime startup SeaSearch service)
+### Initial variables (can be removed after firstime startup SeaSearch service)
 INIT_SS_ADMIN_USER=<admin-username>
 INIT_SS_ADMIN_PASSWORD=<admin-password>
--- a/manual/repo/docker/pro/seafile-server.yml
+++ b/manual/repo/docker/pro/seafile-server.yml
@ -24,15 +24,18 @@ services:
      timeout: 5s
      retries: 10
-  memcached:
+  redis:
-    image: ${SEAFILE_MEMCACHED_IMAGE:-memcached:1.6.29}
+    image: ${SEAFILE_REDIS_IMAGE:-redis}
-    container_name: seafile-memcached
+    container_name: seafile-redis
-    entrypoint: memcached -m 256
+    #command:
    #  - /bin/sh
    #  - -c
    #  - redis-server --requirepass "$${REDIS_PASSWORD:?Variable is not set or empty}"
    networks:
      - seafile-net
  seafile:
-    image: ${SEAFILE_IMAGE:-seafileltd/seafile-pro-mc:12.0-latest}
+    image: ${SEAFILE_IMAGE:-seafileltd/seafile-pro-mc:13.0-latest}
    container_name: seafile
    # ports:
    #   - "80:80"
@ -58,6 +61,12 @@ services:
      - SEAFILE_LOG_TO_STDOUT=${SEAFILE_LOG_TO_STDOUT:-false}
      - ENABLE_SEADOC=${ENABLE_SEADOC:-true}
      - SEADOC_SERVER_URL=${SEAFILE_SERVER_PROTOCOL:-http}://${SEAFILE_SERVER_HOSTNAME:?Variable is not set or empty}/sdoc-server
      - CACHE_PROVIDER=${CACHE_PROVIDER:-redis}
      - REDIS_SERVER=${REDIS_SERVER:-redis}
      - REDIS_PORT=${REDIS_PORT:-6379}
      - REDIS_PASSWORD=${REDIS_PASSWORD:-}
      - MEMCACHED_SERVER=${MEMCACHED_SERVER:-memcache}
      - MEMCACHED_PORT=${MEMCACHED_PORT:-11211}
      - INIT_S3_STORAGE_BACKEND_CONFIG=${INIT_S3_STORAGE_BACKEND_CONFIG:-false}
      - INIT_S3_COMMIT_BUCKET=${INIT_S3_COMMIT_BUCKET:-}
      - INIT_S3_FS_BUCKET=${INIT_S3_FS_BUCKET:-}
@ -74,7 +83,7 @@ services:
    depends_on:
      db:
        condition: service_healthy
-      memcached:
+      redis:
        condition: service_started
      elasticsearch:
        condition: service_started
--- a/manual/repo/docker/pro/seasearch.yml
+++ b/manual/repo/docker/pro/seasearch.yml
@ -5,45 +5,38 @@ services:
    volumes:  
      - ${SS_DATA_PATH:-/opt/seasearch-data}:/opt/seasearch/data  
    environment: 
-      - ZINC_FIRST_ADMIN_USER=${INIT_SS_ADMIN_USER:-}
+      - SS_FIRST_ADMIN_USER=${INIT_SS_ADMIN_USER:-}
-      - ZINC_FIRST_ADMIN_PASSWORD=${INIT_SS_ADMIN_PASSWORD:-}
+      - SS_FIRST_ADMIN_PASSWORD=${INIT_SS_ADMIN_PASSWORD:-}
-      - GIN_MODE=${GIN_MODE:-release}
+      - SS_STORAGE_TYPE=${SS_STORAGE_TYPE:-}
-      - ZINC_WAL_ENABLE=${SS_WAL_ENABLE:-true}
+      - SS_MAX_OBJ_CACHE_SIZE=${SS_MAX_OBJ_CACHE_SIZE:-10GB}
-      - ZINC_STORAGE_TYPE=${SS_STORAGE_TYPE:-}
+      - SS_S3_ACCESS_ID=${SS_S3_ACCESS_ID:-}
-      - ZINC_SHARD_NUM=${SS_SHARD_NUM:-}
+      - SS_S3_USE_V4_SIGNATURE=${SS_S3_USE_V4_SIGNATURE:-false}
-      - ZINC_MAX_OBJ_CACHE_SIZE=${SS_MAX_OBJ_CACHE_SIZE:-10GB}
+      - SS_S3_ACCESS_SECRET=${SS_S3_ACCESS_SECRET:-}
-      - ZINC_S3_ACCESS_ID=${SS_S3_ACCESS_ID:-}
+      - SS_S3_ENDPOINT=${SS_S3_ENDPOINT:-s3.us-east-1.amazonaws.com`}
-      - ZINC_S3_USE_V4_SIGNATURE=${SS_S3_USE_V4_SIGNATURE:-false}
+      - SS_S3_BUCKET=${SS_S3_BUCKET:-}
-      - ZINC_S3_ACCESS_SECRET=${SS_S3_ACCESS_SECRET:-}
+      - SS_S3_USE_HTTPS=${SS_S3_USE_HTTPS:-true}
-      - ZINC_S3_ENDPOINT=${SS_S3_ENDPOINT:-s3.us-east-1.amazonaws.com`}
+      - SS_S3_PATH_STYLE_REQUEST=${SS_S3_PATH_STYLE_REQUEST:-true}
-      - ZINC_S3_BUCKET=${SS_S3_BUCKET:-}
+      - SS_S3_AWS_REGION=${SS_S3_AWS_REGION:-us-east-1}
-      - ZINC_S3_USE_HTTPS=${SS_S3_USE_HTTPS:-true}
+      - SS_S3_SSE_C_KEY=${SS_S3_SSE_C_KEY:-}
