From 8319a09b120116598d22543eb21b9e8d52d64f06 Mon Sep 17 00:00:00 2001
From: Armin Schrenk <armin.schrenk@skymatic.de>
Date: Fri, 8 Oct 2021 14:24:50 +0200
Subject: [PATCH 1/4] fix alignment in vault detail error screen

---
 src/main/resources/fxml/vault_detail_unknownerror.fxml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/resources/fxml/vault_detail_unknownerror.fxml b/src/main/resources/fxml/vault_detail_unknownerror.fxml
index 89109fcc5..8595d2fe1 100644
--- a/src/main/resources/fxml/vault_detail_unknownerror.fxml
+++ b/src/main/resources/fxml/vault_detail_unknownerror.fxml
@@ -8,7 +8,7 @@
 <VBox xmlns:fx="http://javafx.com/fxml"
 	  xmlns="http://javafx.com/javafx"
 	  fx:controller="org.cryptomator.ui.mainwindow.VaultDetailUnknownErrorController"
-	  alignment="BASELINE_CENTER"
+	  alignment="TOP_CENTER"
 	  spacing="9">
 	<children>
 		<StackPane VBox.vgrow="NEVER">

From 6c6f6baf12b73a92a6ac973453fff35de9c8d542 Mon Sep 17 00:00:00 2001
From: Sebastian Stenzel <overheadhunter@users.noreply.github.com>
Date: Fri, 8 Oct 2021 14:59:24 +0200
Subject: [PATCH 2/4] Update to JDK 17 (#1828)

fixes #1404
---
 .github/workflows/build.yml   | 2 +-
 .github/workflows/release.yml | 2 +-
 .idea/misc.xml                | 2 +-
 README.md                     | 2 +-
 dist/linux/debian/control     | 2 +-
 pom.xml                       | 2 +-
 6 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 0e1f598be..7cab88d44 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -4,7 +4,7 @@ on:
   push:
 
 env:
-  JAVA_VERSION: 16
+  JAVA_VERSION: 17
 
 defaults:
   run:
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index a3e9a2b59..16a68d456 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -13,7 +13,7 @@ on:
     - '[0-9]+.[0-9]+.[0-9]+-*'
 
 env:
-  JAVA_VERSION: 16
+  JAVA_VERSION: 17
 
 defaults:
   run:
diff --git a/.idea/misc.xml b/.idea/misc.xml
index 68ef79a67..4731638fd 100644
--- a/.idea/misc.xml
+++ b/.idea/misc.xml
@@ -8,7 +8,7 @@
       </list>
     </option>
   </component>
-  <component name="ProjectRootManager" version="2" languageLevel="JDK_16" project-jdk-name="16" project-jdk-type="JavaSDK">
+  <component name="ProjectRootManager" version="2" languageLevel="JDK_17" project-jdk-name="17" project-jdk-type="JavaSDK">
     <output url="file://$PROJECT_DIR$/out" />
   </component>
 </project>
\ No newline at end of file
diff --git a/README.md b/README.md
index cfccf87c1..4e29763ba 100644
--- a/README.md
+++ b/README.md
@@ -72,7 +72,7 @@ For more information on the security details visit [cryptomator.org](https://doc
 
 ### Dependencies
 
-* JDK 16 (e.g. adoptopenjdk)
+* JDK 17 (e.g. temurin)
 * Maven 3
 * Optional: OS-dependent build tools for native packaging (see [Windows](https://github.com/cryptomator/cryptomator-win), [OS X](https://github.com/cryptomator/cryptomator-osx), [Linux](https://github.com/cryptomator/builder-containers))
 
diff --git a/dist/linux/debian/control b/dist/linux/debian/control
index 2f9e94ac1..ef06120b3 100644
--- a/dist/linux/debian/control
+++ b/dist/linux/debian/control
@@ -2,7 +2,7 @@ Source: cryptomator
 Maintainer: Cryptobot <releases@cryptomator.org>
 Section: utils
 Priority: optional
-Build-Depends: debhelper (>=10), openjdk-16-jdk
+Build-Depends: debhelper (>=10), openjdk-17-jdk
 Standards-Version: 4.5.0
 Homepage: https://cryptomator.org
 Vcs-Git: https://github.com/cryptomator/cryptomator.git
diff --git a/pom.xml b/pom.xml
index ce8a4b4d8..1fdd85d9b 100644
--- a/pom.xml
+++ b/pom.xml
@@ -21,7 +21,7 @@
 
