diff --git a/Core/Domibus-MSH-angular/angular.json b/Core/Domibus-MSH-angular/angular.json
index 97713b33ab..f4e5c48ecf 100644
--- a/Core/Domibus-MSH-angular/angular.json
+++ b/Core/Domibus-MSH-angular/angular.json
@@ -30,7 +30,8 @@
             "buildOptimizer": false,
             "sourceMap": true,
             "optimization": false,
-            "namedChunks": true
+            "namedChunks": true,
+            "baseHref": "/"
           },
           "configurations": {
             "production": {
@@ -48,6 +49,7 @@
               "outputHashing": "all",
               "sourceMap": false,
               "namedChunks": false,
+              "baseHref": "./",
               "extractLicenses": true,
               "vendorChunk": false,
               "buildOptimizer": true,
diff --git a/Core/Domibus-MSH-angular/pom.xml b/Core/Domibus-MSH-angular/pom.xml
index 15a334152f..3182af0f70 100644
--- a/Core/Domibus-MSH-angular/pom.xml
+++ b/Core/Domibus-MSH-angular/pom.xml
@@ -8,7 +8,7 @@
   <parent>
     <groupId>org.niis</groupId>
     <artifactId>core</artifactId>
-    <version>2.4.0</version>
+    <version>2.5.0</version>
   </parent>
   <artifactId>harmony-msh-angular</artifactId>
   <packaging>jar</packaging>
diff --git a/Core/Domibus-MSH-angular/src/app/app.component.ts b/Core/Domibus-MSH-angular/src/app/app.component.ts
index 9387b9359a..55e4d11d70 100644
--- a/Core/Domibus-MSH-angular/src/app/app.component.ts
+++ b/Core/Domibus-MSH-angular/src/app/app.component.ts
@@ -127,7 +127,16 @@ export class AppComponent implements OnInit {
     console.log('onHttpEventService in app component error=', error)
     if (error && (error.status === Server.HTTP_UNAUTHORIZED || error.status === Server.HTTP_FORBIDDEN)) {
       this.securityService.clearAppData(SessionState.EXPIRED_INACTIVITY_OR_ERROR);
-      this.router.navigate(['/login']);
+
+      // don't go to login page if we are in the login page already
+      let currentRoute = this.router.url;
+      if (currentRoute === '/login' || currentRoute === '/logout') {
+        console.debug('no redirect, staying on current page: ' + currentRoute);
+        return;
+      }
+
+      // don't go to login page if we're using external authentication, go to logout instead
+      this.router.navigate([this.isExtAuthProviderEnabled() ? '/logout' : '/login']);
     }
   }
 
diff --git a/Core/Domibus-MSH-angular/src/app/app.module.ts b/Core/Domibus-MSH-angular/src/app/app.module.ts
index 7277cdb893..45f930a803 100644
--- a/Core/Domibus-MSH-angular/src/app/app.module.ts
+++ b/Core/Domibus-MSH-angular/src/app/app.module.ts
@@ -126,6 +126,7 @@ import {NgxMatMomentModule} from '@angular-material-components/moment-adapter';
 import {MatDatepickerModule} from '@angular/material/datepicker';
 import {ManageBackendsComponent} from './messagefilter/manageBackends-form/manageBackends-form.component';
 import {DateService} from './common/customDate/date.service';
+import {HelperService} from './common/helper.service';
 
 const CUSTOM_MOMENT_FORMATS: NgxMatDateFormats = {
   parse: {
@@ -268,6 +269,7 @@ const CUSTOM_MOMENT_FORMATS: NgxMatDateFormats = {
     PluginUserValidatorService,
     DialogsService,
     PropertiesService,
+    HelperService,
     FileUploadValidatorService,
     ApplicationContextService,
     DatePipe,
diff --git a/Core/Domibus-MSH-angular/src/app/common/guards/authenticated-authorized.guard.ts b/Core/Domibus-MSH-angular/src/app/common/guards/authenticated-authorized.guard.ts
index 783465560d..deae17497f 100644
--- a/Core/Domibus-MSH-angular/src/app/common/guards/authenticated-authorized.guard.ts
+++ b/Core/Domibus-MSH-angular/src/app/common/guards/authenticated-authorized.guard.ts
@@ -19,6 +19,7 @@ export class AuthenticatedAuthorizedGuard {
   async canActivate(route: ActivatedRouteSnapshot, state: RouterStateSnapshot) {
     const isAuthenticated = await this.securityService.isAuthenticated();
     if (!isAuthenticated) {
+      console.log(`[${this.securityService.getCurrentUser()?.username}] not authenticated`);
       this.handleNotAuthenticated();
       return this.getNotAuthenticatedRoute(state);
     }
@@ -42,7 +43,7 @@ export class AuthenticatedAuthorizedGuard {
     } else {
       allowedRoles = routeData.checkRoles
     }
-    return this.securityService.isCurrentUserInRole(allowedRoles);
+    return this.securityService.isCurrentUserInRole(allowedRoles, true /* logWarning */);
   }
 
   private getNotAuthorizedRoute(): UrlTree {
@@ -56,11 +57,12 @@ export class AuthenticatedAuthorizedGuard {
 
   private async getNotAuthenticatedRoute(state: RouterStateSnapshot): Promise<UrlTree> {
     let isExtAuthProvider = await this.domibusInfoService.isExtAuthProviderEnabled();
-    // not logged in so redirect to login page with the return url
     if (!isExtAuthProvider) {
+      // Domibus Login: not logged in so redirect to login page with the return url
       return this.router.createUrlTree(['/login'], {queryParams: {returnUrl: state.url}});
+    } else {
+      // EU Login: redirect to logout
+      return this.router.createUrlTree(['/logout']);
     }
-    // EU Login redirect to logout
-    return this.router.createUrlTree(['/logout']);
   }
 }
diff --git a/Core/Domibus-MSH-angular/src/app/common/helper.service.ts b/Core/Domibus-MSH-angular/src/app/common/helper.service.ts
new file mode 100644
index 0000000000..75f14d7159
--- /dev/null
+++ b/Core/Domibus-MSH-angular/src/app/common/helper.service.ts
@@ -0,0 +1,42 @@
+import {Injectable} from '@angular/core';
+import {PropertiesService} from '../properties/support/properties.service';
+
+@Injectable()
+export class HelperService {
+
+  constructor() {
+  }
+
+  arrayBufferToBase64(buffer) {
+    let binary = '';
+    const bytes = new Uint8Array(buffer);
+    const len = bytes.byteLength;
+    for (let i = 0; i < len; i++) {
+      binary += String.fromCharCode(bytes[i]);
+    }
+    return window.btoa(binary);
+  }
+
+  base64ToArrayBuffer(base64) {
+    const binaryString = window.atob(base64);
+    const len = binaryString.length;
+    const bytes = new Uint8Array(len);
+    for (let i = 0; i < len; i++) {
+      bytes[i] = binaryString.charCodeAt(i);
+    }
+    return bytes.buffer;
+  }
+
+  arrayBufferToPem(buffer: ArrayBuffer): string {
+    let binary = '';
+    const bytes = new Uint8Array(buffer);
+    const len = bytes.byteLength;
+    for (let i = 0; i < len; i++) {
+      binary += String.fromCharCode(bytes[i]);
+    }
+    const base64 = window.btoa(binary);
+    return `-----BEGIN PUBLIC KEY-----\n${base64}\n-----END PUBLIC KEY-----`;
+  }
+
+}
+
diff --git a/Core/Domibus-MSH-angular/src/app/common/page-grid/datatable-pager.comonent.ts b/Core/Domibus-MSH-angular/src/app/common/page-grid/datatable-pager.comonent.ts
index 8ce286e3e3..a943fd745a 100644
--- a/Core/Domibus-MSH-angular/src/app/common/page-grid/datatable-pager.comonent.ts
+++ b/Core/Domibus-MSH-angular/src/app/common/page-grid/datatable-pager.comonent.ts
@@ -6,28 +6,28 @@ import {PageGridComponent} from './page-grid.component';
   template: `
     <ul class="pager">
       <li [class.disabled]="!canPrevious()">
-        <a role="button" aria-label="go to first page" href="javascript:void(0)" (click)="selectPage(1)">
+        <a role="button" aria-label="go to first page" (click)="selectPage(1)">
           <i class="{{ pagerPreviousIcon }}"></i>
         </a>
       </li>
       <li [class.disabled]="!canPrevious()">
-        <a role="button" aria-label="go to previous page" href="javascript:void(0)" (click)="prevPage()">
+        <a role="button" aria-label="go to previous page" (click)="prevPage()">
           <i class="{{ pagerLeftArrowIcon }}"></i>
         </a>
       </li>
       <li role="button" [attr.aria-label]="'page ' + pg.number" class="pages"
           *ngFor="let pg of pages" [class.active]="pg.number === page">
-        <a href="javascript:void(0)" (click)="selectPage(pg.number)">
+        <a (click)="selectPage(pg.number)">
           {{ pg.text }}
         </a>
       </li>
       <li [class.disabled]="!canNext()">
-        <a role="button" aria-label="go to next page" href="javascript:void(0)" (click)="nextPage()">
+        <a role="button" aria-label="go to next page" (click)="nextPage()">
           <i class="{{ pagerRightArrowIcon }}"></i>
         </a>
       </li>
       <li [class.disabled]="!canNext()">
-        <a role="button" aria-label="go to last page" href="javascript:void(0)" (click)="selectPage(totalPages)">
+        <a role="button" aria-label="go to last page" (click)="selectPage(totalPages)">
           <i class="{{ pagerNextIcon }}"></i>
         </a>
       </li>
diff --git a/Core/Domibus-MSH-angular/src/app/domains/domains.component.ts b/Core/Domibus-MSH-angular/src/app/domains/domains.component.ts
index 5782ec57b1..95fe3790c9 100644
--- a/Core/Domibus-MSH-angular/src/app/domains/domains.component.ts
+++ b/Core/Domibus-MSH-angular/src/app/domains/domains.component.ts
@@ -17,6 +17,7 @@ import {DomainService} from '../security/domain.service';
 import {Domain} from '../security/domain';
 import { UserService } from 'app/user/support/user.service';
 import { SecurityService } from 'app/security/security.service';
+import {DomibusInfoService} from "../common/appinfo/domibusinfo.service";
 
 /**
  * @author Ion Perpegel
@@ -37,7 +38,7 @@ export class DomainsComponent extends mix(BaseListComponent).with(ClientPageable
   @ViewChild('monitorStatus') statusTemplate: TemplateRef<any>;
 
   constructor(private alertService: AlertService, private domainService: DomainService, private changeDetector: ChangeDetectorRef,
-              private userService: UserService, private securityService: SecurityService) {
+              private userService: UserService, private securityService: SecurityService, private domibusInfoService: DomibusInfoService) {
     super();
   }
 
@@ -96,11 +97,18 @@ export class DomainsComponent extends mix(BaseListComponent).with(ClientPageable
         if (currentDomain && currentDomain.code == domain.code) {
           throw `Cannot disable the current domain`;
         }
-        let currentUserName: string = (await this.securityService.getCurrentUserFromServer()).username;
-        let users = await this.userService.getUsers();
-        let currentUser = users.find(u => u.userName == currentUserName);
-        if (currentUser.domain == domain.code) {
-          throw `Cannot disable the domain of the current user`;
+
+        const isUserFromExternalAuthProvider = await this.domibusInfoService.isExtAuthProviderEnabled();
+        if (isUserFromExternalAuthProvider) {
+          // don't check the domain of the current user if external auth provider is used, 
+          // as the notion of 'preferred domain' is not the same in this case
+        } else {
+          let currentUserName: string = (await this.securityService.getCurrentUserFromServer()).username;
+          let users = await this.userService.getUsers();
+          let currentUser = users.find(u => u.userName == currentUserName);
+          if (currentUser.domain == domain.code) {
+            throw `Cannot disable the domain of the current user`;
+          }
         }
       }
 
diff --git a/Core/Domibus-MSH-angular/src/app/messagelog/messagelog-details/messagelog-details.component.css b/Core/Domibus-MSH-angular/src/app/messagelog/messagelog-details/messagelog-details.component.css
deleted file mode 100644
index e69de29bb2..0000000000
diff --git a/Core/Domibus-MSH-angular/src/app/messagelog/messagelog-details/messagelog-details.component.html b/Core/Domibus-MSH-angular/src/app/messagelog/messagelog-details/messagelog-details.component.html
index dc2d97421c..209c639cd8 100644
--- a/Core/Domibus-MSH-angular/src/app/messagelog/messagelog-details/messagelog-details.component.html
+++ b/Core/Domibus-MSH-angular/src/app/messagelog/messagelog-details/messagelog-details.component.html
@@ -37,6 +37,10 @@ <h2 mat-dialog-title>Message details</h2>
         <input matInput  value="{{message.downloaded | domibusDate}}" readonly/>
       </mat-form-field>
 
+      <mat-form-field style="width:100%">
+        <mat-label>Acknowledged</mat-label>
+        <input matInput  value="{{message.acknowledged | domibusDate}}" readonly/>
+      </mat-form-field>
 
       <mat-form-field style="width:100%">
         <mat-label>AP Role</mat-label>
@@ -68,6 +72,16 @@ <h2 mat-dialog-title>Message details</h2>
         <input matInput  value="{{message.messageType}}" readonly/>
       </mat-form-field>
 
+      <mat-form-field style="width:100%">
+        <mat-label>Exported</mat-label>
+        <input matInput  value="{{message.exported | domibusDate}}" readonly/>
+      </mat-form-field>
+
+      <mat-form-field style="width:100%">
+        <mat-label>Archived</mat-label>
+        <input matInput  value="{{message.archived | domibusDate}}" readonly/>
+      </mat-form-field>
+
       <mat-form-field style="width:100%">
         <mat-label>Deleted</mat-label>
         <input matInput  value="{{message.deleted | domibusDate }}" readonly/>
diff --git a/Core/Domibus-MSH-angular/src/app/messagelog/messagelog-details/messagelog-details.component.ts b/Core/Domibus-MSH-angular/src/app/messagelog/messagelog-details/messagelog-details.component.ts
index 6eb556d237..481b535a81 100644
--- a/Core/Domibus-MSH-angular/src/app/messagelog/messagelog-details/messagelog-details.component.ts
+++ b/Core/Domibus-MSH-angular/src/app/messagelog/messagelog-details/messagelog-details.component.ts
@@ -1,17 +1,37 @@
 import {Component, OnInit, Inject} from '@angular/core';
 import { MAT_DIALOG_DATA, MatDialogRef } from '@angular/material/dialog';
+import {HttpClient, HttpParams} from '@angular/common/http';
+import {CustomURLEncoder} from '../../common/custom-url-encoder';
+import {MessageLogComponent} from '../messagelog.component';
+import {MessageLogResult} from '../support/messagelogresult';
 
 @Component({
   selector: 'app-messagelog-details',
-  templateUrl: './messagelog-details.component.html',
-  styleUrls: ['./messagelog-details.component.css']
+  templateUrl: './messagelog-details.component.html'
 })
-export class MessagelogDetailsComponent {
+export class MessagelogDetailsComponent implements OnInit {
 
   message;
 
-  constructor(public dialogRef: MatDialogRef<MessagelogDetailsComponent>, @Inject(MAT_DIALOG_DATA) public data: any) {
+  constructor(public dialogRef: MatDialogRef<MessagelogDetailsComponent>,
+              @Inject(MAT_DIALOG_DATA) public data: any,
+              private http: HttpClient) {
     this.message = data.message;
   }
 
+  async ngOnInit() {
+    if (!this.data.fetchData) {
+      return;
+    }
+    let filterParams = new HttpParams({encoder: new CustomURLEncoder()});
+    filterParams = filterParams.append('messageType', this.message['messageType'])
+    filterParams = filterParams.append('messageId', this.message['messageId'])
+    filterParams = filterParams.append('mshRole', this.message['mshRole'])
+    filterParams = filterParams.append('applyDefaultFilters', 'false')
+    this.data.fields.forEach(field => filterParams = filterParams.append('fields', field));
+    const res = <MessageLogResult>await this.http.get<any>(MessageLogComponent.MESSAGE_LOG_URL, {params: filterParams}).toPromise();
+    if (res && res.count == 1) {
+      this.message = res.messageLogEntries[0];
+    }
+  }
 }
diff --git a/Core/Domibus-MSH-angular/src/app/messagelog/messagelog.component.ts b/Core/Domibus-MSH-angular/src/app/messagelog/messagelog.component.ts
index df4747dae1..b2532316a5 100644
--- a/Core/Domibus-MSH-angular/src/app/messagelog/messagelog.component.ts
+++ b/Core/Domibus-MSH-angular/src/app/messagelog/messagelog.component.ts
@@ -257,6 +257,12 @@ export class MessageLogComponent extends mix(BaseListComponent)
         width: 200,
         minWidth: 190
       },
+      {
+        cellTemplate: this.rowWithDateFormatTpl,
+        name: 'Downloaded',
+        width: 200,
+        minWidth: 190
+      },
       {
         name: 'AP Role',
         prop: 'mshRole',
@@ -348,6 +354,12 @@ export class MessageLogComponent extends mix(BaseListComponent)
         width: 100,
         minWidth: 90
       },
+      {
+        cellTemplate: this.rowWithDateFormatTpl,
+        name: 'Acknowledged',
+        width: 200,
+        minWidth: 190
+      },
       {
         cellTemplate: this.rowWithDateFormatTpl,
         name: 'Failed',
@@ -360,6 +372,12 @@ export class MessageLogComponent extends mix(BaseListComponent)
         width: 200,
         minWidth: 190
       },
+      {
+        cellTemplate: this.rowWithDateFormatTpl,
+        name: 'Exported',
+        width: 200,
+        minWidth: 190
+      },
       {
         cellTemplate: this.rowWithDateFormatTpl,
         name: 'Archived',
@@ -653,8 +671,11 @@ export class MessageLogComponent extends mix(BaseListComponent)
   }
 
   showDetails(selectedRow: any) {
+    let allColumns = <any[]>this.columnPicker.allColumns;
+    const allFields = allColumns.map(col => col.prop);
+    let fetchData = allColumns.some(col => !col.isSelected);
     this.dialogsService.open(MessagelogDetailsComponent, {
-      data: {message: selectedRow}
+      data: {message: selectedRow, fields: allFields, fetchData}
     });
   }
 
diff --git a/Core/Domibus-MSH-angular/src/app/properties/properties.component.css b/Core/Domibus-MSH-angular/src/app/properties/properties.component.css
index 85e58613c3..ae139e1d68 100644
--- a/Core/Domibus-MSH-angular/src/app/properties/properties.component.css
+++ b/Core/Domibus-MSH-angular/src/app/properties/properties.component.css
@@ -1,4 +1,3 @@
-
 /* TODO(mdc-migration): The following rule targets internal classes of input that may no longer apply for the MDC version. */
 .panel mat-input-container, .panel mat-select, .panel md2-datepicker, .panel mat-select {
   width: 100% !important;
@@ -7,7 +6,7 @@
 .property-value {
   border: solid 1px transparent;
   padding: 0 4px;
-  width: calc(100% - 84px);
+  width: calc(100% - 100px);
 }
 
 .property-value:focus, .property-value:hover {
@@ -23,12 +22,6 @@
   position: relative;
 }
 
-.property-edit-buttons {
-  position: absolute;
-  top: -6px;
-  right: 0;
-}
-
 .property-edit-buttons.disabled button {
   color: silver;
 }
@@ -49,3 +42,20 @@
   border: solid 0.5px red;
   color: red;
 }
+
+.property-edit-buttons {
+  /*margin-top: -4px;*/
+  position: absolute;
+  top: -6px;
+  right: 0;
+}
+.property-edit-buttons mat-icon {
+  padding-top: 3px;
+}
+
+::ng-deep .ngx-datatable.material .datatable-body .datatable-body-row .datatable-body-cell .mat-mdc-icon-button {
+  /*height: inherit !important;*/
+  margin-top: 0px !important;
+  padding-bottom: 0;
+  padding-top: 0px;
+}
diff --git a/Core/Domibus-MSH-angular/src/app/properties/properties.component.html b/Core/Domibus-MSH-angular/src/app/properties/properties.component.html
index d8919f7087..9aede64b3e 100644
--- a/Core/Domibus-MSH-angular/src/app/properties/properties.component.html
+++ b/Core/Domibus-MSH-angular/src/app/properties/properties.component.html
@@ -67,6 +67,11 @@
     <div class="input-group property-view" *ngIf="!row.writable">
       <span [class.wrong-value]="row.value != null && row.originalValue != row.usedValue">{{row.value}}</span>
 
+      <button mat-icon-button *ngIf="row.type == 'PASSWORD'" button-click-behaviour [matTooltip]="!row.passwordVisible?'See password':'Hide password'"
+              (click)="toggleViewPassword(row)" style="display: inline-block; float: right;">
+        <mat-icon matTooltipPosition="above">{{!row.passwordVisible ? 'visibility': 'visibility_off'}}</mat-icon>
+      </button>
+
       <div *ngIf="row.originalValue != row.usedValue" style="margin-top: 5px;">
         <mat-icon matTooltip="This is the value actually used in Harmony AP."
                   style="vertical-align: bottom;color: red;">error</mat-icon>
@@ -74,8 +79,9 @@
       </div>
 
     </div>
+
     <div class="input-group property-edit" *ngIf="canWriteProperty(row)">
-      <input matInput type="text" autocomplete="off" class="form-control property-value" [class.wrong-value]="row.originalValue != row.usedValue"
+      <input matInput [type]="row.type == 'PASSWORD' && !row.passwordVisible ?'password':'text'" autocomplete="off" class="form-control property-value" [class.wrong-value]="row.originalValue != row.usedValue"
              [(ngModel)]="row.value"
              (focus)="onPropertyValueFocus(row)"
              (blur)="onPropertyValueBlur(row)"
@@ -83,14 +89,20 @@
              (keydown.escape)="revertProperty(row)"
       >
 
-      <span class="property-edit-buttons input-group-addon">
-          <button mat-icon-button (click)="updateProperty(row)" [disabled]="!canUpdate(row)" button-click-behaviour>
-            <mat-icon matTooltip="Save" matTooltipPosition="above">save</mat-icon>
+      <div class="property-edit-buttons">
+        <button mat-icon-button *ngIf="row.type == 'PASSWORD'" button-click-behaviour [matTooltip]="!row.passwordVisible?'See password':'Hide password'"
+                (click)="toggleViewPassword(row)">
+          <mat-icon matTooltipPosition="above" >{{!row.passwordVisible ? 'visibility': 'visibility_off'}}</mat-icon>
+        </button>
+
+          <button mat-icon-button (click)="updateProperty(row)" [disabled]="!canUpdate(row)" matTooltip="Save" button-click-behaviour>
+            <mat-icon matTooltipPosition="above">save</mat-icon>
           </button>
-          <button mat-icon-button (click)="revertProperty(row)" [disabled]="!canUpdate(row)" button-click-behaviour>
-            <mat-icon matTooltip="Undo" matTooltipPosition="above">undo</mat-icon>
+
+          <button mat-icon-button (click)="revertProperty(row)" [disabled]="!canUpdate(row)" matTooltip="Undo" button-click-behaviour>
+            <mat-icon matTooltipPosition="above">undo</mat-icon>
           </button>
-        </span>
+        </div>
 
       <div *ngIf="row.originalValue != row.usedValue" style="margin-top: 5px;">
         <mat-icon (click)="syncValues(row)" matTooltip="This is the value actually used in Harmony AP. Click to fix in file."
diff --git a/Core/Domibus-MSH-angular/src/app/properties/properties.component.ts b/Core/Domibus-MSH-angular/src/app/properties/properties.component.ts
index 6b8cfaa184..10b1c6d328 100644
--- a/Core/Domibus-MSH-angular/src/app/properties/properties.component.ts
+++ b/Core/Domibus-MSH-angular/src/app/properties/properties.component.ts
@@ -18,7 +18,9 @@ import {HttpClient} from '@angular/common/http';
 import {ApplicationContextService} from '../common/application-context.service';
 import {ComponentName} from '../common/component-name-decorator';
 import {DialogsService} from '../common/dialogs/dialogs.service';
-import {AddNestedPropertyDialogComponent} from './support/add-nested-property-dialog/add-nested-property-dialog.component';
+import {
+  AddNestedPropertyDialogComponent
+} from './support/add-nested-property-dialog/add-nested-property-dialog.component';
 import {ServerSortableListMixin} from '../common/mixins/sortable-list.mixin';
 
 @Component({
@@ -132,8 +134,8 @@ export class PropertiesComponent extends mix(BaseListComponent)
         name: 'Property Value',
         prop: 'value',
         showInitially: true,
-        width: 350,
-        minWidth: 340,
+        width: 370,
+        minWidth: 370,
         sortable: false
       },
 
@@ -146,10 +148,18 @@ export class PropertiesComponent extends mix(BaseListComponent)
     this.changeDetector.detectChanges();
   }
 
+  private passwordMask = '*****';
+
   public setServerResults(result: PropertyListModel) {
     super.count = result.count;
     let rows = result.items;
-    rows.forEach(row => row.originalValue = row.value);
+    rows.forEach(row => {
+      row.originalValue = row.value;
+      if (row.type == 'PASSWORD') {
+        row.value = this.passwordMask;
+        row.currentValue = this.passwordMask;
+      }
+    });
     super.rows = rows;
   }
 
@@ -244,4 +254,25 @@ export class PropertiesComponent extends mix(BaseListComponent)
     row.value = row.usedValue;
     this.updateProperty(row);
   }
+
+  async retrievePassword(row) {
+    let propertyName = row.name;
+    console.log('Retrieving password for property:', propertyName, row);
+    let value = await this.propertiesService.decryptProperty(propertyName);
+    // console.log(' password value is :', value);
+    row.currentValue = row.value = value;
+  }
+
+  async toggleViewPassword(row) {
+    if (row.passwordVisible) {
+      row.currentValue = row.value = this.passwordMask;
+      row.passwordVisible = false;
+    } else {
+      await this.retrievePassword(row);
+      row.passwordVisible = true;
+    }
+  }
+
 }
+
+
diff --git a/Core/Domibus-MSH-angular/src/app/properties/support/properties.service.ts b/Core/Domibus-MSH-angular/src/app/properties/support/properties.service.ts
index f9a987d844..9afbec0396 100644
--- a/Core/Domibus-MSH-angular/src/app/properties/support/properties.service.ts
+++ b/Core/Domibus-MSH-angular/src/app/properties/support/properties.service.ts
@@ -1,6 +1,7 @@
 import {HttpClient, HttpHeaders, HttpParams} from '@angular/common/http';
 import {AlertService} from 'app/common/alert/alert.service';
 import {Injectable} from '@angular/core';
+import {HelperService} from '../../common/helper.service';
 
 @Injectable()
 export class PropertiesService {
@@ -8,7 +9,7 @@ export class PropertiesService {
 
   regularExpressions: Map<string, RegExp> = new Map<string, RegExp>();
 
-  constructor(private http: HttpClient, private alertService: AlertService) {
+  constructor(private http: HttpClient, private alertService: AlertService, private helperService: HelperService) {
   }
 
   async loadPropertyTypes(): Promise<any> {
@@ -95,6 +96,55 @@ export class PropertiesService {
     return this.getProperty('domibus.ui.resend.action.enabled.received.minutes');
   }
 
+  async decryptProperty(propertyName) {
+    const keyPair = await window.crypto.subtle.generateKey(
+      {
+        name: 'RSA-OAEP',
+        modulusLength: 2048, // can be 1024, 2048, or 4096
+        publicExponent: new Uint8Array([0x01, 0x00, 0x01]),
+        hash: 'SHA-256', // can be "SHA-1", "SHA-256", "SHA-384", or "SHA-512"
+      },
+      true, // whether the key is extractable (i.e. can be used in exportKey)
+      ['encrypt', 'decrypt'] // can be any combination of "encrypt", "decrypt", "wrapKey", or "unwrapKey"
+    )
+
+    const spkiArrayBuffer = await window.crypto.subtle.exportKey('spki', keyPair.publicKey);
+    const publicKeyPem = this.helperService.arrayBufferToPem(spkiArrayBuffer);
+    // console.log('Public key PEM:', publicKeyPem);
+
+    let param = new HttpParams();
+    param = param.append('publicKeyPem', btoa(publicKeyPem));
+    const propValue = await this.http.get<PropertyModel>(PropertiesService.PROPERTIES_URL + '/' + propertyName + '/encrypted',
+      {params: param}).toPromise();
+    if (!propValue) {
+      console.log('Encrypted property value is empty');
+      return null;
+    }
+    console.log('Encrypted property value:', propValue);
+
+    // Convert the encrypted property value from Base64 to an ArrayBuffer
+    const encryptedValueArrayBuffer = this.helperService.base64ToArrayBuffer(propValue);
+    // console.log('Encrypted property value ArrayBuffer:', encryptedValueArrayBuffer);
+
+    // console.log('Private key:', keyPair.privateKey);
+
+    // Decrypt the encrypted property value
+    const decryptedValueArrayBuffer = await window.crypto.subtle.decrypt(
+      {
+        name: 'RSA-OAEP'
+      },
+      keyPair.privateKey, // use the private key for decryption
+      encryptedValueArrayBuffer
+    );
+
+    // console.log('Decrypted property value ArrayBuffer:', decryptedValueArrayBuffer);
+
+    // Convert the decrypted ArrayBuffer to a string
+    const decryptedValue = new TextDecoder().decode(decryptedValueArrayBuffer);
+    // console.log('Decrypted property value:', decryptedValue);
+    return decryptedValue;
+  }
+
   private async isPropertyValidationEnabled(): Promise<boolean> {
     let enabledProp = await this.getProperty('domibus.property.validation.enabled');
     return enabledProp && enabledProp.value && enabledProp.value.toLowerCase() == 'true';
diff --git a/Core/Domibus-MSH-angular/src/app/security/domain.ts b/Core/Domibus-MSH-angular/src/app/security/domain.ts
index 43a56f5c76..250d78dd57 100644
--- a/Core/Domibus-MSH-angular/src/app/security/domain.ts
+++ b/Core/Domibus-MSH-angular/src/app/security/domain.ts
@@ -4,5 +4,7 @@ export class Domain {
   active: boolean;
 
   constructor(code: string, name: string) {
+    this.code = code;
+    this.name = name;
   }
 }
diff --git a/Core/Domibus-MSH-angular/src/app/security/logout/logout.components.ts b/Core/Domibus-MSH-angular/src/app/security/logout/logout.components.ts
index 3a2c4898a7..ef520fd2ad 100644
--- a/Core/Domibus-MSH-angular/src/app/security/logout/logout.components.ts
+++ b/Core/Domibus-MSH-angular/src/app/security/logout/logout.components.ts
@@ -11,10 +11,16 @@ export class LogoutAuthExtProviderComponent {
   }
 
   login_again(): void {
-    // just redirect to context path
-    let context = window.location.pathname.substring(0, window.location.pathname.indexOf("/", 2));
-    let url = window.location.protocol + "//" + window.location.host + context;
-    window.location.href = url;
+    // When external auth provider is used, we rely on the webserver serving the pages for authentication;
+    // so we need to request the page from the server, and we achieve this by changing the window.location
+    // (simply using the router to navigate to the login page/other page will not trigger the authentication)
+
+    console.log(`Logging in again ...`);
+    let newurl = window.location.protocol + "//" + window.location.host + window.location.pathname;
+    newurl = newurl.replace(/\/logout\/?$/, ''); // replace "/logout" only at the end of the path
+
+    console.log(`Redirecting from ${window.location.href} to ${newurl} ...`)
+    window.location.href = newurl;
   }
 
 }
diff --git a/Core/Domibus-MSH-angular/src/app/security/security.service.ts b/Core/Domibus-MSH-angular/src/app/security/security.service.ts
index 8b33f79170..032e7f5d2a 100644
--- a/Core/Domibus-MSH-angular/src/app/security/security.service.ts
+++ b/Core/Domibus-MSH-angular/src/app/security/security.service.ts
@@ -186,13 +186,17 @@ export class SecurityService {
     return user ? user.externalAuthProvider : false;
   }
 
-  isCurrentUserInRole(roles: Array<string>): boolean {
+  isCurrentUserInRole(roles: Array<string>, logWarning = false): boolean {
     if (!roles) {
       return true;
     }
     const currentUser = this.getCurrentUser();
     if (currentUser && currentUser.authorities) {
-      return roles.some(role => currentUser.authorities.includes(role));
+      let result = roles.some(role => currentUser.authorities.includes(role));
+      if (!result && logWarning) {
+        console.warn(`Authorization check failed for user [${currentUser?.username}] with authorities [${currentUser?.authorities}]. None of [${roles}] found.`);
+      }
+      return result;
     }
     return false;
   }
diff --git a/Core/Domibus-MSH-angular/src/app/security/user.ts b/Core/Domibus-MSH-angular/src/app/security/user.ts
index 305940d0c6..d29c72fdbe 100644
--- a/Core/Domibus-MSH-angular/src/app/security/user.ts
+++ b/Core/Domibus-MSH-angular/src/app/security/user.ts
@@ -7,7 +7,7 @@ export class User {
   externalAuthProvider: boolean;
 
   constructor (id: number,
-               login: string,
+               username: string,
                profile: string,
                authorities: Array<string>,
                defaultPasswordUsed: boolean,
diff --git a/Core/Domibus-MSH-angular/src/app/truststore/base-truststore.component.ts b/Core/Domibus-MSH-angular/src/app/truststore/base-truststore.component.ts
index 49e2fc615a..8eee1c2fe6 100644
--- a/Core/Domibus-MSH-angular/src/app/truststore/base-truststore.component.ts
+++ b/Core/Domibus-MSH-angular/src/app/truststore/base-truststore.component.ts
@@ -215,7 +215,8 @@ export class BaseTruststoreComponent extends mix(BaseListComponent).with(ClientP
   }
 
   protected async uploadFile(comp: ComponentType<unknown>, url: string) {
-    let params = await this.dialogsService.open(comp).afterClosed().toPromise();
+    let config = {data: this.getUploadDialogParams()};
+    let params = await this.dialogsService.open(comp, config).afterClosed().toPromise();
     if (params != null) {
       try {
         super.isLoading = true;
@@ -233,6 +234,10 @@ export class BaseTruststoreComponent extends mix(BaseListComponent).with(ClientP
     }
   }
 
+  protected getUploadDialogParams() {
+    return {title: 'Upload truststore', description: ''};
+  }
+
   async reloadStore() {
     try {
       super.isLoading = true;
diff --git a/Core/Domibus-MSH-angular/src/app/truststore/keystore.component.ts b/Core/Domibus-MSH-angular/src/app/truststore/keystore.component.ts
index 9ae39a5eed..9b8a035451 100644
--- a/Core/Domibus-MSH-angular/src/app/truststore/keystore.component.ts
+++ b/Core/Domibus-MSH-angular/src/app/truststore/keystore.component.ts
@@ -37,4 +37,9 @@ export class KeystoreComponent extends BaseTruststoreComponent implements OnInit
 
     this.checkModifiedOnDisk();
   }
+
+  protected getUploadDialogParams() {
+    return {title: 'Upload keystore', description: 'Please make sure to use a keystore with the same passwords for keystore and all private keys present inside'};
+  }
+
 }
diff --git a/Core/Domibus-MSH-angular/src/app/truststore/tls.truststore.component.ts b/Core/Domibus-MSH-angular/src/app/truststore/tls.truststore.component.ts
index 0074823fc4..a2b761c367 100644
--- a/Core/Domibus-MSH-angular/src/app/truststore/tls.truststore.component.ts
+++ b/Core/Domibus-MSH-angular/src/app/truststore/tls.truststore.component.ts
@@ -41,4 +41,9 @@ export class TLSTruststoreComponent extends BaseTruststoreComponent implements O
   canUpload() {
     return this.storeExists && !this.isBusy();
   }
+
+  protected getUploadDialogParams() {
+    return {title: 'Upload TLS truststore', description: ''};
+  }
+
 }
diff --git a/Core/Domibus-MSH-angular/src/app/truststore/truststore-upload/truststore-upload.component.html b/Core/Domibus-MSH-angular/src/app/truststore/truststore-upload/truststore-upload.component.html
index 6fe943b6ac..4999cf01b9 100644
--- a/Core/Domibus-MSH-angular/src/app/truststore/truststore-upload/truststore-upload.component.html
+++ b/Core/Domibus-MSH-angular/src/app/truststore/truststore-upload/truststore-upload.component.html
@@ -1,4 +1,4 @@
-<h2 mat-dialog-title>Upload keystore</h2>
+<h2 mat-dialog-title>{{data.title}}</h2>
 
 <mat-dialog-content style="width:450px;">
 
@@ -6,6 +6,8 @@ <h2 mat-dialog-title>Upload keystore</h2>
     <mat-card appearance="outlined">
       <mat-card-content>
 
+        <p>{{data.description}}</p>
+
         <label class="custom-file-upload">
           <input #fileInput type="file" id="truststore" accept=".jks,.p12,.pfx" (change)="selectFile()" style="display: none;">
           <span class="custom-file-upload-inner">Choose File </span>
diff --git a/Core/Domibus-MSH-angular/src/app/user/edituser-form/edituser-form.component.ts b/Core/Domibus-MSH-angular/src/app/user/edituser-form/edituser-form.component.ts
index de8f282f81..9784e6f4ab 100644
--- a/Core/Domibus-MSH-angular/src/app/user/edituser-form/edituser-form.component.ts
+++ b/Core/Domibus-MSH-angular/src/app/user/edituser-form/edituser-form.component.ts
@@ -142,7 +142,12 @@ export class EditUserComponent implements OnInit {
 
   shouldShowErrorsForFieldNamed(fieldName: string): boolean {
     let field = this.userForm.get(fieldName);
-    return (field.touched || field.dirty) && !!field.errors;
+    let hasErrors = !!field.errors;
+    if (fieldName == 'confirmation') {
+      // the 'password confirmation' field does not show only its own errors, but also the 'match' error on the form (if present)
+      hasErrors = hasErrors || !!this.userForm.errors?.match;
+    }
+    return (field.touched || field.dirty) && hasErrors;
   }
 
   isFormDisabled() {
diff --git a/Core/Domibus-MSH-api/pom.xml b/Core/Domibus-MSH-api/pom.xml
index 637a4039f3..bf1efa5a34 100644
--- a/Core/Domibus-MSH-api/pom.xml
+++ b/Core/Domibus-MSH-api/pom.xml
@@ -8,7 +8,7 @@
     <parent>
         <groupId>org.niis</groupId>
         <artifactId>core</artifactId>
-        <version>2.4.0</version>
+        <version>2.5.0</version>
     </parent>
     <artifactId>harmony-api</artifactId>
     <packaging>jar</packaging>
diff --git a/Core/Domibus-MSH-api/src/main/java/eu/domibus/api/encryption/DecryptDataSource.java b/Core/Domibus-MSH-api/src/main/java/eu/domibus/api/encryption/DecryptDataSource.java
index 89eb583c2c..d86a339cf0 100644
--- a/Core/Domibus-MSH-api/src/main/java/eu/domibus/api/encryption/DecryptDataSource.java
+++ b/Core/Domibus-MSH-api/src/main/java/eu/domibus/api/encryption/DecryptDataSource.java
@@ -31,6 +31,7 @@ public DecryptDataSource(final DataSource source, final Cipher cipher) {
 
     @Override
     public InputStream getInputStream() throws IOException {
+        LOG.debug("Decrypting data source");
         return new CipherInputStream(source.getInputStream(), cipher);
     }
 
diff --git a/Core/Domibus-MSH-api/src/main/java/eu/domibus/api/message/compression/DecompressionDataSource.java b/Core/Domibus-MSH-api/src/main/java/eu/domibus/api/message/compression/DecompressionDataSource.java
index 67df242639..d3b2547057 100644
--- a/Core/Domibus-MSH-api/src/main/java/eu/domibus/api/message/compression/DecompressionDataSource.java
+++ b/Core/Domibus-MSH-api/src/main/java/eu/domibus/api/message/compression/DecompressionDataSource.java
@@ -1,6 +1,9 @@
 
 package eu.domibus.api.message.compression;
 
+import eu.domibus.logging.DomibusLogger;
+import eu.domibus.logging.DomibusLoggerFactory;
+
 import javax.activation.DataSource;
 import java.io.IOException;
 import java.io.InputStream;
@@ -12,6 +15,8 @@
  */
 public class DecompressionDataSource implements DataSource {
 
+    private static final DomibusLogger LOG = DomibusLoggerFactory.getLogger(DecompressionDataSource.class);
+
     private final DataSource source;
     private final String mime;
 
@@ -23,6 +28,7 @@ public DecompressionDataSource(final DataSource source, final String mime) {
 
     @Override
     public InputStream getInputStream() throws IOException {
+        LOG.debug("Decompress data source with mimeType: [{}]", mime);
         return new GZIPInputStream(source.getInputStream());
     }
 
diff --git a/Core/Domibus-MSH-api/src/main/java/eu/domibus/api/model/RawEnvelopeDto.java b/Core/Domibus-MSH-api/src/main/java/eu/domibus/api/model/RawEnvelopeDto.java
index 5235a56150..8380d496a8 100644
--- a/Core/Domibus-MSH-api/src/main/java/eu/domibus/api/model/RawEnvelopeDto.java
+++ b/Core/Domibus-MSH-api/src/main/java/eu/domibus/api/model/RawEnvelopeDto.java
@@ -2,6 +2,8 @@
 
 import eu.domibus.api.exceptions.DomibusCoreErrorCode;
 import eu.domibus.api.exceptions.DomibusCoreException;
+import eu.domibus.logging.DomibusLogger;
+import eu.domibus.logging.DomibusLoggerFactory;
 import org.apache.commons.io.IOUtils;
 
 import java.io.ByteArrayInputStream;
@@ -16,6 +18,8 @@
  */
 public class RawEnvelopeDto {
 