      - ZINC_S3_PATH_STYLE_REQUEST=${SS_S3_PATH_STYLE_REQUEST:-true}
      - ZINC_S3_AWS_REGION=${SS_S3_AWS_REGION:-us-east-1}
      - ZINC_S3_SSE_C_KEY=${SS_S3_SSE_C_KEY:-}
      - ZINC_SERVER_MODE=${SS_SERVER_MODE:-}
      - ZINC_CLUSTER_ID=${SS_CLUSTER_ID:-}
      - ZINC_ETCD_USERNAME=${SS_ETCD_USERNAME:-}
      - ZINC_ETCD_PASSWORD=${SS_ETCD_PASSWORD:-}
      - ZINC_CLUSTER_PROXY_LOG_DIR=${SS_CLUSTER_PROXY_LOG_DIR:-/opt/seasearch/data/log}
      - ZINC_CLUSTER_PROXY_HOST=${SS_CLUSTER_PROXY_HOST:-0.0.0.0}
      - ZINC_CLUSTER_PROXY_PORT=${SS_CLUSTER_PROXY_PORT:-4082}
      - ZINC_ETCD_ENDPOINTS=${SS_ETCD_ENDPOINTS:-127.0.0.1:2379}
      - ZINC_ETCD_PREFIX=${SS_ETCD_PREFIX:-/zinc}
      - ZINC_MAX_DOCUMENT_SIZE=${SS_MAX_DOCUMENT_SIZE:-1m}
      - ZINC_CLUSTER_MANAGER_ADDR=${SS_CLUSTER_MANAGER_ADDR:-127.0.0.1:4081}
      - ZINC_CLUSTER_MANAGER_LOG_DIR=${SS_CLUSTER_MANAGER_LOG_DIR:-/opt/seasearch/data/log}
      - ZINC_CLUSTER_MANAGER_HOST=${SS_CLUSTER_MANAGER_HOST:-0.0.0.0}
      - ZINC_CLUSTER_MANAGER_PORT=${SS_CLUSTER_MANAGER_PORT:-4081}
      - ZINC_CLUSTER_MANAGER_ETCD_ENDPOINTS=${SS_CLUSTER_MANAGER_ETCD_ENDPOINTS:-127.0.0.1:2379}
      - ZINC_CLUSTER_MANAGER_ETCD_PREFIX=${SS_CLUSTER_MANAGER_ETCD_PREFIX:-/zinc}
      - SS_LOG_TO_STDOUT=${SS_LOG_TO_STDOUT:-false}
-      - ZINC_LOG_OUTPUT=${SS_LOG_OUTPUT:-true}
+      - SS_LOG_DIR=${SS_LOG_DIR:-/opt/seasearch/data/log}
-      - ZINC_LOG_DIR=${SS_LOG_DIR:-/opt/seasearch/data/log}
+      - SS_LOG_LEVEL=${SS_LOG_LEVEL:-info}
-      - ZINC_LOG_LEVEL=${SS_LOG_LEVEL:-info}
+      # SeaSeasrch Proxy
-      - ZINC_PLUGIN_GSE_ENABLE = ${SS_PLUGIN_GSE_ENABLE:-false}
+      - SEAFILE_LOG_TO_STDOUT=${SEAFILE_LOG_TO_STDOUT:-false}
-      - ZINC_PLUGIN_GSE_DICT_EMBED = ${SS_PLUGIN_GSE_DICT_EMBED:-}
+      - SEATABLE_LOG_TO_STDOUT=${SEATABLE_LOG_TO_STDOUT:-false}
-      - ZINC_PLUGIN_GSE_DICT_PATH = ${SS_PLUGIN_GSE_DICT_PATH:-}
+      # for cluster
      - SS_SERVER_MODE=${SS_SERVER_MODE:-}
      - SS_CLUSTER_ID=${SS_CLUSTER_ID:-}
      - SS_CLUSTER_PROXY_HOST=${SS_CLUSTER_PROXY_HOST:-0.0.0.0}
      - SS_CLUSTER_PROXY_PORT=${SS_CLUSTER_PROXY_PORT:-4082}
      - SS_CLUSTER_MANAGER_ADDR=${SS_CLUSTER_MANAGER_ADDR:-127.0.0.1:4081}
      - SS_ETCD_USERNAME=${SS_ETCD_USERNAME:-}
      - SS_ETCD_PASSWORD=${SS_ETCD_PASSWORD:-}
      - SS_ETCD_ENDPOINTS=${SS_ETCD_ENDPOINTS:-127.0.0.1:2379}
      - SS_ETCD_PREFIX=${SS_ETCD_PREFIX:-/zinc}
      - SS_CLUSTER_PROXY_LOG_DIR=${SS_CLUSTER_PROXY_LOG_DIR:--/opt/seasearch/data/log}
      - SS_CLUSTER_MANAGER_HOST=${SS_CLUSTER_MANAGER_HOST:-0.0.0.0}
      - SS_CLUSTER_MANAGER_PORT=${SS_CLUSTER_MANAGER_PORT:-4081}
    networks:
      - seafile-net
--- a/manual/repo/docker/seadoc/0.8/docker-compose.yml
+++ b/manual/repo/docker/seadoc/0.8/docker-compose.yml
@ -1,22 +0,0 @@
 services:
  sdoc-server:
    image: seafileltd/sdoc-server:latest
    container_name: sdoc-server
    ports:
      - 80:80
      # - 443:443
      # - 7070:7070
      # - 8888:8888
    volumes:
      - /opt/seadoc-data/:/shared
    environment:
      - DB_HOST=192.168.0.2
      - DB_PORT=3306
      - DB_USER=user
      - DB_PASSWD=password # Required, password of MySQL service.
      - DB_NAME=sdoc_db      
      - TIME_ZONE=Etc/UTC # Optional, default is UTC. Should be uncomment and set to your local time zone.
      - SDOC_SERVER_LETSENCRYPT=false # Whether to use https or not.
      - SDOC_SERVER_HOSTNAME=sdoc-server.example.com # Specifies your host name if https is enabled.