 	<properties>
 		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-		<project.jdk.version>16</project.jdk.version>
+		<project.jdk.version>17</project.jdk.version>
 
 		<!-- Group IDs of jars that need to stay on the class path for now -->
 		<nonModularGroupIds>com.github.serceman,com.github.jnr,org.ow2.asm,net.java.dev.jna,org.apache.jackrabbit,org.apache.httpcomponents,de.swiesend,org.purejava,com.github.hypfvieh</nonModularGroupIds>

From 7f833d25673f5d13bdbc1ea935600457a625737a Mon Sep 17 00:00:00 2001
From: Sebastian Stenzel <sebastian.stenzel@gmail.com>
Date: Fri, 8 Oct 2021 15:30:28 +0200
Subject: [PATCH 3/4] update CI config for pull requests

see https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
---
 .github/workflows/build.yml       | 13 ++++++-------
 .github/workflows/pullrequest.yml | 26 ++++++++++++++++++++++++++
 2 files changed, 32 insertions(+), 7 deletions(-)
 create mode 100644 .github/workflows/pullrequest.yml

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 7cab88d44..47721d28a 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -2,6 +2,8 @@ name: Build
 
 on:
   push:
+  pull_request_target:
+    types: [labeled]
 
 env:
   JAVA_VERSION: 17
@@ -17,19 +19,16 @@ jobs:
     if: "!contains(github.event.head_commit.message, '[ci skip]') && !contains(github.event.head_commit.message, '[skip ci]')"
     steps:
       - uses: actions/checkout@v2
-      - uses: actions/setup-java@v1
+      - uses: actions/setup-java@v2
         with:
+          distribution: 'temurin'
           java-version: ${{ env.JAVA_VERSION }}
-      - uses: actions/cache@v2
-        with:
-          path: ~/.m2/repository
-          key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
-          restore-keys: |
-            ${{ runner.os }}-maven-
+          cache: 'maven'
       - name: Build and Test
         run: mvn -B clean install jacoco:report -Pcoverage,dependency-check
       - name: Upload code coverage report
         id: codacyCoverageReporter
+        if: "contains(github.event.pull_request.labels.*.name, 'pr:safe')"
         run: bash <(curl -Ls https://coverage.codacy.com/get.sh)
         env:
           CODACY_PROJECT_TOKEN: ${{ secrets.CODACY_PROJECT_TOKEN }}
diff --git a/.github/workflows/pullrequest.yml b/.github/workflows/pullrequest.yml
new file mode 100644
index 000000000..c529ca09b
--- /dev/null
+++ b/.github/workflows/pullrequest.yml
@@ -0,0 +1,26 @@
+name: Pull Request
+
+on:
+  pull_request:
+
+env:
+  JAVA_VERSION: 17
+
+defaults:
+  run:
+    shell: bash
+
+jobs: 
+  test:
+    name: Compile and Test
+    runs-on: ubuntu-latest
+    if: "!contains(github.event.head_commit.message, '[ci skip]') && !contains(github.event.head_commit.message, '[skip ci]')"
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actions/setup-java@v2
+        with:
+          distribution: 'temurin'
+          java-version: ${{ env.JAVA_VERSION }}
+          cache: 'maven'
+      - name: Build and Test
+        run: mvn -B clean install jacoco:report -Pcoverage,dependency-check
\ No newline at end of file

From 1c62467fd276a5e70c0fadda94690dcc01534ce8 Mon Sep 17 00:00:00 2001
From: Sebastian Stenzel <sebastian.stenzel@gmail.com>
Date: Fri, 8 Oct 2021 15:39:44 +0200
Subject: [PATCH 4/4] run codacy for labeled pull requests _and_ push events

---
 .github/workflows/build.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 47721d28a..2ffc3070e 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -28,7 +28,7 @@ jobs:
         run: mvn -B clean install jacoco:report -Pcoverage,dependency-check
       - name: Upload code coverage report
         id: codacyCoverageReporter
-        if: "contains(github.event.pull_request.labels.*.name, 'pr:safe')"
+        if: "github.event_name == 'push' || contains(github.event.pull_request.labels.*.name, 'pr:safe')"
         run: bash <(curl -Ls https://coverage.codacy.com/get.sh)
         env:
           CODACY_PROJECT_TOKEN: ${{ secrets.CODACY_PROJECT_TOKEN }}