+    private static final DomibusLogger LOG = DomibusLoggerFactory.getLogger(RawEnvelopeDto.class);
+
     protected final byte[] rawMessage;
     protected final long id;
     protected final boolean compressed;
@@ -61,6 +65,7 @@ private byte[] getUncompressedRawData() {
         if (!this.compressed) {
             return getRawMessage();
         }
+        LOG.debug("Decompressing raw message [{}]", id);
         try (GZIPInputStream unzipStream = new GZIPInputStream(new ByteArrayInputStream(getRawMessage()))) {
             return IOUtils.toByteArray(unzipStream);
         } catch (IOException e) {
diff --git a/Core/Domibus-MSH-api/src/main/java/eu/domibus/api/model/RawXmlEntity.java b/Core/Domibus-MSH-api/src/main/java/eu/domibus/api/model/RawXmlEntity.java
index ee64ef2014..ecbd0327c6 100644
--- a/Core/Domibus-MSH-api/src/main/java/eu/domibus/api/model/RawXmlEntity.java
+++ b/Core/Domibus-MSH-api/src/main/java/eu/domibus/api/model/RawXmlEntity.java
@@ -2,11 +2,12 @@
 
 import eu.domibus.api.exceptions.DomibusCoreErrorCode;
 import eu.domibus.api.exceptions.DomibusCoreException;
+import eu.domibus.logging.DomibusLogger;
+import eu.domibus.logging.DomibusLoggerFactory;
 import org.apache.commons.io.IOUtils;
 import org.apache.commons.lang3.BooleanUtils;
 
 import javax.persistence.Column;
-import javax.persistence.Id;
 import javax.persistence.Lob;
 import javax.persistence.MappedSuperclass;
 import java.io.ByteArrayInputStream;
@@ -25,6 +26,8 @@
 @MappedSuperclass
 public class RawXmlEntity extends AbstractNoGeneratedPkEntity {
 
+    private static final DomibusLogger LOG = DomibusLoggerFactory.getLogger(RawXmlEntity.class);
+
     @Lob
     @Column(name = "RAW_XML")
     protected byte[] rawXML;
@@ -40,7 +43,7 @@ public byte[] getRawXML() {
         if (!this.getCompressed()) {
             return this.rawXML;
         }
-
+        LOG.debug("Decompressing raw XML [{}]", entityId);
         try (GZIPInputStream unzipStream = new GZIPInputStream(new ByteArrayInputStream(rawXML))) {
             return IOUtils.toByteArray(unzipStream);
         } catch (IOException e) {
diff --git a/Core/Domibus-MSH-api/src/main/java/eu/domibus/api/model/UserMessage.java b/Core/Domibus-MSH-api/src/main/java/eu/domibus/api/model/UserMessage.java
index c9c7700d70..b18ea80de4 100644
--- a/Core/Domibus-MSH-api/src/main/java/eu/domibus/api/model/UserMessage.java
+++ b/Core/Domibus-MSH-api/src/main/java/eu/domibus/api/model/UserMessage.java
@@ -1,10 +1,13 @@
 package eu.domibus.api.model;
 
+import org.apache.commons.collections4.CollectionUtils;
 import org.apache.commons.lang3.BooleanUtils;
 import org.apache.commons.lang3.StringUtils;
 
 import javax.persistence.*;
 import javax.validation.constraints.NotNull;
+
+import java.util.Collection;
 import java.util.Date;
 import java.util.Set;
 
@@ -287,4 +290,42 @@ public String toString() {
                 ", testMessage=" + testMessage +
                 '}';
     }
+
+    public String format() {
+        StringBuilder sb = new StringBuilder();
+        sb.append("UserMessage Details:\n");
+        sb.append("     Message ID: ").append(messageId).append("\n");
+        sb.append("     Ref To Message ID: ").append(refToMessageId).append("\n");
+        sb.append("     Timestamp: ").append(timestamp).append("\n");
+        sb.append("     Source Message: ").append(sourceMessage).append("\n");
+        sb.append("     Message Fragment: ").append(messageFragment).append("\n");
+        sb.append("     Test Message: ").append(testMessage).append("\n");
+        sb.append("     MSH Role: ").append(mshRole == null ? "null" : mshRole.getRole()).append("\n");
+        sb.append("Collaboration Info:\n");
+        sb.append("     Conversation ID: ").append(conversationId).append("\n");
+        sb.append("     Action: ").append(action == null ? "null" : action.getValue()).append("\n");
+        sb.append("     Service: ").append(service == null ? "null" : "value: " + service.getValue() + " type: " + service.getType()).append("\n");
+        sb.append("     Agreement Ref: ").append(agreementRef == null ? "null" : "value: " + agreementRef.getValue() + " type: " + agreementRef.getType()).append("\n");
+        sb.append("     MPC: ").append(mpc == null ? "null" : mpc.getValue()).append("\n");
+        sb.append("Message Properties: ").append(CollectionUtils.isEmpty(messageProperties) ? "none\n" : "\n");
+        if (CollectionUtils.isNotEmpty(messageProperties)) {
+            for (MessageProperty messageProperty : messageProperties) {
+                sb.append("    ").append(messageProperty.getName()).append(": ").append(messageProperty.getValue()).append("\n");
+            }
+        }
+        sb.append("Party Info: ").append(partyInfo == null ? "null\n" : "\n");
+        if (partyInfo != null) {
+            if (partyInfo.getFrom() != null) {
+                sb.append("    From Party: \n");
+                sb.append("       Party ID: ").append(partyInfo.getFrom().getFromPartyId() == null ? "null\n" : "value: " + partyInfo.getFrom().getFromPartyId().getValue() + " type: "+ partyInfo.getFrom().getFromPartyId().getType()).append("\n");
+                sb.append("           Role: ").append(partyInfo.getFrom().getFromRole() == null ? "null\n" : partyInfo.getFrom().getFromRole().getValue() ).append("\n");
+            }
+            if (partyInfo.getTo() != null) {
+                sb.append("    To Party: \n");
+                sb.append("       Party ID: ").append(partyInfo.getTo().getToPartyId() == null ? "null\n" : "value: " + partyInfo.getTo().getToPartyId().getValue() + " type: "+ partyInfo.getTo().getToPartyId().getType()).append("\n");
+                sb.append("           Role: ").append(partyInfo.getTo().getToRole() == null ? "null\n" : partyInfo.getTo().getToRole().getValue() ).append("\n");
+            }
+        }
+        return sb.toString();
+    }
 }
diff --git a/Core/Domibus-MSH-api/src/main/java/eu/domibus/api/model/UserMessageLog.java b/Core/Domibus-MSH-api/src/main/java/eu/domibus/api/model/UserMessageLog.java
index 1f48ad555b..6b28035dc8 100644
--- a/Core/Domibus-MSH-api/src/main/java/eu/domibus/api/model/UserMessageLog.java
+++ b/Core/Domibus-MSH-api/src/main/java/eu/domibus/api/model/UserMessageLog.java
@@ -199,9 +199,8 @@
                         "INNER JOIN uml.userMessage um " +
                         "where uml.received <= :MINUTES_AGO_TIMESTAMP " +
                         "and (uml.messageStatus = :SEND_ENQUEUED " +
-                        "       or (uml.messageStatus = :WAITING_FOR_RETRY " +
-                        "               and uml.entityId < :MAX_ENTITY_ID))"),
-
+                        "       or uml.messageStatus = :WAITING_FOR_RETRY)" +
+                        "               and uml.entityId < :MAX_ENTITY_ID "),
 })
 public class UserMessageLog extends AbstractNoGeneratedPkEntity implements Reprogrammable {
 
diff --git a/Core/Domibus-MSH-api/src/main/java/eu/domibus/api/multitenancy/DomainTaskExecutor.java b/Core/Domibus-MSH-api/src/main/java/eu/domibus/api/multitenancy/DomainTaskExecutor.java
index 21f11ab08c..959625edb1 100644
--- a/Core/Domibus-MSH-api/src/main/java/eu/domibus/api/multitenancy/DomainTaskExecutor.java
+++ b/Core/Domibus-MSH-api/src/main/java/eu/domibus/api/multitenancy/DomainTaskExecutor.java
@@ -14,10 +14,20 @@ public interface DomainTaskExecutor {
 
     <T extends Object> T submit(Callable<T> task);
 
+    /**
+     * Launches a callable task preserving the security context
+     */
+    <T extends Object> T submitWithSecurityContext(Callable<T> task);
+
     <T extends Object> T submit(Callable<T> task, Domain domain);
 
     void submit(Runnable task);
 
+    /**
+     * Launches a runnable task preserving the security context
+     */
+    void submitWithSecurityContext(Runnable task);
+
     Future<?> submit(Runnable task, boolean waitForTask);
 
     /**
diff --git a/Core/Domibus-MSH-api/src/main/java/eu/domibus/api/multitenancy/SetAuthRunnable.java b/Core/Domibus-MSH-api/src/main/java/eu/domibus/api/multitenancy/SetAuthRunnable.java
new file mode 100644
index 0000000000..9bde531f66
--- /dev/null
+++ b/Core/Domibus-MSH-api/src/main/java/eu/domibus/api/multitenancy/SetAuthRunnable.java
@@ -0,0 +1,29 @@
+package eu.domibus.api.multitenancy;
+
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
+
+import java.util.concurrent.Callable;
+
+/**
+ * Wrapper for the Callable class to be executed, preserving the security context
+ *
+ * @author Ion perpegel
+ * @since 5.1.5
+ */
+public class SetAuthRunnable<T> implements Callable<T> {
+    protected Callable<T> runnable;
+
+    final Authentication currentAuthentication;
+
+    public SetAuthRunnable(final Authentication currentAuthentication, final Callable<T> runnable) {
+        this.runnable = runnable;
+        this.currentAuthentication = currentAuthentication;
+    }
+
+    @Override
+    public T call() throws Exception {
+        SecurityContextHolder.getContext().setAuthentication(currentAuthentication);
+        return runnable.call();
+    }
+}
diff --git a/Core/Domibus-MSH-api/src/main/java/eu/domibus/api/pki/KeystorePersistenceInfo.java b/Core/Domibus-MSH-api/src/main/java/eu/domibus/api/pki/KeystorePersistenceInfo.java
index 731737e57d..d2a3b7b8b6 100644
--- a/Core/Domibus-MSH-api/src/main/java/eu/domibus/api/pki/KeystorePersistenceInfo.java
+++ b/Core/Domibus-MSH-api/src/main/java/eu/domibus/api/pki/KeystorePersistenceInfo.java
@@ -42,4 +42,8 @@ public interface KeystorePersistenceInfo {
      * @return
      */
     String getPassword();
+
+    default String getKeyEntryPassword() {
+        return null;
+    }
 }
\ No newline at end of file
diff --git a/Core/Domibus-MSH-api/src/main/java/eu/domibus/api/property/DomibusPropertyMetadataManagerSPI.java b/Core/Domibus-MSH-api/src/main/java/eu/domibus/api/property/DomibusPropertyMetadataManagerSPI.java
index b6f8d967dc..9eedee370c 100644
--- a/Core/Domibus-MSH-api/src/main/java/eu/domibus/api/property/DomibusPropertyMetadataManagerSPI.java
+++ b/Core/Domibus-MSH-api/src/main/java/eu/domibus/api/property/DomibusPropertyMetadataManagerSPI.java
@@ -84,6 +84,8 @@ public interface DomibusPropertyMetadataManagerSPI {
     String DOMIBUS_CRL_BY_CERT_CACHE_ENABLED = "domibus.certificate.crlByCert.cache.enabled";
     String DOMIBUS_CERTIFICATE_CRL_EXCLUDED_PROTOCOLS = "domibus.certificate.crl.excludedProtocols";
     String DOMIBUS_CERTIFICATE_CRL_HTTP_TIMEOUT = "domibus.certificate.crl.http.timeout";
+    String DOMIBUS_PROPERTIES_PASSWORD_POLICY_PATTERN = "domibus.properties.passwordPolicy.pattern";//NOSONAR
+    String DOMIBUS_PROPERTIES_PASSWORD_POLICY_ENFORCE = "domibus.properties.passwordPolicy.enforce";//NOSONAR
     String DOMIBUS_PLUGIN_LOGIN_MAXIMUM_ATTEMPT = "domibus.plugin.login.maximum.attempt";
     String DOMIBUS_PLUGIN_LOGIN_SUSPENSION_TIME = "domibus.plugin.login.suspension.time";
     String DOMIBUS_PASSWORD_POLICY_PATTERN = "domibus.passwordPolicy.pattern";//NOSONAR
@@ -94,7 +96,8 @@ public interface DomibusPropertyMetadataManagerSPI {
     String DOMIBUS_PASSWORD_POLICY_DONT_REUSE_LAST = "domibus.passwordPolicy.dontReuseLast";//NOSONAR
     String DOMIBUS_PASSWORD_POLICY_CHECK_DEFAULT_PASSWORD = "domibus.passwordPolicy.checkDefaultPassword";//NOSONAR
     String DOMIBUS_PASSWORD_POLICY_DEFAULT_USER_CREATE = "domibus.passwordPolicy.defaultUser.create";//NOSONAR
-    String DOMIBUS_PASSWORD_POLICY_DEFAULT_USER_AUTOGENERATE_PASSWORD = "domibus.passwordPolicy.defaultUser.autogeneratePassword";//NOSONAR
+    String DOMIBUS_PASSWORD_POLICY_DEFAULT_USER_AUTOGENERATE_PASSWORD = "domibus.passwordPolicy.defaultUser.autogeneratePassword";
+    String DOMIBUS_PASSWORD_POLICY_DEFAULT_USER_REGENERATE_PASSWORD = "domibus.passwordPolicy.defaultUser.reGeneratePassword";//NOSONAR
     String DOMIBUS_PLUGIN_PASSWORD_POLICY_PATTERN = "domibus.plugin.passwordPolicy.pattern";//NOSONAR
     String DOMIBUS_PLUGIN_PASSWORD_POLICY_VALIDATION_MESSAGE = "domibus.plugin.passwordPolicy.validationMessage";//NOSONAR
     String DOMIBUS_PASSWORD_POLICY_PLUGIN_EXPIRATION = "domibus.plugin.passwordPolicy.expiration";//NOSONAR
@@ -132,6 +135,7 @@ public interface DomibusPropertyMetadataManagerSPI {
     String DOMIBUS_SENDER_CERTIFICATE_VALIDATION_ONSENDING = "domibus.sender.certificate.validation.onsending";
     String DOMIBUS_SENDER_CERTIFICATE_VALIDATION_ONRECEIVING = "domibus.sender.certificate.validation.onreceiving";
     String DOMIBUS_SENDER_TRUST_VALIDATION_ONRECEIVING = "domibus.sender.trust.validation.onreceiving";
+    String DOMIBUS_SENDER_TRUST_VALIDATION_SIGNAL_SYNC_ONRECEIVING = "domibus.sender.trust.validation.signal.sync.onreceiving";
     String DOMIBUS_SENDER_TRUST_VALIDATION_EXPRESSION = "domibus.sender.trust.validation.expression";
     String DOMIBUS_SENDER_TRUST_DYNAMIC_RECEIVER_VALIDATION_EXPRESSION = "domibus.sender.trust.dynamicReceiver.validation.expression";
     String DOMIBUS_SENDER_TRUST_VALIDATION_CERTIFICATE_POLICY_OIDS = "domibus.sender.trust.validation.allowedCertificatePolicyOIDs";
@@ -142,6 +146,7 @@ public interface DomibusPropertyMetadataManagerSPI {
     String DOMIBUS_PARTYINFO_ROLES_VALIDATION_ENABLED = "domibus.partyinfo.roles.validation.enabled";
     String DOMIBUS_PMODE_LEGCONFIGURATION_MPC_VALIDATION_ENABLED = "domibus.pmode.legconfiguration.mpc.validation.enabled";
     String DOMIBUS_PMODE_LEGCONFIGURATION_MPC_ENABLED = "domibus.pmode.legconfiguration.mpc.enabled";
+    String DOMIBUS_PMODE_DIAGNOSTICS_ENABLED = "domibus.pmode.legconfiguration.diagnostics.enabled";
     String DOMIBUS_PMODE_VALIDATION_ACTION_PATTERN = "domibus.pmode.validation.action.pattern";
     String DOMIBUS_PMODE_VALIDATION_SERVICE_VALUE_PATTERN = "domibus.pmode.validation.service.value.pattern";
     String DOMIBUS_PMODE_VALIDATION_SERVICE_TYPE_PATTERN = "domibus.pmode.validation.service.type.pattern";
@@ -166,6 +171,7 @@ public interface DomibusPropertyMetadataManagerSPI {
     String DOMIBUS_RETENTION_WORKER_MESSAGE_RETENTION_BATCH_DELETE = "domibus.retentionWorker.message.retention.batch.delete";
     String DOMIBUS_RETENTION_JMS_CONCURRENCY = "domibus.retention.jms.concurrency";
     String DOMIBUS_PARTITIONS_DROP_CHECK_MESSAGES_EARCHIVED = "domibus.partitions.drop.check.messages.earchived";
+    String DOMIBUS_PARTITIONS_DROP_MAX_PARTITIONS = "domibus.partitions.drop.max_partitions";
     String DOMIBUS_DISPATCH_EBMS_ERROR_UNRECOVERABLE_RETRY = "domibus.dispatch.ebms.error.unrecoverable.retry";
     String DOMIBUS_PROXY_ENABLED = DOMIBUS_PROXY_PREFIX + "enabled";
     String DOMIBUS_PROXY_HTTP_HOST = DOMIBUS_PROXY_PREFIX + "http.host";
@@ -367,6 +373,7 @@ public interface DomibusPropertyMetadataManagerSPI {
     String DOMIBUS_PASSWORD_ENCRYPTION_ACTIVE = "domibus.password.encryption.active"; //NOSONAR
     String DOMIBUS_PASSWORD_ENCRYPTION_PROPERTIES = "domibus.password.encryption.properties"; //NOSONAR
     String DOMIBUS_PASSWORD_ENCRYPTION_KEY_LOCATION = "domibus.password.encryption.key.location";//NOSONAR
+    String DOMIBUS_PROPERTIES_PASSWORD_VIEW_ALLOW = "domibus.properties.password.view.allow";//NOSONAR
     String DOMIBUS_JMS_QUEUE_PULL = "domibus.jms.queue.pull";
     String DOMIBUS_JMS_CONNECTION_FACTORY_MAX_POOL_SIZE = "domibus.jms.connectionFactory.maxPoolSize";
     String DOMIBUS_JMS_QUEUE_ALERT = "domibus.jms.queue.alert";
@@ -496,6 +503,7 @@ public interface DomibusPropertyMetadataManagerSPI {
     String DOMIBUS_SECURITY_BC_PROVIDER_ORDER="domibus.security.bc.provider.order";
 
     String DOMIBUS_MESSAGE_TEST_DELIVERY = "domibus.message.test.notification";
+    String DOMIBUS_MESSAGE_SUBMISSION_DIAGNOSTICS_ENABLED = "domibus.message.submission.diagnostics.enabled";
 
     String DOMIBUS_EXTENSIONS_LOCATION = "domibus.extensions.location";
 
diff --git a/Core/Domibus-MSH-db/pom.xml b/Core/Domibus-MSH-db/pom.xml
index 88480733ad..eaa180d54d 100644
--- a/Core/Domibus-MSH-db/pom.xml
+++ b/Core/Domibus-MSH-db/pom.xml
@@ -8,7 +8,7 @@
     <parent>
         <groupId>org.niis</groupId>
         <artifactId>core</artifactId>
-        <version>2.4.0</version>
+        <version>2.5.0</version>
     </parent>
     <packaging>jar</packaging>
     <artifactId>harmony-msh-db</artifactId>
@@ -57,7 +57,7 @@
                     <outputFileEncoding>UTF-8</outputFileEncoding>
                     <expressionVariables>
                         <!--Override this property with the correct value where migrating to an older version -->
-                        <DomibusVersion>5.1.4</DomibusVersion>
+                        <DomibusVersion>5.1.6</DomibusVersion>
                         <DomibusBuildTime>${timestamp}</DomibusBuildTime>
                     </expressionVariables>
                 </configuration>
diff --git a/Core/Domibus-MSH-distribution/pom.xml b/Core/Domibus-MSH-distribution/pom.xml
index 1c80463ef1..17f384f341 100644
--- a/Core/Domibus-MSH-distribution/pom.xml
+++ b/Core/Domibus-MSH-distribution/pom.xml
@@ -13,7 +13,7 @@
         <groupId>eu.domibus</groupId>
         <artifactId>domibus</artifactId>
         <relativePath>../../pom.xml</relativePath>
-        <version>5.1.4</version>
+        <version>5.1.6</version>
     </parent>
     <packaging>pom</packaging>
     <artifactId>domibus-msh-distribution</artifactId>
@@ -82,7 +82,7 @@
         <profile>
             <id>tomcat</id>
             <properties>
-                <tomcat.version>9.0.86</tomcat.version>
+                <tomcat.version>9.0.91</tomcat.version>
             </properties>
             <build>
                 <plugins>
diff --git a/Core/Domibus-MSH-ext-services-delegate/pom.xml b/Core/Domibus-MSH-ext-services-delegate/pom.xml
index b72ecd3944..531f9ebe08 100644
--- a/Core/Domibus-MSH-ext-services-delegate/pom.xml
+++ b/Core/Domibus-MSH-ext-services-delegate/pom.xml
@@ -6,7 +6,7 @@
     <parent>
         <groupId>org.niis</groupId>
         <artifactId>core</artifactId>
-        <version>2.4.0</version>
+        <version>2.5.0</version>
     </parent>
 
     <artifactId>harmony-msh-ext-services-delegate</artifactId>
diff --git a/Core/Domibus-MSH-ext-services-delegate/src/main/java/eu/domibus/ext/rest/UserMessagePayloadExtResource.java b/Core/Domibus-MSH-ext-services-delegate/src/main/java/eu/domibus/ext/rest/UserMessagePayloadExtResource.java
index 2eb55cb2bc..aed37b7241 100644
--- a/Core/Domibus-MSH-ext-services-delegate/src/main/java/eu/domibus/ext/rest/UserMessagePayloadExtResource.java
+++ b/Core/Domibus-MSH-ext-services-delegate/src/main/java/eu/domibus/ext/rest/UserMessagePayloadExtResource.java
@@ -12,6 +12,7 @@
 import eu.domibus.ext.services.PayloadExtService;
 import eu.domibus.logging.DomibusLogger;
 import eu.domibus.logging.DomibusLoggerFactory;
+import eu.domibus.logging.DomibusMessageCode;
 import eu.domibus.messaging.MessageConstants;
 import io.swagger.v3.oas.annotations.OpenAPIDefinition;
 import io.swagger.v3.oas.annotations.Operation;
@@ -149,6 +150,7 @@ private InputStream getPayloadInputStream(String cid, PartInfoDTO partInfo) {
         try {
             InputStream inputStream = payloadDatahandler.getInputStream();
             if (payloadCompressed) {
+                LOG.businessInfo(DomibusMessageCode.BUS_MESSAGE_PAYLOAD_DECOMPRESSION, partInfo.getHref());
                 inputStream = new GZIPInputStream(inputStream);
             }
             return inputStream;
diff --git a/Core/Domibus-MSH-jms-spi-helper/pom.xml b/Core/Domibus-MSH-jms-spi-helper/pom.xml
index a8d71b5a1e..f7e8dd7d42 100644
--- a/Core/Domibus-MSH-jms-spi-helper/pom.xml
+++ b/Core/Domibus-MSH-jms-spi-helper/pom.xml
@@ -8,7 +8,7 @@
     <parent>
         <groupId>org.niis</groupId>
         <artifactId>core</artifactId>
-        <version>2.4.0</version>
+        <version>2.5.0</version>
     </parent>
     <artifactId>harmony-msh-jms-spi-helper</artifactId>
     <packaging>jar</packaging>
diff --git a/Core/Domibus-MSH-jms-spi/pom.xml b/Core/Domibus-MSH-jms-spi/pom.xml
index eb002a71c1..c8ecd9fd12 100644
--- a/Core/Domibus-MSH-jms-spi/pom.xml
+++ b/Core/Domibus-MSH-jms-spi/pom.xml
@@ -8,7 +8,7 @@
     <parent>
         <groupId>org.niis</groupId>
         <artifactId>core</artifactId>
-        <version>2.4.0</version>
+        <version>2.5.0</version>
     </parent>
     <artifactId>harmony-msh-jms-spi</artifactId>
     <packaging>jar</packaging>
diff --git a/Core/Domibus-MSH-logging/pom.xml b/Core/Domibus-MSH-logging/pom.xml
index 8c0ac8dc69..950d2fb584 100644
--- a/Core/Domibus-MSH-logging/pom.xml
+++ b/Core/Domibus-MSH-logging/pom.xml
@@ -8,7 +8,7 @@
     <parent>
         <groupId>org.niis</groupId>
         <artifactId>core</artifactId>
-        <version>2.4.0</version>
+        <version>2.5.0</version>
     </parent>
     <artifactId>harmony-logging</artifactId>
     <packaging>jar</packaging>
diff --git a/Core/Domibus-MSH-logging/src/main/java/eu/domibus/logging/DomibusLogger.java b/Core/Domibus-MSH-logging/src/main/java/eu/domibus/logging/DomibusLogger.java
index 124a05c2a3..11203770df 100644
--- a/Core/Domibus-MSH-logging/src/main/java/eu/domibus/logging/DomibusLogger.java
+++ b/Core/Domibus-MSH-logging/src/main/java/eu/domibus/logging/DomibusLogger.java
@@ -22,7 +22,6 @@ public class DomibusLogger extends CategoryLogger implements Logger, MDCAccessor
     public static final String MDC_MESSAGE_ID = "messageId";
     public static final String MDC_MESSAGE_ROLE = "messageMSHRole";
     public static final String MDC_MESSAGE_ENTITY_ID = "messageEntityId";
-    public static final String MDC_BATCH_ENTITY_ID = "batchEntityId";
     public static final String MDC_DOMAIN = "domain";
     public static final String MDC_FROM = "from";
     public static final String MDC_TO = "to";
diff --git a/Core/Domibus-MSH-logging/src/main/java/eu/domibus/logging/DomibusMessageCode.java b/Core/Domibus-MSH-logging/src/main/java/eu/domibus/logging/DomibusMessageCode.java
index 29e9f865e0..6a1a75c5f9 100644
--- a/Core/Domibus-MSH-logging/src/main/java/eu/domibus/logging/DomibusMessageCode.java
+++ b/Core/Domibus-MSH-logging/src/main/java/eu/domibus/logging/DomibusMessageCode.java
@@ -25,8 +25,8 @@ public enum DomibusMessageCode implements MessageCode {
     BUS_MESSAGE_PAYLOAD_COMPRESSION_FAILURE("BUS-014", "Error compressing payload with cid [{}]"),
     BUS_MESSAGE_PAYLOAD_COMPRESSION("BUS-015", "Payload with cid [{}] has been compressed"),
     BUS_MESSAGE_PAYLOAD_DECOMPRESSION_FAILURE_MISSING_MIME_TYPE("BUS-016", "Decompression failure: no mime type found for payload with cid [{}]"),
-    BUS_MESSAGE_PAYLOAD_DECOMPRESSION("BUS-017", "Payload with cid [{}] will be decompressed"),
-    BUS_MESSAGE_PAYLOAD_DECOMPRESSION_NOT_ENABLED("BUS-018", "Decompression is not performed: leg compressPayloads parameter is false"),
+    BUS_MESSAGE_PAYLOAD_DECOMPRESSION("BUS-017", "Payload with cid [{}] will be decompressed when reading it"),
+    BUS_MESSAGE_PAYLOAD_DECOMPRESSION_NOT_ENABLED("BUS-018", "Decompression will be not needed for payload with cid [{}]. Leg compressPayloads parameter is false"),
     BUS_MESSAGE_PAYLOAD_DECOMPRESSION_PART_INFO_IN_BODY("BUS-019", "Decompression is not performed: partInfo with cid [{}] is in body"),
     BUS_MESSAGE_ACTION_FOUND("BUS-020", "Message action [{}] found for value [{}]"),
     BUS_MESSAGE_ACTION_NOT_FOUND("BUS-021", "Message action not found for value [{}]"),
@@ -53,7 +53,7 @@ public enum DomibusMessageCode implements MessageCode {
     BUS_PROPERTY_PROFILE_VALIDATION_SKIP("BUS-042", "Property profile validation skipped: property profile is not defined for leg [{}]"),
     BUS_PROPERTY_MISSING("BUS-043", "Property profiling for this exchange does not include a property named [{}]"),
     BUS_PROPERTY_PROFILE_VALIDATION("BUS-044", "Property profile [{}] validated"),
-    BUS_MESSAGE_PERSISTED("BUS-045", "Message persisted"),
+    BUS_MESSAGE_PERSISTED("BUS-045", "Message persisted in DB"),
     BUS_MESSAGE_RECEIPT_GENERATED("BUS-046", "Message receipt generated with nonRepudiation value [{}]"),
     BUS_MESSAGE_RECEIPT_FAILURE("BUS-047", "Message receipt generation failure"),
     BUS_MESSAGE_STATUS_UPDATE("BUS-048", "Message with type [{}] has status updated to [{}]"),
@@ -72,7 +72,7 @@ public enum DomibusMessageCode implements MessageCode {
     BUS_MESSAGE_RECEIVED_PAYLOAD_SIZE("BUS-061", "Received payload with cid [{}] for message [{}] of size [{}] (in bytes)"),
     BUS_MESSAGE_SENDING_PAYLOAD_SIZE("BUS-062", "Saved payload with cid [{}] for message [{}] of size [{}] (in bytes) for sending"),
     BUS_MESSAGE_STATUS_CHANGED("BUS-063", "Notifying about message status change from [{}] to [{}]"),
-    BUS_MESSAGE_SUBMITTED("BUS-064", "Message submitted"),
+    BUS_MESSAGE_SUBMITTED("BUS-064", "Submitting message from [{}] to [{}]"),
     BUS_MESSAGE_SUBMIT_FAILED("BUS-065", "Message submission failed"),
     BUS_MESSAGE_RETRIEVED("BUS-066", "Message retrieved"),
     BUS_MESSAGE_RETRIEVE_FAILED("BUS-067", "Message retrieval failed"),
@@ -104,6 +104,12 @@ public enum DomibusMessageCode implements MessageCode {
     BUS_NOTIFY_MESSAGE_RESPONSE_SENT_ERROR("BUS-093", "An error occurred while notifying plugin [{}] of message response sent."),
     BUS_MESSAGE_PLUGIN_RECEIVE_FAILED("BUS-094", "Failed to receive message in the plugin [{}]"),
     BUS_NOTIFY_MESSAGE_RECEIVED("BUS-095", "Notify message received for messageId [{}] or messageEntityId [{}]."),
+    BUS_MESSAGE_PAYLOAD_NO_COMPRESSION("BUS-096", "Payload with cid [{}] was not compressed"),
+    BUS_PAYLOAD_PERSISTED_ON_FILE_SYSTEM("BUS-097", "Payload with cid [{}] persisted on the file system"),
+    BUS_PAYLOAD_PERSISTED_IN_DB("BUS-098", "Payload with cid [{}] persisted in DB"),
+    BUS_MSG_RECEIVED_FROM_JMS_IN_QUEUE("BUS-099", "Message with id [{}], conversationId [{}] and jmsCorrelationID [{}] has been received from JMS Plugin inQueue."),
+    BUS_MSG_DELIVERED_TO_JMS_OUT_QUEUE("BUS-100", "Message with id [{}], entityId [{}] and conversationId [{}] was delivered to JMS Plugin outQueue."),
+    BUS_MSG_RETRY("BUS-101", "Scheduling send retry {}/{} for message with id [{}]."),
 
     SEC_UNSECURED_LOGIN_ALLOWED("SEC-001", "Unsecure login is allowed, no authentication will be performed"),
     SEC_BASIC_AUTHENTICATION_USE("SEC-002", "Basic authentication is used"),
diff --git a/Core/Domibus-MSH-soapui-tests/pom.xml b/Core/Domibus-MSH-soapui-tests/pom.xml
index 39f47cdf46..de71be881c 100644
--- a/Core/Domibus-MSH-soapui-tests/pom.xml
+++ b/Core/Domibus-MSH-soapui-tests/pom.xml
@@ -8,7 +8,7 @@
     <parent>
         <groupId>org.niis</groupId>
         <artifactId>core</artifactId>
-        <version>2.4.0</version>
+        <version>2.5.0</version>
     </parent>
     <artifactId>harmony-msh-soapui-tests</artifactId>
     <packaging>jar</packaging>
diff --git a/Core/Domibus-MSH-soapui-tests/src/main/soapui/AS4-domibus-WS-soapui-project.xml b/Core/Domibus-MSH-soapui-tests/src/main/soapui/AS4-domibus-WS-soapui-project.xml
index 0a39304330..3dc84ce4a4 100644
--- a/Core/Domibus-MSH-soapui-tests/src/main/soapui/AS4-domibus-WS-soapui-project.xml
+++ b/Core/Domibus-MSH-soapui-tests/src/main/soapui/AS4-domibus-WS-soapui-project.xml
@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<con:soapui-project id="1c29d1fb-f8ae-4ddb-ac43-1469a15001ec" activeEnvironment="Default" name="TESTS_WS" resourceRoot="" soapui-version="5.7.1" abortOnError="false" runType="SEQUENTIAL" xmlns:con="http://eviware.com/soapui/config"><con:settings><con:setting id="ProjectSettings@hermesConfig">C:\ec</con:setting></con:settings><con:interface xsi:type="con:WsdlInterface" id="9581111c-248c-4085-bf9f-dc452577042f" wsaVersion="NONE" name="BackendService_1_1SoapBinding" type="wsdl" bindingName="{http://org.ecodex.backend/1_1/}BackendService_1_1SoapBinding" soapVersion="1_2" anonymous="optional" definition="${#Project#localUrl}/services/backend?wsdl" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><con:settings/><con:definitionCache type="TEXT" rootPart="http://localhost:8080/domibus/services/backend?wsdl"><con:part><con:url>http://localhost:8080/domibus/services/backend?wsdl</con:url><con:content><![CDATA[<wsdl:definitions name="BackendService_1_1" targetNamespace="http://org.ecodex.backend/1_1/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:tns="http://org.ecodex.backend/1_1/" xmlns:soap12="http://schemas.xmlsoap.org/wsdl/soap12/" xmlns:ns2="http://schemas.xmlsoap.org/soap/http" xmlns:ns1="http://docs.oasis-open.org/ebxml-msg/ebms/v3.0/ns/core/200704/">
+<con:soapui-project id="1c29d1fb-f8ae-4ddb-ac43-1469a15001ec" activeEnvironment="Default" name="TESTS_WS" resourceRoot="" soapui-version="5.8.0" abortOnError="false" runType="SEQUENTIAL" xmlns:con="http://eviware.com/soapui/config"><con:settings><con:setting id="ProjectSettings@hermesConfig">C:\ec</con:setting></con:settings><con:interface xsi:type="con:WsdlInterface" id="9581111c-248c-4085-bf9f-dc452577042f" wsaVersion="NONE" name="BackendService_1_1SoapBinding" type="wsdl" bindingName="{http://org.ecodex.backend/1_1/}BackendService_1_1SoapBinding" soapVersion="1_2" anonymous="optional" definition="${#Project#localUrl}/services/backend?wsdl" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><con:settings/><con:definitionCache type="TEXT" rootPart="http://localhost:8080/domibus/services/backend?wsdl"><con:part><con:url>http://localhost:8080/domibus/services/backend?wsdl</con:url><con:content><![CDATA[<wsdl:definitions name="BackendService_1_1" targetNamespace="http://org.ecodex.backend/1_1/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:tns="http://org.ecodex.backend/1_1/" xmlns:soap12="http://schemas.xmlsoap.org/wsdl/soap12/" xmlns:ns2="http://schemas.xmlsoap.org/soap/http" xmlns:ns1="http://docs.oasis-open.org/ebxml-msg/ebms/v3.0/ns/core/200704/">
   <wsdl:types>
     <xsd:schema attributeFormDefault="unqualified" elementFormDefault="qualified" targetNamespace="http://docs.oasis-open.org/ebxml-msg/ebms/v3.0/ns/core/200704/" xmlns:tns="http://docs.oasis-open.org/ebxml-msg/ebms/v3.0/ns/core/200704/" xmlns="http://docs.oasis-open.org/ebxml-msg/ebms/v3.0/ns/core/200704/">
       <xsd:import namespace="http://www.w3.org/XML/1998/namespace"/>
@@ -25011,7 +25011,13 @@ Domibus.reportTestCaseCsv(testRunner, log)</con:tearDownScript><con:properties/>
 
 
 
-            <con:testStep type="groovy" name="Save mpc validation values" id="17abd0dd-949f-4d7f-9862-fdb90e5c919a"><con:settings/><con:config><script>def custPropName="domibus.pmode.legconfiguration.mpc.validation.enabled";
+            <con:testStep type="groovy" name="Save mpc legconfiguration values" id="e73b2a5d-379a-4bd3-ad4a-f0868989afd5"><con:settings/><con:config><script>// C2
+Domibus.changePropertyAtRuntime("C2", "domibus.pmode.legconfiguration.mpc.enabled", "false", context, log);
+
+// C3
+Domibus.changePropertyAtRuntime("C3", "domibus.pmode.legconfiguration.mpc.enabled", "false", context, log);
+
+sleep(3000);</script></con:config></con:testStep><con:testStep type="groovy" name="Save mpc validation values" id="17abd0dd-949f-4d7f-9862-fdb90e5c919a"><con:settings/><con:config><script>def custPropName="domibus.pmode.legconfiguration.mpc.validation.enabled";
 
 // C2
 // Get Domibus property value
@@ -25744,11 +25750,18 @@ propValue=Domibus.getTestCaseCustProp(custPropName+".C3",log,testRunner);
 Domibus.changePropertyAtRuntime("C3",custPropName,Domibus.ifEmptyReturnDef(propValue,defPropValue),context,log);
 
 sleep(3000);
-</script></con:config></con:testStep><con:setupScript>Domibus.checkIfAnySmokeTestsFailed(testRunner, testCase, log)</con:setupScript><con:tearDownScript>def test = new Domibus(log,null,context);
+</script></con:config></con:testStep><con:testStep type="groovy" name="Reset mpc legconfiguration values" id="79e453a9-550c-4f3d-b9f5-ce3714e7133a" disabled="true"><con:settings/><con:config><script>// C2
+Domibus.changePropertyAtRuntime("C2", "domibus.pmode.legconfiguration.mpc.enabled", "true", context, log);
+
+// C3
+Domibus.changePropertyAtRuntime("C3", "domibus.pmode.legconfiguration.mpc.enabled", "true", context, log);
+
+sleep(3000);</script></con:config></con:testStep><con:setupScript>Domibus.checkIfAnySmokeTestsFailed(testRunner, testCase, log)</con:setupScript><con:tearDownScript>def test = new Domibus(log,null,context);
 test.cleanDBMessageIDStartsWith("-Dom00545-")
 test.finalize();
 
 testRunner.testCase.testSteps['Reset mpc validation values'].run(testRunner, context);
+testRunner.testCase.testSteps['Reset mpc legconfiguration values'].run(testRunner, context);
 
 Domibus.reportTestCaseCsv(testRunner, log)</con:tearDownScript><con:properties><con:property><con:name>domibus.pmode.legconfiguration.mpc.validation.enabled.C2</con:name><con:value>true</con:value></con:property><con:property><con:name>domibus.pmode.legconfiguration.mpc.validation.enabled.C3</con:name><con:value>true</con:value></con:property></con:properties>
         <con:reportParameters/><con:breakPoints><con:testStepId>2eb6a89f-41c9-40f9-9d70-074e25d6ff5a</con:testStepId><con:status>NONE</con:status><con:properties/></con:breakPoints><con:breakPoints><con:testStepId>d1a0cbdd-efe1-412d-aac5-b62315a3ac06</con:testStepId><con:status>NONE</con:status><con:properties/></con:breakPoints><con:breakPoints><con:testStepId>f84a4b44-9f2f-41e5-aeb5-ad4b50027daf</con:testStepId><con:status>NONE</con:status><con:properties/></con:breakPoints></con:testCase><con:testCase failOnError="true" failTestCaseOnErrors="true" keepSession="false" maxResults="0" name="Dom00546-Submit Message-Optional-OriginalSender-FinalReceiver" searchProperties="true" id="bcc12eb9-aea7-4e66-9684-80874e56f05c">
diff --git a/Core/Domibus-MSH-spi/pom.xml b/Core/Domibus-MSH-spi/pom.xml
index 43de606244..1666d8628b 100644
--- a/Core/Domibus-MSH-spi/pom.xml
+++ b/Core/Domibus-MSH-spi/pom.xml
@@ -5,7 +5,7 @@
     <parent>
         <artifactId>core</artifactId>
         <groupId>org.niis</groupId>
-        <version>2.4.0</version>
+        <version>2.5.0</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 
diff --git a/Core/Domibus-MSH-swagger/pom.xml b/Core/Domibus-MSH-swagger/pom.xml
index 4cee35e451..9cd7bdad5a 100644
--- a/Core/Domibus-MSH-swagger/pom.xml
+++ b/Core/Domibus-MSH-swagger/pom.xml
@@ -8,7 +8,7 @@
     <parent>
         <groupId>org.niis</groupId>
         <artifactId>core</artifactId>
-        <version>2.4.0</version>
+        <version>2.5.0</version>
     </parent>
 