      - SEAHUB_SERVICE_URL=http://seafile.example.com
--- a/manual/repo/docker/seadoc/1.0/standalone/env
+++ b/manual/repo/docker/seadoc/1.0/standalone/env
--- a/manual/repo/docker/seadoc/1.0/standalone/seadoc.yml
+++ b/manual/repo/docker/seadoc/1.0/standalone/seadoc.yml
--- a/manual/repo/k8s/ce/seafile-deployment.yaml
+++ b/manual/repo/k8s/ce/seafile-deployment.yaml
@ -14,7 +14,7 @@ spec:
    spec:
      containers:
        - name: seafile
-          image: seafileltd/seafile-pro-mc:12.0-latest
+          image: seafileltd/seafile-pro-mc:13.0-latest
          env:
            - name: SEAFILE_SERVER_HOSTNAME
              valueFrom:
@ -86,6 +86,36 @@ spec:
                configMapKeyRef:
                  name: seafile-env
                  key: INIT_SEAFILE_ADMIN_EMAIL
            - name: CACHE_PROVIDER
              valueFrom:
                configMapKeyRef:
                  name: seafile-env
                  key: CACHE_PROVIDER
            - name: REDIS_SERVER
              valueFrom:
                configMapKeyRef:
                  name: seafile-env
                  key: REDIS_SERVER
            - name: REDIS_PORT
              valueFrom:
                configMapKeyRef:
                  name: seafile-env
                  key: REDIS_PORT
            - name: REDIS_PASSWORD
              valueFrom:
                configMapKeyRef:
                  name: seafile-env
                  key: REDIS_PASSWORD
            - name: MEMCACHED_SERVER
              valueFrom:
                configMapKeyRef:
                  name: seafile-env
                  key: MEMCACHED_SERVER
            - name: MEMCACHED_PORT
              valueFrom:
                configMapKeyRef:
                  name: seafile-env
                  key: MEMCACHED_PORT
            - name: JWT_PRIVATE_KEY
              valueFrom:
                secretKeyRef:
--- a/manual/repo/k8s/ce/seafile-env.yaml
+++ b/manual/repo/k8s/ce/seafile-env.yaml
@ -21,6 +21,18 @@ data:
  SEAFILE_MYSQL_DB_SEAFILE_DB_NAME: "seafile_db"
  SEAFILE_MYSQL_DB_SEAHUB_DB_NAME: "seahub_db"
  # for cached
  CACHE_PROVIDER: "redis" # or "memcached"
  ## for redis
  REDIS_SERVER: "<your redis host>"
  REDIS_PORT: "6379"
  REDIS_PASSWORD: ""
  ## for memcached
  MEMCACHED_SERVER: "<your memcached host>"
  MEMCACHED_PORT: "11211"
  # Init
  ## for Seafile admin
  INIT_SEAFILE_ADMIN_EMAIL: "<Seafile admin's email>"
--- a/manual/repo/k8s/cluster/seafile-backend-deployment.yaml
+++ b/manual/repo/k8s/cluster/seafile-backend-deployment.yaml
@ -21,7 +21,7 @@ spec:
            mountPath: /shared
      containers:
        - name: seafile-backend
-          image: seafileltd/seafile-pro-mc:12.0-latest
+          image: seafileltd/seafile-pro-mc:13.0-latest
          env:
            - name: CLUSTER_SERVER
              value: "true"
--- a/manual/repo/k8s/cluster/seafile-frontend-deployment.yaml
+++ b/manual/repo/k8s/cluster/seafile-frontend-deployment.yaml
@ -21,7 +21,7 @@ spec:
            mountPath: /shared
      containers:
        - name: seafile-frontend
-          image: seafileltd/seafile-pro-mc:12.0-latest
+          image: seafileltd/seafile-pro-mc:13.0-latest
          env:
            - name: CLUSTER_SERVER
              value: "true"
--- a/manual/repo/k8s/pro/seafile-deployment.yaml
+++ b/manual/repo/k8s/pro/seafile-deployment.yaml
@ -131,6 +131,36 @@ spec:
                configMapKeyRef:
                  name: seafile-env
                  key: INIT_SEAFILE_ADMIN_EMAIL
            - name: CACHE_PROVIDER
              valueFrom:
                configMapKeyRef:
                  name: seafile-env
                  key: CACHE_PROVIDER
            - name: REDIS_SERVER
              valueFrom:
                configMapKeyRef:
                  name: seafile-env
                  key: REDIS_SERVER
            - name: REDIS_PORT
              valueFrom:
                configMapKeyRef:
                  name: seafile-env
                  key: REDIS_PORT
            - name: REDIS_PASSWORD
              valueFrom:
                configMapKeyRef:
                  name: seafile-env
                  key: REDIS_PASSWORD
            - name: MEMCACHED_SERVER
              valueFrom:
                configMapKeyRef:
                  name: seafile-env
                  key: MEMCACHED_SERVER
            - name: MEMCACHED_PORT
              valueFrom:
                configMapKeyRef:
                  name: seafile-env
                  key: MEMCACHED_PORT
            - name: JWT_PRIVATE_KEY
              valueFrom:
                secretKeyRef:
--- a/manual/repo/k8s/pro/seafile-env.yaml
+++ b/manual/repo/k8s/pro/seafile-env.yaml
@ -21,6 +21,18 @@ data:
  SEAFILE_MYSQL_DB_SEAFILE_DB_NAME: "seafile_db"
  SEAFILE_MYSQL_DB_SEAHUB_DB_NAME: "seahub_db"
  # for cached
  CACHE_PROVIDER: "redis" # or "memcached"
  ## for redis
  REDIS_SERVER: "<your redis host>"
  REDIS_PORT: "6379"
  REDIS_PASSWORD: ""
  ## for memcached
  MEMCACHED_SERVER: "<your memcached host>"
  MEMCACHED_PORT: "11211"
  # Init
  ## for Seafile admin
  INIT_SEAFILE_ADMIN_EMAIL: "<Seafile admin's email>"
--- a/manual/setup/caddy.md
+++ b/manual/setup/caddy.md
@ -11,3 +11,9 @@ To engage HTTPS, users only needs to correctly configure the following fields in
 SEAFILE_SERVER_PROTOCOL=https
 SEAFILE_SERVER_HOSTNAME=example.com
 ```
 After Seafile Docker startup, you can use following command to access the logs of *Caddy*
 ```sh
 docker logs seafile-caddy -f
 ```
--- a/manual/setup/cluster_deploy_with_docker.md
+++ b/manual/setup/cluster_deploy_with_docker.md
@ -52,7 +52,7 @@ Please refer [here](./system_requirements.md#seafile-cluster) for the details ab
        Since v12.0, Seafile PE versions are hosted on DockerHub and does not require username and password to download.
    ```bash
-    docker pull seafileltd/seafile-pro-mc:12.0-latest
+    docker pull seafileltd/seafile-pro-mc:13.0-latest
    ```
 3. Download the `seafile-server.yml` and `.env`
--- a/manual/setup/migrate_ce_to_pro_with_docker.md
+++ b/manual/setup/migrate_ce_to_pro_with_docker.md
@ -2,13 +2,14 @@
 ## Preparation
-1. Make sure you are running a Seafile Community edition that match the latest version of pro edition. For example, if the latest pro edition is version 12.0, you should first upgrade the community edition to version 12.0.
+1. Make sure you are running a Seafile Community edition that match the latest version of pro edition. For example, if the latest pro edition is version 13.0, you should first upgrade the community edition to version 13.0.
 2. Purchase Seafile Professional license file.
 3. Download the `.env` and `seafile-server.yml` of Seafile Pro.
 ```sh
 wget -O .env https://manual.seafile.com/13.0/repo/docker/pro/env
 wget https://manual.seafile.com/13.0/repo/docker/pro/seafile-server.yml
 wget https://manual.seafile.com/13.0/repo/docker/pro/elasticsearch.yml
 ```
 ## Migrate
@ -33,7 +34,7 @@ Modify `.env` based on the old configurations from the old `.env` file. The foll
 | Variable                        | Description                                                                                                   | Default Value                   | 
 | ------------------------------- | ------------------------------------------------------------------------------------------------------------- | ------------------------------- |  
-| `SEAFILE_IMAGE`                | The Seafile pro docker image, which the tag must be **equal to or newer than** the old Seafile CE docker tag                                                                       | `seafileltd/seafile-pro-mc:12.0-latest`             |
+| `SEAFILE_IMAGE`                | The Seafile pro docker image, which the tag must be **equal to or newer than** the old Seafile CE docker tag                                                                       | `seafileltd/seafile-pro-mc:13.0-latest`             |
 | `SEAFILE_ELASTICSEARCH_VOLUME`  | The volume directory of Elasticsearch data | `/opt/seafile-elasticsearch/data` |
 For other fileds (e.g., `SEAFILE_VOLUME`, `SEAFILE_MYSQL_VOLUME`, `SEAFILE_MYSQL_DB_USER`, `SEAFILE_MYSQL_DB_PASSWORD`), **must be consistent** with the old configurations.
--- a/manual/setup/migrate_non_docker_to_docker.md
+++ b/manual/setup/migrate_non_docker_to_docker.md
@ -1,24 +1,26 @@
 # Migrate from non-docker Seafile deployment to docker
-!!! note "For Seafile cluster"
+!!! note
-    This document is writting to about the single node, you have to do the following opeartions (except migtating database) in **all nodes**
+    - This document is written to about the single node, you have to do the following opeartions (except migtating database) in **all nodes** if you are using *Seafile Cluster*
    - Normally, we only recommend that you perform the migration operation **on two different machines** according to the solution in this document. If you decide to perform the operation on the same machine, **please pay attention to the corresponding tips in the document**.
-The recommended steps to migrate from non-docker deployment to docker deployment are:
+The recommended steps to migrate from non-docker deployment to docker deployment on two different machines are:
-1. Shutdown Seafile and native Nginx, Memcached
+1. Upgrade your Seafile server to the latest version.
-2. Backup Seafile data (database also neet to backup if you are not use an existed MySQL database to deploy non-Docker version Seafile)
+2. Shutdown the Seafile, Nginx and Memcached according to your situations.
-3. Create the directory needed for Seafile Docker image to run, and recover the data. (If you are use an existed MySQL database to deploy non-Docker version Seafile, the data from database also need to recover)
+3. Backup MySQL databse and Seafile libraries data.
-4. Download the `.yml` files and `.env`. 
+4. Deploy the Seafile Docker in the new machine.
-5. Start Seafile Docker
+5. Recover the Seafile libraries and MySQL database in the new machine.
 6. Start Seafile Docker and shutdown the old MySQL (or Mariadb) according to your situations.
-## Before Migration
+## Upgrade your Seafile server
-Upgrade the version of the binary package to [latest version](../upgrade/upgrade_notes_for_12.0.x.md), and ensure that the system is running normally. 
+You have to upgrade the version of the binary package to [latest version](../upgrade/upgrade_notes_for_12.0.x.md) before the migration, and ensure that the system is running normally. 
 !!! tip
    If you running a very old version of Seafile, you can following the [FAQ item](https://cloud.seatable.io/dtable/external-links/7b976c85f504491cbe8e/?tid=0000&vid=0000&row-id=VYQI9DJfRmCv5NggcX4f0Q) to migrate to the latest version
-## Stop Services
+## Stop basic Services (except MySQL)
 ### Stop Seafile server
 Run the following commands in `/opt/seafile/seafile-server-latest`:
@ -39,7 +41,7 @@ su seafile
 ./seahub.sh stop
 ```
-### Stop Nginx, cached server (e.g., *Memcached*), ElasticSearch
+### Stop Nginx, cache server (e.g., *Memcached*), ElasticSearch
 You have to stop the above services to avoid losing data before migrating.
@ -49,73 +51,50 @@ systemctl stop memcached &&  systemctl disable memcached
 docker stop es && docker remove es
 ```
-If you are not using an existed MySQL, you have to shutdown MySQL service too. 