     <artifactId>harmony-msh-swagger</artifactId>
diff --git a/Core/Domibus-MSH-test-common/pom.xml b/Core/Domibus-MSH-test-common/pom.xml
index f03037e3ef..33f884a228 100644
--- a/Core/Domibus-MSH-test-common/pom.xml
+++ b/Core/Domibus-MSH-test-common/pom.xml
@@ -8,7 +8,7 @@
     <parent>
         <groupId>org.niis</groupId>
         <artifactId>core</artifactId>
-        <version>2.4.0</version>
+        <version>2.5.0</version>
     </parent>
     <artifactId>harmony-msh-test-common</artifactId>
     <packaging>jar</packaging>
diff --git a/Core/Domibus-MSH-test-common/src/main/resources/dataset/as4/SOAPMessage4_noPropertyPart.xml b/Core/Domibus-MSH-test-common/src/main/resources/dataset/as4/SOAPMessage4_noPropertyPart.xml
new file mode 100644
index 0000000000..68cbb937f2
--- /dev/null
+++ b/Core/Domibus-MSH-test-common/src/main/resources/dataset/as4/SOAPMessage4_noPropertyPart.xml
@@ -0,0 +1,103 @@
+<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope">
+    <env:Header xmlns:env="http://www.w3.org/2003/05/soap-envelope">
+        <eb:Messaging xmlns:eb="http://docs.oasis-open.org/ebxml-msg/ebms/v3.0/ns/core/200704/"
+                      xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+                      env:mustUnderstand="true" wsu:Id="_c98813fb-57e4-474a-8146-945594cdf2ba">
+            <eb:UserMessage mpc="http://docs.oasis-open.org/ebxml-msg/ebms/v3.0/ns/core/200704/defaultMPC">
+                <eb:MessageInfo>
+                    <eb:Timestamp>2016-09-28T18:13:04.000Z</eb:Timestamp>
+                    <eb:MessageId>MESSAGE_ID</eb:MessageId>
+                </eb:MessageInfo>
+                <eb:PartyInfo>
+                    <eb:From>
+                        <eb:PartyId type="urn:oasis:names:tc:ebcore:partyid-type:unregistered">domibus-blue</eb:PartyId>
+                        <eb:Role>http://docs.oasis-open.org/ebxml-msg/ebms/v3.0/ns/core/200704/initiator</eb:Role>
+                    </eb:From>
+                    <eb:To>
+                        <eb:PartyId type="urn:oasis:names:tc:ebcore:partyid-type:unregistered">domibus-red</eb:PartyId>
+                        <eb:Role>http://docs.oasis-open.org/ebxml-msg/ebms/v3.0/ns/core/200704/responder</eb:Role>
+                    </eb:To>
+                </eb:PartyInfo>
+                <eb:CollaborationInfo>
+                    <eb:Service type="tc4">bdx:noprocess</eb:Service>
+                    <eb:Action>TC4Leg1</eb:Action>
+                    <eb:ConversationId>6521261f-76b7-41d3-b1c2-25b05a4646a6</eb:ConversationId>
+                </eb:CollaborationInfo>
+                <eb:MessageProperties>
+                    <eb:Property name="finalRecipient">urn:oasis:names:tc:ebcore:partyid-type:unregistered:C4
+                    </eb:Property>
+                    <eb:Property name="originalSender">urn:oasis:names:tc:ebcore:partyid-type:unregistered:C1
+                    </eb:Property>
+                </eb:MessageProperties>
+                <eb:PayloadInfo>
+                    <eb:PartInfo href="cid:message">
+<!--                        <eb:PartProperties/>-->
+<!--                            <eb:Property name="MimeType">text/xml</eb:Property>-->
+<!--                            <eb:Property name="description">e-sens-sbdh-order</eb:Property>-->
+<!--                        </eb:PartProperties>-->
+                    </eb:PartInfo>
+                </eb:PayloadInfo>
+            </eb:UserMessage>
+        </eb:Messaging>
+        <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
+                       xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+                       soap:mustUnderstand="true">
+            <wsse:BinarySecurityToken
+                    EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
+                    ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
+                    wsu:Id="X509-9973d6a2-7819-4de2-a3d2-1bbdb2506df8">
+                MIIDdzCCAl+gAwIBAgIEAd+F/zANBgkqhkiG9w0BAQsFADBsMRAwDgYDVQQGEwdVbmtub3duMRAwDgYDVQQIEwdVbmtub3duMRAwDgYDVQQHEwdVbmtub3duMRAwDgYDVQQKEwdVbmtub3duMRAwDgYDVQQLEwdVbmtub3duMRAwDgYDVQQDEwdVbmtub3duMB4XDTE2MDIwNDEwMDE1NloXDTE2MDUwNDEwMDE1NlowbDEQMA4GA1UEBhMHVW5rbm93bjEQMA4GA1UECBMHVW5rbm93bjEQMA4GA1UEBxMHVW5rbm93bjEQMA4GA1UEChMHVW5rbm93bjEQMA4GA1UECxMHVW5rbm93bjEQMA4GA1UEAxMHVW5rbm93bjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqNN0G98uMfIAzRYfcfPfH9mQFfP8k2vZXslJSpRXS/3U0QCvr6QSON+7YbNVanQLURop2RfI/EzMX0Eb4iUs5DkadaA/XViQiABbisLyKZOLHv8/MvhhAebXGfOfZjvvln6VyZNl4yzUMV5WcYLRMfA2iyFC/fSzRee9/mG+piPMBLKA938esvyieMV7uK0+2a89mPQ/p2YUv5VDFtdtPQ4Lx4SNM4brsgNPVE797wtIpIAxLNC6Ty9FEhtassDhiVbWoj6dOnt/gN0KU4OiMxHyF/PLXReI1Ep4lQkzOhuu8gVsyiXuQZMB5yy49opV9oJ4DSsZExMOZaRsLdysECAwEAAaMhMB8wHQYDVR0OBBYEFKEeAx71/KIKnGh1OurhlOv3tHAOMA0GCSqGSIb3DQEBCwUAA4IBAQBgzkP5yDbSZP1V3REaHnYuALCfDs+h8IO3rnJQOXjiG1KGNBaWoSUlDpMnAuJ29aJtWcqG/FtY7U+NII+1nwvk0kdbbUC42xWi7RtBdGpWD8PCJW/MtNR+YzFJlUhlAiDxcWWbAeO8flKQe/wa+SLnf6zSle98JYTmvxAlwauRw0WZqazZtI4GAwoKzS2IRsZ/M9w82OZdwGhXkiwhtKMlhr9tJUA6PsJoG0lkD3YeP8j0vF51UprVERJmGvBifMj6PfcDsA6eoW1mEpjgPcT9cdPH7t3f0wFpHrA43v0aTI7oDyORpcJzr6KFQ+M+5yOPXAA4xakGJf5Lr05cu6L1
+            </wsse:BinarySecurityToken>
+            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="SIG-b89cef88-9813-41e5-8e15-741304bb8dbe">
+                <ds:SignedInfo>
+                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
+                        <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="soap"/>
+                    </ds:CanonicalizationMethod>
+                    <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
+                    <ds:Reference URI="#_b24c9891-e5f1-4957-a4be-e7b8a7d43889">
+                        <ds:Transforms>
+                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
+                                <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"
+                                                        PrefixList=""/>
+                            </ds:Transform>
+                        </ds:Transforms>
+                        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+                        <ds:DigestValue>ALuNcETTazFbeYpxj5NgSPWrpnkhn9YMTqm4EK/tgfo=</ds:DigestValue>
+                    </ds:Reference>
+                    <ds:Reference URI="#_c98813fb-57e4-474a-8146-945594cdf2ba">
+                        <ds:Transforms>
+                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
+                                <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"
+                                                        PrefixList="soap"/>
+                            </ds:Transform>
+                        </ds:Transforms>
+                        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+                        <ds:DigestValue>6gwMPMbUvb/GR78OMP8wl53mrMq72jO3BxsSe238cT4=</ds:DigestValue>
+                    </ds:Reference>
+                    <ds:Reference URI="cid:sbdh-order">
+                        <ds:Transforms>
+                            <ds:Transform
+                                    Algorithm="http://docs.oasis-open.org/wss/oasis-wss-SwAProfile-1.1#Attachment-Content-Signature-Transform"/>
+                        </ds:Transforms>
+                        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+                        <ds:DigestValue>KjGFbgFe+a4tfTEGu2o+EtPRHmSNm83Cmlte3bYsT+s=</ds:DigestValue>
+                    </ds:Reference>
+                </ds:SignedInfo>
+                <ds:SignatureValue>
+                    bqS08H1+G0gSI9ZWsYolmbMzTPmlkQjtnHm4AoFZIPqr1uhFPu69+gYdw7THTRWqLpIP5fHJkEmxiIjXWoGVLZjL3U9EnMLycNeVl12mSa9T8ZxaKM1RArTeBHrh3OePk1ltNiPdZ92q7fCAO5jRoYvXCWOcjTUHLZ3zgLn4ChTTSqdDvuY7OgxEb4gItg1fWEtSK9qy5s5uKWultpdrm85gPODwJHNNEHXk/EqoU8krUxjhu/haxNNFdz8dzXtYuI90Tu3r34gb5gkyNY9k5b0toe2babQyYg4wSx85SUVm4hL1zmpLx8qXEXdwwBXGLSlE8SZiEh4KZc6Y/hql/w==
+                </ds:SignatureValue>
+                <ds:KeyInfo Id="KI-c815f4de-c122-4a28-a164-01ba52db3a1c">
+                    <wsse:SecurityTokenReference
+                            xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
+                            xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+                            wsu:Id="STR-0f997b00-540a-4721-b697-6dd55cf99d85">
+                        <wsse:Reference URI="#X509-9973d6a2-7819-4de2-a3d2-1bbdb2506df8"
+                                        ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
+                    </wsse:SecurityTokenReference>
+                </ds:KeyInfo>
+            </ds:Signature>
+        </wsse:Security>
+    </env:Header>
+    <soap:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+               wsu:Id="_b24c9891-e5f1-4957-a4be-e7b8a7d43889"/>
+</soap:Envelope>
diff --git a/Core/Domibus-MSH-test/pom.xml b/Core/Domibus-MSH-test/pom.xml
index b5006ca244..c068b66216 100644
--- a/Core/Domibus-MSH-test/pom.xml
+++ b/Core/Domibus-MSH-test/pom.xml
@@ -8,7 +8,7 @@
     <parent>
         <groupId>org.niis</groupId>
         <artifactId>core</artifactId>
-        <version>2.4.0</version>
+        <version>2.5.0</version>
     </parent>
     <artifactId>harmony-msh-test</artifactId>
     <packaging>jar</packaging>
diff --git a/Core/Domibus-MSH-test/src/main/java/eu/domibus/test/AbstractIT.java b/Core/Domibus-MSH-test/src/main/java/eu/domibus/test/AbstractIT.java
index 598b28b58f..6cd0a5f8fc 100644
--- a/Core/Domibus-MSH-test/src/main/java/eu/domibus/test/AbstractIT.java
+++ b/Core/Domibus-MSH-test/src/main/java/eu/domibus/test/AbstractIT.java
@@ -304,6 +304,13 @@ protected void setAuth() {
                         Collections.singleton(new SimpleGrantedAuthority(AuthRole.ROLE_ADMIN.name()))));
     }
 
+    protected void authWithSuper() {
+        SecurityContextHolder.getContext()
+                .setAuthentication(new UsernamePasswordAuthenticationToken(
+                        "super",
+                        "123456",
+                        Collections.singleton(new SimpleGrantedAuthority(AuthRole.ROLE_AP_ADMIN.name()))));
+    }
 
     protected void uploadPmode(Integer redHttpPort) throws IOException, XmlProcessingException {
         uploadPmode(redHttpPort, null);
diff --git a/Core/Domibus-MSH-test/src/main/java/eu/domibus/test/UserMessageService.java b/Core/Domibus-MSH-test/src/main/java/eu/domibus/test/UserMessageService.java
index 6dc86fecac..7594e01770 100644
--- a/Core/Domibus-MSH-test/src/main/java/eu/domibus/test/UserMessageService.java
+++ b/Core/Domibus-MSH-test/src/main/java/eu/domibus/test/UserMessageService.java
@@ -13,7 +13,6 @@
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
 
-import java.io.IOException;
 import java.util.HashSet;
 
 /**
@@ -55,7 +54,9 @@ public UserMessage getUserMessage(){
 
         userMessage.setAction(actionDictionaryService.findOrCreateAction(userMessage.getActionValue()));
         userMessage.setService(serviceDictionaryService.findOrCreateService(userMessage.getService().getValue(), userMessage.getService().getType()));
-        userMessage.setAgreementRef(agreementDictionaryService.findOrCreateAgreement(userMessage.getAgreementRef().getValue(), userMessage.getAgreementRef().getType()));
+        if (userMessage.getAgreementRef() != null && StringUtils.isNotEmpty(userMessage.getAgreementRef().getValue())) {
+            userMessage.setAgreementRef(agreementDictionaryService.findOrCreateAgreement(userMessage.getAgreementRef().getValue(), userMessage.getAgreementRef().getType()));
+        }
         userMessage.setMpc(mpcDictionaryService.findOrCreateMpc(StringUtils.isBlank(userMessage.getMpcValue()) ? Ebms3Constants.DEFAULT_MPC : userMessage.getMpcValue()));
         userMessage.getPartyInfo().getTo().setToPartyId(partyIdDictionaryService.findOrCreateParty("toPartyValue", "toPartyType"));
         userMessage.getPartyInfo().getTo().setToRole(partyRoleDictionaryService.findOrCreateRole("toRole"));
diff --git a/Core/Domibus-MSH/changelog.txt b/Core/Domibus-MSH/changelog.txt
index 9ae400f59c..01b1766bf6 100644
--- a/Core/Domibus-MSH/changelog.txt
+++ b/Core/Domibus-MSH/changelog.txt
@@ -1,3 +1,20 @@
+Domibus 5.1.6
+- Add support for custom properties in the JMS plugin
+- Improved the information provided in the BUSINESS logs and added more codes.
+- Added property domibus.sender.trust.validation.signal.sync.onreceiving. If activated Domibus will verify before receiving syncronously a signal message following a push or pull request, that the sender certificate is valid and not revoked
+- Updated the description of default.domibus.sender.trust.validation.onreceiving. If activated Domibus will verify before receiving a User Message when using Push/Pull or a Signal Acknowledgement (NRR) when using Pull, that the sender certificate is valid and not revoked. When disabled, none of the other checks are performed on the sender's certificate.
+- Fixed issue related to expired partition purging and added a new property to limit the number of partitions dropped in one run of the retention worker.
+- Double click on a message should populate all fields for that message
+- Added diagnostic logging in case of a pMode mismatch or a submission error
+- Improved the sql scripts by removing the unnecessarily dropping and recreating an index
+- Fixed issue with message sanitizer failing at first message
+- Consider QUEUED batches in batch sanitiser
+- Upgraded Tomcat 9 to the latest version 9.0.91
+- Libraries upgrades to fix OWASP vulnerabilities
+Domibus 5.1.5
+- New property to enforce strong rules for all Domibus properties of type password
+- Update the configuration of Weblogic datasource, eDeliveryDs, to disable support for global transactions
+- Security updates on the libraries and Domibus APIs
 Domibus 5.1.4
 - Added endpoint for refreshing DSS Trusted lists. Can be accessed with POST /ext/trustedlists/refreshoperation
 - Added domibus properties for quartz data source in Tomcat
@@ -71,6 +88,10 @@ Domibus 5.1
 - Added new retention policy for metadata - by setting delete_message_metadata and retention_metadata_offset the user can keep the metadata after the payload was deleted
 - Changed MySQL dialect from MySQL5InnoDBDialect to MySQL8Dialect
 - Disable metrics features by default (logging, memory, garbage collector, cached threads and jms queues)
+
+Domibus 5.0.10
+- Added property domibus.sender.trust.validation.signal.sync.onreceiving. If activated Domibus will verify before receiving syncronously a signal message following a push or pull request, that the sender certificate is valid and not revoked
+- Updated the description of default.domibus.sender.trust.validation.onreceiving. If activated Domibus will verify before receiving a User Message when using Push/Pull or a Signal Acknowledgement (NRR) when using Pull, that the sender certificate is valid and not revoked. When disabled, none of the other checks are performed on the sender's certificate.
 Domibus 5.0.8
 - Improve performance of the Messages page
 - Improve the performance of query used for payload handling
diff --git a/Core/Domibus-MSH/pom.xml b/Core/Domibus-MSH/pom.xml
index 21d72a2b0e..3d54795f5b 100644
--- a/Core/Domibus-MSH/pom.xml
+++ b/Core/Domibus-MSH/pom.xml
@@ -6,7 +6,7 @@
     <parent>
         <groupId>org.niis</groupId>
         <artifactId>core</artifactId>
-        <version>2.4.0</version>
+        <version>2.5.0</version>
     </parent>
 
     <artifactId>harmony-MSH</artifactId>
@@ -17,7 +17,7 @@
         <endorsed.dir>${project.build.directory}/endorsed</endorsed.dir>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <timestamp>${maven.build.timestamp}</timestamp>
-        <upstream.version>5.1.4</upstream.version>
+        <upstream.version>5.1.6</upstream.version>
         <maven.build.timestamp.format>yyyy-MM-dd HH:mm</maven.build.timestamp.format>
 
         <projectFile>${project.basedir}/src/test/resources/soapUI/AS4-test-guide-soapui-project.xml</projectFile>
diff --git a/Core/Domibus-MSH/src/main/conf/domibus/domains/default/default-domibus.properties b/Core/Domibus-MSH/src/main/conf/domibus/domains/default/default-domibus.properties
index a7d680a87e..571d59d89f 100644
--- a/Core/Domibus-MSH/src/main/conf/domibus/domains/default/default-domibus.properties
+++ b/Core/Domibus-MSH/src/main/conf/domibus/domains/default/default-domibus.properties
@@ -16,6 +16,15 @@
 #Max rows for CSV export
 #default.domibus.ui.csv.rows.max=10000
 
+# how many minutes after message's received date the Resend button will become enabled for messages having SEND_ENQUEUED status
+#default.domibus.ui.resend.action.enabled.received.minutes=5
+
+#Whether the Messages page should be the default landing page after login (defaults to true, but should be set to false in high load environments)
+#default.domibus.ui.pages.messageLogs.landingPage.enabled=true
+
+#Whether the Messages page has all the advanced capabilities (defaults to true, but should be set to false in high load environments)
+#default.domibus.ui.pages.messageLogs.search.advanced.enabled=true
+
 # ---------------------------------- Security ----------------------------------
 
 #Domibus encrypts the configured passwords if activated
@@ -27,6 +36,9 @@
 #The location where the encrypted key is stored
 #default.domibus.password.encryption.key.location=${domibus.config.location}/domains/default/encrypt
 
+#Password can be viewed if true;
+#default.domibus.properties.password.view.allow=true
+
 #Number of console login attempt before the user is deactivated (default 5)
 #default.domibus.console.login.maximum.attempt=5
 
@@ -201,6 +213,8 @@ default.domibus.database.schema=default_domain_schema
 #The maximum size of message in bytes that can be downloaded via admin console
 #default.domibus.message.download.maxSize=10000000
 
+#If enabled, diagnostics data will be logged when a message submission fails
+#default.domibus.message.submission.diagnostics.enabled=false
 
 # ---------------------------------- Retry -------------------------------------
 
@@ -285,10 +299,13 @@ default.domibus.database.schema=default_domain_schema
 #not valid or it has been revoked Domibus will not accept the message (default is true)
 #default.domibus.sender.certificate.validation.onreceiving=true
 
-#If activated Domibus will verify before receiving a message, the validity and authorization on the sender's certificate. When disabled,
-#none of the other checks are performed on the sender's certificate.
+#If activated Domibus will verify before receiving a User Message when using Push/Pull or a Signal Acknowledgement (NRR) when using Pull, that the sender certificate is valid and not revoked
+# When disabled, none of the other checks are performed on the sender's certificate.
 #default.domibus.sender.trust.validation.onreceiving=true
 
+#If activated Domibus will verify before receiving syncronously a signal message following a push or pull request, that the sender certificate is valid and not revoked
+#default.domibus.sender.trust.validation.signal.sync.onreceiving=true
+
 #When this property is not empty Domibus will verify before receiving a message(using static or dynamic discovery), that the subject of the sender's certificate matches the regular expression.
 #default.domibus.sender.trust.validation.expression=
 
@@ -325,6 +342,9 @@ default.domibus.database.schema=default_domain_schema
 #The error message shown to the user in case the partyIdType doesn't follow the regex put in the default.domibus.partIdType.validation.pattern property
 #default.domibus.partIdType.validation.message=You should follow the rule: urn:oasis:names:tc:ebcore:partyid-type:[....]
 
+#Enables the validation of Domibus properties values (defaults to true)
+#default.domibus.property.validation.enabled=true
+
 #Validate the qualified name of the Mpc in the received UserMessage on MSH endpoint matches the qualified name of the Mpc configured on the pMode leg configuration
 #default.domibus.pmode.legconfiguration.mpc.validation.enabled=true
 
@@ -333,6 +353,9 @@ default.domibus.database.schema=default_domain_schema
 # If set to false, Domibus fills in the value of the Mpc with the value of the EBMS3 defaultMpc ("http://docs.oasis-open.org/ebxml-msg/ebms/v3.0/ns/core/200704/defaultMPC")
 #default.domibus.pmode.legconfiguration.mpc.enabled=true
 
+#If enabled, detailed diagnostics data will be logged when a message does not match the PMode
+#default.domibus.pmode.legconfiguration.diagnostics.enabled=false
+
 # ---------------------------------- Dispatcher --------------------------------
 
 #Timeout values for communication between the Access Points
@@ -385,8 +408,8 @@ default.domibus.database.schema=default_domain_schema
 #Cron expression used for configuring the partition worker scheduling. The partition worker verifies if partitions were properly created in advance.
 #default.domibus.partitions.worker.cron=0 9 * * * ?
 
-#Number of days to check if partitions were successfully created in advance. Defaults to 7 days.
-#default.domibus.partitions.creation.days_to_check=7
+#Maximum number of expired partitions to be dropped by the retention worker in one run. Defaults to 10 partitions.
+#default.domibus.partitions.drop.max_partitions=10
 
 #When set to true, before dropping a partition, verifies if all messages on that partition were previously archived.
 #This check is a guard rail for dropping partitions when the eArchiving mechanism is disabled. Default is true.
diff --git a/Core/Domibus-MSH/src/main/conf/domibus/domains/domain_name/domain_name-domibus.properties b/Core/Domibus-MSH/src/main/conf/domibus/domains/domain_name/domain_name-domibus.properties
index a2df82ecf9..359cbe4f6c 100644
--- a/Core/Domibus-MSH/src/main/conf/domibus/domains/domain_name/domain_name-domibus.properties
+++ b/Core/Domibus-MSH/src/main/conf/domibus/domains/domain_name/domain_name-domibus.properties
@@ -16,6 +16,9 @@
 #Max rows for CSV export
 #domain_name.domibus.ui.csv.rows.max=10000
 
+# how many minutes after message's received date the Resend button will become enabled for messages having SEND_ENQUEUED status
+#domain_name.domibus.ui.resend.action.enabled.received.minutes=5
+
 #Whether the Messages page should be the default landing page after login (defaults to true, but should be set to false in high load environments)
 #domain_name.domibus.ui.pages.messageLogs.landingPage.enabled=true
 
@@ -33,6 +36,9 @@
 #The location where the encrypted key is stored
 #domain_name.domibus.password.encryption.key.location=${domibus.config.location}/domains/domain_name/encrypt
 
+#Password can be viewed if true;
+#domain_name.domibus.properties.password.view.allow=true
+
 #Number of console login attempt before the user is deactivated (default 5)
 #domain_name.domibus.console.login.maximum.attempt=5
 
@@ -216,6 +222,9 @@ domain_name.domibus.database.schema=domain_name_schema
 #The maximum size of message in bytes that can be downloaded via admin console
 #domain_name.domibus.message.download.maxSize=10000000
 
+#If enabled, diagnostics data will be logged when a message submission fails
+#domain_name.domibus.message.submission.diagnostics.enabled=false
+
 # ---------------------------------- Retry -------------------------------------
 #Retry Worker execution interval as a cron expression
 #domain_name.domibus.msh.retry.cron=0/30 * * * * ?
@@ -304,10 +313,13 @@ domain_name.domibus.database.schema=domain_name_schema
 #not valid or it has been revoked Domibus will not accept the message (default is true)
 #domain_name.domibus.sender.certificate.validation.onreceiving=true
 
-#If activated Domibus will verify before receiving a message, the validity and authorization on the sender's certificate. When disabled,
-#none of the other checks are performed on the sender's certificate.
+#If activated Domibus will verify before receiving a User Message when using Push/Pull or a Signal Acknowledgement (NRR) when using Pull, that the sender certificate is valid and not revoked
+# When disabled, none of the other checks are performed on the sender's certificate.
 #domain_name.domibus.sender.trust.validation.onreceiving=true
 
+#If activated Domibus will verify before receiving syncronously a signal message following a push or pull request, that the sender certificate is valid and not revoked
+#domain_name.domibus.sender.trust.validation.signal.sync.onreceiving=true
+
 #When this property is not empty Domibus will verify before receiving a message(using static or dynamic discovery), that the subject of the sender's certificate matches the regular expression.
 #domain_name.domibus.sender.trust.validation.expression=
 
@@ -343,6 +355,9 @@ domain_name.domibus.database.schema=domain_name_schema
 # If set to false, Domibus fills in the value of the Mpc with the value of the EBMS3 defaultMpc ("http://docs.oasis-open.org/ebxml-msg/ebms/v3.0/ns/core/200704/defaultMPC")
 #domain_name.domibus.pmode.legconfiguration.mpc.enabled=true
 
+#If enabled, detailed diagnostics data will be logged when a message does not match the PMode
+#domain_name.domibus.pmode.legconfiguration.diagnostics.enabled=false
+
 #Cron expression that specifies the frequency of dispatching messages stuck in SEND_ENQUEUED and WAITING_FOR_RETRY
 #domain_name.domibus.messages.stuck.cron=0 0 0/3 * * ?
 
@@ -357,6 +372,9 @@ domain_name.domibus.database.schema=domain_name_schema
 #The error message shown to the user in case the partyIdType doesn't follow the regex put in the default.domibus.partIdType.validation.pattern property
 #domain_name.domibus.partIdType.validation.message=You should follow the rule: urn:oasis:names:tc:ebcore:partyid-type:[....]
 
+#Enables the validation of Domibus properties values (defaults to true)
+#domain_name.domibus.property.validation.enabled=true
+
 # ---------------------------------- Dispatcher --------------------------------
 
 #Timeout values for communication between the Access Points
@@ -441,8 +459,8 @@ domain_name.domibus.database.schema=domain_name_schema
 #Cron expression used for configuring the partition worker scheduling. The partition worker verifies if partitions were properly created in advance
 #domain_name.domibus.partitions.worker.cron=0 9 * * * ?
 
-#Number of days to check if partitions were successfully created in advance. Defaults to 7 days.
-#domain_name.domibus.partitions.creation.days_to_check=7
+#Maximum number of expired partitions to be dropped by the retention worker in one run. Defaults to 10 partitions.
+#domain_name.domibus.partitions.drop.max_partitions=10
 
 #When set to true, before dropping a partition, verifies if all messages on that partition were previously archived.
 #This check is a guard rail for dropping partitions when the eArchiving mechanism is disabled. Default is true.
diff --git a/Core/Domibus-MSH/src/main/java/eu/domibus/core/certificate/CertificateServiceImpl.java b/Core/Domibus-MSH/src/main/java/eu/domibus/core/certificate/CertificateServiceImpl.java
index 8f8f26dc07..6e76c73a7c 100644
--- a/Core/Domibus-MSH/src/main/java/eu/domibus/core/certificate/CertificateServiceImpl.java
+++ b/Core/Domibus-MSH/src/main/java/eu/domibus/core/certificate/CertificateServiceImpl.java
@@ -375,11 +375,13 @@ public boolean replaceStore(KeyStoreContentInfo storeInfo, KeystorePersistenceIn
             }
             if (sameProperties(storeInfo, persistenceInfo)) {
                 // same props, so just save the store on disk
+                LOG.info("New and current stores have the same type and password, so persisting it with these values.");
                 keystorePersistenceService.saveStore(storeInfo, persistenceInfo);
             } else {
                 // we need to copy the certificates to a store with the same props as the ones on disk store
+                LOG.info("New and current stores have different type and/or password, so persisting it with the old properties.");
                 KeyStore destStore = getNewKeystore(persistenceInfo.getType());
-                copyStoreCertificates(uploadedStore, destStore);
+                copyStoreContent(uploadedStore, destStore, storeInfo.getPassword(), persistenceInfo.getKeyEntryPassword());
                 keystorePersistenceService.saveStore(destStore, persistenceInfo);
             }
             LOG.info("Store [{}] successfully replaced with entries [{}].", storeName, getStoreEntries(uploadedStore));
@@ -542,17 +544,25 @@ public KeyStore getNewKeystore(String storeType) throws KeyStoreException, Certi
         return instance;
     }
 
-    protected void copyStoreCertificates(KeyStore srcStore, KeyStore destStore) {
+    protected void copyStoreContent(KeyStore srcStore, KeyStore destStore, String srcStorePassword, String destKeyEntryPassword) {
         try {
             final Enumeration<String> aliases = srcStore.aliases();
+            KeyStore.ProtectionParameter srcStoreProtection = new KeyStore.PasswordProtection(srcStorePassword.toCharArray());
             while (aliases.hasMoreElements()) {
-                final String alias = aliases.nextElement();
-                final X509Certificate certificate = (X509Certificate) srcStore.getCertificate(alias);
-                destStore.setCertificateEntry(alias, certificate);
-                LOG.debug("Copy certificate [{}] named [{}]", certificate, alias);
+                String alias = aliases.nextElement();
+                if (srcStore.isKeyEntry(alias)) {
+                    KeyStore.ProtectionParameter destKeyEntryProtection = new KeyStore.PasswordProtection(destKeyEntryPassword.toCharArray());
+                    KeyStore.Entry entry = srcStore.getEntry(alias, srcStoreProtection);
+                    destStore.setEntry(alias, entry, destKeyEntryProtection);
+                    LOG.debug("Copied key entry named [{}]", alias);
+                } else {
+                    final X509Certificate certificate = (X509Certificate) srcStore.getCertificate(alias);
+                    destStore.setCertificateEntry(alias, certificate);
+                    LOG.debug("Copied certificate [{}] named [{}]", certificate, alias);
+                }
             }
         } catch (Exception e) {
-            throw new DomibusCertificateException("Error while copying certificates from source store", e);
+            throw new DomibusCertificateException("Error while copying content from source store to destination store", e);
         }
     }
 
diff --git a/Core/Domibus-MSH/src/main/java/eu/domibus/core/certificate/KeyStorePersistenceServiceImpl.java b/Core/Domibus-MSH/src/main/java/eu/domibus/core/certificate/KeyStorePersistenceServiceImpl.java
index 39c8b5d8a1..1cf9493a4e 100644
--- a/Core/Domibus-MSH/src/main/java/eu/domibus/core/certificate/KeyStorePersistenceServiceImpl.java
+++ b/Core/Domibus-MSH/src/main/java/eu/domibus/core/certificate/KeyStorePersistenceServiceImpl.java
@@ -267,6 +267,11 @@ public String getPassword() {
             return domibusRawPropertyProvider.getRawPropertyValue(DOMIBUS_SECURITY_KEYSTORE_PASSWORD);
         }
 
+        @Override
+        public String getKeyEntryPassword() {
+            return domibusPropertyProvider.getProperty(DOMIBUS_SECURITY_KEY_PRIVATE_PASSWORD);
+        }
+
         @Override
         public String toString() {
             return getName() + ":" + getFileLocation() + ":" + getType() + ":" + getPassword();
diff --git a/Core/Domibus-MSH/src/main/java/eu/domibus/core/crypto/DefaultDomainCryptoServiceSpiImpl.java b/Core/Domibus-MSH/src/main/java/eu/domibus/core/crypto/DefaultDomainCryptoServiceSpiImpl.java
index 0aaae5c907..328fc9b57d 100644
--- a/Core/Domibus-MSH/src/main/java/eu/domibus/core/crypto/DefaultDomainCryptoServiceSpiImpl.java
+++ b/Core/Domibus-MSH/src/main/java/eu/domibus/core/crypto/DefaultDomainCryptoServiceSpiImpl.java
@@ -625,7 +625,7 @@ protected void replaceStore(byte[] storeContent, String storeFileName, String st
     }
 
     protected void validateTrustStoreCertificateTypes(KeyStore trustStore) {
-        securityProfileValidatorService.validateStoreCertificateTypes(securityProfileAliasConfigurations, trustStore, StoreType.TRUSTSTORE);
+        LOG.debug("No certificate type validation is done for the [{}] since security profiles are not supported in this version of Domibus", trustStore.getType());
     }
 
     protected void initTrustStore() {
@@ -664,7 +664,7 @@ private void loadTrustStorePropertiesForMerlin(KeystorePersistenceInfo persisten
     }
 
     protected void validateKeyStoreCertificateTypes(KeyStore keystore) {
-        securityProfileValidatorService.validateStoreCertificateTypes(securityProfileAliasConfigurations, keystore, StoreType.KEYSTORE);
+        LOG.debug("No certificate type validation is done for the [{}] since security profiles are not supported in this version of Domibus", keystore.getType());
     }
 
     protected void initKeyStore() {
diff --git a/Core/Domibus-MSH/src/main/java/eu/domibus/core/crypto/spi/DefaultAuthorizationServiceSpiImpl.java b/Core/Domibus-MSH/src/main/java/eu/domibus/core/crypto/spi/DefaultAuthorizationServiceSpiImpl.java
index d6a4fb0f32..5aeb4e5050 100644
--- a/Core/Domibus-MSH/src/main/java/eu/domibus/core/crypto/spi/DefaultAuthorizationServiceSpiImpl.java
+++ b/Core/Domibus-MSH/src/main/java/eu/domibus/core/crypto/spi/DefaultAuthorizationServiceSpiImpl.java
@@ -11,6 +11,7 @@
 import eu.domibus.common.model.configuration.LegConfiguration;
 import eu.domibus.common.model.configuration.Party;
 import eu.domibus.core.converter.DomibusCoreMapper;
+import eu.domibus.core.crypto.SecurityProfileService;
 import eu.domibus.core.crypto.spi.model.AuthorizationError;
 import eu.domibus.core.crypto.spi.model.AuthorizationException;
 import eu.domibus.core.crypto.spi.model.UserMessagePmodeData;
@@ -18,7 +19,6 @@
 import eu.domibus.core.message.MessageExchangeService;
 import eu.domibus.core.message.pull.PullContext;
 import eu.domibus.core.pmode.provider.PModeProvider;
-import eu.domibus.core.crypto.SecurityProfileService;
 import eu.domibus.ext.domain.PullRequestDTO;
 import eu.domibus.ext.domain.SecurityProfileDTO;
 import eu.domibus.ext.domain.UserMessageDTO;
@@ -32,10 +32,7 @@
 
 import java.security.KeyStoreException;
 import java.security.cert.X509Certificate;
-import java.util.Arrays;
-import java.util.List;
-import java.util.Optional;
-import java.util.Set;
+import java.util.*;
 
 import static eu.domibus.api.property.DomibusPropertyMetadataManagerSPI.*;
 import static org.apache.commons.lang3.StringUtils.trimToEmpty;
diff --git a/Core/Domibus-MSH/src/main/java/eu/domibus/core/earchive/EArchivingDefaultService.java b/Core/Domibus-MSH/src/main/java/eu/domibus/core/earchive/EArchivingDefaultService.java
index bb5a07fe05..69525e07d8 100644
--- a/Core/Domibus-MSH/src/main/java/eu/domibus/core/earchive/EArchivingDefaultService.java
+++ b/Core/Domibus-MSH/src/main/java/eu/domibus/core/earchive/EArchivingDefaultService.java
@@ -236,10 +236,17 @@ public EArchiveBatchRequestDTO setBatchClientStatus(String batchId, @NotNull EAr
         return eArchiveBatchMapper.eArchiveBatchRequestEntityToDto(result);
     }
 
+    /**
+     *
+     * @param entityId
+     * @param fetchEarchiveBatchUm
+     * @return {@link EArchiveBatchEntity}
+     * @throws DomibusEArchiveException if {@link EArchiveBatchEntity} is not found with {@param entityId}
+     */
     @Transactional
     @Timer(clazz = EArchivingDefaultService.class, value = "earchive1_getEArchiveBatch")
     @Counter(clazz = EArchivingDefaultService.class, value = "earchive1_getEArchiveBatch")
-    public EArchiveBatchEntity getEArchiveBatch(long entityId, boolean fetchEarchiveBatchUm) {
+    public EArchiveBatchEntity getEArchiveBatch(long entityId, boolean fetchEarchiveBatchUm) throws DomibusEArchiveException {
         EArchiveBatchEntity eArchiveBatch = eArchiveBatchDao.findEArchiveBatchByBatchEntityId(entityId);
 
         if (eArchiveBatch == null) {
diff --git a/Core/Domibus-MSH/src/main/java/eu/domibus/core/earchive/eark/EArchivingFileService.java b/Core/Domibus-MSH/src/main/java/eu/domibus/core/earchive/eark/EArchivingFileService.java
index 98c1ea6434..dc2cec58da 100644
--- a/Core/Domibus-MSH/src/main/java/eu/domibus/core/earchive/eark/EArchivingFileService.java
+++ b/Core/Domibus-MSH/src/main/java/eu/domibus/core/earchive/eark/EArchivingFileService.java
@@ -17,6 +17,7 @@
 import eu.domibus.core.metrics.Timer;
 import eu.domibus.logging.DomibusLogger;
 import eu.domibus.logging.DomibusLoggerFactory;
+import org.apache.commons.collections4.CollectionUtils;
 import org.apache.commons.lang3.BooleanUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.tika.mime.MimeTypeException;
@@ -119,7 +120,7 @@ private boolean messageIsCompressed(Map<String, String> props, String mimeType)
 
     private Map<String, String> getProps(PartInfo partInfo) {
         Map<String, String> props = new HashMap<>();
-        if (partInfo != null) {
+        if (partInfo != null && CollectionUtils.isNotEmpty(partInfo.getPartProperties())) {
             for (PartProperty partProperty : partInfo.getPartProperties()) {
                 props.put(partProperty.getName(), partProperty.getValue());
             }
diff --git a/Core/Domibus-MSH/src/main/java/eu/domibus/core/earchive/job/EArchivingStuckBatchesService.java b/Core/Domibus-MSH/src/main/java/eu/domibus/core/earchive/job/EArchivingStuckBatchesService.java
index 3c1edba04f..8de2db3b23 100644
--- a/Core/Domibus-MSH/src/main/java/eu/domibus/core/earchive/job/EArchivingStuckBatchesService.java
+++ b/Core/Domibus-MSH/src/main/java/eu/domibus/core/earchive/job/EArchivingStuckBatchesService.java
@@ -50,7 +50,7 @@ public void reExportStuckBatches() {
         }
 
         EArchiveBatchFilter filter = new EArchiveBatchFilter();
-        filter.getStatusList().addAll(EnumSet.of(EArchiveBatchStatus.STARTED));
+        filter.getStatusList().addAll(EnumSet.of(EArchiveBatchStatus.STARTED, EArchiveBatchStatus.QUEUED));
         filter.setEndDate(minutesAgo);
 
         List<EArchiveBatchRequestDTO> stuckBatches = eArchivingDefaultService.getBatchRequestList(filter);
@@ -59,4 +59,4 @@ public void reExportStuckBatches() {
                 .map(EArchiveBatchRequestDTO::getBatchId)
                 .forEach(eArchivingDefaultService::reExportBatch);
     }
-}
\ No newline at end of file
+}
diff --git a/Core/Domibus-MSH/src/main/java/eu/domibus/core/earchive/listener/EArchiveErrorHandler.java b/Core/Domibus-MSH/src/main/java/eu/domibus/core/earchive/listener/EArchiveErrorHandler.java
index 3b806f5739..d52cee248a 100644
--- a/Core/Domibus-MSH/src/main/java/eu/domibus/core/earchive/listener/EArchiveErrorHandler.java
+++ b/Core/Domibus-MSH/src/main/java/eu/domibus/core/earchive/listener/EArchiveErrorHandler.java
@@ -31,18 +31,31 @@ public EArchiveErrorHandler(EArchivingDefaultService eArchivingDefaultService) {
     }
 