+## Backup MySQL database and Seafile server
 ## Backup Seafile
 Please follow [here](../administration/backup_recovery.md#backup-and-restore-for-binary-package-based-deployment) to backup:
- Backing up Databases (only if you are not using an existed database to deploy non-Docker version Seafile)
+- Backing up MySQL databases
 - Backing up Seafile library data
 ## Download the docker-compose files
-You have to download the latest docker-compose files (i.e., series of `.yml` and its configuration file `.env`) in order to startup the relative services:
+## Deploy the Seafile Docker
-=== "Seafile CE"
+You can follow [here](./overview.md#single-node-deployment) to deploy Seafile with Docker, please use your old configurations when modifying `.env`, and make sure the Seafile server is running normally after deployment.
-    ```sh
+!!! note "Use *external MySQL service* or the *old MySQL service*"
-    wget -O .env https://manual.seafile.com/13.0/repo/docker/ce/env
+    This document is written to migrate from non-Docker version to Docker version Seafile between two different machines. We suggest using the Docker-compose *Mariadb* service (version 10.11 by default) as the database service in after-migration Seafile. If you would like to use an existed MySQL service, always in which situation you try to do migrate operation on the same host or the old MySQL service is the dependency of other services, you have to follow [here](./setup_with_an_existing_mysql_server.md) to deploy Seafile.
    wget https://manual.seafile.com/13.0/repo/docker/ce/seafile-server.yml
    wget https://manual.seafile.com/13.0/repo/docker/caddy.yml
    ```
-=== "Seafile Pro"
+## Recovery libraries data for Seafile Docker
-    ```sh
+Firstly, you should stop the Seafile server before recovering Seafile libraries data:
    wget -O .env https://manual.seafile.com/13.0/repo/docker/pro/env
    wget https://manual.seafile.com/13.0/repo/docker/pro/seafile-server.yml
    wget https://manual.seafile.com/13.0/repo/docker/caddy.yml
    ```
 Then modify the `.env` according to your configurations.
 !!! warning "Important"
    **Do not** use the `.env` in the non-Docker Seafile server as the `.env` in Docker-base Seafile server directly, which misses some key variables in running Docker-base Seafile. Otherwise the Seafile server may **not work properly**.
 ## Create the directory and recovery data for Seafile Docker
 In Docker-base Seafile, the default working directory for Seafile is `/opt/seafile-data` (you can modify them in the `.env` file). Here, you have to create this directory, and recovery from backuped file:
 ```sh
-mkdir -p /opt/seafile-data/seafile
+docker compose down
 ```
-# recover seafile data
+Then recover the data from backuped file:
 ```sh
 cp /backup/data/* /opt/seafile-data/seafile
 ```
-## Recover the Database (only if not use an existed MySQL)
+## Recover the Database (only for the new MySQL service used in Seafile docker)
-You should start the services Firstly, otherwise you cannot connect to MySQL service (`mariadb` now in docker-compose Seafile):
+1. Start the database service **Only**:
-```sh
+    ```sh
-docker compose up -d
+    docker compose up -d --no-deps db
-```
+    ```
-After startuping the MySQL service, you should create the MySQL user (e.g., `seafile`, defined in your `.env` file) and add related permissions:
+2. Follow [here](../administration/backup_recovery.md#restore-the-databases_1) to recover the database data.
-```
+3. Exit the container and stop the Mariadb service
 ## Note, change the password according to the actual password you use
 GRANT ALL PRIVILEGES ON *.* TO 'seafile'@'%' IDENTIFIED BY 'your-password' WITH GRANT OPTION;
-## Grant seafile user can connect the database from any IP address
+    ```sh
-GRANT ALL PRIVILEGES ON `ccnet_db`.* to 'seafile'@'%';
+    docker compose down
-GRANT ALL PRIVILEGES ON `seafile_db`.* to 'seafile'@'%';
+    ```
 GRANT ALL PRIVILEGES ON `seahub_db`.* to 'seafile'@'%';
 ```
 Then you can follow [here](../administration/backup_recovery.md#restore-the-databases-1) to restore the database data
 ## Restart the services
@ -125,18 +104,4 @@ Finally, the migration is complete. You can restart the Seafile server of Docker
 docker compose up -d
 ```
-!!! success
+By the way, you can shutdown the old MySQL service, if it is not a dependency of other services, .
    After staring the services, you can use `docker logs -f seafile` to follow the logs output from *Seafile* to check the status of the server. When the service is running normally, you will get the following message:
    ```
    Starting seafile server, please wait ...
    Seafile server started
    Done.
    Starting seahub at port 8000 ...
    Seahub is started
    Done.
    ```
--- a/manual/setup/seafile_docker_autostart.md
+++ b/manual/setup/seafile_docker_autostart.md
@ -48,22 +48,22 @@ Add configuration `restart: unless-stopped` for each container in [components of
 ```
 services:
-db:
+  db:
    image: mariadb:10.11
    container_name: seafile-mysql-1
    restart: unless-stopped
-memcached:
+  redis:
-    image: memcached:1.6.18
+    image: redis
-    container_name: seafile-memcached
+    container_name: seafile-redis
    restart: unless-stopped
-elasticsearch:
+  elasticsearch:
    image: elasticsearch:8.6.2
    container_name: seafile-elasticsearch
    restart: unless-stopped
-seafile:
+  seafile:
    image: seafileltd/seafile-pro-mc:12.0-latest
    container_name: seafile
    restart: unless-stopped
--- a/manual/setup/setup_ce_by_docker.md
+++ b/manual/setup/setup_ce_by_docker.md
@ -18,21 +18,41 @@ Use the [official installation guide for your OS to install Docker](https://docs
 ### Download and modify `.env`
-From Seafile Docker 12.0, we use `.env`, `seafile-server.yml`  and `caddy.yml` files for configuration
+To deploy Seafile with Docker, you have to `.env`, `seafile-server.yml`  and `caddy.yml` in a directory (e.g., `/opt/seafile`):
 ```bash
 mkdir /opt/seafile
 cd /opt/seafile
 # Seafile CE 12.0
 wget -O .env https://manual.seafile.com/13.0/repo/docker/ce/env
 wget https://manual.seafile.com/13.0/repo/docker/seadoc.yml
 wget https://manual.seafile.com/13.0/repo/docker/ce/seafile-server.yml
 wget https://manual.seafile.com/13.0/repo/docker/seadoc.yml
 wget https://manual.seafile.com/13.0/repo/docker/caddy.yml
 nano .env
 ```
 !!! note "Redis in Seafile Docker 13.0"
    From Seafile Docker 13, the ***Redis*** takes the default cache server, and has integrated in Seafile Docker 13 and can be configured directly in environment variables (refer the following tables for the details).
    The integrated *Redis* service in Seafile Docker 13 does not have password. If you would like to set password for this service, you should remove the following comment markers in `seafile-server.yml` to make `REDIS_PASSWORD` effective:
    ```yml
    services:
      ...
      redis:
        image: ${SEAFILE_REDIS_IMAGE:-redis}
        container_name: seafile-redis
        # remove the following comment markers
        command:
          - /bin/sh
          - -c
          - redis-server --requirepass "$${REDIS_PASSWORD:?Variable is not set or empty}"
        networks:
        - seafile-net
      ...
    ```
 The following fields merit particular attention:
 | Variable                        | Description                                                                                                   | Default Value                   |  
@ -48,7 +68,13 @@ The following fields merit particular attention:
 | `SEAFILE_MYSQL_DB_SEAHUB_DB_NAME`     | The database name of seahub | `seahub_db`  |
 | `JWT_PRIVATE_KEY`                           | JWT_PRIVATE_KEY, A random string with a length of no less than 32 characters is required for Seafile, which can be generated by using `pwgen -s 40 1` | (required) |  
 | `SEAFILE_SERVER_HOSTNAME`       | Seafile server hostname or domain                                                                  | (required)  |  
-| `SEAFILE_SERVER_PROTOCOL`       | Seafile server protocol (http or https)                                                                       | `http` |  
+| `SEAFILE_SERVER_PROTOCOL`       | Seafile server protocol (http or https)                                                                       | `http` |
 | `CACHE_PROVIDER`       | The type of cache server used for Seafile. The available options are `redis` and `memcached`. Since Seafile 13, it is recommended to use `redis` as the cache service to support new features, and `memcached` will no longer be integrated into Seafile Docker by default.    | `redis` |
 | `REDIS_SERVER`       | Redis server host | `redis` |
 | `REDIS_PORT`       | Redis server port | `6379` |
 | `REDIS_PASSWORD`       | Redis server password | (none) |
 | `MEMCACHED_SERVER`       | Memcached server host | `memcached` |
 | `MEMCACHED_PORT`       | Memcached server port | `11211` |
 | `TIME_ZONE`                     | Time zone                                                                                                     | `UTC`                           |  
 | `INIT_SEAFILE_ADMIN_EMAIL`      | Admin username                                                                                                | `me@example.com` (Recommend modifications) |  
 | `INIT_SEAFILE_ADMIN_PASSWORD`   | Admin password       | `asecret` (Recommend modifications) |
@ -151,14 +177,6 @@ Placeholder spot for shared volumes. You may elect to store certain persistent i
 * /opt/seafile-data/logs: This is the directory for operating system.
    * /opt/seafile-data/logs/var-log: This is the directory that would be mounted as `/var/log` inside the container. `/opt/seafile-data/logs/var-log/nginx` contains the logs of Nginx in the Seafile container.
 !!! tip 
    From Seafile Docker 12.0, we use the ***Caddy*** to do web service proxy. If you would like to access the logs of *Caddy*, you can use following command:
    ```sh
    docker logs seafile-caddy --follow
    ```
 ### Find logs
 To monitor container logs (from outside of the container), please use the following commands:
--- a/manual/setup/setup_pro_by_docker.md
+++ b/manual/setup/setup_pro_by_docker.md
@ -38,15 +38,36 @@ From Seafile Docker 12.0, we use `.env`, `seafile-server.yml`  and `caddy.yml` f
 mkdir /opt/seafile
 cd /opt/seafile
 # Seafile PE 12.0
 wget -O .env https://manual.seafile.com/13.0/repo/docker/pro/env
 wget https://manual.seafile.com/13.0/repo/docker/seadoc.yml
 wget https://manual.seafile.com/13.0/repo/docker/pro/seafile-server.yml
 wget https://manual.seafile.com/13.0/repo/docker/pro/elasticsearch.yml
 wget https://manual.seafile.com/13.0/repo/docker/seadoc.yml
 wget https://manual.seafile.com/13.0/repo/docker/caddy.yml
 nano .env
 ```
 !!! note "Redis in Seafile Docker 13.0"
    From Seafile Docker 13, the ***Redis*** takes the default cache server, and has integrated in Seafile Docker 13 and can be configured directly in environment variables (refer the following tables for the details).
    The integrated *Redis* service in Seafile Docker 13 does not have password. If you would like to set password for this service, you should remove the following comment markers in `seafile-server.yml` to make `REDIS_PASSWORD` effective:
    ```yml
    services:
      ...
      redis:
        image: ${SEAFILE_REDIS_IMAGE:-redis}
        container_name: seafile-redis
        # remove the following comment markers
        command:
          - /bin/sh
          - -c
          - redis-server --requirepass "$${REDIS_PASSWORD:?Variable is not set or empty}"
        networks:
        - seafile-net
      ...