     @Override
-    @MDCKey(value = DomibusLogger.MDC_BATCH_ENTITY_ID)
     @Transactional
     public void handleError(Throwable t) {
-
-        long entityId = Long.parseLong(LOG.getMDC(DomibusLogger.MDC_BATCH_ENTITY_ID));
-        LOG.warn("Handling dispatch error for batch entityId [{}] ", entityId, t);
-
-        EArchiveBatchEntity eArchiveBatchByBatchId = eArchivingDefaultService.getEArchiveBatch(entityId, false);
-        eArchivingDefaultService.setStatus(eArchiveBatchByBatchId, EArchiveBatchStatus.FAILED, StringUtils.substring(t.getMessage(), 0, DomibusStringUtilImpl.DEFAULT_MAX_STRING_LENGTH - 1), DomibusMessageCode.BUS_ARCHIVE_BATCH_EXPORT_FAILED.getCode());
-        LOG.businessInfo(DomibusMessageCode.BUS_ARCHIVE_BATCH_EXPORT_FAILED, eArchiveBatchByBatchId.getBatchId(), t.getMessage());
-        eArchivingDefaultService.sendToNotificationQueue(eArchiveBatchByBatchId, EArchiveBatchStatus.FAILED);
-
+        if (!(t instanceof EArchiveException)) {
+            LOG.error("Logging eArchive error", t);
+            return;
+        }
+
+        EArchiveException eArchiveException = (EArchiveException) t;
+        Long entityId = eArchiveException.getBatchEntityId();
+        String batchId = eArchiveException.getBatchId();
+        EArchiveBatchStatus batchStatus = eArchiveException.getBatchStatus();
+
+        if (batchStatus == EArchiveBatchStatus.ARCHIVED) {
+            // failure to handle ARCHIVED batch - just log the error :
+            LOG.warn("Handling ARCHIVED batch [{}] with entityId [{}] failed. The eArchive structure may not have been cleaned up and/or the archived messages may not have been marked as 'archived'. ", batchId, entityId, t);
+        } else {
+            // failure to handle EXPORTED batch :
+            LOG.warn("Handling dispatch error for batch entityId [{}] with status [{}]", entityId, batchStatus, t);
+
+            EArchiveBatchEntity eArchiveBatchByBatchId = eArchivingDefaultService.getEArchiveBatch(entityId, false);
+            LOG.debug("Changing status of batch [{}] with entityId [{}] from [{}] to [{}]", batchId, entityId, eArchiveBatchByBatchId.getEArchiveBatchStatus(), EArchiveBatchStatus.FAILED);
+            eArchivingDefaultService.setStatus(eArchiveBatchByBatchId, EArchiveBatchStatus.FAILED, StringUtils.substring(t.getMessage(), 0, DomibusStringUtilImpl.DEFAULT_MAX_STRING_LENGTH - 1), DomibusMessageCode.BUS_ARCHIVE_BATCH_EXPORT_FAILED.getCode());
+            LOG.businessInfo(DomibusMessageCode.BUS_ARCHIVE_BATCH_EXPORT_FAILED, eArchiveBatchByBatchId.getBatchId(), t.getMessage());
+            eArchivingDefaultService.sendToNotificationQueue(eArchiveBatchByBatchId, EArchiveBatchStatus.FAILED);
+        }
     }
 
 }
\ No newline at end of file
diff --git a/Core/Domibus-MSH/src/main/java/eu/domibus/core/earchive/listener/EArchiveException.java b/Core/Domibus-MSH/src/main/java/eu/domibus/core/earchive/listener/EArchiveException.java
new file mode 100644
index 0000000000..ecda8f868c
--- /dev/null
+++ b/Core/Domibus-MSH/src/main/java/eu/domibus/core/earchive/listener/EArchiveException.java
@@ -0,0 +1,30 @@
+package eu.domibus.core.earchive.listener;
+
+import eu.domibus.api.earchive.EArchiveBatchStatus;
+
+
+public class EArchiveException extends RuntimeException {
+
+    private String batchId;
+    private Long batchEntityId;
+    private EArchiveBatchStatus batchStatus;
+
+    public EArchiveException(String batchId, Long batchEntityId, EArchiveBatchStatus batchStatus, Throwable e) {
+        super(e);
+        this.batchId = batchId;
+        this.batchEntityId = batchEntityId;
+        this.batchStatus = batchStatus;
+    }
+
+    public String getBatchId() {
+        return batchId;
+    }
+
+    public Long getBatchEntityId() {
+        return batchEntityId;
+    }
+
+    public EArchiveBatchStatus getBatchStatus() {
+        return batchStatus;
+    }
+}
diff --git a/Core/Domibus-MSH/src/main/java/eu/domibus/core/earchive/listener/EArchiveListener.java b/Core/Domibus-MSH/src/main/java/eu/domibus/core/earchive/listener/EArchiveListener.java
index 07e0ce5f34..2a1d02a8ab 100644
--- a/Core/Domibus-MSH/src/main/java/eu/domibus/core/earchive/listener/EArchiveListener.java
+++ b/Core/Domibus-MSH/src/main/java/eu/domibus/core/earchive/listener/EArchiveListener.java
@@ -1,5 +1,6 @@
 package eu.domibus.core.earchive.listener;
 
+import eu.domibus.api.earchive.DomibusEArchiveException;
 import eu.domibus.api.earchive.EArchiveBatchStatus;
 import eu.domibus.api.property.DomibusPropertyProvider;
 import eu.domibus.api.util.DatabaseUtil;
@@ -68,29 +69,47 @@ public EArchiveListener(
     public void onMessage(Message message) {
         LOG.putMDC(DomibusLogger.MDC_USER, databaseUtil.getDatabaseUserName());
 
-        String batchId = jmsUtil.getStringPropertySafely(message, MessageConstants.BATCH_ID);
-        Long entityId = jmsUtil.getLongPropertySafely(message, MessageConstants.BATCH_ENTITY_ID);
-        LOG.putMDC(DomibusLogger.MDC_BATCH_ENTITY_ID, entityId + "");
-        if (StringUtils.isBlank(batchId) || entityId == null) {
-            LOG.error("Could not get the batchId [{}] and/or entityId [{}]", batchId, entityId);
-            return;
-        }
-        jmsUtil.setCurrentDomainFromMessage(message);
-
-        EArchiveBatchEntity eArchiveBatchByBatchId = eArchivingDefaultService.getEArchiveBatch(entityId, true);
-        List<EArchiveBatchUserMessage> userMessageDtos = eArchiveBatchByBatchId.geteArchiveBatchUserMessages();
-
-        String batchMessageType = jmsUtil.getMessageTypeSafely(message);
-        if (StringUtils.equals(EArchiveBatchStatus.ARCHIVED.name(), batchMessageType)) {
-            onMessageArchiveBatch(eArchiveBatchByBatchId, userMessageDtos);
-        } else if (StringUtils.equals(EArchiveBatchStatus.EXPORTED.name(), batchMessageType))  {
-            onMessageExportBatch(eArchiveBatchByBatchId, userMessageDtos);
-        } else {
-            LOG.error("Invalid JMS message type [{}] of the batchId [{}] and/or entityId [{}]! The batch processing is ignored!",
-                    batchMessageType, batchId, entityId);
-            // If this happen then this is programming flow miss-failure. Validate all JMS submission. And if new message type is added
-            // make sure to add also the processing of new message type
-            throw new IllegalArgumentException( "Invalid JMS message type ["+batchMessageType+"] for the eArchive processing of the batchId ["+batchId+"]!");
+        String batchId = null;
+        Long entityId = null;
+        EArchiveBatchStatus batchStatus = null;
+
+        try {
+            batchId = jmsUtil.getStringPropertySafely(message, MessageConstants.BATCH_ID);
+            entityId = jmsUtil.getLongPropertySafely(message, MessageConstants.BATCH_ENTITY_ID);
+            if (StringUtils.isBlank(batchId) || entityId == null) {
+                LOG.error("Could not get the batchId [{}] and/or entityId [{}]", batchId, entityId);
+                return;
+            }
+            jmsUtil.setCurrentDomainFromMessage(message);
+
+            String batchMessageType = jmsUtil.getMessageTypeSafely(message);
+            if (batchMessageType != null) {
+                batchStatus = EArchiveBatchStatus.valueOf(batchMessageType);
+            }
+
+            EArchiveBatchEntity eArchiveBatchByBatchId;
+            try {
+                eArchiveBatchByBatchId = eArchivingDefaultService.getEArchiveBatch(entityId, true);
+            } catch (DomibusEArchiveException e) {
+                LOG.debug("Batch ID [{}] not found, skipping", batchId, e);
+                LOG.error("Batch ID [{}] not found, skipping", batchId);
+                return;
+            }
+            List<EArchiveBatchUserMessage> userMessageDtos = eArchiveBatchByBatchId.geteArchiveBatchUserMessages();
+
+            if (StringUtils.equals(EArchiveBatchStatus.ARCHIVED.name(), batchMessageType)) {
+                onMessageArchiveBatch(eArchiveBatchByBatchId, userMessageDtos);
+            } else if (StringUtils.equals(EArchiveBatchStatus.EXPORTED.name(), batchMessageType)) {
+                onMessageExportBatch(eArchiveBatchByBatchId, userMessageDtos);
+            } else {
+                LOG.error("Invalid JMS message type [{}] of the batchId [{}] and/or entityId [{}]! The batch processing is ignored!",
+                        batchMessageType, batchId, entityId);
+                // If this happens then this is programming flow miss-failure. Validate all JMS submission. And if new message type is added
+                // make sure to add also the processing of new message type
+                throw new IllegalArgumentException("Invalid JMS message type [" + batchMessageType + "] for the eArchive processing of the batchId [" + batchId + "]!");
+            }
+        } catch (Exception ex) {
+            throw new EArchiveException(batchId, entityId, batchStatus, ex);
         }
     }
 
diff --git a/Core/Domibus-MSH/src/main/java/eu/domibus/core/earchive/listener/EArchiveNotificationDlqListener.java b/Core/Domibus-MSH/src/main/java/eu/domibus/core/earchive/listener/EArchiveNotificationDlqListener.java
index b77333b5ba..e77470bcf1 100644
--- a/Core/Domibus-MSH/src/main/java/eu/domibus/core/earchive/listener/EArchiveNotificationDlqListener.java
+++ b/Core/Domibus-MSH/src/main/java/eu/domibus/core/earchive/listener/EArchiveNotificationDlqListener.java
@@ -2,14 +2,12 @@
 
 import eu.domibus.api.earchive.EArchiveBatchStatus;
 import eu.domibus.api.util.DatabaseUtil;
+import eu.domibus.core.alerts.configuration.common.AlertConfigurationService;
 import eu.domibus.core.alerts.configuration.common.AlertModuleConfiguration;
 import eu.domibus.core.alerts.model.common.AlertType;
 import eu.domibus.core.alerts.model.common.EventType;
 import eu.domibus.core.alerts.model.service.EventProperties;
-import eu.domibus.core.alerts.configuration.common.AlertConfigurationService;
 import eu.domibus.core.alerts.service.EventService;
-import eu.domibus.core.earchive.EArchiveBatchEntity;
-import eu.domibus.core.earchive.EArchivingDefaultService;
 import eu.domibus.core.util.JmsUtil;
 import eu.domibus.logging.DomibusLogger;
 import eu.domibus.logging.DomibusLoggerFactory;
@@ -31,8 +29,6 @@ public class EArchiveNotificationDlqListener implements MessageListener {
 
     private final DatabaseUtil databaseUtil;
 
-    private final EArchivingDefaultService eArchiveService;
-
     private final JmsUtil jmsUtil;
 
     private final EventService eventService;
@@ -41,11 +37,9 @@ public class EArchiveNotificationDlqListener implements MessageListener {
 
     public EArchiveNotificationDlqListener(
             DatabaseUtil databaseUtil,
-            EArchivingDefaultService eArchiveService,
             JmsUtil jmsUtil,
             EventService eventService, AlertConfigurationService alertConfigurationService) {
         this.databaseUtil = databaseUtil;
-        this.eArchiveService = eArchiveService;
         this.jmsUtil = jmsUtil;
         this.eventService = eventService;
         this.alertConfigurationService = alertConfigurationService;
@@ -72,9 +66,8 @@ public void onMessage(Message message) {
             return;
         }
         EArchiveBatchStatus notificationType = EArchiveBatchStatus.valueOf(jmsUtil.getStringPropertySafely(message, MessageConstants.NOTIFICATION_TYPE));
-        EArchiveBatchEntity eArchiveBatchByBatchId = eArchiveService.getEArchiveBatch(entityId, false);
 
-        LOG.debug("Creating Alert for batch [{}] [{}]", notificationType, eArchiveBatchByBatchId);
+        LOG.debug("Creating Alert for batch [{}] [{}]", notificationType, batchId);
         eventService.enqueueEvent(EventType.ARCHIVING_NOTIFICATION_FAILED, batchId, new EventProperties(batchId, notificationType.name()));
     }
 
diff --git a/Core/Domibus-MSH/src/main/java/eu/domibus/core/earchive/listener/EArchiveNotificationListener.java b/Core/Domibus-MSH/src/main/java/eu/domibus/core/earchive/listener/EArchiveNotificationListener.java
index 8a6ab43d3b..a45d20cd01 100644
--- a/Core/Domibus-MSH/src/main/java/eu/domibus/core/earchive/listener/EArchiveNotificationListener.java
+++ b/Core/Domibus-MSH/src/main/java/eu/domibus/core/earchive/listener/EArchiveNotificationListener.java
@@ -1,5 +1,6 @@
 package eu.domibus.core.earchive.listener;
 
+import eu.domibus.api.earchive.DomibusEArchiveException;
 import eu.domibus.api.earchive.EArchiveBatchStatus;
 import eu.domibus.api.earchive.EArchiveRequestType;
 import eu.domibus.api.property.DomibusPropertyProvider;
@@ -73,44 +74,58 @@ public EArchiveNotificationListener(
     public void onMessage(Message message) {
         LOG.putMDC(DomibusLogger.MDC_USER, databaseUtil.getDatabaseUserName());
 
-        String batchId = jmsUtil.getStringPropertySafely(message, MessageConstants.BATCH_ID);
-        Long entityId = jmsUtil.getLongPropertySafely(message, MessageConstants.BATCH_ENTITY_ID);
-        LOG.putMDC(DomibusLogger.MDC_BATCH_ENTITY_ID, entityId + "");
-        if (StringUtils.isBlank(batchId) || entityId == null) {
-            LOG.error("Could not get the batchId [{}] and/or entityId [{}]", batchId, entityId);
-            return;
-        }
-
-        jmsUtil.setCurrentDomainFromMessage(message);
+        String batchId = null;
+        Long entityId = null;
+        EArchiveBatchStatus batchStatus = null;
 
-        EArchiveBatchStatus notificationType = EArchiveBatchStatus.valueOf(jmsUtil.getStringPropertySafely(message, MessageConstants.NOTIFICATION_TYPE));
+        try {
+            batchId = jmsUtil.getStringPropertySafely(message, MessageConstants.BATCH_ID);
+            entityId = jmsUtil.getLongPropertySafely(message, MessageConstants.BATCH_ENTITY_ID);
+            if (StringUtils.isBlank(batchId) || entityId == null) {
+                LOG.error("Could not get the batchId [{}] and/or entityId [{}]", batchId, entityId);
+                return;
+            }
 
-        LOG.info("Notification of type [{}] for batchId [{}] and entityId [{}]", notificationType, batchId, entityId);
+            jmsUtil.setCurrentDomainFromMessage(message);
 
-        EArchiveBatchEntity eArchiveBatch = eArchiveService.getEArchiveBatch(entityId, true);
-        if (notificationType != EArchiveBatchStatus.FAILED && notificationType != EArchiveBatchStatus.EXPORTED) {
-            return;
-        }
+            batchStatus = EArchiveBatchStatus.valueOf(jmsUtil.getStringPropertySafely(message, MessageConstants.NOTIFICATION_TYPE));
 
-        LOG.info("Notification to the eArchive client for batch [{}] [{}] ", notificationType, eArchiveBatch);
-        BatchNotification notification = buildBatchNotification(eArchiveBatch);
+            LOG.info("Notification of type [{}] for batchId [{}] and entityId [{}]", batchStatus, batchId, entityId);
 
-        try {
-            if (notificationType == EArchiveBatchStatus.FAILED) {
-                getEArchivingClientApi().putStaleNotification(notification, eArchiveBatch.getBatchId());
+            EArchiveBatchEntity eArchiveBatch;
+            try {
+                eArchiveBatch = eArchiveService.getEArchiveBatch(entityId, true);
+            } catch (DomibusEArchiveException e) {
+                LOG.debug("Batch ID [{}] not found, skipping", batchId, e);
+                LOG.error("Batch ID [{}] not found, skipping", batchId);
+                return;
+            }
+            if (batchStatus != EArchiveBatchStatus.FAILED && batchStatus != EArchiveBatchStatus.EXPORTED) {
+                return;
             }
-            if (notificationType == EArchiveBatchStatus.EXPORTED) {
-                getEArchivingClientApi().putExportNotification(notification, eArchiveBatch.getBatchId());
+
+            LOG.info("Notification to the eArchive client for batch [{}] [{}] ", batchStatus, eArchiveBatch);
+            BatchNotification notification = buildBatchNotification(eArchiveBatch);
+
+            try {
+                if (batchStatus == EArchiveBatchStatus.FAILED) {
+                    getEArchivingClientApi().putStaleNotification(notification, eArchiveBatch.getBatchId());
+                }
+                if (batchStatus == EArchiveBatchStatus.EXPORTED) {
+                    getEArchivingClientApi().putExportNotification(notification, eArchiveBatch.getBatchId());
+                }
+            } catch (HttpServerErrorException | HttpClientErrorException ex) {
+                LOG.warn("Notifying the eArchive client at [{}] failed: the remote server returned an error [{}]", domibusPropertyProvider.getProperty(DOMIBUS_EARCHIVE_NOTIFICATION_URL), ex.getStatusCode());
+                throw ex;
+            } catch (Exception ex) {
+                LOG.warn("Notifying the eArchive client at [{}] failed", domibusPropertyProvider.getProperty(DOMIBUS_EARCHIVE_NOTIFICATION_URL));
+                throw ex;
             }
-        } catch (HttpServerErrorException | HttpClientErrorException ex) {
-            LOG.warn("Notifying the eArchive client at [{}] failed: the remote server returned an error [{}]", domibusPropertyProvider.getProperty(DOMIBUS_EARCHIVE_NOTIFICATION_URL), ex.getStatusCode());
-            throw ex;
+
+            LOG.businessInfo(DomibusMessageCode.BUS_ARCHIVE_BATCH_NOTIFICATION_SENT, eArchiveBatch.getBatchId());
         } catch (Exception ex) {
-            LOG.warn("Notifying the eArchive client at [{}] failed", domibusPropertyProvider.getProperty(DOMIBUS_EARCHIVE_NOTIFICATION_URL));
-            throw ex;
+            throw new EArchiveException(batchId, entityId, batchStatus, ex);
         }
-
-        LOG.businessInfo(DomibusMessageCode.BUS_ARCHIVE_BATCH_NOTIFICATION_SENT, eArchiveBatch.getBatchId());
     }
 
     protected ArchiveWebhookApi getEArchivingClientApi() {
diff --git a/Core/Domibus-MSH/src/main/java/eu/domibus/core/earchive/storage/EArchiveFileStorageProviderImpl.java b/Core/Domibus-MSH/src/main/java/eu/domibus/core/earchive/storage/EArchiveFileStorageProviderImpl.java
index baaabbedfe..2de609ae71 100644
--- a/Core/Domibus-MSH/src/main/java/eu/domibus/core/earchive/storage/EArchiveFileStorageProviderImpl.java
+++ b/Core/Domibus-MSH/src/main/java/eu/domibus/core/earchive/storage/EArchiveFileStorageProviderImpl.java
@@ -99,7 +99,7 @@ public EArchiveFileStorage getCurrentStorage() {
         EArchiveFileStorage currentStorage = forDomain(currentDomain);
         if (currentStorage == null) {
             throw new DomibusCoreException(DomibusCoreErrorCode.DOM_001,
-                    "eArchiving Storage [" + DOMIBUS_EARCHIVE_STORAGE_LOCATION + "] for domain [" + currentDomain + "] is not accessible. " +
+                    "eArchiving Storage [" + DOMIBUS_EARCHIVE_STORAGE_LOCATION + "] for domain [" + currentDomain + "] is not initialised. " +
                             "The location from the property  -> [" + domibusPropertyProvider.getProperty(currentDomain, DOMIBUS_EARCHIVE_STORAGE_LOCATION) + "]");
         }
         LOG.debug("Retrieved eArchiving Storage for domain [{}] = [{}]", currentDomain, currentStorage.getStorageDirectory());
diff --git a/Core/Domibus-MSH/src/main/java/eu/domibus/core/ebms3/receiver/interceptor/ClearMDCInterceptor.java b/Core/Domibus-MSH/src/main/java/eu/domibus/core/ebms3/receiver/interceptor/ClearMDCInterceptor.java
index 5b375711ad..8ee922809c 100644
--- a/Core/Domibus-MSH/src/main/java/eu/domibus/core/ebms3/receiver/interceptor/ClearMDCInterceptor.java
+++ b/Core/Domibus-MSH/src/main/java/eu/domibus/core/ebms3/receiver/interceptor/ClearMDCInterceptor.java
@@ -37,10 +37,8 @@ public void handleFault(Message message) {
     private void clearMDC() {
         LOG.debug("Clearing message ID MDC property [{}]", LOG.getMDC(DomibusLogger.MDC_MESSAGE_ID));
         LOG.debug("Clearing message entity ID MDC property [{}]", LOG.getMDC(DomibusLogger.MDC_MESSAGE_ENTITY_ID));
-        LOG.debug("Clearing message batch entity ID MDC property [{}]", LOG.getMDC(DomibusLogger.MDC_BATCH_ENTITY_ID));
         LOG.removeMDC(DomibusLogger.MDC_MESSAGE_ID);
         LOG.removeMDC(DomibusLogger.MDC_MESSAGE_ENTITY_ID);
-        LOG.removeMDC(DomibusLogger.MDC_BATCH_ENTITY_ID);
 
         LOG.debug("Clearing domain [{}]", domainContextProvider.getCurrentDomainSafely());
         domainContextProvider.clearCurrentDomain();
diff --git a/Core/Domibus-MSH/src/main/java/eu/domibus/core/ebms3/receiver/interceptor/TrustSenderInterceptor.java b/Core/Domibus-MSH/src/main/java/eu/domibus/core/ebms3/receiver/interceptor/TrustSenderInterceptor.java
index eafc19b252..21180c6281 100644
--- a/Core/Domibus-MSH/src/main/java/eu/domibus/core/ebms3/receiver/interceptor/TrustSenderInterceptor.java
+++ b/Core/Domibus-MSH/src/main/java/eu/domibus/core/ebms3/receiver/interceptor/TrustSenderInterceptor.java
@@ -20,6 +20,7 @@
 import eu.domibus.logging.DomibusLoggerFactory;
 import org.apache.commons.codec.binary.Base64;
 import org.apache.commons.collections.CollectionUtils;
+import org.apache.commons.lang3.BooleanUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.cxf.binding.soap.SoapFault;
 import org.apache.cxf.binding.soap.SoapMessage;
@@ -65,7 +66,7 @@
 import static eu.domibus.api.property.DomibusPropertyMetadataManagerSPI.*;
 
 /**
- * This interceptor is responsible for the trust of an incoming messages.
+ * Intercepts a message to verify the sender certificate is valid and not revoked
  * Useful info on this topic are here: http://tldp.org/HOWTO/SSL-Certificates-HOWTO/x64.html
  *
  * @author Martini Federico
@@ -102,39 +103,31 @@ public TrustSenderInterceptor() {
     }
 
     /**
-     * Intercepts a message to verify that the sender is trusted.
-     * <p>
-     * There will be two validations:
-     * a) the sender certificate is valid and not revoked and
-     * b) the sender party name is included in the CN of the certificate
+     * Intercepts a message to verify the sender certificate is valid and not revoked
      *
      * @param message the incoming CXF soap message to handle
      */
     @Override
     public void handleMessage(final SoapMessage message) throws Fault {
-        if (!domibusPropertyProvider.getBooleanProperty(DOMIBUS_SENDER_TRUST_VALIDATION_ONRECEIVING)) {
-            LOG.warn("No trust verification of sending certificate");
-            return;
-        }
+        Boolean inbound = (Boolean) message.get(MSHDispatcher.MESSAGE_INBOUND);
+        MessageType messageTypeIn = (MessageType) message.get(MSHDispatcher.MESSAGE_TYPE_IN);
         String messageId = (String) message.getExchange().get(UserMessage.MESSAGE_ID_CONTEXT_PROPERTY);
-        if (!isMessageSecured(message)) {
-            LOG.debug("Message does not contain security info ==> skipping sender trust verification.");
-            return;
-        }
-
-        //set the regex validation for the leaf certificate in case dynamic receiver is used
-        setDynamicReceiverCertSubjectExpression(message);
 
         boolean isPullSignalMessage = false;
-        MessageType messageType = (MessageType) message.get(MSHDispatcher.MESSAGE_TYPE_IN);
-        if (messageType != null && messageType.equals(MessageType.SIGNAL_MESSAGE)) {
-            LOG.debug("PULL Signal Message");
+        if (messageTypeIn != null && messageTypeIn.equals(MessageType.SIGNAL_MESSAGE)) {
+            LOG.debug("Pull Signal Message");
             isPullSignalMessage = true;
         }
 
+        boolean isSynchronousSignal = false;
+        if (BooleanUtils.isTrue(inbound) && !MessageType.USER_MESSAGE.equals(messageTypeIn)) {
+            LOG.debug("Synchronous Signal Message");
+            isSynchronousSignal = true;
+        }
+
         String senderPartyName;
         String receiverPartyName;
-        if (isPullSignalMessage) {
+        if (isPullSignalMessage || isSynchronousSignal) {
             senderPartyName = getReceiverPartyName(message);
             receiverPartyName = getSenderPartyName(message);
         } else {
@@ -145,6 +138,25 @@ public void handleMessage(final SoapMessage message) throws Fault {
         LOG.putMDC(DomibusLogger.MDC_FROM, senderPartyName);
         LOG.putMDC(DomibusLogger.MDC_TO, receiverPartyName);
 
+        LOG.debug("Message intercepted. inbound:[{}], messageTypeIn:[{}], messageId:[{}], senderPartyName:[{}], receiverPartyName:[{}]", inbound, messageTypeIn, messageId, senderPartyName, receiverPartyName);
+
+        if (isSynchronousSignal && BooleanUtils.isFalse(domibusPropertyProvider.getBooleanProperty(DOMIBUS_SENDER_TRUST_VALIDATION_SIGNAL_SYNC_ONRECEIVING))) {
+            LOG.debug("No trust verification of sending certificate for synchronous signal message ");
+            return;
+        }
+        if ((!isSynchronousSignal) && BooleanUtils.isFalse(domibusPropertyProvider.getBooleanProperty(DOMIBUS_SENDER_TRUST_VALIDATION_ONRECEIVING))) {
+            LOG.warn("No trust verification of sending certificate for a User Message when using Push/Pull or a Signal Acknowledgement (NRR) when using Pull");
+            return;
+        }
+
+        if (!isMessageSecured(message)) {
+            LOG.debug("Message does not contain security info ==> skipping sender trust verification.");
+            return;
+        }
+
+        //set the regex validation for the leaf certificate in case dynamic receiver is used
+        setDynamicReceiverCertSubjectExpression(message);
+
         LOG.debug("Validating sender certificate for party [{}]", senderPartyName);
         List<? extends Certificate> certificateChain = getSenderCertificateChain(message);
 
diff --git a/Core/Domibus-MSH/src/main/java/eu/domibus/core/ebms3/sender/client/MSHDispatcher.java b/Core/Domibus-MSH/src/main/java/eu/domibus/core/ebms3/sender/client/MSHDispatcher.java
index 0141533085..019cc637ea 100644
--- a/Core/Domibus-MSH/src/main/java/eu/domibus/core/ebms3/sender/client/MSHDispatcher.java
+++ b/Core/Domibus-MSH/src/main/java/eu/domibus/core/ebms3/sender/client/MSHDispatcher.java
@@ -42,6 +42,7 @@ public class MSHDispatcher {
 
     public static final String MESSAGE_TYPE_IN = "MESSAGE_TYPE";
     public static final String MESSAGE_TYPE_OUT = "MESSAGE_TYPE_OUT";
+    public static final String MESSAGE_INBOUND = "org.apache.cxf.message.inbound";
     public static final String LOCAL_MSH_ENDPOINT = "local://localMSH";
     public static final String HEADER_DOMIBUS_MESSAGE_ID = "DOMIBUS-MESSAGE_ID";
     public static final String HEADER_DOMIBUS_SPLITTING_COMPRESSION = "DOMIBUS-SPLITTING-COMPRESSION";
diff --git a/Core/Domibus-MSH/src/main/java/eu/domibus/core/ebms3/sender/retry/UpdateRetryLoggingService.java b/Core/Domibus-MSH/src/main/java/eu/domibus/core/ebms3/sender/retry/UpdateRetryLoggingService.java
index 84c99664fc..5ca03e928a 100644
--- a/Core/Domibus-MSH/src/main/java/eu/domibus/core/ebms3/sender/retry/UpdateRetryLoggingService.java
+++ b/Core/Domibus-MSH/src/main/java/eu/domibus/core/ebms3/sender/retry/UpdateRetryLoggingService.java
@@ -271,7 +271,7 @@ public boolean hasAttemptsLeft(final UserMessageLog userMessageLog, final LegCon
         }
         LOG.debug("Send attempts [{}], max send attempts [{}], scheduled start time [{}], retry timeout [{}]",
                 userMessageLog.getSendAttempts(), userMessageLog.getSendAttemptsMax(),
-                getScheduledStartTime(userMessageLog), legConfiguration.getReceptionAwareness().getRetryTimeout());
+                getScheduledStartDate(userMessageLog), legConfiguration.getReceptionAwareness().getRetryTimeout());
         // retries start after the first send attempt
         Boolean hasMoreAttempts = userMessageLog.getSendAttempts() < userMessageLog.getSendAttemptsMax();
         long retryTimeout = legConfiguration.getReceptionAwareness().getRetryTimeout() * 60000L;
@@ -335,6 +335,10 @@ public void updateMessageLogNextAttemptDate(LegConfiguration legConfiguration, U
 
         Date newNextAttempt = algorithm.compute(nextAttempt, retryCount, retryTimeout, crtInterval, delayInMillis);
 
+        LOG.businessInfo(DomibusMessageCode.BUS_MSG_RETRY,
+                userMessageLog.getSendAttempts(),
+                userMessageLog.getSendAttemptsMax() - 1,
+                userMessageLog.getUserMessage().getMessageId());
         LOG.debug("Updating next attempt from [{}] to [{}]", nextAttempt, newNextAttempt);
         reprogrammableService.setRescheduleInfo(userMessageLog, newNextAttempt);
     }
diff --git a/Core/Domibus-MSH/src/main/java/eu/domibus/core/exception/MessagingExceptionFactory.java b/Core/Domibus-MSH/src/main/java/eu/domibus/core/exception/MessagingExceptionFactory.java
index 69c462306a..0b82d90855 100644
--- a/Core/Domibus-MSH/src/main/java/eu/domibus/core/exception/MessagingExceptionFactory.java
+++ b/Core/Domibus-MSH/src/main/java/eu/domibus/core/exception/MessagingExceptionFactory.java
@@ -3,9 +3,12 @@
 
 import eu.domibus.common.ErrorCode;
 import eu.domibus.core.ebms3.EbMS3Exception;
+import eu.domibus.messaging.DuplicateMessageException;
 import eu.domibus.messaging.MessagingProcessingException;
 import eu.domibus.messaging.PModeMismatchException;
 import eu.domibus.plugin.exception.TransformationException;
+import org.springframework.dao.DataIntegrityViolationException;
+
 
 /**
  * TODO: add class description
@@ -30,7 +33,13 @@ public static MessagingProcessingException transform(EbMS3Exception originalExce
                 messagingProcessingException = new PModeMismatchException(message, originalException);
                 break;
             default:
-                messagingProcessingException = new MessagingProcessingException(message, originalException);
+                if (originalException.getCause() instanceof DataIntegrityViolationException &&
+                    originalException.getCause().getMessage() != null &&
+                    originalException.getCause().getMessage().contains("UK_USER_MSG_MESSAGE_ID")) {
+                    messagingProcessingException = new DuplicateMessageException(message, originalException);
+                } else {
+                    messagingProcessingException = new MessagingProcessingException(message, originalException);
+                }
         }
 
         messagingProcessingException.setEbms3ErrorCode(errorCode);
diff --git a/Core/Domibus-MSH/src/main/java/eu/domibus/core/logging/LoggingService.java b/Core/Domibus-MSH/src/main/java/eu/domibus/core/logging/LoggingService.java
index ccc36a8e32..b690194b42 100644
--- a/Core/Domibus-MSH/src/main/java/eu/domibus/core/logging/LoggingService.java
+++ b/Core/Domibus-MSH/src/main/java/eu/domibus/core/logging/LoggingService.java
@@ -35,6 +35,11 @@ public interface LoggingService {
      */
     List<LoggingEntry> getLoggingLevel(final String loggerName, final boolean showClasses);
 
+    /**
+     * @return true if the loggerName is valid in this environment
+     */
+    boolean exists(String loggerName);
+
     /**
      * Reset the logging configuration to default
      * @return
diff --git a/Core/Domibus-MSH/src/main/java/eu/domibus/core/logging/LoggingServiceImpl.java b/Core/Domibus-MSH/src/main/java/eu/domibus/core/logging/LoggingServiceImpl.java
index bb524e88b7..70060a5e82 100644
--- a/Core/Domibus-MSH/src/main/java/eu/domibus/core/logging/LoggingServiceImpl.java
+++ b/Core/Domibus-MSH/src/main/java/eu/domibus/core/logging/LoggingServiceImpl.java
@@ -105,6 +105,20 @@ public List<LoggingEntry> getLoggingLevel(String loggerName, boolean showClasses
         return result;
     }
 
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public boolean exists(String loggerName) {
+        if (StringUtils.isBlank(loggerName)) {
+            return false;
+        }
+        return ((LoggerContext) LoggerFactory.getILoggerFactory())
+                .getLoggerList()
+                .stream()
+                .anyMatch(p -> StringUtils.equals(p.getName(), loggerName));
+    }
+
     /**
      * {@inheritDoc}
      *
diff --git a/Core/Domibus-MSH/src/main/java/eu/domibus/core/message/MessageLogInfo.java b/Core/Domibus-MSH/src/main/java/eu/domibus/core/message/MessageLogInfo.java
index 2e49ac1726..256301dd9c 100644
--- a/Core/Domibus-MSH/src/main/java/eu/domibus/core/message/MessageLogInfo.java
+++ b/Core/Domibus-MSH/src/main/java/eu/domibus/core/message/MessageLogInfo.java
@@ -88,6 +88,12 @@ public class MessageLogInfo {
 
     private Date archived;
 
+    private Date exported;
+
+    private Date downloaded;
+
+    private Date acknowledged;
+
     public MessageLogInfo() {
     }
 
@@ -148,7 +154,10 @@ public MessageLogInfo(final String messageId,
                           final Long serviceId,
                           final String pluginType,
                           final Long partLength,
-                          final Date archived
+                          final Date archived,
+                          final Date exported,
+                          final Date downloaded,
+                          final Date acknowledged
     ) {
         this(messageId, messageStatusId, mshRoleId, deleted, received, conversationId, fromPartyIdPk, toPartyIdPk,
                 originalSender, finalRecipient, refToMessageId, testMessage);
@@ -168,6 +177,9 @@ public MessageLogInfo(final String messageId,
         this.pluginType = pluginType;
         this.partLength = partLength;
         this.archived = archived;
+        this.exported = exported;
+        this.downloaded = downloaded;
+        this.acknowledged = acknowledged;
     }
 
     public void setMessageId(String messageId) {
@@ -435,6 +447,30 @@ public void setArchived(Date archived) {
         this.archived = archived;
     }
 
+    public Date getExported() {
+        return exported;
+    }
+
+    public void setExported(Date exported) {
+        this.exported = exported;
+    }
+
+    public Date getDownloaded() {
+        return downloaded;
+    }
+
+    public void setDownloaded(Date downloaded) {
+        this.downloaded = downloaded;
+    }
+
+    public Date getAcknowledged() {
+        return acknowledged;
+    }
+
+    public void setAcknowledged(Date acknowledged) {
+        this.acknowledged = acknowledged;
+    }
+
     @Override
     public boolean equals(Object o) {
         if (this == o) return true;
@@ -469,7 +505,10 @@ public boolean equals(Object o) {
                 .append(serviceValue, that.serviceValue)
                 .append(pluginType, that.pluginType)
                 .append(partLength, that.partLength)
-                .append(archived, that.partLength)
+                .append(archived, that.archived)
+                .append(exported, that.exported)
+                .append(downloaded, that.downloaded)
+                .append(acknowledged, that.acknowledged)
                 .isEquals();
     }
 
@@ -502,6 +541,9 @@ public int hashCode() {
                 .append(pluginType)
                 .append(partLength)
                 .append(archived)
+                .append(exported)
+                .append(downloaded)
+                .append(acknowledged)
                 .toHashCode();
     }
 }
diff --git a/Core/Domibus-MSH/src/main/java/eu/domibus/core/message/MessagingServiceImpl.java b/Core/Domibus-MSH/src/main/java/eu/domibus/core/message/MessagingServiceImpl.java
index 59d636f057..a082e39943 100644
--- a/Core/Domibus-MSH/src/main/java/eu/domibus/core/message/MessagingServiceImpl.java
+++ b/Core/Domibus-MSH/src/main/java/eu/domibus/core/message/MessagingServiceImpl.java
@@ -191,6 +191,8 @@ protected void storeOutgoingPayload(PartInfo partInfo, UserMessage userMessage,
         final boolean hasCompressionProperty = hasCompressionProperty(partInfo);
         if (hasCompressionProperty) {
             LOG.businessInfo(DomibusMessageCode.BUS_MESSAGE_PAYLOAD_COMPRESSION, partInfo.getHref());
+        } else {
+            LOG.businessInfo(DomibusMessageCode.BUS_MESSAGE_PAYLOAD_NO_COMPRESSION, partInfo.getHref());
         }
     }
 
diff --git a/Core/Domibus-MSH/src/main/java/eu/domibus/core/message/UnsentMessageSanitizingWorker.java b/Core/Domibus-MSH/src/main/java/eu/domibus/core/message/UnsentMessageSanitizingWorker.java
index 02818e9c84..443e35655c 100644
--- a/Core/Domibus-MSH/src/main/java/eu/domibus/core/message/UnsentMessageSanitizingWorker.java
+++ b/Core/Domibus-MSH/src/main/java/eu/domibus/core/message/UnsentMessageSanitizingWorker.java
@@ -1,6 +1,7 @@
 package eu.domibus.core.message;
 
 import eu.domibus.api.exceptions.DomibusDateTimeException;
+import eu.domibus.api.message.UserMessageException;
 import eu.domibus.api.multitenancy.Domain;
 import eu.domibus.api.property.DomibusPropertyProvider;
 import eu.domibus.api.security.AuthUtils;
@@ -14,11 +15,13 @@
 import org.quartz.JobExecutionException;
 import org.springframework.beans.factory.annotation.Autowired;
 
+import java.util.ArrayList;
 import java.util.Date;
 import java.util.List;
 
 import static eu.domibus.api.property.DomibusPropertyMetadataManagerSPI.DOMIBUS_MESSAGES_STUCK_IGNORE_RECENT_MINUTES;
 import static java.util.concurrent.TimeUnit.MINUTES;
+import static org.apache.commons.collections4.CollectionUtils.isEmpty;
 