    ```
 The following fields merit particular attention:
 | Variable                        | Description                                                                                                   | Default Value                   |  
@ -64,6 +85,12 @@ The following fields merit particular attention:
 | `JWT_PRIVATE_KEY`                           | JWT_PRIVATE_KEY, A random string with a length of no less than 32 characters is required for Seafile, which can be generated by using `pwgen -s 40 1` | (required) |  
 | `SEAFILE_SERVER_HOSTNAME`       | Seafile server hostname or domain                                                                  | (required)  |  
 | `SEAFILE_SERVER_PROTOCOL`       | Seafile server protocol (http or https)                                                                       | `http` |  
 | `CACHE_PROVIDER`       | The type of cache server used for Seafile. The available options are `redis` and `memcached`. Since Seafile 13, it is recommended to use `redis` as the cache service to support new features, and `memcached` will no longer be integrated into Seafile Docker by default.    | `redis` |
 | `REDIS_SERVER`       | Redis server host | `redis` |
 | `REDIS_PORT`       | Redis server port | `6379` |
 | `REDIS_PASSWORD`       | Redis server password | (none) |
 | `MEMCACHED_SERVER`       | Memcached server host | `memcached` |
 | `MEMCACHED_PORT`       | Memcached server port | `11211` |
 | `TIME_ZONE`                     | Time zone                                                                                                     | `UTC`                           |  
 | `INIT_SEAFILE_ADMIN_EMAIL`      | Synchronously set admin username during initialization | me@example.com |  
 | `INIT_SEAFILE_ADMIN_PASSWORD`   | Synchronously set admin password during initialization | asecret |
--- a/manual/setup/system_requirements.md
+++ b/manual/setup/system_requirements.md
@ -25,7 +25,7 @@ This page shows the minimal requirements of Seafile.
 - **Hard disk requirements**: 10G availables, more than 50G are recommended
 - **Docker-base deployment integration services**:
    - *Seafile*
-    - *Memcached*
+    - *Redis*
    - *Mariadb*
    - *Seadoc*
    - *Caddy*
@ -44,7 +44,7 @@ This page shows the minimal requirements of Seafile.
 - **Hard disk requirements**: More than 50G are recommended
 - **Docker-base deployment integration services**:
    - *Seafile*
-    - *Memcached*
+    - *Redis*
    - *Mariadb*
    - *ElasticSearch*
    - *Seadoc*
--- a/manual/setup/use_other_reverse_proxy.md
+++ b/manual/setup/use_other_reverse_proxy.md
@ -46,47 +46,21 @@ services:
    # ... other services
    seafile:
-    image: ${SEAFILE_IMAGE:-seafileltd/seafile-pro-mc:12.0-latest}
+    image: ${SEAFILE_IMAGE:-seafileltd/seafile-pro-mc:13.0-latest}
    container_name: seafile
    ports:
       - "80:80"
    volumes:
      - ${SEAFILE_VOLUME:-/opt/seafile-data}:/shared
    environment:
-      - DB_HOST=${SEAFILE_MYSQL_DB_HOST:-db}
+      ... # enviroment variables map, donnot make change
-      - DB_PORT=${SEAFILE_MYSQL_DB_PORT:-3306}
+
-      - DB_ROOT_PASSWD=${INIT_SEAFILE_MYSQL_ROOT_PASSWORD:-}
+    # please remove the `label` section
-      - DB_PASSWORD=${SEAFILE_MYSQL_DB_PASSWORD:?Variable is not set or empty}
+    #label: ...  <- remove this section
-      - SEAFILE_MYSQL_DB_CCNET_DB_NAME=${SEAFILE_MYSQL_DB_CCNET_DB_NAME:-ccnet_db}
+
      - SEAFILE_MYSQL_DB_SEAFILE_DB_NAME=${SEAFILE_MYSQL_DB_SEAFILE_DB_NAME:-seafile_db}
      - SEAFILE_MYSQL_DB_SEAHUB_DB_NAME=${SEAFILE_MYSQL_DB_SEAHUB_DB_NAME:-seahub_db}
      - TIME_ZONE=${TIME_ZONE:-Etc/UTC}
      - INIT_SEAFILE_ADMIN_EMAIL=${INIT_SEAFILE_ADMIN_EMAIL:-me@example.com}
      - INIT_SEAFILE_ADMIN_PASSWORD=${INIT_SEAFILE_ADMIN_PASSWORD:-asecret}
      - SEAFILE_SERVER_HOSTNAME=${SEAFILE_SERVER_HOSTNAME:?Variable is not set or empty}
      - SEAFILE_SERVER_PROTOCOL=${SEAFILE_SERVER_PROTOCOL:-http}
      - SITE_ROOT=${SITE_ROOT:-/}
      - NON_ROOT=${NON_ROOT:-false}
      - JWT_PRIVATE_KEY=${JWT_PRIVATE_KEY:?Variable is not set or empty}
      - ENABLE_SEADOC=${ENABLE_SEADOC:-false}
      - SEADOC_SERVER_URL=${SEADOC_SERVER_URL:-http://seafile.example.com/sdoc-server}
      - INIT_S3_STORAGE_BACKEND_CONFIG=${INIT_S3_STORAGE_BACKEND_CONFIG:-false}
      - INIT_S3_COMMIT_BUCKET=${INIT_S3_COMMIT_BUCKET:-}
      - INIT_S3_FS_BUCKET=${INIT_S3_FS_BUCKET:-}
      - INIT_S3_BLOCK_BUCKET=${INIT_S3_BLOCK_BUCKET:-}
      - INIT_S3_KEY_ID=${INIT_S3_KEY_ID:-}
      - INIT_S3_SECRET_KEY=${INIT_S3_SECRET_KEY:-}
      - INIT_S3_USE_V4_SIGNATURE=${INIT_S3_USE_V4_SIGNATURE:-true}
      - INIT_S3_AWS_REGION=${INIT_S3_AWS_REGION:-us-east-1}
      - INIT_S3_HOST=${INIT_S3_HOST:-us-east-1}
      - INIT_S3_USE_HTTPS=${INIT_S3_USE_HTTPS:-true}
    # please remove the label section
    depends_on:
-      - db
+      ... # dependencies, donnot make change
-      - memcached
+    ...
      - elasticsearch
    networks:
      - seafile-net
 # ... other options
 ```
--- a/manual/setup/use_seasearch.md
+++ b/manual/setup/use_seasearch.md
@ -1,7 +1,6 @@
 # Use SeaSearch as search engine (Pro)
-!!! success "New features"
+[SeaSearch](https://seasearch-manual.seafile.com/), a file indexer with more lightweight and efficiency than *Elasticsearch*, is supported from Seafile 12.
    [SeaSearch](https://seasearch-manual.seafile.com/), a file indexer with more lightweight and efficiency than *Elasticsearch*, is supported from Seafile 12.