 /**
  * A worker that picks up unsent messages that are still in ${@code SEND_ENQUEUED} and ${@code WAITING_FOR_RETRY} states
@@ -80,8 +83,21 @@ protected void sanitize() {
             LOG.debug("No unsent stuck messages found to dispatch");
             return;
         }
-
-        LOG.info("Prepare unsent messages for dispatch {}", unsentMessageIds);
-        unsentMessageIds.forEach(userMessageService::sendEnqueuedMessage);
+        List<String> skippedMessageIds = new ArrayList<>();
+        LOG.info("Prepare [{}] unsent messages for dispatch", unsentMessageIds.size());
+        if (LOG.isDebugEnabled()) {
+            LOG.debug("Unsent messages {}", unsentMessageIds);
+        }
+        for (String unsentMessageId : unsentMessageIds) {
+            try {
+                userMessageService.sendEnqueuedMessage(unsentMessageId);
+            } catch (UserMessageException e) {
+                skippedMessageIds.add(unsentMessageId);
+                LOG.debug("UserMessage [{}] skipped", unsentMessageId, e);
+            }
+        }
+        if (!isEmpty(skippedMessageIds)) {
+            LOG.info("[{}] messages skipped {}", skippedMessageIds.size(), skippedMessageIds);
+        }
     }
 }
diff --git a/Core/Domibus-MSH/src/main/java/eu/domibus/core/message/UserMessageDao.java b/Core/Domibus-MSH/src/main/java/eu/domibus/core/message/UserMessageDao.java
index 60972bfd67..d1d792852f 100644
--- a/Core/Domibus-MSH/src/main/java/eu/domibus/core/message/UserMessageDao.java
+++ b/Core/Domibus-MSH/src/main/java/eu/domibus/core/message/UserMessageDao.java
@@ -152,16 +152,19 @@ public List<DatabasePartition> findAllPartitions() {
     @Timer(clazz = UserMessageDao.class, value = "dropPartition")
     @Counter(clazz = UserMessageDao.class, value = "dropPartition")
     @Transactional
-    public void dropPartition(String partitionName) {
+    public void dropPartitions(String partitionNames) {
+        // enhanced method to use a string containing a comma separated list of partition to be dropped
         StoredProcedureQuery query = em.createStoredProcedureQuery("DROP_PARTITION")
                 .registerStoredProcedureParameter(
                         "partition_name",
                         String.class,
                         ParameterMode.IN
                 )
-                .setParameter("partition_name", partitionName);
+                .setParameter("partition_name", partitionNames);
         try {
             query.execute();
+        } catch (Exception ex) {
+            LOG.error("Exception encountered when dropping partitions [{}]", partitionNames, ex);
         } finally {
             try {
                 query.unwrap(ProcedureOutputs.class).release();
diff --git a/Core/Domibus-MSH/src/main/java/eu/domibus/core/message/UserMessageDefaultService.java b/Core/Domibus-MSH/src/main/java/eu/domibus/core/message/UserMessageDefaultService.java
index 4c5ad7a337..fe089e76d7 100644
--- a/Core/Domibus-MSH/src/main/java/eu/domibus/core/message/UserMessageDefaultService.java
+++ b/Core/Domibus-MSH/src/main/java/eu/domibus/core/message/UserMessageDefaultService.java
@@ -38,6 +38,7 @@
 import eu.domibus.jms.spi.InternalJMSConstants;
 import eu.domibus.logging.DomibusLogger;
 import eu.domibus.logging.DomibusLoggerFactory;
+import eu.domibus.logging.DomibusMessageCode;
 import eu.domibus.logging.MDCKey;
 import eu.domibus.messaging.MessageConstants;
 import org.apache.commons.collections4.CollectionUtils;
@@ -61,11 +62,13 @@
 import javax.persistence.PersistenceContext;
 import java.io.*;
 import java.sql.Timestamp;
+import java.time.ZoneOffset;
+import java.time.ZonedDateTime;
 import java.util.*;
 import java.util.stream.Collectors;
+import java.util.zip.GZIPInputStream;
 import java.util.zip.ZipEntry;
 import java.util.zip.ZipOutputStream;
-import java.util.zip.GZIPInputStream;
 
 import static eu.domibus.api.property.DomibusPropertyMetadataManagerSPI.DOMIBUS_MESSAGE_DOWNLOAD_MAX_SIZE;
 import static eu.domibus.api.property.DomibusPropertyMetadataManagerSPI.DOMIBUS_RESEND_BUTTON_ENABLED_RECEIVED_MINUTES;
@@ -256,7 +259,11 @@ public void sendEnqueuedMessage(String messageId) {
             throw new UserMessageException("You have to wait " + dateUtil.getDiffMinutesBetweenDates(receivedDateDelta, currentDate) + " minutes before resending the message [" + messageId + "]");
         }
         if (userMessageLog.getNextAttempt() != null) {
-            throw new UserMessageException(DomibusCoreErrorCode.DOM_001, MESSAGE + messageId + "] was already scheduled");
+            ZonedDateTime nextAttempt = ZonedDateTime.ofInstant(userMessageLog.getNextAttempt().toInstant(), ZoneOffset.UTC);
+            ZonedDateTime now = ZonedDateTime.now(ZoneOffset.UTC);
+            if (nextAttempt.isAfter(now)) {
+                throw new UserMessageException(DomibusCoreErrorCode.DOM_001, MESSAGE + messageId + "] was already scheduled");
+            }
         }
 
         final UserMessage userMessage = userMessageDao.findByEntityId(userMessageLog.getEntityId());
@@ -831,6 +838,7 @@ protected Map<String, InputStream> getMessageContentWithAttachments(String messa
                 String fileName = domibusStringUtil.sanitizeFileName(getPayloadName(pInfo));
                 InputStream inputStream = pInfo.getPayloadDatahandler().getInputStream();
                 if (isCompressedFile(pInfo)) {
+                    LOG.businessInfo(DomibusMessageCode.BUS_MESSAGE_PAYLOAD_DECOMPRESSION, pInfo.getHref());
                     inputStream = new GZIPInputStream(inputStream);
                 }
                 result.put(fileName, inputStream);
@@ -881,10 +889,12 @@ protected String getPayloadName(PartInfo info) {
             return messagePayloadNameWithExtension;
         }
 
-        for (PartProperty property : info.getPartProperties()) {
-            if (StringUtils.equals(property.getName(), PAYLOAD_NAME)) {
-                LOG.debug("Payload Name for cid [{}] is [{}]", info.getHref(), property.getName());
-                return property.getValue();
+        if(CollectionUtils.isNotEmpty(info.getPartProperties())) {
+            for (PartProperty property : info.getPartProperties()) {
+                if (StringUtils.equals(property.getName(), PAYLOAD_NAME)) {
+                    LOG.debug("Payload Name for cid [{}] is [{}]", info.getHref(), property.getName());
+                    return property.getValue();
+                }
             }
         }
 
@@ -892,13 +902,16 @@ protected String getPayloadName(PartInfo info) {
     }
 
     protected String getPayloadExtension(PartInfo info) {
-        String extension = info.getPartProperties().stream()
-                .filter(property -> MIME_TYPE.equalsIgnoreCase(property.getName()) && property.getValue() != null)
-                .map(PartProperty::getValue)
-                .map(fileServiceUtil::getExtension)
-                .findFirst()
-                .orElse(null);
-        if(StringUtils.isBlank(extension)){
+        String extension = "";
+        if(CollectionUtils.isNotEmpty(info.getPartProperties())) {
+            extension = info.getPartProperties().stream()
+                    .filter(property -> MIME_TYPE.equalsIgnoreCase(property.getName()) && property.getValue() != null)
+                    .map(PartProperty::getValue)
+                    .map(fileServiceUtil::getExtension)
+                    .findFirst()
+                    .orElse(null);
+        }
+        if (StringUtils.isBlank(extension)) {
             LOG.warn("Unknown mimetype for cid [{}]", info.getHref());
         }
         LOG.debug("Payload extension for cid [{}] is [{}]", info.getHref(), extension);
@@ -906,6 +919,10 @@ protected String getPayloadExtension(PartInfo info) {
     }
 
     private boolean isCompressedFile(PartInfo info) {
+        if(CollectionUtils.isEmpty(info.getPartProperties())) {
+            LOG.debug("No PartProperties: default -> no compression");
+            return false;
+        }
         return info.getPartProperties().stream()
                 .anyMatch(partProperty -> MessageConstants.COMPRESSION_PROPERTY_KEY.equalsIgnoreCase(partProperty.getName())
                         && MessageConstants.COMPRESSION_PROPERTY_VALUE.equalsIgnoreCase(partProperty.getValue()));
diff --git a/Core/Domibus-MSH/src/main/java/eu/domibus/core/message/UserMessageLogInfoFilter.java b/Core/Domibus-MSH/src/main/java/eu/domibus/core/message/UserMessageLogInfoFilter.java
index 20af1ad7f2..1ac99ea180 100644
--- a/Core/Domibus-MSH/src/main/java/eu/domibus/core/message/UserMessageLogInfoFilter.java
+++ b/Core/Domibus-MSH/src/main/java/eu/domibus/core/message/UserMessageLogInfoFilter.java
@@ -42,7 +42,10 @@ public String getFilterMessageLogQuery(String column, boolean asc, Map<String, O
                         ? MESSAGE_COLLABORATION_INFO_SERVICE + ".entityId," : "0L,") +
                 "log.backend," +
                 "0L," +
-                "log.archived" +
+                "log.archived," +
+                "log.exported," +
+                "log.downloaded," +
+                "log.acknowledged" +
                 ")" +
                 getQueryBody(filters, fields);
         StringBuilder result = filterQuery(query, column, asc, filters);
diff --git a/Core/Domibus-MSH/src/main/java/eu/domibus/core/message/compression/CompressionService.java b/Core/Domibus-MSH/src/main/java/eu/domibus/core/message/compression/CompressionService.java
index f8785ac969..3fd5b9a711 100644
--- a/Core/Domibus-MSH/src/main/java/eu/domibus/core/message/compression/CompressionService.java
+++ b/Core/Domibus-MSH/src/main/java/eu/domibus/core/message/compression/CompressionService.java
@@ -156,6 +156,7 @@ public void handlePartInfoDecompression(String messageId, PartInfo partInfo) thr
         }
 
         if (!payloadCompressed) {
+            LOG.businessInfo(DomibusMessageCode.BUS_MESSAGE_PAYLOAD_DECOMPRESSION_NOT_ENABLED, partInfo.getHref());
             LOG.debug("Decompression is not needed: payload is not compressed");
             return;
         }
@@ -189,7 +190,7 @@ public void validateDecompression(String messageId, PartInfo partInfo, String mi
 
         try (InputStream is = new DecompressionDataSource(partInfo.getPayloadDatahandler().getDataSource(), mimeType).getInputStream()) {
             if (is.available() > 0) {
-                LOG.debug("Creating decompression data source was successful", partInfo.getHref());
+                LOG.debug("Creating decompression data source was successful [{}]", partInfo.getHref());
             }
         } catch (IOException e) {
             LOG.businessError(DomibusMessageCode.BUS_MESSAGE_PAYLOAD_COMPRESSION_FAILURE, partInfo.getHref(), e);
diff --git a/Core/Domibus-MSH/src/main/java/eu/domibus/core/message/reliability/ReliabilityChecker.java b/Core/Domibus-MSH/src/main/java/eu/domibus/core/message/reliability/ReliabilityChecker.java
index 6f0b7b95ca..93cfc60a5c 100644
--- a/Core/Domibus-MSH/src/main/java/eu/domibus/core/message/reliability/ReliabilityChecker.java
+++ b/Core/Domibus-MSH/src/main/java/eu/domibus/core/message/reliability/ReliabilityChecker.java
@@ -213,7 +213,7 @@ protected CheckResult checkReliability(final SOAPMessage request, final SOAPMess
             } else {
                 LOG.businessError(DomibusMessageCode.BUS_RELIABILITY_RECEIPT_INVALID_EMPTY, messageId);
                 throw EbMS3ExceptionBuilder.getInstance()
-                        .ebMS3ErrorCode(ErrorCode.EbMS3ErrorCode.EBMS_0302)
+                        .ebMS3ErrorCode(ErrorCode.EbMS3ErrorCode.EBMS_0301)
                         .message("There is no content inside the receipt element received by the responding gateway")
                         .refToMessageId(messageId)
                         .mshRole(MSHRole.SENDING)
diff --git a/Core/Domibus-MSH/src/main/java/eu/domibus/core/message/retention/MessageRetentionPartitionsService.java b/Core/Domibus-MSH/src/main/java/eu/domibus/core/message/retention/MessageRetentionPartitionsService.java
index 7956459b13..bfffe4f092 100644
--- a/Core/Domibus-MSH/src/main/java/eu/domibus/core/message/retention/MessageRetentionPartitionsService.java
+++ b/Core/Domibus-MSH/src/main/java/eu/domibus/core/message/retention/MessageRetentionPartitionsService.java
@@ -21,16 +21,15 @@
 import eu.domibus.logging.DomibusLoggerFactory;
 import org.apache.commons.lang3.time.DateUtils;
 import org.springframework.stereotype.Service;
-import org.springframework.transaction.annotation.Transactional;
 
-import java.util.Comparator;
+import java.util.ArrayList;
 import java.util.Date;
 import java.util.List;
-import java.util.NoSuchElementException;
 import java.util.stream.Collectors;
 
-import static eu.domibus.api.property.DomibusPropertyMetadataManagerSPI.DOMIBUS_EARCHIVE_ACTIVE;
-import static eu.domibus.api.property.DomibusPropertyMetadataManagerSPI.DOMIBUS_PARTITIONS_DROP_CHECK_MESSAGES_EARCHIVED;
+import static eu.domibus.api.property.DomibusPropertyMetadataManagerSPI.*;
+import static eu.domibus.core.message.retention.PartitionService.DEFAULT_PARTITION;
+import static eu.domibus.core.message.retention.PartitionService.PARTITION_NAME_REGEXP;
 
 /**
  * This service class is responsible for the retention and clean up of Domibus messages.
@@ -42,8 +41,6 @@
 @Service
 public class MessageRetentionPartitionsService implements MessageRetentionService {
 
-    protected static final String PARTITION_NAME_REGEXP = "SYS_P[0-9]+|P[0-9]+";
-
     private static final DomibusLogger LOG = DomibusLoggerFactory.getLogger(MessageRetentionPartitionsService.class);
 
     protected final PModeProvider pModeProvider;
@@ -66,8 +63,6 @@ public class MessageRetentionPartitionsService implements MessageRetentionServic
 
     protected final PartitionService partitionService;
 
-    public static final String DEFAULT_PARTITION = "P1970"; // default partition that we never delete
-
     public MessageRetentionPartitionsService(PModeProvider pModeProvider,
                                              UserMessageDao userMessageDao,
                                              UserMessageLogDao userMessageLogDao,
@@ -110,11 +105,21 @@ public void deleteExpiredMessages() {
         // A partition may have messages with all statuses, received/sent on any MPC
         // We only consider for deletion those partitions older than the maximum retention over all the MPCs defined in the pMode
         int maxRetention = getMaxRetention();
-        LOG.debug("Max retention time configured in pMode is [{}] minutes", maxRetention);
+        LOG.info("Max retention time configured in pMode is [{}] minutes", maxRetention);
         List<String> partitionNames = getExpiredPartitionNames(maxRetention);
-        LOG.debug("Verify if all messages expired for partitions older than [{}] days", maxRetention/60/24);
+        List<String> toDeletePartitionNames = new ArrayList<>();
+        LOG.info("Verify if all messages expired for partitions older than [{}] days", maxRetention / 60 / 24);
+
+        int maxPartitionsDrop = domibusPropertyProvider.getIntegerProperty(DOMIBUS_PARTITIONS_DROP_MAX_PARTITIONS);
+        if (maxPartitionsDrop <= 0) {
+            LOG.warn("Invalid value for [{}] setting limit to 1 partition.", DOMIBUS_PARTITIONS_DROP_MAX_PARTITIONS);
+            maxPartitionsDrop = 1;
+        }
+
+        LOG.info("Maximum number of partitions to delete at once is [{}]", maxPartitionsDrop);
+        LOG.info("Start verifying partitions.");
         for (String partitionName : partitionNames) {
-            LOG.debug("Verify partition [{}]", partitionName);
+            LOG.info("Verify partition [{}]", partitionName);
             // To avoid SQL injection issues, check the partition name used in the next checks, inside native SQL queries
             if (!partitionName.matches(PARTITION_NAME_REGEXP)) {
                 LOG.error("Partition [{}] has invalid name", partitionName);
@@ -129,7 +134,6 @@ public void deleteExpiredMessages() {
                 continue;
             }
 
-            // TODO We might consider that, if a message was archived it is already expired (in final status and older than the specified retention for its MPC) and skip the next verifications
             // Verify if all messages expired
             toDelete = verifyIfAllMessagesAreExpired(partitionName);
             if (toDelete == false) {
@@ -137,9 +141,20 @@ public void deleteExpiredMessages() {
                 enqueuePartitionCheckEvent(partitionName);
                 continue;
             }
+            toDeletePartitionNames.add(partitionName);
+            LOG.info("Found expired partition to delete [{}].", partitionName);
+            if(toDeletePartitionNames.size() >= maxPartitionsDrop) {
+                LOG.info("Reached maximum number of partitions to delete in one round [{}].", toDeletePartitionNames.size());
+                break;
+            }
+        }
 
-            LOG.info("Delete partition [{}]", partitionName);
-            userMessageDao.dropPartition(partitionName);
+        if (toDeletePartitionNames.size() > 0) {
+            String strPartitions = toDeletePartitionNames.stream().collect(Collectors.joining(","));
+            LOG.info("Deleting [{}] partitions [{}]", toDeletePartitionNames.size(), strPartitions);
+            userMessageDao.dropPartitions(strPartitions);
+        } else {
+            LOG.info("There was no partition to delete.");
         }
     }
 
@@ -167,31 +182,29 @@ protected List<String> getExpiredPartitionNames(int maxRetention) {
 
         //we have to keep the newest non default partition, otherwise the hourly interval partitioning will generate more
         //than the maximum nr of partitions allowed by Oracle (ORA-14300) when we would insert a new message
-        DatabasePartition newestNonDefaultPartition = getNewestNonDefaultPartition(partitions);
+        DatabasePartition newestNonDefaultPartition = partitionService.getNewestNonDefaultPartition(partitions);
+
+        if (newestNonDefaultPartition == null) {
+            LOG.info("No partitions found (except default)");
+            return new ArrayList<>();
+        }
 
         List<String> partitionNames =
                 partitions.stream()
                         .filter(p -> !DEFAULT_PARTITION.equalsIgnoreCase(p.getPartitionName()))
-                        .filter(p -> p.getHighValue() < expiredHighValue )
+                        .filter(p -> p.getHighValue() < expiredHighValue)
                         .filter(p -> !p.equals(newestNonDefaultPartition))
                         .map(DatabasePartition::getPartitionName)
                         .collect(Collectors.toList());
-        LOG.debug("Found [{}] partitions to verify expired messages: [{}]", partitionNames.size());
-        if(LOG.isDebugEnabled()) {
+        LOG.debug("Found [{}] partitions", partitionNames.size());
+        if (LOG.isDebugEnabled()) {
             LOG.debug("Expired Partitions are: ");
-            partitionNames.stream().forEach(p->LOG.debug("["  + p + "] "));
+            partitionNames.stream().forEach(p -> LOG.debug("[{}] ", p));
         }
 
         return partitionNames;
     }
 
-    protected static DatabasePartition getNewestNonDefaultPartition(List<DatabasePartition> partitions) {
-        return partitions.stream()
-                .filter(p -> !DEFAULT_PARTITION.equalsIgnoreCase(p.getPartitionName()))
-                .max(Comparator.comparing(DatabasePartition::getHighValue))
-                .orElseThrow(NoSuchElementException::new);
-    }
-
     protected boolean verifyIfAllMessagesAreArchived(String partitionName) {
         if (!domibusPropertyProvider.getBooleanProperty(DOMIBUS_EARCHIVE_ACTIVE)) {
             LOG.debug("Archiving messages mechanism is disabled.");
@@ -248,11 +261,10 @@ protected boolean verifyIfAllMessagesAreExpired(String partitionName) {
     protected boolean checkByMessageStatusAndMpcOnPartition(String mpc, MessageStatus messageStatus, String partitionName) {
         int retention = getRetention(mpc, messageStatus);
         int count;
-        if(retention == -1){
+        if (retention == -1) {
             LOG.info("getAllMessagesWithStatus [{}]  retention [{}] on partition [{}]", messageStatus, retention, partitionName);
             count = userMessageLogDao.getAllMessagesWithStatus(mpc, messageStatus, partitionName);
-        }
-        else {
+        } else {
             LOG.info("getAllMessagesWithStatus [{}]  retention [{}] on partition [{}]", messageStatus, retention, partitionName);
             count = userMessageLogDao.getMessagesNewerThan(
                     DateUtils.addMinutes(new Date(), retention * -1), mpc, messageStatus, partitionName);
diff --git a/Core/Domibus-MSH/src/main/java/eu/domibus/core/message/retention/PartitionService.java b/Core/Domibus-MSH/src/main/java/eu/domibus/core/message/retention/PartitionService.java
index e4857b600e..eb44dcbef0 100644
--- a/Core/Domibus-MSH/src/main/java/eu/domibus/core/message/retention/PartitionService.java
+++ b/Core/Domibus-MSH/src/main/java/eu/domibus/core/message/retention/PartitionService.java
@@ -22,6 +22,10 @@ public class PartitionService {
 
     private static final DomibusLogger LOG = DomibusLoggerFactory.getLogger(PartitionService.class);
 
+    public static final String PARTITION_NAME_REGEXP = "SYS_P[0-9]+|P[0-9]+";
+
+    public static final String DEFAULT_PARTITION = "P1970"; // default partition that we never delete
+
     protected DateUtil dateUtil;
 
 
@@ -29,17 +33,16 @@ public PartitionService(DateUtil dateUtil) {
         this.dateUtil = dateUtil;
     }
 
-
-    public Long getExpiredPartitionsHighValue(List<DatabasePartition> partitions, Date expireDate) {
-        Long highValue = partitions.stream().max(Comparator.comparing(DatabasePartition::getHighValue)).get().getHighValue();
-        Long expiredHighValue = getPartitionHighValueFromDate(expireDate);
-
-        return java.lang.Math.min(highValue, expiredHighValue);
-    }
-
     public Long getPartitionHighValueFromDate(Date partitionDate) {
         Long highValue = new Long (dateUtil.getIdPkDateHourPrefix(partitionDate) + DomibusDatePrefixedSequenceIdGeneratorGenerator.MIN);
         LOG.debug("Get partition highValue from date [{}], highValue [{}]", partitionDate, highValue);
         return highValue;
     }
+
+    public DatabasePartition getNewestNonDefaultPartition(List<DatabasePartition> partitions) {
+        return partitions.stream()
+                .filter(p -> !DEFAULT_PARTITION.equalsIgnoreCase(p.getPartitionName()))
+                .max(Comparator.comparing(DatabasePartition::getHighValue))
+                .orElse(null);
+    }
 }
diff --git a/Core/Domibus-MSH/src/main/java/eu/domibus/core/message/splitandjoin/SplitAndJoinDefaultService.java b/Core/Domibus-MSH/src/main/java/eu/domibus/core/message/splitandjoin/SplitAndJoinDefaultService.java
index c68bfd6f9c..9436d56f53 100644
--- a/Core/Domibus-MSH/src/main/java/eu/domibus/core/message/splitandjoin/SplitAndJoinDefaultService.java
+++ b/Core/Domibus-MSH/src/main/java/eu/domibus/core/message/splitandjoin/SplitAndJoinDefaultService.java
@@ -57,7 +57,6 @@
 
 import javax.xml.soap.SOAPException;
 import javax.xml.soap.SOAPMessage;
-import javax.xml.transform.TransformerException;
 import java.io.*;
 import java.math.BigInteger;
 import java.nio.file.Files;
diff --git a/Core/Domibus-MSH/src/main/java/eu/domibus/core/multitenancy/DomainTaskExecutorImpl.java b/Core/Domibus-MSH/src/main/java/eu/domibus/core/multitenancy/DomainTaskExecutorImpl.java
index 85bcea9bea..d65c93c0fd 100644
--- a/Core/Domibus-MSH/src/main/java/eu/domibus/core/multitenancy/DomainTaskExecutorImpl.java
+++ b/Core/Domibus-MSH/src/main/java/eu/domibus/core/multitenancy/DomainTaskExecutorImpl.java
@@ -8,6 +8,8 @@
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.scheduling.SchedulingTaskExecutor;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.stereotype.Service;
 
 import java.util.concurrent.*;
@@ -49,6 +51,14 @@ public <T extends Object> T submit(Callable<T> task) {
             throw new DomainTaskException("Could not execute task", e);
         }
     }
+
+    @Override
+    public <T extends Object> T submitWithSecurityContext(Callable<T> task) {
+        final Authentication currentAuthentication = SecurityContextHolder.getContext().getAuthentication();
+        final Callable<T> setAuthRunnable = new SetAuthRunnable(currentAuthentication, task);
+        return submit(setAuthRunnable);
+    }
+
     @Override
     public <T extends Object> T submit(Callable<T> task, Domain domain) {
         DomainCallable domainCallable = new DomainCallable(domainContextProvider, task, domain);
@@ -69,6 +79,15 @@ public void submit(Runnable task) {
         submitRunnable(schedulingTaskExecutor, clearDomainRunnable, true, DEFAULT_WAIT_TIMEOUT_IN_SECONDS, TimeUnit.SECONDS);
     }
 
+    @Override
+    public void submitWithSecurityContext(Runnable task) {
+        Callable callable = () -> {
+            task.run();
+            return null;
+        };
+        submitWithSecurityContext(callable);
+    }
+
     @Override
     public Future<?> submit(Runnable task, boolean waitForTask) {
         LOG.trace("Submitting task, waitForTask [{}]", waitForTask);
diff --git a/Core/Domibus-MSH/src/main/java/eu/domibus/core/payload/persistence/DatabasePayloadPersistence.java b/Core/Domibus-MSH/src/main/java/eu/domibus/core/payload/persistence/DatabasePayloadPersistence.java
index 56c87c4d6f..bfc353fde5 100644
--- a/Core/Domibus-MSH/src/main/java/eu/domibus/core/payload/persistence/DatabasePayloadPersistence.java
+++ b/Core/Domibus-MSH/src/main/java/eu/domibus/core/payload/persistence/DatabasePayloadPersistence.java
@@ -9,6 +9,7 @@
 import eu.domibus.api.model.UserMessage;
 import eu.domibus.logging.DomibusLogger;
 import eu.domibus.logging.DomibusLoggerFactory;
+import eu.domibus.logging.DomibusMessageCode;
 import org.apache.commons.io.IOUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
@@ -75,7 +76,7 @@ public void storeIncomingPayload(PartInfo partInfo, UserMessage userMessage, Leg
         partInfo.setLength(partInfoLength);
         partInfo.setFileName(null);
         LOG.debug("Finished saving incoming payload [{}] to database", partInfo.getHref());
-
+        LOG.businessInfo(DomibusMessageCode.BUS_PAYLOAD_PERSISTED_IN_DB, partInfo.getHref());
 
         //initialize the payloadDatahandler with the binaryData in order to avoid that the payload is decompressed again
         partInfo.loadBinary();
diff --git a/Core/Domibus-MSH/src/main/java/eu/domibus/core/payload/persistence/FileSystemPayloadPersistence.java b/Core/Domibus-MSH/src/main/java/eu/domibus/core/payload/persistence/FileSystemPayloadPersistence.java
index d08daeb335..786147f3d7 100644
--- a/Core/Domibus-MSH/src/main/java/eu/domibus/core/payload/persistence/FileSystemPayloadPersistence.java
+++ b/Core/Domibus-MSH/src/main/java/eu/domibus/core/payload/persistence/FileSystemPayloadPersistence.java
@@ -11,6 +11,7 @@
 import eu.domibus.api.model.UserMessage;
 import eu.domibus.logging.DomibusLogger;
 import eu.domibus.logging.DomibusLoggerFactory;
+import eu.domibus.logging.DomibusMessageCode;
 import org.apache.commons.io.IOUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -54,6 +55,7 @@ public void storeIncomingPayload(PartInfo partInfo, UserMessage userMessage, Leg
             PayloadFileStorage currentStorage = storageProvider.getCurrentStorage();
             final Boolean encryptionActive = payloadPersistenceHelper.isPayloadEncryptionActive(userMessage);
             saveIncomingPayloadToDisk(partInfo, currentStorage, encryptionActive);
+            LOG.businessInfo(DomibusMessageCode.BUS_PAYLOAD_PERSISTED_ON_FILE_SYSTEM, partInfo.getHref());
         } else {
             LOG.debug("Incoming payload [{}] is already saved on file disk under [{}]", partInfo.getHref(), partInfo.getFileName());
         }
diff --git a/Core/Domibus-MSH/src/main/java/eu/domibus/core/plugin/handler/MessageRetrieverImpl.java b/Core/Domibus-MSH/src/main/java/eu/domibus/core/plugin/handler/MessageRetrieverImpl.java
index c270c9a4f6..e3cfff30a9 100644
--- a/Core/Domibus-MSH/src/main/java/eu/domibus/core/plugin/handler/MessageRetrieverImpl.java
+++ b/Core/Domibus-MSH/src/main/java/eu/domibus/core/plugin/handler/MessageRetrieverImpl.java
@@ -16,7 +16,9 @@
 import eu.domibus.core.message.UserMessageLogDefaultService;
 import eu.domibus.logging.DomibusLogger;
 import eu.domibus.logging.DomibusLoggerFactory;
-import eu.domibus.messaging.*;
+import eu.domibus.messaging.DuplicateMessageException;
+import eu.domibus.messaging.MessageConstants;
+import eu.domibus.messaging.MessageNotFoundException;
 import eu.domibus.plugin.Submission;
 import eu.domibus.plugin.handler.MessageRetriever;
 import org.apache.commons.collections4.CollectionUtils;
@@ -178,25 +180,29 @@ public List<? extends ErrorResult> getErrorsForMessage(final String messageId) t
             userMessageLog = userMessageLogService.findByMessageId(messageId);
         } catch (DuplicateMessageFoundException e) {
             throw new DuplicateMessageException(e.getMessage(), e.getCause());
-        }
-        if (userMessageLog == null) {
-            throw new MessageNotFoundException("Message [" + messageId + "] does not exist");
+        } catch (eu.domibus.api.messaging.MessageNotFoundException messageNotFoundException) {
+            LOG.debug("Message with id [{}] not found", messageId);
         }
         List<ErrorLogEntry> errorsForMessage = errorLogService.getErrorsForMessage(messageId);
 
+        if (userMessageLog == null && CollectionUtils.isEmpty(errorsForMessage)) {
+            throw new MessageNotFoundException("Message [" + messageId + "] does not exist");
+        }
         return errorsForMessage.stream().map(errorLogService::convert).collect(Collectors.toList());
     }
 
     @Override
     public List<? extends ErrorResult> getErrorsForMessage(String messageId, eu.domibus.common.MSHRole mshRole) throws MessageNotFoundException {
         MSHRole role = MSHRole.valueOf(mshRole.name());
+        List<? extends ErrorResult> errorResults = errorLogService.getErrors(messageId, role);
         try {
             userMessageSecurityService.checkMessageAuthorizationWithUnsecureLoginAllowed(messageId, role);
         } catch (eu.domibus.api.messaging.MessageNotFoundException messageNotFoundException) {
-            throw new MessageNotFoundException("Message [" + messageId + "]-[" + role + "] does not exist");
+            if (CollectionUtils.isEmpty(errorResults)) {
+                throw new MessageNotFoundException("Message [" + messageId + "]-[" + role + "] does not exist");
+            }
         }
         UserMessageLog userMessageLog = userMessageLogService.findByMessageId(messageId, role);
-        List<? extends ErrorResult> errorResults = errorLogService.getErrors(messageId, role);
         if (userMessageLog == null && CollectionUtils.isEmpty(errorResults)) {
             throw new MessageNotFoundException("Message [" + messageId + "] does not exist");
         }
diff --git a/Core/Domibus-MSH/src/main/java/eu/domibus/core/plugin/handler/MessageSubmitterImpl.java b/Core/Domibus-MSH/src/main/java/eu/domibus/core/plugin/handler/MessageSubmitterImpl.java
index 6631a08447..30815afcd2 100644
--- a/Core/Domibus-MSH/src/main/java/eu/domibus/core/plugin/handler/MessageSubmitterImpl.java
+++ b/Core/Domibus-MSH/src/main/java/eu/domibus/core/plugin/handler/MessageSubmitterImpl.java
@@ -10,6 +10,7 @@
 import eu.domibus.api.payload.PartInfoService;
 import eu.domibus.api.plugin.BackendConnectorService;
 import eu.domibus.api.pmode.PModeException;
+import eu.domibus.api.property.DomibusPropertyProvider;
 import eu.domibus.api.security.AuthUtils;
 import eu.domibus.common.ErrorCode;
 import eu.domibus.common.model.configuration.Identifier;
@@ -44,6 +45,7 @@
 import eu.domibus.plugin.ProcessingType;
 import eu.domibus.plugin.Submission;
 import eu.domibus.plugin.handler.MessageSubmitter;
+import org.apache.commons.lang3.BooleanUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.dao.DataIntegrityViolationException;
 import org.springframework.stereotype.Service;
@@ -56,6 +58,8 @@
 import static eu.domibus.logging.DomibusMessageCode.MANDATORY_MESSAGE_HEADER_METADATA_MISSING;
 import static org.apache.commons.lang3.StringUtils.isBlank;
 
+import static eu.domibus.api.property.DomibusPropertyMetadataManagerSPI.DOMIBUS_MESSAGE_SUBMISSION_DIAGNOSTICS_ENABLED;
+
 /**
  * Service used for submitting messages (split from DatabaseMessageHandler)
  *
@@ -113,6 +117,8 @@ public class MessageSubmitterImpl implements MessageSubmitter {
 
     protected final BackendConnectorService backendConnectorService;
 
+    protected final DomibusPropertyProvider domibusPropertyProvider;
+
     public MessageSubmitterImpl(AuthUtils authUtils, UserMessageDefaultService userMessageService, SplitAndJoinConfigurationService splitAndJoinConfigurationService,
                                 PModeDefaultService pModeDefaultService, SubmissionAS4Transformer transformer, MessagingService messagingService,
                                 UserMessageLogDefaultService userMessageLogService, PayloadFileStorageProvider storageProvider, ErrorLogService errorLogService,
@@ -120,7 +126,8 @@ public MessageSubmitterImpl(AuthUtils authUtils, UserMessageDefaultService userM
                                 MessageExchangeService messageExchangeService, MessageFragmentDao messageFragmentDao,
                                 MpcDictionaryService mpcDictionaryService, UserMessageValidatorSpiService userMessageValidatorSpiService,
                                 UserMessageSecurityService userMessageSecurityService, PartInfoService partInfoService, MessageSubmitterHelper messageSubmitterHelper,
-                                TestMessageValidator testMessageValidator, BackendConnectorService backendConnectorService) {
+                                TestMessageValidator testMessageValidator, BackendConnectorService backendConnectorService,
+                                DomibusPropertyProvider domibusPropertyProvider) {
         this.authUtils = authUtils;
         this.userMessageService = userMessageService;
         this.splitAndJoinConfigurationService = splitAndJoinConfigurationService;
@@ -142,6 +149,7 @@ public MessageSubmitterImpl(AuthUtils authUtils, UserMessageDefaultService userM
         this.messageSubmitterHelper = messageSubmitterHelper;
         this.testMessageValidator = testMessageValidator;
         this.backendConnectorService = backendConnectorService;
+        this.domibusPropertyProvider = domibusPropertyProvider;
     }
 
     @MDCKey(value = {DomibusLogger.MDC_MESSAGE_ID, DomibusLogger.MDC_MESSAGE_ROLE, DomibusLogger.MDC_MESSAGE_ENTITY_ID}, cleanOnStart = true)
@@ -241,18 +249,34 @@ public String submit(final Submission submission, final String backendName) thro
         } catch (EbMS3Exception ebms3Ex) {
             LOG.error(ERROR_SUBMITTING_THE_MESSAGE_STR + messageId + TO_STR + backendName + "]", ebms3Ex);
             errorLogService.createErrorLog(ebms3Ex, MSHRole.SENDING, null);
+            logDiagnosticsData(submission);
             throw MessagingExceptionFactory.transform(ebms3Ex);
         } catch (PModeException p) {
             LOG.error(ERROR_SUBMITTING_THE_MESSAGE_STR + messageId + TO_STR + backendName + "]" + p.getMessage(), p);
             errorLogService.createErrorLog(messageId, ErrorCode.EBMS_0004, p.getMessage(), MSHRole.SENDING, null);
+            logDiagnosticsData(submission);
             throw new PModeMismatchException(p.getMessage(), p);
         } catch (ConfigurationException ex) {
             LOG.error(ERROR_SUBMITTING_THE_MESSAGE_STR + messageId + TO_STR + backendName + "]", ex);
             errorLogService.createErrorLog(messageId, ErrorCode.EBMS_0004, ex.getMessage(), MSHRole.SENDING, null);
+            logDiagnosticsData(submission);
             throw MessagingExceptionFactory.transform(ex, ErrorCode.EBMS_0004);
         }
     }
 
+
+    private void logDiagnosticsData(Submission submission) {
+        if (BooleanUtils.isNotTrue(domibusPropertyProvider.getBooleanProperty(DOMIBUS_MESSAGE_SUBMISSION_DIAGNOSTICS_ENABLED))) {
+            return;
+        }
+        try {
+            LOG.warn("Submission not accepted [{}]:\n", submission.format());
+        } catch (Exception ex) {
+            LOG.error("Error logging diagnostics data", ex);
+        }
+    }
+
+
     @Transactional
     @MDCKey({DomibusLogger.MDC_MESSAGE_ID, DomibusLogger.MDC_MESSAGE_ROLE, DomibusLogger.MDC_MESSAGE_ENTITY_ID})
     public String submitMessageFragment(UserMessage userMessage, MessageFragmentEntity messageFragmentEntity, PartInfo partInfo, String backendName) throws MessagingProcessingException {
diff --git a/Core/Domibus-MSH/src/main/java/eu/domibus/core/plugin/notification/BackendNotificationService.java b/Core/Domibus-MSH/src/main/java/eu/domibus/core/plugin/notification/BackendNotificationService.java
index f8ac29c4e1..2117dc2ded 100644
--- a/Core/Domibus-MSH/src/main/java/eu/domibus/core/plugin/notification/BackendNotificationService.java
+++ b/Core/Domibus-MSH/src/main/java/eu/domibus/core/plugin/notification/BackendNotificationService.java
@@ -416,7 +416,7 @@ protected void createMessageDeleteBatchEvent(String backend, List<MessageDeleted
     protected List<MessageDeletedEvent> getMessageDeletedEventsForBackend(String backend, final List<UserMessageLogDto> userMessageLogs) {
         List<MessageDeletedEvent> individualMessageDeletedEvents = userMessageLogs
                 .stream()
-                .filter(userMessageLog -> userMessageLog.getBackend().equals(backend))
+                .filter(userMessageLog -> StringUtils.equals(userMessageLog.getBackend(), backend))
                 .map(this::getMessageDeletedEvent)
                 .collect(toList());
         LOG.debug("There are [{}] delete messages to notify for backend [{}]", individualMessageDeletedEvents.size(), backend);
diff --git a/Core/Domibus-MSH/src/main/java/eu/domibus/core/pmode/multitenancy/MultiDomainPModeProvider.java b/Core/Domibus-MSH/src/main/java/eu/domibus/core/pmode/multitenancy/MultiDomainPModeProvider.java
index 5a67cddb65..055ed79fec 100644
--- a/Core/Domibus-MSH/src/main/java/eu/domibus/core/pmode/multitenancy/MultiDomainPModeProvider.java
+++ b/Core/Domibus-MSH/src/main/java/eu/domibus/core/pmode/multitenancy/MultiDomainPModeProvider.java
@@ -405,4 +405,9 @@ public void removeReceiverParty(String partyName) {
     public Party removeParty(String partyName) {
         return getCurrentPModeProvider().removeParty(partyName);
     }
+
+    @Override
+    public void logCurrentPMode() {
+        getCurrentPModeProvider().logCurrentPMode();
+    }
 }
diff --git a/Core/Domibus-MSH/src/main/java/eu/domibus/core/pmode/provider/CachingPModeProvider.java b/Core/Domibus-MSH/src/main/java/eu/domibus/core/pmode/provider/CachingPModeProvider.java
index af6b9d6b1a..466fead03e 100644
--- a/Core/Domibus-MSH/src/main/java/eu/domibus/core/pmode/provider/CachingPModeProvider.java
+++ b/Core/Domibus-MSH/src/main/java/eu/domibus/core/pmode/provider/CachingPModeProvider.java
@@ -25,6 +25,7 @@
 import eu.domibus.messaging.XmlProcessingException;
 import eu.domibus.plugin.ProcessingType;
 import org.apache.commons.collections.CollectionUtils;
+import org.apache.commons.lang3.BooleanUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.transaction.annotation.Propagation;
@@ -38,7 +39,6 @@
 
 import static eu.domibus.api.ebms3.MessageExchangePattern.*;
 import static eu.domibus.api.property.DomibusPropertyMetadataManagerSPI.*;
-import static org.apache.commons.lang3.StringUtils.equalsIgnoreCase;
 import static org.apache.commons.lang3.StringUtils.*;
 
 /**
@@ -104,7 +104,7 @@ protected void load() {
         LOG.debug("Initialising the configuration");
         try {
             this.configuration = this.configurationDAO.readEager();
-            LOG.debug("Configuration initialized: [{}]", this.configuration.getEntityId());
+            LOG.info("PMode Configuration initialized: [{}]", this.configuration.getEntityId());
 
             initPullProcessesCache();
         } catch (Exception ex) {
@@ -284,9 +284,16 @@ public String findPullLegName(final String agreementName, final String senderPar
                     .message("No Candidates for Legs found")
                     .build();
         }
-        Optional<LegConfiguration> optional = candidates.stream()
+
+        List<LegConfiguration> matchingLegs = candidates.stream()
                 .filter(candidate -> candidateMatches(candidate, service, action, mpc))
-                .findFirst();
+                .collect(Collectors.toList());
+
+        if (matchingLegs.size() > 1 && BooleanUtils.isTrue(domibusPropertyProvider.getBooleanProperty(DOMIBUS_PMODE_DIAGNOSTICS_ENABLED))) {
+            LOG.info("Multiple matching legs found: [{}]", matchingLegs.stream().map(leg -> leg.getName()).collect(Collectors.joining(",")));
+        }
+
+        Optional<LegConfiguration> optional = matchingLegs.stream().findFirst();
         String pullLegName = optional.isPresent() ? optional.get().getName() : null;
         if (pullLegName != null) {
             return pullLegName;
@@ -346,6 +353,10 @@ public String findLegName(final String agreementName, final String senderParty,
                     .build();
         }
 
+        if (matchingLegs.size() > 1 && BooleanUtils.isTrue(domibusPropertyProvider.getBooleanProperty(DOMIBUS_PMODE_DIAGNOSTICS_ENABLED))) {
+            LOG.info("Multiple matching legs found: [{}]", matchingLegs.stream().map(leg -> leg.getName()).collect(Collectors.joining(",")));
+        }
+
         Optional<LegConfiguration> selectedLeg = matchingLegs.stream().findFirst();
         return selectedLeg.map(LegConfiguration::getName).orElse(null);
     }
@@ -1328,4 +1339,93 @@ private Agreement getAgreementRefHandleProcess(Process found) {
         }
         return null;
     }
+
+    @Override
+    public void logCurrentPMode() {
+        LOG.info("Current PMode: [{}]", this.configuration);
+        if (this.configuration == null) {
+            return;
+        }
+
+        StringBuilder sb = new StringBuilder();
+
+        if (CollectionUtils.isEmpty(this.configuration.getMpcs())) {
+            sb.append("No Mpcs\n");
+        } else {
+            for (Mpc mpc : this.configuration.getMpcs()) {
+                sb.append("Mpc: [").append(mpc.getName()).append("]\n");
+                sb.append("     QualifiedName: [").append(mpc.getQualifiedName()).append("]\n");
+                sb.append("     RetentionDownloaded: [").append(mpc.getRetentionDownloaded()).append("]\n");
+                sb.append("     RetentionUndownloaded: [").append(mpc.getRetentionUndownloaded()).append("]\n");
+                sb.append("     RetentionSent: [").append(mpc.getRetentionSent()).append("]\n");
+                sb.append("     DeleteMessageMetadata: [").append(mpc.isDeleteMessageMetadata()).append("]\n");
+                sb.append("     MaxBatchDelete: [").append(mpc.getMaxBatchDelete()).append("]\n");
+                sb.append("     MetadataRetentionOffset: [").append(mpc.getMetadataRetentionOffset()).append("]\n");
+            }
+        }
+
+        if (this.configuration.getBusinessProcesses() == null || CollectionUtils.isEmpty(this.configuration.getBusinessProcesses().getProcesses())) {
+            sb.append("No Processes\n");
+        } else {
+            for (Process process : this.configuration.getBusinessProcesses().getProcesses()) {
+                sb.append("Process: [").append(process.getName()).append("]\n");
+                sb.append("     Initiator Role: [").append(process.getInitiatorRole()).append("]\n");
+                sb.append("     Responder Role: [").append(process.getResponderRole()).append("]\n");
+                sb.append("     Initiator Parties: [").append(CollectionUtils.isEmpty(process.getInitiatorParties()) ? "" : process.getInitiatorParties().stream().map(p -> p.getName()).collect(Collectors.joining(","))).append("]\n");
+                sb.append("     Responder Parties: [").append(CollectionUtils.isEmpty(process.getResponderParties()) ? "" : process.getResponderParties().stream().map(p -> p.getName()).collect(Collectors.joining(","))).append("]\n");
+                sb.append("     Mep: [").append(process.getMep() == null ? "null" : "value: " + process.getMep().getValue() + " name: " + process.getMep().getName()).append("]\n");
+                sb.append("     Mep Binding: [").append(process.getMepBinding() == null ? "null" : "value: " + process.getMepBinding().getValue() + " type: " + process.getMepBinding().getName()).append("]\n");
+                sb.append("     Agreement: [").append(process.getAgreement() == null ? "null" : "value: " + process.getAgreement().getValue() + " type: " + process.getAgreement().getType()).append("]\n");
+                sb.append("     Legs: [").append(CollectionUtils.isEmpty(process.getLegs()) ? "" : process.getLegs().stream().map(leg -> leg.getName()).collect(Collectors.joining(","))).append("]\n");
+            }
+        }
+
+        if (this.configuration.getBusinessProcesses() == null || CollectionUtils.isEmpty(this.configuration.getBusinessProcesses().getLegConfigurations())) {
+            sb.append("No Leg Configurations\n");
+        } else {
+            for (LegConfiguration legConfiguration : this.configuration.getBusinessProcesses().getLegConfigurations()) {
+                sb.append("Leg Configuration: [").append(legConfiguration.getName()).append("]\n");
+                sb.append("     Default Mpc: [").append(legConfiguration.getDefaultMpc() == null ? "null" : legConfiguration.getDefaultMpc().getName()).append("]\n");
+                sb.append("     ReceptionAwareness: [").append(legConfiguration.getReceptionAwareness() == null ? "null" : legConfiguration.getReceptionAwareness().getName()).append("]\n");
+                sb.append("     Service: [").append(legConfiguration.getService() == null ? "null" : legConfiguration.getService().getName()).append("]\n");
+                sb.append("     Action: [").append(legConfiguration.getAction() == null ? "null" : legConfiguration.getAction().getName()).append("]\n");
+                sb.append("     CompressPayloads: [").append(legConfiguration.isCompressPayloads()).append("]\n");
+                sb.append("     Splitting: [").append(legConfiguration.getSplitting() == null ? "null" : legConfiguration.getSplitting().getName()).append("]\n");
+                sb.append("     ErrorHandling: [").append(legConfiguration.getErrorHandling() == null ? "null" : legConfiguration.getErrorHandling().getName()).append("]\n");
+                sb.append("     Security: [").append(legConfiguration.getSecurity() == null ? "null" : legConfiguration.getSecurity().getName()).append("]\n");
+                sb.append("     PayloadProfile: [").append(legConfiguration.getPayloadProfile() == null ? "null" : legConfiguration.getPayloadProfile().getName()).append("]\n");
+                sb.append("     PropertySet: [").append(legConfiguration.getPropertySet() == null ? "null" : legConfiguration.getPropertySet().getName()).append("]\n");
+            }
+        }
+
+        if (this.configuration.getBusinessProcesses() == null || CollectionUtils.isEmpty(this.configuration.getBusinessProcesses().getParties())) {
+            sb.append("No Parties\n");
+        } else {
+            for (Party party : this.configuration.getBusinessProcesses().getParties()) {
+                sb.append("Party: [").append(party.getName()).append("]\n");
+                sb.append("     Identifiers: [").append(CollectionUtils.isEmpty(party.getIdentifiers()) ? "" : party.getIdentifiers().stream().map(id -> id.getPartyId()).collect(Collectors.joining(","))).append("]\n");
+                sb.append("     Endpoint: [").append(party.getEndpoint()).append("]\n");
+            }
+        }
+
+        if (pullProcessesByInitiatorCache == null || pullProcessesByInitiatorCache.isEmpty()) {
+            sb.append("No Pull Processes by Initiator cached\n");
+        } else {
+            for (Map.Entry<Party, List<Process>> entry : pullProcessesByInitiatorCache.entrySet()) {
+                sb.append("Pull Processes by Initiator: [").append(entry.getKey().getName()).append("]\n");
+                sb.append("     Processes: [").append(CollectionUtils.isEmpty(entry.getValue()) ? "" : entry.getValue().stream().map(p -> p.getName()).collect(Collectors.joining(","))).append("]\n");
+            }
+        }
+
+        if (pullProcessByMpcCache == null || pullProcessByMpcCache.isEmpty()) {
+            sb.append("No Pull Processes by Mpc cached\n");
+        } else {
+            for (Map.Entry<String, List<Process>> entry : pullProcessByMpcCache.entrySet()) {
+                sb.append("Pull Processes by Mpc: [").append(entry.getKey()).append("]\n");
+                sb.append("     Processes: [").append(CollectionUtils.isEmpty(entry.getValue()) ? "" : entry.getValue().stream().map(p -> p.getName()).collect(Collectors.joining(","))).append("]\n");
+            }
+        }
+
+        LOG.info("Current PMode content: \n[{}]", sb);
+    }
 }
diff --git a/Core/Domibus-MSH/src/main/java/eu/domibus/core/pmode/provider/PModeProvider.java b/Core/Domibus-MSH/src/main/java/eu/domibus/core/pmode/provider/PModeProvider.java
index f0ab5e055e..ddbc682b08 100644
--- a/Core/Domibus-MSH/src/main/java/eu/domibus/core/pmode/provider/PModeProvider.java
+++ b/Core/Domibus-MSH/src/main/java/eu/domibus/core/pmode/provider/PModeProvider.java
@@ -51,6 +51,8 @@
 import java.util.Calendar;
 import java.util.List;
 
+import static eu.domibus.api.property.DomibusPropertyMetadataManagerSPI.DOMIBUS_PMODE_DIAGNOSTICS_ENABLED;
+
 /**
  * @author Christian Koch, Stefan Mueller
  */
@@ -184,7 +186,7 @@ public List<ValidationIssue> updatePModes(byte[] bytes, String description) thro
         configurationRaw.setDescription(description);
         configurationRawDAO.create(configurationRaw);
 
-        LOG.info("Configuration successfully updated");
+        LOG.info("PMode Configuration successfully updated");
 
         domibusLocalCacheService.clearCache(CacheConstants.DICTIONARY_QUERIES);
 
@@ -318,6 +320,7 @@ public MessageExchangeConfiguration findUserMessageExchangeContext(final UserMes
             if (!(isPull && mpcService.forcePullOnMpc(userMessage))) {
                 e.setMshRole(mshRole);
             }
+            logDiagnosticsData(userMessage, mshRole);
             throw e;
         } catch (IllegalStateException ise) {
             // It can happen if DB is clean and no pmodes are configured yet!
@@ -584,4 +587,19 @@ public String getLegConfigurationNameFromPModeKey(final String pModeKey) {
 
     public abstract int getMaxRetryTimeout();
 
+
+    private void logDiagnosticsData(UserMessage userMessage, MSHRole mshRole) {
+        if (BooleanUtils.isNotTrue(domibusPropertyProvider.getBooleanProperty(DOMIBUS_PMODE_DIAGNOSTICS_ENABLED))) {
+            return;
+        }
+        try {
+            LOG.warn("UserMessage not matching the PMode for MSHRole [{}]:\n[{}]", mshRole, userMessage.format());
+            logCurrentPMode();
+        } catch (Exception ex) {
+            LOG.error("Error logging diagnostics data", ex);
+        }
+    }
+
+    public abstract void logCurrentPMode();
+
 }
diff --git a/Core/Domibus-MSH/src/main/java/eu/domibus/core/pmode/provider/dynamicdiscovery/DomibusCertificateValidator.java b/Core/Domibus-MSH/src/main/java/eu/domibus/core/pmode/provider/dynamicdiscovery/DomibusCertificateValidator.java
index bb7e7fc69f..2c85d1c926 100644
--- a/Core/Domibus-MSH/src/main/java/eu/domibus/core/pmode/provider/dynamicdiscovery/DomibusCertificateValidator.java
+++ b/Core/Domibus-MSH/src/main/java/eu/domibus/core/pmode/provider/dynamicdiscovery/DomibusCertificateValidator.java
@@ -4,6 +4,7 @@
 import eu.domibus.logging.DomibusLogger;
 import eu.domibus.logging.DomibusLoggerFactory;
 import eu.europa.ec.dynamicdiscovery.core.security.ISMPCertificateValidator;
+import eu.europa.ec.dynamicdiscovery.core.security.SignatureValidationContext;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.commons.lang3.exception.ExceptionUtils;
 import org.apache.wss4j.common.crypto.Merlin;
@@ -43,15 +44,16 @@ public DomibusCertificateValidator(CertificateService certificateService, KeySto
         setTrustStore(trustStore);
     }
 
-
     /**
-     * Method used by OASIS Dynamic discovery client for certificate verification
-     *
-     * @param certificate
-     * @throws CertificateException
+     * {@inheritDoc}
      */
     @Override
     public void validateSMPCertificate(X509Certificate certificate) throws CertificateException {
+        validateSMPCertificate(certificate, null);
+    }
+
+    @Override
+    public void validateSMPCertificate(X509Certificate certificate, SignatureValidationContext context) throws CertificateException {
         String subjectName = getSubjectDN(certificate);
         LOG.debug("Certificate validator for certificate: [{}]", subjectName);
         // validate
diff --git a/Core/Domibus-MSH/src/main/java/eu/domibus/core/property/CorePropertyMetadataManagerImpl.java b/Core/Domibus-MSH/src/main/java/eu/domibus/core/property/CorePropertyMetadataManagerImpl.java
index 318c6d1cb3..99c0c5673f 100644
--- a/Core/Domibus-MSH/src/main/java/eu/domibus/core/property/CorePropertyMetadataManagerImpl.java
+++ b/Core/Domibus-MSH/src/main/java/eu/domibus/core/property/CorePropertyMetadataManagerImpl.java
@@ -49,6 +49,7 @@ public class CorePropertyMetadataManagerImpl implements DomibusPropertyMetadataM
             new DomibusPropertyMetadata(DOMIBUS_PASSWORD_ENCRYPTION_ACTIVE, Type.BOOLEAN, false, Usage.GLOBAL_AND_DOMAIN, false),
             new DomibusPropertyMetadata(DOMIBUS_PASSWORD_ENCRYPTION_PROPERTIES, false, Usage.GLOBAL_AND_DOMAIN, false),
             new DomibusPropertyMetadata(DOMIBUS_PASSWORD_ENCRYPTION_KEY_LOCATION, Type.URI, false, Usage.GLOBAL_AND_DOMAIN, false),
+            new DomibusPropertyMetadata(DOMIBUS_PROPERTIES_PASSWORD_VIEW_ALLOW, Type.BOOLEAN, false, Usage.GLOBAL_AND_DOMAIN, true),
 
             DomibusPropertyMetadata.getReadOnlyGlobalProperty(DOMIBUS_JMS_CONNECTION_FACTORY_SESSION_CACHE_SIZE, Type.NUMERIC),
             DomibusPropertyMetadata.getReadOnlyGlobalProperty(DOMIBUS_JMS_QUEUE_PULL, Type.JNDI),
@@ -122,6 +123,8 @@ public class CorePropertyMetadataManagerImpl implements DomibusPropertyMetadataM
             new DomibusPropertyMetadata(DOMIBUS_SECURITY_TRUSTSTORE_PASSWORD, Type.PASSWORD, true, Usage.DOMAIN, false, true),
 
             DomibusPropertyMetadata.getGlobalProperty(DOMIBUS_AUTH_UNSECURE_LOGIN_ALLOWED, Type.BOOLEAN),
+            DomibusPropertyMetadata.getGlobalProperty(DOMIBUS_PROPERTIES_PASSWORD_POLICY_PATTERN, Type.REGEXP),
+            DomibusPropertyMetadata.getGlobalProperty(DOMIBUS_PROPERTIES_PASSWORD_POLICY_ENFORCE, Type.BOOLEAN),
             new DomibusPropertyMetadata(DOMIBUS_CONSOLE_LOGIN_MAXIMUM_ATTEMPT, Type.NUMERIC, Usage.DOMAIN_AND_SUPER, true),
             new DomibusPropertyMetadata(DOMIBUS_CONSOLE_LOGIN_SUSPENSION_TIME, Type.NUMERIC, Usage.DOMAIN_AND_SUPER, true),
             new DomibusPropertyMetadata(DOMIBUS_CERTIFICATE_REVOCATION_OFFSET, Type.NUMERIC, Usage.DOMAIN, true),
@@ -138,6 +141,7 @@ public class CorePropertyMetadataManagerImpl implements DomibusPropertyMetadataM
             DomibusPropertyMetadata.getGlobalProperty(DOMIBUS_PASSWORD_POLICY_CHECK_DEFAULT_PASSWORD, Type.BOOLEAN),
             DomibusPropertyMetadata.getGlobalProperty(DOMIBUS_PASSWORD_POLICY_DEFAULT_USER_CREATE, Type.BOOLEAN),
             DomibusPropertyMetadata.getGlobalProperty(DOMIBUS_PASSWORD_POLICY_DEFAULT_USER_AUTOGENERATE_PASSWORD, Type.BOOLEAN),
+            DomibusPropertyMetadata.getGlobalProperty(DOMIBUS_PASSWORD_POLICY_DEFAULT_USER_REGENERATE_PASSWORD, Type.BOOLEAN),
 
             new DomibusPropertyMetadata(DOMIBUS_PLUGIN_PASSWORD_POLICY_PATTERN, Type.REGEXP, Usage.DOMAIN, true),
             new DomibusPropertyMetadata(DOMIBUS_PLUGIN_PASSWORD_POLICY_VALIDATION_MESSAGE, Type.FREE_TEXT, Usage.DOMAIN, true),
@@ -182,6 +186,7 @@ public class CorePropertyMetadataManagerImpl implements DomibusPropertyMetadataM
             new DomibusPropertyMetadata(DOMIBUS_SENDER_CERTIFICATE_VALIDATION_ONSENDING, Type.BOOLEAN, Usage.DOMAIN, true),
             new DomibusPropertyMetadata(DOMIBUS_SENDER_CERTIFICATE_VALIDATION_ONRECEIVING, Type.BOOLEAN, Usage.DOMAIN, true),
             new DomibusPropertyMetadata(DOMIBUS_SENDER_TRUST_VALIDATION_ONRECEIVING, Type.BOOLEAN, Usage.DOMAIN, true),
+            new DomibusPropertyMetadata(DOMIBUS_SENDER_TRUST_VALIDATION_SIGNAL_SYNC_ONRECEIVING, Type.BOOLEAN, Usage.DOMAIN, true),
             new DomibusPropertyMetadata(DOMIBUS_SENDER_TRUST_VALIDATION_EXPRESSION, Type.REGEXP, Usage.DOMAIN, true),
             new DomibusPropertyMetadata(DOMIBUS_SENDER_TRUST_DYNAMIC_RECEIVER_VALIDATION_EXPRESSION, Type.REGEXP, Usage.DOMAIN, true),
             new DomibusPropertyMetadata(DOMIBUS_SENDER_TRUST_VALIDATION_CERTIFICATE_POLICY_OIDS, Type.COMMA_SEPARATED_LIST, Usage.DOMAIN, true),
@@ -197,6 +202,7 @@ public class CorePropertyMetadataManagerImpl implements DomibusPropertyMetadataM
             DomibusPropertyMetadata.getReadOnlyGlobalProperty(DOMIBUS_PMODE_VALIDATION_SERVICE_VALUE_PATTERN, Type.REGEXP),
             DomibusPropertyMetadata.getReadOnlyGlobalProperty(DOMIBUS_PMODE_VALIDATION_SERVICE_TYPE_PATTERN, Type.REGEXP),
             new DomibusPropertyMetadata(DOMIBUS_PMODE_LEGCONFIGURATION_MPC_ENABLED, Type.BOOLEAN, Usage.DOMAIN, true),
+            new DomibusPropertyMetadata(DOMIBUS_PMODE_DIAGNOSTICS_ENABLED, Type.BOOLEAN, Usage.DOMAIN, true),
             DomibusPropertyMetadata.getReadOnlyGlobalProperty(DOMIBUS_DATE_TIME_PATTERN_ON_RECEIVING, Type.REGEXP),
             DomibusPropertyMetadata.getReadOnlyGlobalProperty(DOMIBUS_DATE_TIME_PATTERN_ON_SENDING, Type.REGEXP),
 
@@ -217,6 +223,7 @@ public class CorePropertyMetadataManagerImpl implements DomibusPropertyMetadataM
             new DomibusPropertyMetadata(DOMIBUS_RETENTION_WORKER_MESSAGE_RETENTION_BATCH_DELETE, Type.NUMERIC, Usage.DOMAIN, true),
             new DomibusPropertyMetadata(DOMIBUS_RETENTION_JMS_CONCURRENCY, Type.CONCURRENCY, Usage.DOMAIN, true),
             new DomibusPropertyMetadata(DOMIBUS_PARTITIONS_DROP_CHECK_MESSAGES_EARCHIVED, Type.BOOLEAN, Usage.DOMAIN, true),
+            new DomibusPropertyMetadata(DOMIBUS_PARTITIONS_DROP_MAX_PARTITIONS, Type.NUMERIC, Usage.DOMAIN, true),
             new DomibusPropertyMetadata(DOMIBUS_DISPATCH_EBMS_ERROR_UNRECOVERABLE_RETRY, Type.BOOLEAN, Usage.DOMAIN, true),
 
             DomibusPropertyMetadata.getGlobalProperty(DOMIBUS_PROXY_ENABLED, Type.BOOLEAN),
@@ -255,7 +262,7 @@ public class CorePropertyMetadataManagerImpl implements DomibusPropertyMetadataM
             DomibusPropertyMetadata.getGlobalProperty(DOMIBUS_USER_INPUT_BLACK_LIST, Type.REGEXP),
             DomibusPropertyMetadata.getGlobalProperty(DOMIBUS_USER_INPUT_WHITE_LIST, Type.REGEXP),
             DomibusPropertyMetadata.getGlobalProperty(DOMIBUS_PROPERTY_LENGTH_MAX, Type.NUMERIC),
-            DomibusPropertyMetadata.getGlobalProperty(DOMIBUS_PROPERTY_VALIDATION_ENABLED, Type.BOOLEAN),
+            new DomibusPropertyMetadata(DOMIBUS_PROPERTY_VALIDATION_ENABLED, Type.BOOLEAN, Usage.GLOBAL_AND_DOMAIN, true),
             new DomibusPropertyMetadata(DOMIBUS_PROPERTY_BACKUP_PERIOD_MIN, Type.POSITIVE_DECIMAL, Usage.GLOBAL_AND_DOMAIN, true),
             new DomibusPropertyMetadata(DOMIBUS_PROPERTY_BACKUP_HISTORY_MAX, Type.POSITIVE_INTEGER, Usage.GLOBAL_AND_DOMAIN, true),
 
@@ -431,7 +438,7 @@ public class CorePropertyMetadataManagerImpl implements DomibusPropertyMetadataM
             new DomibusPropertyMetadata(DOMIBUS_CRL_BY_URL_CACHE_ENABLED, Type.BOOLEAN, Usage.DOMAIN, true),
             new DomibusPropertyMetadata(DOMIBUS_CRL_BY_CERT_CACHE_ENABLED, Type.BOOLEAN, Usage.DOMAIN, true),
 
-            DomibusPropertyMetadata.getGlobalProperty(DOMIBUS_RESEND_BUTTON_ENABLED_RECEIVED_MINUTES, Type.NUMERIC),
+            new DomibusPropertyMetadata(DOMIBUS_RESEND_BUTTON_ENABLED_RECEIVED_MINUTES, Type.NUMERIC, Usage.DOMAIN, true),
             new DomibusPropertyMetadata(DOMIBUS_MESSAGE_RESEND_CRON, Type.CRON, Usage.DOMAIN, true),
             new DomibusPropertyMetadata(DOMIBUS_QUARTZ_TRIGGER_BLOCKED_DURATION, Type.NUMERIC, Usage.DOMAIN, true),
 
@@ -454,6 +461,8 @@ public class CorePropertyMetadataManagerImpl implements DomibusPropertyMetadataM
 
             new DomibusPropertyMetadata(DOMIBUS_MESSAGE_TEST_DELIVERY, Type.BOOLEAN, Usage.DOMAIN, true),
 
+            new DomibusPropertyMetadata(DOMIBUS_MESSAGE_SUBMISSION_DIAGNOSTICS_ENABLED, Type.BOOLEAN, Usage.DOMAIN, true),
+
             new DomibusPropertyMetadata(DOMIBUS_MESSAGES_STUCK_CRON, Type.CRON, Usage.DOMAIN, true),
             new DomibusPropertyMetadata(DOMIBUS_MESSAGES_STUCK_IGNORE_RECENT_MINUTES, Type.NUMERIC, Usage.DOMAIN, true),
 
diff --git a/Core/Domibus-MSH/src/main/java/eu/domibus/core/property/DomibusPropertyResourceHelper.java b/Core/Domibus-MSH/src/main/java/eu/domibus/core/property/DomibusPropertyResourceHelper.java
index de060592c3..25914d96bb 100644
--- a/Core/Domibus-MSH/src/main/java/eu/domibus/core/property/DomibusPropertyResourceHelper.java
+++ b/Core/Domibus-MSH/src/main/java/eu/domibus/core/property/DomibusPropertyResourceHelper.java
@@ -36,4 +36,6 @@ public interface DomibusPropertyResourceHelper {
      * @return Metadata and the current value
      */
     DomibusProperty getProperty(String propertyName);
+
+    String getPasswordProperty(String propertyName);
 }
diff --git a/Core/Domibus-MSH/src/main/java/eu/domibus/core/property/DomibusPropertyResourceHelperImpl.java b/Core/Domibus-MSH/src/main/java/eu/domibus/core/property/DomibusPropertyResourceHelperImpl.java
index 1494f9bd88..d4e9b5917f 100644
--- a/Core/Domibus-MSH/src/main/java/eu/domibus/core/property/DomibusPropertyResourceHelperImpl.java
+++ b/Core/Domibus-MSH/src/main/java/eu/domibus/core/property/DomibusPropertyResourceHelperImpl.java
@@ -7,6 +7,7 @@
 import eu.domibus.core.rest.validators.FieldBlacklistValidator;
 import eu.domibus.logging.DomibusLoggerFactory;
 import org.apache.commons.collections4.CollectionUtils;
+import org.apache.commons.lang3.BooleanUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.commons.lang3.builder.EqualsBuilder;
 import org.apache.commons.lang3.builder.HashCodeBuilder;
@@ -21,6 +22,7 @@
 import java.util.stream.Collectors;
 
 import static eu.domibus.api.property.DomibusPropertyMetadata.NAME_SEPARATOR;
+import static eu.domibus.api.property.DomibusPropertyMetadataManagerSPI.DOMIBUS_PROPERTIES_PASSWORD_VIEW_ALLOW;
 import static eu.domibus.api.property.DomibusPropertyMetadataManagerSPI.DOMIBUS_PROPERTY_LENGTH_MAX;
 
 /**
@@ -36,6 +38,8 @@ public class DomibusPropertyResourceHelperImpl implements DomibusPropertyResourc
 
     public static final String ACCEPTED_CHARACTERS_IN_PROPERTY_NAMES = NAME_SEPARATOR;
 
+    public static final String PASSWORD_MASK = "";
+
     DecimalFormat decimalFormat = new DecimalFormat("0.#");
 
     private final DomibusConfigurationService domibusConfigurationService;
@@ -87,12 +91,28 @@ public List<DomibusProperty> getAllProperties(DomibusPropertiesFilter filter) {
                 .sort(filter.getOrderBy(), filter.getAsc())
                 .getResults();
 
+        handlePasswords(properties);
+
         return properties;
     }
 
+    private void handlePasswords(List<DomibusProperty> properties) {
+        Boolean allowPasswords = domibusPropertyProvider.getBooleanProperty(DOMIBUS_PROPERTIES_PASSWORD_VIEW_ALLOW);
+        if (BooleanUtils.isTrue(allowPasswords)) {
+            properties.stream()
+                    .filter(property -> property.getMetadata().getTypeAsEnum() == DomibusPropertyMetadata.Type.PASSWORD)
+                    .forEach(property -> {
+                        property.setValue(PASSWORD_MASK);
+                        property.setUsedValue(PASSWORD_MASK);
+                    });
+        } else {
+            properties.removeIf(property -> property.getMetadata().getTypeAsEnum() == DomibusPropertyMetadata.Type.PASSWORD);
+        }
+    }
+
     @Override
     public void setPropertyValue(String propertyName, boolean isDomain, String propertyValue) throws DomibusPropertyException {
-        validateProperty(propertyName, propertyValue);
+        validatePropertyWrite(propertyName, propertyValue);
 
         DomibusPropertyMetadata.Type propertyType = domibusPropertyProvider.getPropertyType(propertyName);
         if (isDomain) {
@@ -116,12 +136,65 @@ public void setPropertyValue(String propertyName, boolean isDomain, String prope
 
     @Override
     public DomibusProperty getProperty(String propertyName) {
-        if (!globalPropertyMetadataManager.hasKnownProperty(propertyName)) {
-            throw new DomibusPropertyException("Unknown property: " + propertyName);
+        validateExists(propertyName);
+
+        DomibusPropertyMetadata propertyMetadata = globalPropertyMetadataManager.getPropertyMetadata(propertyName);
+        validateGlobal(propertyName, propertyMetadata);
+
+        DomibusProperty domibusProperty = getValueAndCreateProperty(propertyMetadata);
+        handlePassword(propertyName, propertyMetadata, domibusProperty);
+
+        return domibusProperty;
+    }
+
+    private void handlePassword(String propertyName, DomibusPropertyMetadata propertyMetadata, DomibusProperty domibusProperty) {
+        if (propertyMetadata.getTypeAsEnum() != DomibusPropertyMetadata.Type.PASSWORD) {
+            return;
         }
 
+        checkAllowPassword(propertyName, propertyMetadata);
+
+        domibusProperty.setValue(PASSWORD_MASK);
+        domibusProperty.setUsedValue(PASSWORD_MASK);
+    }
+
+    @Override
+    public String getPasswordProperty(String propertyName) {
+        validateExists(propertyName);
+
         DomibusPropertyMetadata propertyMetadata = globalPropertyMetadataManager.getPropertyMetadata(propertyName);
-        return getValueAndCreateProperty(propertyMetadata);
+        if (propertyMetadata.getTypeAsEnum() != DomibusPropertyMetadata.Type.PASSWORD) {
+            throw new DomibusPropertyException("Property named " + propertyName + " is not a password");
+        }
+
+        validateGlobal(propertyName, propertyMetadata);
+
+        checkAllowPassword(propertyName, propertyMetadata);
+
+        return domibusPropertyProvider.getProperty(propertyName);
+    }
+
+    private void checkAllowPassword(String propertyName, DomibusPropertyMetadata propMeta) {
+        if (propMeta.getTypeAsEnum() != DomibusPropertyMetadata.Type.PASSWORD) {
+            return;
+        }
+
+        Boolean allowPasswords = domibusPropertyProvider.getBooleanProperty(DOMIBUS_PROPERTIES_PASSWORD_VIEW_ALLOW);
+        if (!allowPasswords) {
+            throw new DomibusPropertyException("Not allowed to view or change the password property named: " + propertyName);
+        }
+    }
+
+    private void validateGlobal(String propertyName, DomibusPropertyMetadata propertyMetadata) {
+        if (!authUtils.isAPAdmin() && propertyMetadata.isOnlyGlobal()) {
+            throw new DomibusPropertyException("Only super admins can view or change global properties: " + propertyName);
+        }
+    }
+
+    private void validateExists(String propertyName) {
+        if (!globalPropertyMetadataManager.hasKnownProperty(propertyName)) {
+            throw new DomibusPropertyException("Unknown property: " + propertyName);
+        }
     }
 
     protected List<DomibusProperty> getPropertyValues(List<DomibusPropertyMetadata> properties) {
@@ -157,11 +230,15 @@ protected List<DomibusProperty> getNestedProperties(DomibusPropertyMetadata prop
         return result;
     }
 
-    protected void validateProperty(String propertyName, String propertyValue) {
+    protected void validatePropertyWrite(String propertyName, String propertyValue) {
         DomibusPropertyMetadata propMeta = getPropertyMetadata(propertyName);
 
         validatePropertyMetadata(propertyName, propMeta);
 
+        validateGlobal(propertyName, propMeta);
+
+        checkAllowPassword(propertyName, propMeta);
+
         validatePropertyName(propMeta, propertyName);
 
         validatePropertyLength(propertyName, propertyValue);
@@ -249,23 +326,23 @@ protected void validateNumericPropertyValueRange(String propertyValue, DomibusPr
     }
 
     protected void validatePositiveIntegerMaxValue(String propertyValue, DomibusPropertyMetadata propMeta) {
-            if (new BigInteger(propertyValue).compareTo(BigInteger.valueOf(Integer.MAX_VALUE)) > 0) {
-                throw new DomibusPropertyException(String.format("Invalid property value. The value [%s] is greater than the maximum integer value allowed", propertyValue));
-            }
+        if (new BigInteger(propertyValue).compareTo(BigInteger.valueOf(Integer.MAX_VALUE)) > 0) {
+            throw new DomibusPropertyException(String.format("Invalid property value. The value [%s] is greater than the maximum integer value allowed", propertyValue));
+        }
     }
 
     protected void validatePositiveDecimalMaxValue(String propertyValue, DomibusPropertyMetadata propMeta) {
 
-            String values[] = propertyValue.split("\\.");
-            if (values.length > 1) {
-                if (new BigInteger(values[0]).compareTo(BigInteger.valueOf(Integer.MAX_VALUE - 1L)) > 0) {
-                    throw new DomibusPropertyException(String.format("Invalid property value. The value [%s] is greater than the maximum decimal value allowed", propertyValue));
-                }
-            } else {
-                if (new BigInteger(values[0]).compareTo(BigInteger.valueOf(Integer.MAX_VALUE)) > 0) {
-                    throw new DomibusPropertyException(String.format("Invalid property value. The value [%s] is greater than the maximum decimal value allowed", propertyValue));
-                }
+        String values[] = propertyValue.split("\\.");
+        if (values.length > 1) {
+            if (new BigInteger(values[0]).compareTo(BigInteger.valueOf(Integer.MAX_VALUE - 1L)) > 0) {
+                throw new DomibusPropertyException(String.format("Invalid property value. The value [%s] is greater than the maximum decimal value allowed", propertyValue));
             }
+        } else {
+            if (new BigInteger(values[0]).compareTo(BigInteger.valueOf(Integer.MAX_VALUE)) > 0) {
+                throw new DomibusPropertyException(String.format("Invalid property value. The value [%s] is greater than the maximum decimal value allowed", propertyValue));
+            }
+        }
     }
 
     protected DomibusPropertyMetadata getPropertyMetadata(String propertyName) {
@@ -414,7 +491,9 @@ protected RetrieveProcess getByDomain(DomibusPropertiesFilter filter, List<Domib
                 properties = getPropertyValues(propertiesMetadata);
             } else {
                 // for non-domain properties, we get the values in the null-domain context:
-                properties = domainTaskExecutor.submit(() -> getPropertyValues(propertiesMetadata));
+                // we need the security context restored on this thread because we try to get the logged user down the way
+                properties = domainTaskExecutor.submitWithSecurityContext(
+                        () -> getPropertyValues(propertiesMetadata));
             }
             return this;
         }
diff --git a/Core/Domibus-MSH/src/main/java/eu/domibus/core/property/DomibusPropertyValidatorService.java b/Core/Domibus-MSH/src/main/java/eu/domibus/core/property/DomibusPropertyValidatorService.java
index d043d3b998..bb87247858 100644
--- a/Core/Domibus-MSH/src/main/java/eu/domibus/core/property/DomibusPropertyValidatorService.java
+++ b/Core/Domibus-MSH/src/main/java/eu/domibus/core/property/DomibusPropertyValidatorService.java
@@ -4,14 +4,20 @@
 import eu.domibus.api.multitenancy.DomainService;
 import eu.domibus.api.multitenancy.DomainTaskExecutor;
 import eu.domibus.api.property.DomibusConfigurationService;
+import eu.domibus.api.property.DomibusPropertyException;
+import eu.domibus.api.property.DomibusPropertyMetadata;
 import eu.domibus.api.property.DomibusPropertyProvider;
 import eu.domibus.core.util.WarningUtil;
 import eu.domibus.logging.DomibusLoggerFactory;
 import org.apache.commons.lang3.BooleanUtils;
+import org.apache.commons.lang3.StringUtils;
 import org.slf4j.Logger;
 import org.springframework.stereotype.Service;
 
 import java.util.List;
+import java.util.Map;
+import java.util.regex.Pattern;
+import java.util.stream.Collectors;
 
 import static eu.domibus.api.property.DomibusPropertyMetadataManagerSPI.*;
 
@@ -28,12 +34,16 @@ public class DomibusPropertyValidatorService {
     private final DomibusConfigurationService domibusConfigurationService;
     private final DomainService domainService;
     private final DomainTaskExecutor domainTaskExecutor;
+    private final GlobalPropertyMetadataManager globalPropertyMetadataManager;
 
-    public DomibusPropertyValidatorService(DomibusPropertyProvider domibusPropertyProvider, DomibusConfigurationService domibusConfigurationService, DomainService domainService, DomainTaskExecutor domainTaskExecutor) {
+    public DomibusPropertyValidatorService(DomibusPropertyProvider domibusPropertyProvider, DomibusConfigurationService domibusConfigurationService,
+                                           DomainService domainService, DomainTaskExecutor domainTaskExecutor,
+                                           GlobalPropertyMetadataManager globalPropertyMetadataManager) {
         this.domibusPropertyProvider = domibusPropertyProvider;
         this.domibusConfigurationService = domibusConfigurationService;
         this.domainService = domainService;
         this.domainTaskExecutor = domainTaskExecutor;
+        this.globalPropertyMetadataManager = globalPropertyMetadataManager;
     }
 
     public void enforceValidation() {
@@ -44,6 +54,7 @@ public void enforceValidation() {
         } else {
             validationEArchiveAndRetention();
         }
+        validatePropertiesPasswordPolicy();
     }
 
     private void validationEArchiveAndRetentionForAllDomains() {
@@ -68,4 +79,69 @@ private void validationEArchiveAndRetention() {
             domibusPropertyProvider.setProperty(DOMIBUS_SEND_MESSAGE_SUCCESS_DELETE_PAYLOAD, "false");
         }
     }
+
+    public void validatePropertiesPasswordPolicy() {
+        LOG.debug("Validating password policy for all the properties of type password.");
+        final Pattern passwordPolicyPattern = Pattern.compile(domibusPropertyProvider.getProperty(DOMIBUS_PROPERTIES_PASSWORD_POLICY_PATTERN));
+        final boolean enforcePropertiesPasswordPolicy = BooleanUtils.isTrue(domibusPropertyProvider.getBooleanProperty(DOMIBUS_PROPERTIES_PASSWORD_POLICY_ENFORCE));
+
+        final Map<String, DomibusPropertyMetadata> allProperties = globalPropertyMetadataManager.getAllProperties();
+        final List<DomibusPropertyMetadata> allPasswordProperties = allProperties.values().stream()
+                .filter(prop -> StringUtils.equals(prop.getType(), DomibusPropertyMetadata.Type.PASSWORD.name()))
+                .collect(Collectors.toList());
+
+        boolean problemsFound = false;
+        for (DomibusPropertyMetadata property : allPasswordProperties) {
+            if (!propertyMatchesPasswordPolicy(property, passwordPolicyPattern)) {
+                problemsFound = true;
+            }
+        }
+
+        if (enforcePropertiesPasswordPolicy && problemsFound) {
+            throw new DomibusPropertyException("When [" + DOMIBUS_PROPERTIES_PASSWORD_POLICY_ENFORCE + "] is set to true, all password properties must match [" + DOMIBUS_PROPERTIES_PASSWORD_POLICY_PATTERN + "].");
+        }
+    }
+
+    private boolean propertyMatchesPasswordPolicy(DomibusPropertyMetadata property, Pattern passwordPolicyPattern) {
+        boolean result = true;
+        // the property can be Global and/or Domain
+        if (property.isGlobal() && !globalPropertyMatchesPasswordPolicy(property, passwordPolicyPattern)) {
+            result = false;
+        }
+        if (property.isDomain() && !domainPropertyMatchesPasswordPolicy(property, passwordPolicyPattern)) {
+            result = false;
+        }
+        return result;
+    }
+
+    private boolean globalPropertyMatchesPasswordPolicy(DomibusPropertyMetadata property, Pattern passwordPolicyPattern) {
+        LOG.debug("Validating password policy for global property [{}].", property.getName());
+        final String password = domibusPropertyProvider.getProperty(property.getName());
+        if (passwordMatchesPasswordPolicy(password, passwordPolicyPattern)) {
+            return true;
+        }
+        LOG.warn(WarningUtil.warnOutput("Password property [" + property.getName() + "] doesn't match the password policy pattern [" + DOMIBUS_PROPERTIES_PASSWORD_POLICY_PATTERN + "]."));
+        return false;
+    }
+
+    private boolean domainPropertyMatchesPasswordPolicy(DomibusPropertyMetadata property, Pattern passwordPolicyPattern) {
+        LOG.debug("Validating password policy for domain property [{}].", property.getName());
+        boolean result = true;
+        final List<Domain> domains = domainService.getDomains();
+        for (Domain domain : domains) {
+            final String password = domibusPropertyProvider.getProperty(domain, property.getName());
+            if (!passwordMatchesPasswordPolicy(password, passwordPolicyPattern)) {
+                LOG.warn(WarningUtil.warnOutput("Password property [" + property.getName() + "] doesn't match the password policy pattern [" + DOMIBUS_PROPERTIES_PASSWORD_POLICY_PATTERN + "] on domain [" + domain.getName() + "]."));
+                result = false;
+            }
+        }
+        return result;
+    }
+
+    public boolean passwordMatchesPasswordPolicy(String password, Pattern passwordPolicyPattern) {
+        if (StringUtils.isBlank(password)) {
+            return true;
+        }
+        return passwordPolicyPattern.matcher(password).matches();
+    }
 }
diff --git a/Core/Domibus-MSH/src/main/java/eu/domibus/core/property/PropertyChangeManager.java b/Core/Domibus-MSH/src/main/java/eu/domibus/core/property/PropertyChangeManager.java
index 59180a6a80..9ccd5d3a12 100644
--- a/Core/Domibus-MSH/src/main/java/eu/domibus/core/property/PropertyChangeManager.java
+++ b/Core/Domibus-MSH/src/main/java/eu/domibus/core/property/PropertyChangeManager.java
@@ -131,15 +131,15 @@ protected void signalPropertyValueChanged(Domain domain, String propertyName, St
         } catch (DomibusPropertyException ex) {
             LOG.error("An error occurred when executing property change listeners for property [{}]. Reverting to the former value.", propertyName, ex);
             try {
-                // revert to old value
-                doSetPropertyValue(domain, propertyName, oldValue);
+                // revert to old value. A "null" value is not supported, use "empty" instead.
+                doSetPropertyValue(domain, propertyName, oldValue == null ? StringUtils.EMPTY : oldValue);
                 //clear the cache manually here since we are not calling the set method through dispatcher class
                 domibusLocalCacheService.evict(DomibusLocalCacheService.DOMIBUS_PROPERTY_CACHE, propertyProviderHelper.getCacheKeyValue(domain, propMeta));
                 // the original property set failed likely due to the change listener validation so, there is no side effect produced and no need to call the listener again
 //                propertyChangeNotifier.signalPropertyValueChanged(domainCode, propertyName, oldValue, shouldBroadcast);
                 throw ex;
             } catch (DomibusPropertyException ex2) {
-                LOG.error("An error occurred trying to revert property [{}]. Exiting.", propertyName, ex2);
+                LOG.error("An error occurred while trying to revert property [{}]. Exiting.", propertyName, ex2);
                 throw ex2;
             }
         }
diff --git a/Core/Domibus-MSH/src/main/java/eu/domibus/core/property/listeners/EArchiveFileStorageChangeListener.java b/Core/Domibus-MSH/src/main/java/eu/domibus/core/property/listeners/EArchiveFileStorageChangeListener.java
index 9f7023f71c..02d1268501 100644
--- a/Core/Domibus-MSH/src/main/java/eu/domibus/core/property/listeners/EArchiveFileStorageChangeListener.java
+++ b/Core/Domibus-MSH/src/main/java/eu/domibus/core/property/listeners/EArchiveFileStorageChangeListener.java
@@ -3,10 +3,16 @@
 import eu.domibus.api.multitenancy.Domain;
 import eu.domibus.api.multitenancy.DomainService;
 import eu.domibus.api.property.DomibusPropertyChangeListener;
+import eu.domibus.api.property.DomibusPropertyException;
+import eu.domibus.api.property.DomibusPropertyProvider;
 import eu.domibus.core.earchive.storage.EArchiveFileStorageProvider;
+import eu.domibus.logging.DomibusLogger;
+import eu.domibus.logging.DomibusLoggerFactory;
+import org.apache.commons.lang3.BooleanUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.stereotype.Service;
 