 !!! note "For Seafile deploy from binary package"
    We currently **only support Docker-based** deployment for SeaSearch Server, so this document describes the configuration with the situation of using Docker to deploy Seafile server. 
@ -43,20 +42,19 @@ INIT_SS_ADMIN_PASSWORD=<admin-password>
 ## Modify `seafile-server.yml` to disable `elasticSearch` service
-If you would like to use *SeaSearch* as the search engine, the `elasticSearch` service can be removed or noted in `seafile-server.yml`, which is no longer used:
+If you would like to use *SeaSearch* as the search engine, the `elasticSearch` service can be removed, which is no longer used:
-```yml
+- `seafile-server.yml`:
-services:
+    ```yml
-  seafile:
+    services:
-    ...
+      seafile:
-    depends_on:
+        ...
-      ...
+        depends_on:
-      #elasticsearch: # remove or note the `elasticsearch` service Dependency
+        ...
-        #condition: service_started
+        #elasticsearch: # remove or note the `elasticsearch` service Dependency
-
+          #condition: service_started
-  #elasticsearch: # remove or note the whole `elasticsearch` section
+    ```
-    #... 
+- `.env`: Remove `elasticsearch.yml` in the list variable `COMPOSE_FILE`
 ```
 ## Modify `seafevents.conf`
--- a/manual/setup_binary/installation_ce.md
+++ b/manual/setup_binary/installation_ce.md
@ -88,7 +88,7 @@ Seafile uses the mysql_native_password plugin for authentication. The versions o
        ```
-   === "Debian 11"
+    === "Debian 11"
        ```sh
        sudo apt-get install -y python3 python3-dev python3-setuptools python3-pip libmysqlclient-dev-compat ldap-utils libldap2-dev libsasl2-dev
--- a/manual/upgrade/upgrade_docker.md
+++ b/manual/upgrade/upgrade_docker.md
@ -7,6 +7,51 @@ For major version upgrade, like from 10.0 to 11.0, see instructions below.
 Please check the **upgrade notes** for any special configuration or changes before/while upgrading.
 ## Upgrade from 12.0 to 13.0
 From Seafile Docker 13.0, the `elasticsearch.yml` has separated from `seafile-server.yml`, and Seafile will support getting cache configuration from environment variables
 1. Stop the services:
    ```sh
    docker compose down
    ```
 2. Backup the original `seafile-server.yml`
    ```sh
    mv seafile-server.yml seafile-server.yml.bak
    ```
 3. Download the new `seafile-server.yml` and `elasticsearch.yml` (if your Seafile is Pro edition and still using *Elasticsearch* as the file indexer):
    === "Seafile community edition"
        ```sh
        wget https://manual.seafile.com/13.0/repo/docker/ce/seafile-server.yml
        ```
    === "Seafile Pro edition"
        ```sh
        wget https://manual.seafile.com/13.0/repo/docker/pro/seafile-server.yml
        wget https://manual.seafile.com/13.0/repo/docker/pro/elasticsearch.yml
        ```
 4. Modify `.env`, add or modify the following fields:
    ```
    ## Cache
    CACHE_PROVIDER=redis # or memcached
    ### Redis
    REDIS_SERVER=redis
    REDIS_PORT=6379
    REDIS_PASSWORD=
    ### Memcached
    MEMCACHED_SERVER=memcached
    MEMCACHED_PORT=11211
    ```
 5. Start with `docker compose up`.
 ## Upgrade from 11.0 to 12.0
 Note: If you have a large number of `Activity` in MySQL, clear this table first [Clean Database](../../administration/clean_database). Otherwise, the database upgrade will take a long time.
@ -26,9 +71,9 @@ Download `.env`, `seafile-server.yml` and `caddy.yml`, and modify `.env` file ac
 === "Seafile community edition"
    ```sh
-    wget -O .env https://manual.seafile.com/13.0/repo/docker/ce/env
+    wget -O .env https://manual.seafile.com/12.0/repo/docker/ce/env
-    wget https://manual.seafile.com/13.0/repo/docker/ce/seafile-server.yml
+    wget https://manual.seafile.com/12.0/repo/docker/ce/seafile-server.yml
-    wget https://manual.seafile.com/13.0/repo/docker/caddy.yml
+    wget https://manual.seafile.com/12.0/repo/docker/caddy.yml
    ```
    The following fields merit particular attention:
@ -49,9 +94,9 @@ Download `.env`, `seafile-server.yml` and `caddy.yml`, and modify `.env` file ac
 === "Seafile pro edition"
    ```sh
-    wget -O .env https://manual.seafile.com/13.0/repo/docker/pro/env
+    wget -O .env https://manual.seafile.com/12.0/repo/docker/pro/env
-    wget https://manual.seafile.com/13.0/repo/docker/pro/seafile-server.yml
+    wget https://manual.seafile.com/12.0/repo/docker/pro/seafile-server.yml
-    wget https://manual.seafile.com/13.0/repo/docker/caddy.yml
+    wget https://manual.seafile.com/12.0/repo/docker/caddy.yml
    ```
    The following fields merit particular attention:
--- a/manual/upgrade/upgrade_notes_for_11.0.x.md
+++ b/manual/upgrade/upgrade_notes_for_11.0.x.md
@ -179,7 +179,7 @@ DEL_GROUP_IF_NOT_FOUND = False           # Set to "true", sync process will dele
 DEL_DEPARTMENT_IF_NOT_FOUND = False      # Set to "true", sync process will deleted the department if not found it in LDAP server.
 ```
-If you sync users from LDAP to Seafile, when the user login via SSO (ADFS or OAuth), you want Seafile to find the existing account for this user instead of creating a new one, you can set `SSO_LDAP_USE_SAME_UID = True`:
+If you sync users from LDAP to Seafile, when the user login via SSO (ADFS or OAuth or Shibboleth), you want Seafile to find the existing account for this user instead of creating a new one, you can set `SSO_LDAP_USE_SAME_UID = True`:
 ```python
 SSO_LDAP_USE_SAME_UID = True