+import static eu.domibus.api.property.DomibusPropertyMetadataManagerSPI.DOMIBUS_EARCHIVE_ACTIVE;
 import static eu.domibus.api.property.DomibusPropertyMetadataManagerSPI.DOMIBUS_EARCHIVE_STORAGE_LOCATION;
 
 /**
@@ -18,23 +24,53 @@
 @Service
 public class EArchiveFileStorageChangeListener implements DomibusPropertyChangeListener {
 
+    private static final DomibusLogger LOG = DomibusLoggerFactory.getLogger(EArchiveFileStorageChangeListener.class);
+
     protected final DomainService domainService;
 
     protected final EArchiveFileStorageProvider eArchiveFileStorageProvider;
 
-    public EArchiveFileStorageChangeListener(DomainService domainService, EArchiveFileStorageProvider eArchiveFileStorageProvider) {
+    protected final DomibusPropertyProvider domibusPropertyProvider;
+
+    public EArchiveFileStorageChangeListener(DomainService domainService, EArchiveFileStorageProvider eArchiveFileStorageProvider, DomibusPropertyProvider domibusPropertyProvider) {
         this.domainService = domainService;
         this.eArchiveFileStorageProvider = eArchiveFileStorageProvider;
+        this.domibusPropertyProvider = domibusPropertyProvider;
     }
 
     @Override
     public boolean handlesProperty(String propertyName) {
-        return StringUtils.equalsIgnoreCase(propertyName, DOMIBUS_EARCHIVE_STORAGE_LOCATION);
+        return StringUtils.equalsAnyIgnoreCase(propertyName,
+                DOMIBUS_EARCHIVE_STORAGE_LOCATION, DOMIBUS_EARCHIVE_ACTIVE);
     }
 
     @Override
     public void propertyValueChanged(String domainCode, String propertyName, String propertyValue) {
         final Domain domain = domainService.getDomain(domainCode);
+
+        if (StringUtils.equalsIgnoreCase(propertyName, DOMIBUS_EARCHIVE_STORAGE_LOCATION)) {
+            onStorageLocationChanged(domain);
+        }
+        if (StringUtils.equalsIgnoreCase(propertyName, DOMIBUS_EARCHIVE_ACTIVE)) {
+            onEArchivingActiveChanged(domain);
+        }
+    }
+
+    private void onStorageLocationChanged(Domain domain) {
         eArchiveFileStorageProvider.reset(domain);
     }
+
+    private void onEArchivingActiveChanged(Domain domain) {
+        Boolean active = domibusPropertyProvider.getBooleanProperty(domain, DOMIBUS_EARCHIVE_ACTIVE);
+        String storageLocation = domibusPropertyProvider.getProperty(domain, DOMIBUS_EARCHIVE_STORAGE_LOCATION);
+
+        if (BooleanUtils.isTrue(active)) {
+            if (StringUtils.isBlank(storageLocation)) {
+                throw new DomibusPropertyException("EArchiving cannot be activated for domain " + domain.getCode() + " because the storage location is not set");
+            }
+
+            LOG.debug("EArchiving for domain [{}] is being activated with storage location [{}]", domain.getCode(), storageLocation);
+            eArchiveFileStorageProvider.reset(domain);
+        }
+    }
 }
diff --git a/Core/Domibus-MSH/src/main/java/eu/domibus/core/property/listeners/PasswordChangeListener.java b/Core/Domibus-MSH/src/main/java/eu/domibus/core/property/listeners/PasswordChangeListener.java
new file mode 100644
index 0000000000..be5d122c1a
--- /dev/null
+++ b/Core/Domibus-MSH/src/main/java/eu/domibus/core/property/listeners/PasswordChangeListener.java
@@ -0,0 +1,56 @@
+package eu.domibus.core.property.listeners;
+
+import eu.domibus.api.property.*;
+import eu.domibus.core.property.DomibusPropertyValidatorService;
+import eu.domibus.core.util.WarningUtil;
+import eu.domibus.logging.DomibusLoggerFactory;
+import org.apache.commons.lang3.BooleanUtils;
+import org.slf4j.Logger;
+import org.springframework.stereotype.Service;
+
+import java.util.regex.Pattern;
+
+import static eu.domibus.api.property.DomibusPropertyMetadataManagerSPI.DOMIBUS_PROPERTIES_PASSWORD_POLICY_ENFORCE;
+import static eu.domibus.api.property.DomibusPropertyMetadataManagerSPI.DOMIBUS_PROPERTIES_PASSWORD_POLICY_PATTERN;
+
+/**
+ * @author Ionut Breaz
+ * @since 5.1.5
+ * <p>
+ * Validates that passwords match the DOMIBUS_PROPERTIES_PASSWORD_POLICY_PATTERN
+ */
+
+@Service
+public class PasswordChangeListener implements DomibusPropertyChangeListener {
+
+    private static final Logger LOG = DomibusLoggerFactory.getLogger(PasswordChangeListener.class);
+
+    private final DomibusPropertyProvider domibusPropertyProvider;
+    private final DomibusPropertyValidatorService domibusPropertyValidatorService;
+
+    public PasswordChangeListener(DomibusPropertyProvider domibusPropertyProvider, DomibusPropertyValidatorService domibusPropertyValidatorService) {
+        this.domibusPropertyProvider = domibusPropertyProvider;
+        this.domibusPropertyValidatorService = domibusPropertyValidatorService;
+    }
+
+    @Override
+    public boolean handlesProperty(String propertyName) {
+        return domibusPropertyProvider.getPropertyType(propertyName) == DomibusPropertyMetadata.Type.PASSWORD;
+    }
+
+    @Override
+    public void propertyValueChanged(String domainCode, String propertyName, String propertyValue) {
+        final Pattern passwordPolicyPattern = Pattern.compile(domibusPropertyProvider.getProperty(DOMIBUS_PROPERTIES_PASSWORD_POLICY_PATTERN));
+
+        if (!domibusPropertyValidatorService.passwordMatchesPasswordPolicy(propertyValue, passwordPolicyPattern)) {
+            String message = "Property value of property [" + propertyName + "] does not match [" + DOMIBUS_PROPERTIES_PASSWORD_POLICY_PATTERN + "].";
+            final boolean enforcePropertiesPasswordPolicy = BooleanUtils.isTrue(domibusPropertyProvider.getBooleanProperty(DOMIBUS_PROPERTIES_PASSWORD_POLICY_ENFORCE));
+            if (enforcePropertiesPasswordPolicy) {
+                throw new DomibusPropertyException(message);
+            } else {
+                LOG.warn(WarningUtil.warnOutput(message));
+            }
+        }
+    }
+
+}
diff --git a/Core/Domibus-MSH/src/main/java/eu/domibus/core/security/configuration/AbstractWebSecurityConfigurerAdapter.java b/Core/Domibus-MSH/src/main/java/eu/domibus/core/security/configuration/AbstractWebSecurityConfigurerAdapter.java
index ead9101fbb..d2e3af855f 100644
--- a/Core/Domibus-MSH/src/main/java/eu/domibus/core/security/configuration/AbstractWebSecurityConfigurerAdapter.java
+++ b/Core/Domibus-MSH/src/main/java/eu/domibus/core/security/configuration/AbstractWebSecurityConfigurerAdapter.java
@@ -6,6 +6,7 @@
 import eu.domibus.web.filter.SetDomainFilter;
 import eu.domibus.web.header.ServerHeaderWriter;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.HttpMethod;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.builders.WebSecurity;
@@ -15,8 +16,6 @@
 import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
 import org.springframework.security.web.util.matcher.RequestMatcher;
 
-import javax.ws.rs.HttpMethod;
-
 import static eu.domibus.api.property.DomibusPropertyMetadataManagerSPI.*;
 
 /**
@@ -125,6 +124,8 @@ private void configureHttpSecurityCommon(HttpSecurity httpSecurity) throws Excep
                         "/rest/application/multitenancy",
                         "/rest/application/supportteam",
                         "/rest/security/user").permitAll()
+                // in non-EuLogin version, only super-admin can change the current domain
+                .antMatchers(HttpMethod.PUT, "/rest/security/user/domain").hasAnyAuthority(AuthRole.ROLE_AP_ADMIN.name())
                 .antMatchers("/rest/userdomains/**").authenticated()
                 .antMatchers("/rest/application/info").authenticated()
                 .antMatchers("/rest/domains/**").hasAnyAuthority(AuthRole.ROLE_AP_ADMIN.name())
@@ -146,6 +147,7 @@ private void configureHttpSecurityCommon(HttpSecurity httpSecurity) throws Excep
                 .antMatchers(HttpMethod.GET, "/rest/configuration/properties/" + DOMIBUS_UI_MESSAGE_LOGS_DEFAULT_INTERVAL).authenticated()
                 .antMatchers(HttpMethod.GET, "/rest/configuration/properties/" + DOMIBUS_UI_MESSAGE_LOGS_LANDING_PAGE).authenticated()
                 .antMatchers(HttpMethod.GET, "/rest/configuration/properties/" + DOMIBUS_UI_MESSAGE_LOGS_SEARCH_ADVANCED_ENABLED).authenticated()
+                .antMatchers(HttpMethod.GET, "/rest/configuration/properties/**/encrypted").hasAnyAuthority(AuthRole.ROLE_ADMIN.name(), AuthRole.ROLE_AP_ADMIN.name())
                 .antMatchers("/rest/configuration/**").hasAnyAuthority(AuthRole.ROLE_ADMIN.name(), AuthRole.ROLE_AP_ADMIN.name())
                 .antMatchers("/metrics/**").hasAnyAuthority(AuthRole.ROLE_ADMIN.name(), AuthRole.ROLE_AP_ADMIN.name())
                 .antMatchers("/rest/message/restore/**").hasAnyAuthority(AuthRole.ROLE_ADMIN.name(), AuthRole.ROLE_AP_ADMIN.name())
@@ -155,7 +157,7 @@ private void configureHttpSecurityCommon(HttpSecurity httpSecurity) throws Excep
                 .exceptionHandling().and()
                 .headers().addHeaderWriter(serverHeaderWriter).frameOptions().deny().contentTypeOptions()
                 .and().xssProtection().xssProtectionEnabled(true)
-                .and().contentSecurityPolicy("default-src 'self'; script-src 'self'; child-src 'none'; connect-src 'self'; img-src * 'self' data: https:; style-src 'self' 'unsafe-inline'; frame-ancestors 'self'; form-action 'self';").and().and()
+                .and().contentSecurityPolicy("default-src 'self'; script-src 'self'; child-src 'none'; connect-src 'self'; img-src * 'self' data: https:; style-src 'self' 'unsafe-inline'; frame-ancestors 'self'; form-action 'self'; font-src 'self' data:").and().and()
                 .httpBasic().authenticationEntryPoint(http403ForbiddenEntryPoint)
                 .and()
                 .addFilterBefore(setDomainFilter, UsernamePasswordAuthenticationFilter.class)
diff --git a/Core/Domibus-MSH/src/main/java/eu/domibus/core/security/configuration/SecurityAdminConsoleConfiguration.java b/Core/Domibus-MSH/src/main/java/eu/domibus/core/security/configuration/SecurityAdminConsoleConfiguration.java
index e5fef391c6..5dc5ecf021 100644
--- a/Core/Domibus-MSH/src/main/java/eu/domibus/core/security/configuration/SecurityAdminConsoleConfiguration.java
+++ b/Core/Domibus-MSH/src/main/java/eu/domibus/core/security/configuration/SecurityAdminConsoleConfiguration.java
@@ -1,7 +1,6 @@
 package eu.domibus.core.security.configuration;
 
 import eu.domibus.api.property.DomibusPropertyProvider;
-import eu.domibus.api.security.AuthRole;
 import eu.domibus.core.security.UserDetailServiceImpl;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
@@ -66,8 +65,6 @@ public DaoAuthenticationProvider daoAuthenticationProvider() {
     public void configureHttpSecurity(HttpSecurity httpSecurity) throws Exception {
         httpSecurity
                 .authorizeRequests()
-                .antMatchers("/rest/security/user/domain")
-                .hasAnyAuthority(AuthRole.ROLE_USER.name(), AuthRole.ROLE_ADMIN.name(), AuthRole.ROLE_AP_ADMIN.name())
                 .and()
                 .sessionManagement()
                 .maximumSessions(10)
diff --git a/Core/Domibus-MSH/src/main/java/eu/domibus/core/spring/DomibusApplicationContextListener.java b/Core/Domibus-MSH/src/main/java/eu/domibus/core/spring/DomibusApplicationContextListener.java
index eb1491e23a..4d75bccebd 100644
--- a/Core/Domibus-MSH/src/main/java/eu/domibus/core/spring/DomibusApplicationContextListener.java
+++ b/Core/Domibus-MSH/src/main/java/eu/domibus/core/spring/DomibusApplicationContextListener.java
@@ -148,8 +148,12 @@ public void onApplicationEvent(ContextRefreshedEvent event) {
             return;
         }
 
-        doInitialize();
-
+        try {
+            doInitialize();
+        } catch (Exception ex) {
+            LOG.error("Error during initialization. Shutting down.", ex);
+            ShutdownUtils.shutdownDomibus(applicationContext);
+        }
         LOG.info("Finished processing ContextRefreshedEvent");
     }
 
@@ -169,7 +173,6 @@ public void initializeForTests() {
      */
     protected void executeSynchronized(boolean completeInitialization) {
         messageDictionaryService.createStaticDictionaryEntries();
-        domibusPropertyValidatorService.enforceValidation();
         encryptionService.handleEncryption();
         getUserService().createDefaultUserIfApplicable();
 
@@ -198,6 +201,7 @@ private void initializePluginsWithLockIfNeeded() {
      * Add code that does not need to be executed with regard to other nodes in the cluster
      */
     protected void executeNonSynchronized(boolean completeInitialization) {
+        domibusPropertyValidatorService.enforceValidation();
         routingService.initialize();
         gatewayConfigurationValidator.validateConfiguration();
         backendConnectorService.ensureValidConfiguration();
diff --git a/Core/Domibus-MSH/src/main/java/eu/domibus/core/spring/DomibusContextLoaderListener.java b/Core/Domibus-MSH/src/main/java/eu/domibus/core/spring/DomibusContextLoaderListener.java
index b4ca2e2edd..2d9f237708 100644
--- a/Core/Domibus-MSH/src/main/java/eu/domibus/core/spring/DomibusContextLoaderListener.java
+++ b/Core/Domibus-MSH/src/main/java/eu/domibus/core/spring/DomibusContextLoaderListener.java
@@ -1,10 +1,8 @@
 package eu.domibus.core.spring;
 
-import ch.qos.logback.classic.LoggerContext;
 import eu.domibus.core.plugin.classloader.PluginClassLoader;
 import eu.domibus.logging.DomibusLogger;
 import eu.domibus.logging.DomibusLoggerFactory;
-import org.slf4j.LoggerFactory;
 import org.springframework.web.context.ContextLoaderListener;
 import org.springframework.web.context.WebApplicationContext;
 
@@ -34,13 +32,7 @@ public void contextInitialized(ServletContextEvent servletContextEvent) {
     public void contextDestroyed(ServletContextEvent servletContextEvent) {
         super.contextDestroyed(servletContextEvent);
         shutdownPluginClassLoader();
-        shutdownLogger();
-    }
-
-    protected void shutdownLogger() {
-        LOG.info("Stop ch.qos.logback.classic.LoggerContext");
-        LoggerContext loggerContext = (LoggerContext) LoggerFactory.getILoggerFactory();
-        loggerContext.stop();
+        ShutdownUtils.shutdownLogger();
     }
 
     protected void shutdownPluginClassLoader() {
diff --git a/Core/Domibus-MSH/src/main/java/eu/domibus/core/spring/ShutdownUtils.java b/Core/Domibus-MSH/src/main/java/eu/domibus/core/spring/ShutdownUtils.java
new file mode 100644
index 0000000000..9c2707b1f4
--- /dev/null
+++ b/Core/Domibus-MSH/src/main/java/eu/domibus/core/spring/ShutdownUtils.java
@@ -0,0 +1,40 @@
+package eu.domibus.core.spring;
+
+import ch.qos.logback.classic.LoggerContext;
+import eu.domibus.core.util.WarningUtil;
+import eu.domibus.logging.DomibusLogger;
+import eu.domibus.logging.DomibusLoggerFactory;
+import org.slf4j.LoggerFactory;
+import org.springframework.context.ApplicationContext;
+import org.springframework.context.ConfigurableApplicationContext;
+
+public class ShutdownUtils {
+    private static final DomibusLogger LOG = DomibusLoggerFactory.getLogger(ShutdownUtils.class);
+
+    public static void shutdownDomibus(ApplicationContext applicationContext) {
+        try {
+            if (applicationContext instanceof ConfigurableApplicationContext) {
+                LOG.warn("Stopping the applicationContext");
+                ((ConfigurableApplicationContext)applicationContext).close();
+            }
+        } catch (Exception ex) {
+            LOG.error("Could not close application context", ex);
+        }
+        shutdownLogger();
+        // logger is stopped, so we use the old way
+        System.err.println("Calling System.exit(1)");
+        System.exit(1);
+    }
+
+    public static void shutdownLogger() {
+        try {
+            LOG.warn(WarningUtil.warnOutput("Domibus is stopping."));
+            LOG.info("Stop ch.qos.logback.classic.LoggerContext");
+            LoggerContext loggerContext = (LoggerContext) LoggerFactory.getILoggerFactory();
+            loggerContext.stop();
+        } catch (Exception ex) {
+            // logger is stopping, so we cannot use it to log the exception
+            ex.printStackTrace();
+        }
+    }
+}
diff --git a/Core/Domibus-MSH/src/main/java/eu/domibus/core/user/UserPersistenceService.java b/Core/Domibus-MSH/src/main/java/eu/domibus/core/user/UserPersistenceService.java
index 2e15f648b2..57fe21fb38 100644
--- a/Core/Domibus-MSH/src/main/java/eu/domibus/core/user/UserPersistenceService.java
+++ b/Core/Domibus-MSH/src/main/java/eu/domibus/core/user/UserPersistenceService.java
@@ -12,4 +12,7 @@ public interface UserPersistenceService {
     void updateUsers(List<eu.domibus.api.user.User> users);
 
     void changePassword(String userName, String currentPassword, String newPassword);
+
+    void reGenerateDefaultPassword(String userName,  String newPassword);
+
 }
diff --git a/Core/Domibus-MSH/src/main/java/eu/domibus/core/user/UserPersistenceServiceImpl.java b/Core/Domibus-MSH/src/main/java/eu/domibus/core/user/UserPersistenceServiceImpl.java
index 73ed7b47f1..36d18f5e0e 100644
--- a/Core/Domibus-MSH/src/main/java/eu/domibus/core/user/UserPersistenceServiceImpl.java
+++ b/Core/Domibus-MSH/src/main/java/eu/domibus/core/user/UserPersistenceServiceImpl.java
@@ -105,6 +105,14 @@ public void changePassword(String userName, String currentPassword, String newPa
         userDao.update(userEntity);
     }
 
+    @Override
+    @Transactional(propagation = Propagation.REQUIRED)
+    public void reGenerateDefaultPassword(String userName, String newPassword) {
+        User userEntity = userDao.loadUserByUsername(userName);
+        reGenerateDefaultPassword(userEntity, newPassword);
+        userDao.update(userEntity);
+    }
+
     protected void updateUsers(Collection<eu.domibus.api.user.User> users, boolean withPasswordChange) {
         for (eu.domibus.api.user.User user : users) {
             updateUser(withPasswordChange, user);
@@ -192,6 +200,10 @@ protected void changePassword(User user, String newPassword) {
         securityPolicyManager.changePassword(user, newPassword);
     }
 
+    protected void reGenerateDefaultPassword(User user, String newPassword) {
+        securityPolicyManager.reGenerateDefaultPassword(user, newPassword);
+    }
+
     protected void insertNewUsers(Collection<eu.domibus.api.user.User> newUsers) {
         for (UserBase user : newUsers) {
             // validate user not already in general schema
diff --git a/Core/Domibus-MSH/src/main/java/eu/domibus/core/user/UserSecurityPolicyManager.java b/Core/Domibus-MSH/src/main/java/eu/domibus/core/user/UserSecurityPolicyManager.java
index 1ee49c182a..6da48003b2 100644
--- a/Core/Domibus-MSH/src/main/java/eu/domibus/core/user/UserSecurityPolicyManager.java
+++ b/Core/Domibus-MSH/src/main/java/eu/domibus/core/user/UserSecurityPolicyManager.java
@@ -187,6 +187,15 @@ public void changePassword(U user, String newPassword) {
         user.setDefaultPassword(false);
     }
 
+    public void reGenerateDefaultPassword(U user, String newPassword) {
+        // save old password in history
+        savePasswordHistory(user);
+        user.setPassword(bCryptEncoder.encode(newPassword));
+        user.setDefaultPassword(true);
+        user.setActive(true);
+    }
+
+
     protected void savePasswordHistory(U user) {
         int passwordsToKeep = domibusPropertyProvider.getIntegerProperty(getPasswordHistoryPolicyProperty());
         if (passwordsToKeep <= 0) {
diff --git a/Core/Domibus-MSH/src/main/java/eu/domibus/core/user/multitenancy/SuperUserManagementServiceImpl.java b/Core/Domibus-MSH/src/main/java/eu/domibus/core/user/multitenancy/SuperUserManagementServiceImpl.java
index b86783db7c..28e8b05cf1 100644
--- a/Core/Domibus-MSH/src/main/java/eu/domibus/core/user/multitenancy/SuperUserManagementServiceImpl.java
+++ b/Core/Domibus-MSH/src/main/java/eu/domibus/core/user/multitenancy/SuperUserManagementServiceImpl.java
@@ -8,8 +8,6 @@
 import eu.domibus.core.user.ui.UserManagementServiceImpl;
 import eu.domibus.logging.DomibusLogger;
 import eu.domibus.logging.DomibusLoggerFactory;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
 
@@ -74,13 +72,9 @@ public List<eu.domibus.api.user.User> findUsersWithFilters(AuthRole authRole, St
     @Override
     @Transactional
     public void updateUsers(List<eu.domibus.api.user.User> users) {
-        // TODO: maybe add a new method on domainTaskExecutor: submitWithSecurityContext that preserves the sec context
-        final Authentication currentAuthentication = SecurityContextHolder.getContext().getAuthentication();
-        domainTaskExecutor.submit(() -> {
-            // we need the security context restored on this thread because we try to get the logged user down the way
-            SecurityContextHolder.getContext().setAuthentication(currentAuthentication);
-            super.updateUsers(users);
-        });
+        // we need the security context restored on this thread because we try to get the logged user down the way
+        domainTaskExecutor.submitWithSecurityContext(
+                () -> super.updateUsers(users));
     }
 
     @Override
diff --git a/Core/Domibus-MSH/src/main/java/eu/domibus/core/user/ui/UserManagementServiceImpl.java b/Core/Domibus-MSH/src/main/java/eu/domibus/core/user/ui/UserManagementServiceImpl.java
index ace680a1b0..0aaebc4949 100644
--- a/Core/Domibus-MSH/src/main/java/eu/domibus/core/user/ui/UserManagementServiceImpl.java
+++ b/Core/Domibus-MSH/src/main/java/eu/domibus/core/user/ui/UserManagementServiceImpl.java
@@ -1,6 +1,5 @@
 package eu.domibus.core.user.ui;
 
-import eu.domibus.api.multitenancy.DomainService;
 import eu.domibus.api.multitenancy.UserDomainService;
 import eu.domibus.api.property.DomibusConfigurationService;
 import eu.domibus.api.property.DomibusPropertyProvider;
@@ -27,8 +26,7 @@
 import java.util.*;
 import java.util.function.Function;
 
-import static eu.domibus.api.property.DomibusPropertyMetadataManagerSPI.DOMIBUS_PASSWORD_POLICY_DEFAULT_USER_AUTOGENERATE_PASSWORD;
-import static eu.domibus.api.property.DomibusPropertyMetadataManagerSPI.DOMIBUS_PASSWORD_POLICY_DEFAULT_USER_CREATE;
+import static eu.domibus.api.property.DomibusPropertyMetadataManagerSPI.*;
 
 /**
  * * Management of regular users, used in ST mode and when a domain admin user logs in in MT mode
@@ -297,13 +295,21 @@ public void createDefaultUserIfApplicable() {
 
         // check already exists an active admin user
         if (hasAtLeastOneActiveAdmin()) {
+            boolean reGeneratePassword = domibusPropertyProvider.getBooleanProperty(DOMIBUS_PASSWORD_POLICY_DEFAULT_USER_REGENERATE_PASSWORD);
+            if (reGeneratePassword) {
+                LOG.info("Property to regenerate default password is enabled.");
+
+                String userName = getDefaultUserName();
+                String newPassword = getPassword();
+                userPersistenceService.reGenerateDefaultPassword(userName, newPassword);
+
+                LOG.info("Default password regenerated successfully for user [{}] is [{}].", userName, newPassword);
+            }
             LOG.info("A user with role [{}] already exists; exiting.", getAdminRole());
             return;
         }
-
         String userName = getDefaultUserName();
         eu.domibus.api.user.User user = createDefaultUser(userName);
-
         userPersistenceService.updateUsers(Arrays.asList(user));
     }
 
diff --git a/Core/Domibus-MSH/src/main/java/eu/domibus/core/util/DatabaseUtilImpl.java b/Core/Domibus-MSH/src/main/java/eu/domibus/core/util/DatabaseUtilImpl.java
index a3106ed850..96bb994b5b 100644
--- a/Core/Domibus-MSH/src/main/java/eu/domibus/core/util/DatabaseUtilImpl.java
+++ b/Core/Domibus-MSH/src/main/java/eu/domibus/core/util/DatabaseUtilImpl.java
@@ -35,6 +35,7 @@ public class DatabaseUtilImpl implements DatabaseUtil {
     @PostConstruct
     public void init() {
         try (Connection connection = dataSource.getConnection()) {
+            connection.setAutoCommit(false);
             databaseUserName = connection.getMetaData().getUserName();
             LOG.info("Found database username [{}]", databaseUserName);
         } catch (SQLException e) {
diff --git a/Core/Domibus-MSH/src/main/java/eu/domibus/core/util/DateUtilImpl.java b/Core/Domibus-MSH/src/main/java/eu/domibus/core/util/DateUtilImpl.java
index 7b04d7e750..4c74b35f8e 100644
--- a/Core/Domibus-MSH/src/main/java/eu/domibus/core/util/DateUtilImpl.java
+++ b/Core/Domibus-MSH/src/main/java/eu/domibus/core/util/DateUtilImpl.java
@@ -18,7 +18,8 @@
 import java.util.TimeZone;
 import java.util.concurrent.TimeUnit;
 
-import static eu.domibus.api.model.DomibusDatePrefixedSequenceIdGeneratorGenerator.*;
+import static eu.domibus.api.model.DomibusDatePrefixedSequenceIdGeneratorGenerator.MAX;
+import static eu.domibus.api.model.DomibusDatePrefixedSequenceIdGeneratorGenerator.MIN;
 import static java.time.format.DateTimeFormatter.ofPattern;
 import static java.util.Locale.ENGLISH;
 
@@ -42,7 +43,7 @@ public String getIdPkDateHourPrefix(Date value) {
     @Override
     public ZonedDateTime getDateHour(String idPk) {
         DateTimeFormatter formatter = ofPattern(DATETIME_FORMAT_DEFAULT).withZone(ZoneOffset.UTC);
-        String dateHour = StringUtils.substring(idPk, 0, DATETIME_FORMAT_DEFAULT.length());
+        String dateHour = StringUtils.substring(StringUtils.leftPad(idPk, 18, "0"), 0, DATETIME_FORMAT_DEFAULT.length());
         return ZonedDateTime.parse(dateHour, formatter);
     }
 
@@ -118,8 +119,8 @@ public Date getUtcDate() {
     }
 
     @Override
-    public LocalDateTime getUtcLocalDateTime(LocalDateTime localDateTime){
-      return localDateTime.atZone(ZoneId.systemDefault()).withZoneSameInstant(ZoneOffset.UTC).toLocalDateTime();
+    public LocalDateTime getUtcLocalDateTime(LocalDateTime localDateTime) {
+        return localDateTime.atZone(ZoneId.systemDefault()).withZoneSameInstant(ZoneOffset.UTC).toLocalDateTime();
     }
 
     @Override
@@ -161,6 +162,7 @@ public long getMinEntityId(ZonedDateTime instant, long delayInSeconds) {
         LOG.trace("Turned date [{}] delayed by [{}] seconds into MIN entity ID [{}]", instant, delayInSeconds, entityId);
         return entityId;
     }
+
     @Override
     public long getMaxEntityId(long delayInSeconds) {
         return getMaxEntityId(ZonedDateTime.now(ZoneOffset.UTC), delayInSeconds);
@@ -173,7 +175,7 @@ public long getMinEntityId(long delayInSeconds) {
 
     @Override
     public Date convertOffsetDateTimeToDate(OffsetDateTime offsetDateTime) {
-        if(offsetDateTime == null) {
+        if (offsetDateTime == null) {
             return null;
         }
         return new Date(offsetDateTime.toInstant().toEpochMilli());
@@ -181,7 +183,7 @@ public Date convertOffsetDateTimeToDate(OffsetDateTime offsetDateTime) {
 
     @Override
     public OffsetDateTime convertDateToOffsetDateTime(Date date) {
-        if(date == null) {
+        if (date == null) {
             return null;
         }
         return date.toInstant().atOffset(ZoneOffset.UTC);
diff --git a/Core/Domibus-MSH/src/main/java/eu/domibus/core/util/DbSchemaUtilImpl.java b/Core/Domibus-MSH/src/main/java/eu/domibus/core/util/DbSchemaUtilImpl.java
index e672c92f73..eb34e9cb3b 100644
--- a/Core/Domibus-MSH/src/main/java/eu/domibus/core/util/DbSchemaUtilImpl.java
+++ b/Core/Domibus-MSH/src/main/java/eu/domibus/core/util/DbSchemaUtilImpl.java
@@ -12,6 +12,7 @@
 import eu.domibus.api.util.FaultyDatabaseSchemaNameException;
 import eu.domibus.logging.DomibusLogger;
 import eu.domibus.logging.DomibusLoggerFactory;
+import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.scheduling.SchedulingTaskExecutor;
 import org.springframework.stereotype.Service;
@@ -137,7 +138,13 @@ public synchronized boolean isDatabaseSchemaForDomainValid(Domain domain) {
     protected Boolean doIsDatabaseSchemaForDomainValid(Domain domain) {
         try (Connection connection = dataSource.getConnection()) {
             connection.setAutoCommit(false);
+
             String databaseSchema = getDatabaseSchema(domain);
+            if (StringUtils.isBlank(databaseSchema)) {
+                LOG.warn("Could not find database schema for domain [{}]. Please check the value of the [{}] property.", domain.getCode(), DOMIBUS_DATABASE_SCHEMA);
+                return false;
+            }
+
             try {
                 setSchema(connection, databaseSchema);
             } catch (PersistenceException | FaultyDatabaseSchemaNameException e) {
@@ -220,7 +227,7 @@ public String getSchemaChangeSQL(String databaseSchemaName) throws DomibusDataba
 
     @Override
     public boolean isDatabaseSchemaNameSane(final String schemaName) {
-        return schemaName.matches(ALPHANUMERIC_PATTERN_WITH_UNDERSCORE);
+        return StringUtils.isNotBlank(schemaName) && schemaName.matches(ALPHANUMERIC_PATTERN_WITH_UNDERSCORE);
     }
 
     private void checkTableExists(String databaseSchema, Connection connection) throws SQLException {
@@ -237,7 +244,7 @@ private String getCheckTableExistsSql(String databaseSchemaName) {
 
         if (!isDatabaseSchemaNameSane(databaseSchemaName)) {
             LOG.error("Faulty database schema name: [{}]", databaseSchemaName);
-            throw new FaultyDatabaseSchemaNameException("Database schema name is invalid: " + databaseSchemaName);
+            throw new FaultyDatabaseSchemaNameException("Database schema name is invalid: [" + databaseSchemaName + "]");
         }
 
         switch (databaseEngine) {
diff --git a/Core/Domibus-MSH/src/main/java/eu/domibus/core/util/HttpUtilImpl.java b/Core/Domibus-MSH/src/main/java/eu/domibus/core/util/HttpUtilImpl.java
index ca02ef4288..a1da367cf8 100644
--- a/Core/Domibus-MSH/src/main/java/eu/domibus/core/util/HttpUtilImpl.java
+++ b/Core/Domibus-MSH/src/main/java/eu/domibus/core/util/HttpUtilImpl.java
@@ -1,8 +1,8 @@
 package eu.domibus.core.util;
 
 import eu.domibus.api.property.DomibusPropertyProvider;
-import eu.domibus.api.util.HttpUtil;
 import eu.domibus.api.proxy.DomibusProxyService;
+import eu.domibus.api.util.HttpUtil;
 import eu.domibus.core.proxy.ProxyUtil;
 import eu.domibus.logging.DomibusLogger;
 import eu.domibus.logging.DomibusLoggerFactory;
@@ -14,7 +14,7 @@
 import org.apache.http.client.config.RequestConfig;
 import org.apache.http.client.methods.CloseableHttpResponse;
 import org.apache.http.client.methods.HttpGet;
-import org.apache.http.conn.ssl.NoopHostnameVerifier;
+import org.apache.http.conn.ssl.DefaultHostnameVerifier;
 import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
 import org.apache.http.impl.client.CloseableHttpClient;
 import org.apache.http.impl.client.HttpClientBuilder;
@@ -120,7 +120,7 @@ protected SSLConnectionSocketFactory getSSLConnectionSocketFactory() throws NoSu
                 sslContext,
                 null,
                 null,
-                NoopHostnameVerifier.INSTANCE);
+                new DefaultHostnameVerifier());
 
         return sslsf;
     }
diff --git a/Core/Domibus-MSH/src/main/java/eu/domibus/core/util/SecurityUtilImpl.java b/Core/Domibus-MSH/src/main/java/eu/domibus/core/util/SecurityUtilImpl.java
index 39f4052dc5..4b512a18e1 100644
--- a/Core/Domibus-MSH/src/main/java/eu/domibus/core/util/SecurityUtilImpl.java
+++ b/Core/Domibus-MSH/src/main/java/eu/domibus/core/util/SecurityUtilImpl.java
@@ -3,10 +3,20 @@
 import eu.domibus.api.pki.DomibusCertificateException;
 import eu.domibus.logging.DomibusLogger;
 import eu.domibus.logging.DomibusLoggerFactory;
+import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
+import org.bouncycastle.openssl.PEMParser;
+import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
 import org.springframework.stereotype.Service;
 
-import java.security.KeyStore;
-import java.security.KeyStoreException;
+import javax.crypto.BadPaddingException;
+import javax.crypto.Cipher;
+import javax.crypto.IllegalBlockSizeException;
+import javax.crypto.NoSuchPaddingException;
+import java.io.IOException;
+import java.io.StringReader;
+import java.nio.charset.StandardCharsets;
+import java.security.*;
+import java.util.Base64;
 import java.util.Enumeration;
 
 /**
@@ -50,4 +60,20 @@ public boolean areKeystoresIdentical(KeyStore store1, KeyStore store2) {
             throw new DomibusCertificateException("Invalid keystore", e);
         }
     }
+
+    public String encryptValue(String publicKeyPem, String value) throws IOException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException {
+        PEMParser pemParser = new PEMParser(new StringReader(publicKeyPem));
+        JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider("BC");
+        PublicKey publicKey = converter.getPublicKey((SubjectPublicKeyInfo) pemParser.readObject());
+
+        // Initialize the Cipher with the public key for encryption
+        Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA-256AndMGF1Padding");
+        cipher.init(Cipher.ENCRYPT_MODE, publicKey);
+
+        // Encrypt the value
+        byte[] encryptedBytes = cipher.doFinal(value.getBytes(StandardCharsets.UTF_8));
+
+        // Convert the encrypted bytes to Base64 to get a string
+        return Base64.getEncoder().encodeToString(encryptedBytes);
+    }
 }
\ No newline at end of file
diff --git a/Core/Domibus-MSH/src/main/java/eu/domibus/web/rest/AlertResource.java b/Core/Domibus-MSH/src/main/java/eu/domibus/web/rest/AlertResource.java
index 4ec65c4212..da3164716a 100644
--- a/Core/Domibus-MSH/src/main/java/eu/domibus/web/rest/AlertResource.java
+++ b/Core/Domibus-MSH/src/main/java/eu/domibus/web/rest/AlertResource.java
@@ -17,9 +17,11 @@
 import eu.domibus.logging.DomibusLoggerFactory;
 import eu.domibus.web.rest.ro.AlertFilterRequestRO;
 import eu.domibus.web.rest.ro.AlertResult;
+import org.apache.commons.collections4.CollectionUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.slf4j.Logger;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.AccessDeniedException;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.*;
 
@@ -37,7 +39,6 @@ public class AlertResource extends BaseResource {
 
     private static final Logger LOG = DomibusLoggerFactory.getLogger(AlertResource.class);
 
-
     private AlertService alertService;
 
     private DateUtil dateUtil;
@@ -120,10 +121,14 @@ public List<String> getAlertParameters(@RequestParam(value = "alertType") String
 
     @PutMapping
     public void processAlerts(@RequestBody List<AlertRo> alertRos) {
-        final List<Alert> domainAlerts = filterDomainAlerts(alertRos);
         final List<Alert> superAlerts = filterSuperAlerts(alertRos);
-        final List<Alert> deletedDomainAlerts = filterDeletedDomainAlerts(alertRos);
         final List<Alert> deletedSuperAlerts = filterDeletedSuperAlerts(alertRos);
+        if (!authUtils.isSuperAdmin() && (CollectionUtils.isNotEmpty(superAlerts) || CollectionUtils.isNotEmpty(deletedSuperAlerts))) {
+            throw new AccessDeniedException("Only super admin can update or delete alerts pertaining to super admins!");
+        }
+
+        final List<Alert> domainAlerts = filterDomainAlerts(alertRos);
+        final List<Alert> deletedDomainAlerts = filterDeletedDomainAlerts(alertRos);
 
         alertService.updateAlertProcessed(domainAlerts);
         domainTaskExecutor.submit(() -> alertService.updateAlertProcessed(superAlerts));
diff --git a/Core/Domibus-MSH/src/main/java/eu/domibus/web/rest/DomibusPropertyResource.java b/Core/Domibus-MSH/src/main/java/eu/domibus/web/rest/DomibusPropertyResource.java
index 4ae7426f31..ae133d0a35 100644
--- a/Core/Domibus-MSH/src/main/java/eu/domibus/web/rest/DomibusPropertyResource.java
+++ b/Core/Domibus-MSH/src/main/java/eu/domibus/web/rest/DomibusPropertyResource.java
@@ -4,14 +4,16 @@
 import eu.domibus.api.property.DomibusProperty;
 import eu.domibus.api.property.DomibusPropertyException;
 import eu.domibus.api.property.DomibusPropertyMetadata;
+import eu.domibus.api.property.DomibusPropertyProvider;
 import eu.domibus.api.validators.SkipWhiteListed;
-import eu.domibus.core.converter.DomibusCoreMapper;
 import eu.domibus.core.property.DomibusPropertiesFilter;
 import eu.domibus.core.property.DomibusPropertyMetadataMapper;
 import eu.domibus.core.property.DomibusPropertyResourceHelper;
+import eu.domibus.core.util.SecurityUtilImpl;
 import eu.domibus.logging.DomibusLoggerFactory;
 import eu.domibus.web.rest.error.ErrorHandlerService;
 import eu.domibus.web.rest.ro.*;
+import org.apache.commons.codec.binary.Base64;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.commons.lang3.exception.ExceptionUtils;
 import org.slf4j.Logger;
@@ -43,18 +45,21 @@ public class DomibusPropertyResource extends BaseResource {
 
     private final ErrorHandlerService errorHandlerService;
 
+    private final SecurityUtilImpl securityUtil;
+
     public DomibusPropertyResource(DomibusPropertyResourceHelper domibusPropertyResourceHelper,
                                    DomibusPropertyMetadataMapper domibusPropertyMetadataMapper,
-                                   ErrorHandlerService errorHandlerService) {
+                                   ErrorHandlerService errorHandlerService, SecurityUtilImpl securityUtil) {
         this.domibusPropertyResourceHelper = domibusPropertyResourceHelper;
         this.domibusPropertyMetadataMapper = domibusPropertyMetadataMapper;
         this.errorHandlerService = errorHandlerService;
+        this.securityUtil = securityUtil;
     }
 
     @ExceptionHandler({DomibusPropertyException.class})
     public ResponseEntity<ErrorRO> handleDomibusPropertyException(DomibusPropertyException ex) {
         Throwable rootCause = ExceptionUtils.getRootCause(ex);
-        String message = rootCause == null ? ex.getMessage() : rootCause.getMessage();
+        String message = (rootCause == null || rootCause.getMessage() == null) ? ex.getMessage() : rootCause.getMessage();
         return errorHandlerService.createResponse(message, HttpStatus.BAD_REQUEST);
     }
 
@@ -147,4 +152,28 @@ public DomibusPropertyRO getProperty(@Valid @PathVariable String propertyName) {
         DomibusPropertyRO convertedProp = domibusPropertyMetadataMapper.propertyApiToPropertyRO(prop);
         return convertedProp;
     }
+
+
+    /**
+     * Returns the encrypted value of the specified property with the specified public key
+     *
+     * @param propertyName the name of the property
+     * @param publicKeyPem the public encryption key pem
+     * @return the encrypted property value
+     */
+    @GetMapping(path = "/{propertyName:.+}/encrypted")
+    public String getEncryptedPropertyValue(@Valid @PathVariable String propertyName, @SkipWhiteListed @RequestParam String publicKeyPem) {
+        String propValue = domibusPropertyResourceHelper.getPasswordProperty(propertyName);
+        if (StringUtils.isBlank(propValue)) {
+            return StringUtils.EMPTY;
+        }
+
+        try {
+            byte[] decodedKeyPem = Base64.decodeBase64(publicKeyPem);
+            return securityUtil.encryptValue(new String(decodedKeyPem), propValue);
+        } catch (Exception e) {
+            throw new DomibusPropertyException("Error trying to encrypt password", e);
+        }
+    }
+
 }
diff --git a/Core/Domibus-MSH/src/main/java/eu/domibus/web/rest/LoggingResource.java b/Core/Domibus-MSH/src/main/java/eu/domibus/web/rest/LoggingResource.java
index 4ac8949247..829028a7e6 100644
--- a/Core/Domibus-MSH/src/main/java/eu/domibus/web/rest/LoggingResource.java
+++ b/Core/Domibus-MSH/src/main/java/eu/domibus/web/rest/LoggingResource.java
@@ -20,9 +20,12 @@
 
 import javax.validation.Valid;
 import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.HashMap;
 import java.util.List;
 
+import static org.springframework.util.CollectionUtils.contains;
+
 /**
  * REST resource for setting or retrieving logging levels at runtime
  *
@@ -67,6 +70,14 @@ public ResponseEntity<String> setLogLevel(@RequestBody @Valid LoggingLevelRO req
         final String name = request.getName();
         final String level = request.getLevel();
 
+        if (!loggingService.exists(name)) {
+            LOG.error("[{}] is not a known logger", name);
+            return ResponseEntity.badRequest().body("[" + request.getName() + "] is not a known logger ");
+        }
+        if (!contains(Arrays.stream(LoggingLevelResultRO.levels).iterator(), request.getLevel())) {
+            LOG.error("Could not set log level [{}]", request.getLevel());
+            return ResponseEntity.badRequest().body("Could not set log level [" + request.getLevel() + "]");
+        }
         //set log level on current server
         loggingService.setLoggingLevel(name, level);
 
diff --git a/Core/Domibus-MSH/src/main/java/eu/domibus/web/rest/MessageLogResource.java b/Core/Domibus-MSH/src/main/java/eu/domibus/web/rest/MessageLogResource.java
index 30a6eb2c50..b5cff09990 100644
--- a/Core/Domibus-MSH/src/main/java/eu/domibus/web/rest/MessageLogResource.java
+++ b/Core/Domibus-MSH/src/main/java/eu/domibus/web/rest/MessageLogResource.java
@@ -6,7 +6,6 @@
 import eu.domibus.api.model.MessageStatus;
 import eu.domibus.api.model.MessageType;
 import eu.domibus.api.model.NotificationStatus;
-import eu.domibus.api.property.DomibusConfigurationService;
 import eu.domibus.api.util.DateUtil;
 import eu.domibus.core.message.MessageLogInfo;
 import eu.domibus.core.message.MessagesLogService;
@@ -85,7 +84,9 @@ public MessageLogResultRO getMessageLog(@Valid MessageLogFilterRequestRO request
         //creating the filters
         HashMap<String, Object> filters = requestFilterUtils.createFilterMap(request);
 
-        requestFilterUtils.setDefaultFilters(request, filters);
+        if(request.getApplyDefaultFilters()) {
+            requestFilterUtils.setDefaultFilters(request, filters);
+        }
 
         MessageLogResultRO result = messagesLogService.countAndFindPaged(request.getMessageType(), request.getPageSize() * request.getPage(),
                 request.getPageSize(), request.getOrderBy(), request.getAsc(), filters, request.getFields());
diff --git a/Core/Domibus-MSH/src/main/java/eu/domibus/web/rest/PModeResource.java b/Core/Domibus-MSH/src/main/java/eu/domibus/web/rest/PModeResource.java
index 44904649c7..ad2ec3fad5 100644
--- a/Core/Domibus-MSH/src/main/java/eu/domibus/web/rest/PModeResource.java
+++ b/Core/Domibus-MSH/src/main/java/eu/domibus/web/rest/PModeResource.java
@@ -35,6 +35,7 @@
 import java.util.Arrays;
 import java.util.Date;
 import java.util.List;
+import java.util.Objects;
 
 /**
  * @author Mircea Musat
@@ -129,6 +130,12 @@ public ResponseEntity<String> deletePModes(@RequestParam("ids") List<String> pMo
             return ResponseEntity.badRequest().body("Failed to delete PModes since the list of ids was empty.");
         }
         try {
+            long currentPmodeId = pModeProvider.getCurrentPmode().getId();
+            if (pModeIds.stream().anyMatch(pModeId -> Objects.equals(Long.parseLong(pModeId), currentPmodeId))) {
+                LOG.error("Could not delete current PMode [{}]", currentPmodeId);
+                return ResponseEntity.badRequest().body("Could not delete current PMode [" + currentPmodeId + "]");
+            }
+
             for (String pModeId : pModeIds) {
                 pModeProvider.removePMode(Long.parseLong(pModeId));
             }
diff --git a/Core/Domibus-MSH/src/main/java/eu/domibus/web/rest/error/GlobalExceptionHandlerAdvice.java b/Core/Domibus-MSH/src/main/java/eu/domibus/web/rest/error/GlobalExceptionHandlerAdvice.java
index a8208c99f5..e4aa46594f 100644
--- a/Core/Domibus-MSH/src/main/java/eu/domibus/web/rest/error/GlobalExceptionHandlerAdvice.java
+++ b/Core/Domibus-MSH/src/main/java/eu/domibus/web/rest/error/GlobalExceptionHandlerAdvice.java
@@ -14,6 +14,7 @@
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.AccessDeniedException;
 import org.springframework.validation.ObjectError;
 import org.springframework.web.bind.MethodArgumentNotValidException;
 import org.springframework.web.bind.annotation.ControllerAdvice;
@@ -46,6 +47,11 @@ public GlobalExceptionHandlerAdvice(ErrorHandlerService errorHandlerService) {
         this.errorHandlerService = errorHandlerService;
     }
 
+    @ExceptionHandler({AccessDeniedException.class})
+    public ResponseEntity<ErrorRO> handleAccessDeniedException(AccessDeniedException ex) {
+        return errorHandlerService.createResponse(ex, HttpStatus.FORBIDDEN);
+    }
+
     @ExceptionHandler({DomainTaskException.class})
     public ResponseEntity<ErrorRO> handleDomainException(DomainTaskException ex) {
         return handleWrappedException(ex);
diff --git a/Core/Domibus-MSH/src/main/java/eu/domibus/web/rest/ro/LoggingLevelResultRO.java b/Core/Domibus-MSH/src/main/java/eu/domibus/web/rest/ro/LoggingLevelResultRO.java
index 8dd60f725f..cdd7d4d146 100644
--- a/Core/Domibus-MSH/src/main/java/eu/domibus/web/rest/ro/LoggingLevelResultRO.java
+++ b/Core/Domibus-MSH/src/main/java/eu/domibus/web/rest/ro/LoggingLevelResultRO.java
@@ -23,14 +23,14 @@ public class LoggingLevelResultRO implements Serializable {
 
     private Map<String, Object> filter; //NOSONAR
 
-    private String[] levels = {
+    public static String[] levels = {
             Level.TRACE.toString(),
             Level.DEBUG.toString(),
             Level.INFO.toString(),
             Level.WARN.toString(),
             Level.ERROR.toString(),
-            Level.OFF.toString(),
-            Level.ALL.toString()
+            Level.ALL.toString(),
+            Level.OFF.toString()
     };
 
     public List<LoggingLevelRO> getLoggingEntries() {
diff --git a/Core/Domibus-MSH/src/main/java/eu/domibus/web/rest/ro/MessageLogFilterRequestRO.java b/Core/Domibus-MSH/src/main/java/eu/domibus/web/rest/ro/MessageLogFilterRequestRO.java
index f1fd226e4e..adea82bf1a 100644
--- a/Core/Domibus-MSH/src/main/java/eu/domibus/web/rest/ro/MessageLogFilterRequestRO.java
+++ b/Core/Domibus-MSH/src/main/java/eu/domibus/web/rest/ro/MessageLogFilterRequestRO.java
@@ -63,6 +63,8 @@ public class MessageLogFilterRequestRO implements Serializable {
     @CustomWhiteListed(permitted = ":/-.,")
     private List<String> fields;
 
+    private Boolean applyDefaultFilters = true;
+
     public int getPage() {
         return page;
     }
@@ -241,4 +243,12 @@ public List<String> getFields() {
     public void setFields(List<String> fields) {
         this.fields = fields;
     }
+
+    public Boolean getApplyDefaultFilters() {
+        return applyDefaultFilters;
+    }
+
+    public void setApplyDefaultFilters(Boolean applyDefaultFilters) {
+        this.applyDefaultFilters = applyDefaultFilters;
+    }
 }
diff --git a/Core/Domibus-MSH/src/main/java/eu/domibus/web/rest/ro/MessageLogRO.java b/Core/Domibus-MSH/src/main/java/eu/domibus/web/rest/ro/MessageLogRO.java
index 14a0b8b7f3..eab4c7a897 100644
--- a/Core/Domibus-MSH/src/main/java/eu/domibus/web/rest/ro/MessageLogRO.java
+++ b/Core/Domibus-MSH/src/main/java/eu/domibus/web/rest/ro/MessageLogRO.java
@@ -76,6 +76,12 @@ public class MessageLogRO implements Serializable {
 
     private Date archived;
 
+    private Date exported;
+
+    private Date downloaded;
+
+    private Date acknowledged;
+
     public String getMessageId() {
         return messageId;
     }
@@ -327,4 +333,28 @@ public Date getArchived() {
     public void setArchived(Date archived) {
         this.archived = archived;
     }
+
+    public Date getExported() {
+        return exported;
+    }
+
+    public void setExported(Date exported) {
+        this.exported = exported;
+    }
+
+    public Date getDownloaded() {
+        return downloaded;
+    }
+
+    public void setDownloaded(Date downloaded) {
+        this.downloaded = downloaded;
+    }
+
+    public Date getAcknowledged() {
+        return acknowledged;
+    }
+
+    public void setAcknowledged(Date acknowledged) {
+        this.acknowledged = acknowledged;
+    }
 }
diff --git a/Core/Domibus-MSH/src/main/java/eu/domibus/web/security/AuthenticationServiceBase.java b/Core/Domibus-MSH/src/main/java/eu/domibus/web/security/AuthenticationServiceBase.java
index ef88815849..2640a7c795 100644
--- a/Core/Domibus-MSH/src/main/java/eu/domibus/web/security/AuthenticationServiceBase.java
+++ b/Core/Domibus-MSH/src/main/java/eu/domibus/web/security/AuthenticationServiceBase.java
@@ -3,7 +3,6 @@
 import eu.domibus.api.multitenancy.Domain;
 import eu.domibus.api.multitenancy.DomainService;
 import eu.domibus.api.multitenancy.DomainTaskException;
-import eu.domibus.api.multitenancy.DomainsAware;
 import eu.domibus.api.security.AuthUtils;
 import eu.domibus.api.security.DomibusUserDetails;
 import eu.domibus.core.user.UserService;
@@ -15,7 +14,6 @@
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.security.authentication.AnonymousAuthenticationToken;
-import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
 
 import java.util.function.Consumer;
@@ -52,10 +50,21 @@ public void changeDomain(String domainCode) {
         if (StringUtils.isEmpty(domainCode)) {
             throw new DomainTaskException("Could not set current domain: domain is empty");
         }
-        if (!domainService.getDomains().stream().anyMatch(d -> domainCode.equalsIgnoreCase(d.getCode()))) {
+
+        if (domainService.getDomains().stream().noneMatch(d -> domainCode.equalsIgnoreCase(d.getCode()))) {
             throw new DomainTaskException("Could not set current domain: unknown domain (" + domainCode + ")");
         }
 
+        DomibusUserDetails loggedUser = getLoggedUser();
+        if (loggedUser == null) {
+            throw new DomainTaskException("Could not set current domain: logged user is null!");
+        }
+        // the domain can be set as current if it is among the available domains of the current user
+        //in EuLogin implementation, this means those domains the current user is a member of
+        if (loggedUser.getAvailableDomainCodes().stream().noneMatch(domainCode::equalsIgnoreCase)) {
+            throw new DomainTaskException("Could not set current domain: user is not a member of domain (" + domainCode + ")");
+        }
+
         authUtils.executeOnLoggedUser(userDetails -> userDetails.setDomain(domainCode));
     }
 
diff --git a/Core/Domibus-MSH/src/main/resources/config/domibus-default.properties b/Core/Domibus-MSH/src/main/resources/config/domibus-default.properties
index 3236f86ca5..c710ad0764 100644
--- a/Core/Domibus-MSH/src/main/resources/config/domibus-default.properties
+++ b/Core/Domibus-MSH/src/main/resources/config/domibus-default.properties
@@ -82,6 +82,9 @@ domibus.password.encryption.active=false
 #The location where the encrypted key is stored
 domibus.password.encryption.key.location=${domibus.config.location}/internal/encrypt
 
+#Password can be viewed if true;
+domibus.properties.password.view.allow=true
+
 #To activate security set this to false
 domibus.auth.unsecureLoginAllowed=true
 
@@ -116,6 +119,14 @@ domibus.certificate.crlByUrl.cache.enabled=false
 #Enable caching of CRLs by certificate. Note that, while a CRL is cached, any certificates that were revoked since it was cached would still be accepted
 domibus.certificate.crlByCert.cache.enabled=true
 
+#Complexity rules for all properties passwords
+#Default value requires Minimum length: 16 characters; Maximum length: 32 characters; At least one letter in lowercase; At least one letter in uppercase; At least one digit; At least one special character
+domibus.properties.passwordPolicy.pattern=^(?=.*[0-9])(?=.*[a-z])(?=.*[A-Z])(?=.*[~`!@#$%^&+=\\-_<>.,?:;*/()|\\[\\]{}'"\\\\]).{16,32}$
+
+#If true will enforce the complexity rules for all properties passwords by stopping Domibus
+#If set to false only warnings are logged
+domibus.properties.passwordPolicy.enforce=false
+
 # ---------------------------------- Extensions ----------------------------------
 #Name of the authentication extension used to verify the chain trust. Default is CXF
 domibus.extension.iam.authentication.identifier=DEFAULT_AUTHENTICATION_SPI
@@ -173,6 +184,9 @@ domibus.message.resend.cron = 0 0/1 * * * ?
 #Activates the plugin notification of Test messages
 domibus.message.test.notification=false
 
+#If enabled, diagnostics data will be logged when a message submission fails
+domibus.message.submission.diagnostics.enabled=false
+
 # ---------------------------------- Retry -------------------------------------
 
 #Retry Worker execution interval as a cron expression
@@ -303,8 +317,8 @@ domibus.retention.jms.concurrency=5-10
 #Cron expression used for configuring the partition worker scheduling. The partition worker verifies if partitions were properly created in advance
 domibus.partitions.worker.cron=0 9 * * * ?
 
-#Number of days to check if partitions were successfully created in advance. Defaults to 7 days.
-domibus.partitions.creation.days_to_check=7
+#Maximum number of expired partitions to be dropped by the retention worker in one run. Defaults to 10 partitions.
+domibus.partitions.drop.max_partitions=10
 
 #When set to true, before dropping a partition, verifies if all messages on that partition were previously archived.
 #This check is a guard rail for dropping partitions when the eArchiving mechanism is disabled. Default is true.
@@ -549,10 +563,13 @@ domibus.sender.certificate.validation.onsending=true
 #not valid or it has been revoked Domibus will not accept the message (default is true)
 domibus.sender.certificate.validation.onreceiving=true
 
-#If activated Domibus will verify before receiving a message, the validity and authorization on the sender's certificate. When disabled,
-#none of the other checks are performed on the sender's certificate.
+#If activated Domibus will verify before receiving a User Message when using Push/Pull or a Signal Acknowledgement (NRR) when using Pull, that the sender certificate is valid and not revoked
+# When disabled, none of the other checks are performed on the sender's certificate.
 domibus.sender.trust.validation.onreceiving=true
 
+#If activated Domibus will verify before receiving syncronously a signal message following a push or pull request, that the sender certificate is valid and not revoked
+domibus.sender.trust.validation.signal.sync.onreceiving=true
+
 #When this property is not empty Domibus will verify before receiving a message(using static or dynamic discovery), that the subject of the sender's certificate matches the regular expression.
 domibus.sender.trust.validation.expression=
 
@@ -588,6 +605,9 @@ domibus.pmode.legconfiguration.mpc.validation.enabled=true
 # If set to false, Domibus fills in the value of the Mpc with the value of the EBMS3 defaultMpc ("http://docs.oasis-open.org/ebxml-msg/ebms/v3.0/ns/core/200704/defaultMPC")
 domibus.pmode.legconfiguration.mpc.enabled=true
 
+#If enabled, detailed diagnostics data will be logged when a message does not match the PMode
+domibus.pmode.legconfiguration.diagnostics.enabled=false
+
 #Accepted Format for action value in the PMode (Default value: ^[^=]*$: all characters but '=')
 domibus.pmode.validation.action.pattern=^[^=]*$
 
@@ -731,6 +751,9 @@ domibus.passwordPolicy.defaultUser.create=true
 #Default user password generation policy enabled/disabled (by default is enabled)
 domibus.passwordPolicy.defaultUser.autogeneratePassword=true
 
+#Default user password regeneration policy enabled/disabled (by default is disabled).
+domibus.passwordPolicy.defaultUser.reGeneratePassword=false
+
 #Cron expression that specifies the frequency of the password expiration check
 domibus.passwordPolicies.check.cron=0 0 0/1 * * ?
 
diff --git a/Core/Domibus-MSH/src/main/resources/schemas/domibus-pmode.xsd b/Core/Domibus-MSH/src/main/resources/schemas/domibus-pmode.xsd
index d60ff170b1..f491962ee8 100644
--- a/Core/Domibus-MSH/src/main/resources/schemas/domibus-pmode.xsd
+++ b/Core/Domibus-MSH/src/main/resources/schemas/domibus-pmode.xsd
@@ -326,6 +326,7 @@
                                                 <xs:attribute name="value" use="required"
                                                               type="max255-string"/>
                                                 <xs:attribute name="type"
+                                                              use="optional"
                                                               type="max255-string"/>
                                             </xs:complexType>
                                         </xs:element>
diff --git a/Core/Domibus-MSH/src/test/java/eu/domibus/core/certificate/CertificateServiceImplTest.java b/Core/Domibus-MSH/src/test/java/eu/domibus/core/certificate/CertificateServiceImplTest.java
index 147ca5f2cb..1405da080f 100644
--- a/Core/Domibus-MSH/src/test/java/eu/domibus/core/certificate/CertificateServiceImplTest.java
+++ b/Core/Domibus-MSH/src/test/java/eu/domibus/core/certificate/CertificateServiceImplTest.java
@@ -33,11 +33,9 @@
 import org.junit.rules.ExpectedException;
 import org.junit.runner.RunWith;
 
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.StringWriter;
+import java.io.*;
 import java.math.BigInteger;
+import java.net.URL;
 import java.security.KeyStore;
 import java.security.KeyStoreException;
 import java.security.NoSuchAlgorithmException;
@@ -73,6 +71,9 @@ public class CertificateServiceImplTest {
     @Tested
     CertificateServiceImpl certificateService;
 
+    @Tested
+    CertificateHelper realCertificateHelper;
+
     @Injectable
     CRLService crlService;
 
@@ -1112,4 +1113,32 @@ public void testGetCertificatePolicyIdentifiersWithNoPolicyExtension() throws Ex
         assertEquals(0, list.size());
     }
 
+    @Test
+    public void testCopyStoreContent() throws Exception {
+        String storePassword = "test123";
+
+        URL resourceUrl = this.getClass().getClassLoader().getResource("keystores/mixed.jks");
+        try (InputStream inputStream = resourceUrl.openStream()) {
+            byte[] contentBytes = readAllBytes(inputStream);
+            KeyStoreContentInfo storeInfo = realCertificateHelper.createStoreContentInfo("srcStore", "mixed.jks", contentBytes, storePassword);
+            KeyStore srcStore = certificateService.loadStore(storeInfo);
+
+            KeyStore destStore = certificateService.getNewKeystore("JKS");
+            certificateService.copyStoreContent(srcStore, destStore, storePassword, storePassword);
+            assertEquals(2, Collections.list(destStore.aliases()).size());
+        }
+    }
+
+    private static byte[] readAllBytes(InputStream inputStream) throws IOException {
+        try (ByteArrayOutputStream buffer = new ByteArrayOutputStream()) {
+            byte[] data = new byte[1024]; // Buffer size (can be adjusted)
+            int bytesRead;
+
+            while ((bytesRead = inputStream.read(data, 0, data.length)) != -1) {
+                buffer.write(data, 0, bytesRead);
+            }
+
+            return buffer.toByteArray();
+        }
+    }
 }
diff --git a/Core/Domibus-MSH/src/test/java/eu/domibus/core/csv/CsvServiceImplTest.java b/Core/Domibus-MSH/src/test/java/eu/domibus/core/csv/CsvServiceImplTest.java
index ce6cac057a..9a210c96ae 100644
--- a/Core/Domibus-MSH/src/test/java/eu/domibus/core/csv/CsvServiceImplTest.java
+++ b/Core/Domibus-MSH/src/test/java/eu/domibus/core/csv/CsvServiceImplTest.java
@@ -159,7 +159,7 @@ private List<MessageLogInfo> getMessageList(Date date, Boolean testMessage) {
                 date, date, 1, 5, date, 1L,
                 "conversationId", 1L, 1L, "originalSender", "finalRecipient",
                 "refToMessageId", date, date, testMessage, false, false, 1L, 1L,
-                "pluginType", 1L, date);
+                "pluginType", 1L, date, date, date, date);
         result.add(messageLog);
         return result;
     }
diff --git a/Core/Domibus-MSH/src/test/java/eu/domibus/core/earchive/listener/EArchiveErrorHandlerTest.java b/Core/Domibus-MSH/src/test/java/eu/domibus/core/earchive/listener/EArchiveErrorHandlerTest.java
index 404b3627f1..21a26445c9 100644
--- a/Core/Domibus-MSH/src/test/java/eu/domibus/core/earchive/listener/EArchiveErrorHandlerTest.java
+++ b/Core/Domibus-MSH/src/test/java/eu/domibus/core/earchive/listener/EArchiveErrorHandlerTest.java
@@ -34,14 +34,12 @@ public class EArchiveErrorHandlerTest {
     @Test
     public void handleError_ok(@Injectable EArchiveBatchEntity eArchiveBatch) {
 
-        LOG.putMDC(DomibusLogger.MDC_BATCH_ENTITY_ID, entityId + "");
-
         new Expectations() {{
 
             eArchivingDefaultService.getEArchiveBatch(entityId, false);
             result = eArchiveBatch;
         }};
-        RuntimeException error = new RuntimeException("ERROR");
+        EArchiveException error = new EArchiveException("batchGuid", entityId, EArchiveBatchStatus.EXPORTED, new RuntimeException("ERROR"));
         eArchiveErrorHandler.handleError(error);
 
         new FullVerifications(){{
@@ -51,6 +49,8 @@ public void handleError_ok(@Injectable EArchiveBatchEntity eArchiveBatch) {
             times = 1;
             eArchiveBatch.getBatchId();
             times = 1;
+            eArchiveBatch.getEArchiveBatchStatus();
+            times = 1;
         }};
 
     }
diff --git a/Core/Domibus-MSH/src/test/java/eu/domibus/core/earchive/listener/EArchiveListenerTest.java b/Core/Domibus-MSH/src/test/java/eu/domibus/core/earchive/listener/EArchiveListenerTest.java
index dcd0878774..3fcfc7dbb1 100644
--- a/Core/Domibus-MSH/src/test/java/eu/domibus/core/earchive/listener/EArchiveListenerTest.java
+++ b/Core/Domibus-MSH/src/test/java/eu/domibus/core/earchive/listener/EArchiveListenerTest.java
@@ -27,7 +27,7 @@
  * @author François Gautier
  * @since 5.0
  */
-@SuppressWarnings({"ResultOfMethodCallIgnored", "unchecked"})
+@SuppressWarnings({"ResultOfMethodCallIgnored", "unchecked", "DataFlowIssue"})
 @RunWith(JMockit.class)
 public class EArchiveListenerTest {
 
@@ -93,7 +93,7 @@ public void onMessage_noBatchInfo(@Injectable Message message) {
         };
     }
 
-    @Test(expected = DomibusEArchiveException.class)
+    @Test
     public void onMessage_noBatchFound(@Injectable Message message) {
         new Expectations() {{
             databaseUtil.getDatabaseUserName();
@@ -102,6 +102,9 @@ public void onMessage_noBatchFound(@Injectable Message message) {
             jmsUtil.getStringPropertySafely(message, MessageConstants.BATCH_ID);
             result = batchId;
 
+            jmsUtil.getMessageTypeSafely(message);
+            result = "QUEUED";
+
             jmsUtil.getLongPropertySafely(message, MessageConstants.BATCH_ENTITY_ID);
             result = entityId;
 
@@ -111,8 +114,9 @@ public void onMessage_noBatchFound(@Injectable Message message) {
 
         eArchiveListener.onMessage(message);
 
-        new FullVerifications() {
-        };
+        new FullVerifications() {{
+            jmsUtil.setCurrentDomainFromMessage(message);
+        }};
     }
 
     @Test
diff --git a/Core/Domibus-MSH/src/test/java/eu/domibus/core/earchive/listener/EArchiveNotificationDlqListenerTest.java b/Core/Domibus-MSH/src/test/java/eu/domibus/core/earchive/listener/EArchiveNotificationDlqListenerTest.java
index c494725e64..fc42fc17c7 100644
--- a/Core/Domibus-MSH/src/test/java/eu/domibus/core/earchive/listener/EArchiveNotificationDlqListenerTest.java
+++ b/Core/Domibus-MSH/src/test/java/eu/domibus/core/earchive/listener/EArchiveNotificationDlqListenerTest.java
@@ -7,7 +7,6 @@
 import eu.domibus.core.alerts.model.common.AlertType;
 import eu.domibus.core.alerts.service.EventService;
 import eu.domibus.core.earchive.EArchiveBatchEntity;
-import eu.domibus.core.earchive.EArchivingDefaultService;
 import eu.domibus.core.util.JmsUtil;
 import eu.domibus.logging.DomibusLogger;
 import eu.domibus.logging.DomibusLoggerFactory;
@@ -33,9 +32,6 @@ public class EArchiveNotificationDlqListenerTest {
     @Tested
     private EArchiveNotificationDlqListener eArchiveNotificationDlqListener;
 
-    @Injectable
-    private EArchivingDefaultService eArchivingDefaultService;
-
     @Injectable
     private DatabaseUtil databaseUtil;
 
@@ -58,10 +54,7 @@ public class EArchiveNotificationDlqListenerTest {
     @Test
     public void onMessageExported_ok(final @Mocked Message message,
                                      @Injectable EArchiveBatchEntity eArchiveBatch,
-                                     @Injectable AlertModuleConfiguration alertConfiguration
-    ) {
-
-        LOG.putMDC(DomibusLogger.MDC_BATCH_ENTITY_ID, entityId + "");
+                                     @Injectable AlertModuleConfiguration alertConfiguration) {
 
         new Expectations() {{
             databaseUtil.getDatabaseUserName();
@@ -76,9 +69,6 @@ public void onMessageExported_ok(final @Mocked Message message,
             jmsUtil.getStringPropertySafely(message, MessageConstants.NOTIFICATION_TYPE);
             result = "EXPORTED";
 
-            eArchivingDefaultService.getEArchiveBatch(entityId, false);
-            result = eArchiveBatch;
-
             alertConfigurationService.getConfiguration(AlertType.ARCHIVING_NOTIFICATION_FAILED);
             result = alertConfiguration;
 
@@ -92,10 +82,7 @@ public void onMessageExported_ok(final @Mocked Message message,
     @Test(expected = IllegalArgumentException.class)
     public void onMessageExported_NotificationTypeUnknown(final @Mocked Message message,
                                                           @Injectable EArchiveBatchEntity eArchiveBatch,
-                                                          @Injectable AlertModuleConfiguration alertConfiguration
-    ) {
-
-        LOG.putMDC(DomibusLogger.MDC_BATCH_ENTITY_ID, entityId + "");
+                                                          @Injectable AlertModuleConfiguration alertConfiguration) {
 
         new Expectations() {{
             databaseUtil.getDatabaseUserName();
diff --git a/Core/Domibus-MSH/src/test/java/eu/domibus/core/earchive/listener/EArchiveNotificationListenerTest.java b/Core/Domibus-MSH/src/test/java/eu/domibus/core/earchive/listener/EArchiveNotificationListenerTest.java
index 0347e0ea2f..3d262f879d 100644
--- a/Core/Domibus-MSH/src/test/java/eu/domibus/core/earchive/listener/EArchiveNotificationListenerTest.java
+++ b/Core/Domibus-MSH/src/test/java/eu/domibus/core/earchive/listener/EArchiveNotificationListenerTest.java
@@ -60,8 +60,6 @@ public void onMessageExported_ok(@Injectable Message message,
                                      @Injectable EArchiveBatchEntity eArchiveBatch,
                                      @Injectable BatchNotification batchNotification) {
 
-        LOG.putMDC(DomibusLogger.MDC_BATCH_ENTITY_ID, entityId + "");
-
         new Expectations(eArchiveNotificationListener) {{
             databaseUtil.getDatabaseUserName();
             result = "test";
@@ -92,8 +90,6 @@ public void onMessageExported_ok_basicAuth(@Injectable Message message,
                                                @Injectable BatchNotification batchNotification,
                                                @Injectable ArchiveWebhookApi apiClient) {
 
-        LOG.putMDC(DomibusLogger.MDC_BATCH_ENTITY_ID, entityId + "");
-
         new Expectations(eArchiveNotificationListener) {{
             databaseUtil.getDatabaseUserName();
             result = "test";
@@ -118,12 +114,10 @@ public void onMessageExported_ok_basicAuth(@Injectable Message message,
         eArchiveNotificationListener.onMessage(message);
     }
 
-    @Test(expected = IllegalArgumentException.class)
+    @Test(expected = EArchiveException.class)
     public void onMessageExported_NotificationTypeUnknown(@Injectable Message message,
                                                           @Injectable EArchiveBatchEntity eArchiveBatch) {
 
-        LOG.putMDC(DomibusLogger.MDC_BATCH_ENTITY_ID, entityId + "");
-
         new Expectations() {{
             databaseUtil.getDatabaseUserName();
             result = "test";
diff --git a/Core/Domibus-MSH/src/test/java/eu/domibus/core/ebms3/receiver/interceptor/TrustSenderInterceptorTest.java b/Core/Domibus-MSH/src/test/java/eu/domibus/core/ebms3/receiver/interceptor/TrustSenderInterceptorTest.java
index e08d9f6ec1..10a3fb6f9a 100644
--- a/Core/Domibus-MSH/src/test/java/eu/domibus/core/ebms3/receiver/interceptor/TrustSenderInterceptorTest.java
+++ b/Core/Domibus-MSH/src/test/java/eu/domibus/core/ebms3/receiver/interceptor/TrustSenderInterceptorTest.java
@@ -15,6 +15,7 @@
 import org.apache.cxf.binding.soap.SoapMessage;
 import org.apache.wss4j.common.ext.WSSecurityException;
 import org.junit.Assert;
+import org.junit.Ignore;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.w3c.dom.Document;
@@ -225,6 +226,7 @@ public void testCheckCertificateValidityDisabled() throws Exception {
     }
 
     @Test
+    @Ignore
     public void testHandleOneTestActivated(@Mocked final SoapMessage message) {
         new Expectations() {{
             domibusPropertyProvider.getBooleanProperty(DOMIBUS_SENDER_TRUST_VALIDATION_ONRECEIVING);
@@ -233,7 +235,7 @@ public void testHandleOneTestActivated(@Mocked final SoapMessage message) {
         trustSenderInterceptor.handleMessage(message);
         new Verifications() {{
             message.getExchange();
-            times = 0;
+            times = 1;
         }};
     }
 }
diff --git a/Core/Domibus-MSH/src/test/java/eu/domibus/core/message/MessageSubmitterImplTest.java b/Core/Domibus-MSH/src/test/java/eu/domibus/core/message/MessageSubmitterImplTest.java
index 5fffe54b74..6e899ef33b 100644
--- a/Core/Domibus-MSH/src/test/java/eu/domibus/core/message/MessageSubmitterImplTest.java
+++ b/Core/Domibus-MSH/src/test/java/eu/domibus/core/message/MessageSubmitterImplTest.java
@@ -11,6 +11,7 @@
 import eu.domibus.api.plugin.BackendConnectorService;
 import eu.domibus.api.pmode.PModeConstants;
 import eu.domibus.api.pmode.PModeException;
+import eu.domibus.api.property.DomibusPropertyProvider;
 import eu.domibus.api.security.AuthUtils;
 import eu.domibus.api.security.AuthenticationException;
 import eu.domibus.common.ErrorCode;
@@ -210,6 +211,9 @@ public class MessageSubmitterImplTest {
     @Injectable
     BackendConnectorService backendConnectorService;
 
+    @Injectable
+    DomibusPropertyProvider domibusPropertyProvider;
+
     @Test
     public void testSubmitPullMessagePModeNOk(@Injectable final Submission messageData) throws Exception {
         new Expectations() {{
@@ -282,6 +286,8 @@ public void testSubmitMessageWithRefIdNOk(@Injectable final Submission submissio
             times = 1;
             errorLogService.createErrorLog((EbMS3Exception) any, MSHRole.SENDING, null);
             times = 1;
+            domibusPropertyProvider.getBooleanProperty(anyString);
+            times = 1;
         }};
 
     }
@@ -785,6 +791,9 @@ public void testSubmitMessageWithIdNOk(@Injectable final Submission submission)
 
             errorLogService.createErrorLog((EbMS3Exception) any, MSHRole.SENDING, null);
             times = 1;
+
+            domibusPropertyProvider.getBooleanProperty(anyString);
+            times = 1;
         }};
 
     }
diff --git a/Core/Domibus-MSH/src/test/java/eu/domibus/core/message/UnsentMessageSanitizingWorkerTest.java b/Core/Domibus-MSH/src/test/java/eu/domibus/core/message/UnsentMessageSanitizingWorkerTest.java
index 7fc54d5b44..e220ac3241 100644
--- a/Core/Domibus-MSH/src/test/java/eu/domibus/core/message/UnsentMessageSanitizingWorkerTest.java
+++ b/Core/Domibus-MSH/src/test/java/eu/domibus/core/message/UnsentMessageSanitizingWorkerTest.java
@@ -1,6 +1,7 @@
 package eu.domibus.core.message;
 
 import eu.domibus.api.exceptions.DomibusDateTimeException;
+import eu.domibus.api.message.UserMessageException;
 import eu.domibus.api.multitenancy.DomainContextProvider;
 import eu.domibus.api.multitenancy.DomainService;
 import eu.domibus.api.property.DomibusPropertyProvider;
@@ -63,7 +64,7 @@ public void testSanitize() {
         final ZonedDateTime currentDateTime = ZonedDateTime.of(2023, 12, 1, 20, 1 , 0, 0, ZoneOffset.UTC);
         final Date delayedDate = Date.from(currentDateTime.minusMinutes(360).toInstant());
         final long maxEntityId = 231201139999999999l;
-        final List<String> unsentMessageIds = Arrays.asList("7b2736d0-69f8-48de-ac7a-d4bd76ac78c1");
+        final List<String> unsentMessageIds = Arrays.asList("7b2736d0-69f8-48de-ac7a-d4bd76ac78c1", "7b2736d0-69f8-48de-ac7a-d4bd76ac78c2");
 
         new Expectations() {{
             domibusPropertyProvider.getIntegerProperty(DOMIBUS_MESSAGES_STUCK_IGNORE_RECENT_MINUTES);
@@ -80,12 +81,15 @@ public void testSanitize() {
 
             userMessageLogDao.findUnsentMessageIds(delayedDate, maxEntityId);
             result = unsentMessageIds;
+
+            userMessageService.sendEnqueuedMessage("7b2736d0-69f8-48de-ac7a-d4bd76ac78c1");
+            result = new UserMessageException("TEST");
         }};
 
         unsentMessageSanitizingWorker.sanitize();
 
         new FullVerifications() {{
-            userMessageService.sendEnqueuedMessage("7b2736d0-69f8-48de-ac7a-d4bd76ac78c1");
+            userMessageService.sendEnqueuedMessage("7b2736d0-69f8-48de-ac7a-d4bd76ac78c2");
         }};
     }
 
diff --git a/Core/Domibus-MSH/src/test/java/eu/domibus/core/message/UserMessageDefaultServiceTest.java b/Core/Domibus-MSH/src/test/java/eu/domibus/core/message/UserMessageDefaultServiceTest.java
index a6ae31f139..e4503cd662 100644
--- a/Core/Domibus-MSH/src/test/java/eu/domibus/core/message/UserMessageDefaultServiceTest.java
+++ b/Core/Domibus-MSH/src/test/java/eu/domibus/core/message/UserMessageDefaultServiceTest.java
@@ -47,6 +47,8 @@
 
 import javax.jms.Queue;
 import javax.persistence.EntityManager;
+import java.time.ZoneOffset;
+import java.time.ZonedDateTime;
 import java.util.*;
 
 import static eu.domibus.api.property.DomibusPropertyMetadataManagerSPI.DOMIBUS_MESSAGE_DOWNLOAD_MAX_SIZE;
@@ -215,10 +217,6 @@ public class UserMessageDefaultServiceTest {
     public void testGetFinalRecipient(@Injectable final UserMessage userMessage) {
         final String messageId = "1";
 
-        new Expectations() {{
-
-        }};
-
         userMessageDefaultService.getFinalRecipient(messageId, MSHRole.SENDING);
 
         new Verifications() {{
@@ -558,6 +556,82 @@ public void test_sendEnqueued(final @Injectable UserMessageLog userMessageLog,
         }};
     }
 
+    @Test
+    public void test_sendEnqueued_nextAttemptBeforeNow(final @Injectable UserMessageLog userMessageLog,
+                                                                final @Injectable UserMessage userMessage) {
+        final String messageId = UUID.randomUUID().toString();
+
+        new Expectations(userMessageDefaultService) {{
+            userMessageLogDao.findByMessageId(messageId, MSHRole.SENDING);
+            result = userMessageLog;
+
+            userMessageLog.getMessageStatus();
+            result = MessageStatus.SEND_ENQUEUED;
+
+            userMessageLog.getEntityId();
+            result = 12L;
+
+            domibusPropertyProvider.getIntegerProperty(DOMIBUS_RESEND_BUTTON_ENABLED_RECEIVED_MINUTES);
+            result = 2;
+
+            userMessageLog.getReceived();
+            result = DateUtils.addMinutes(new Date(), -3);
+
+            userMessageLog.getNextAttempt();
+            result = Date.from(ZonedDateTime
+                    .now(ZoneOffset.UTC)
+                    .minusMinutes(10)
+                    .toInstant());
+
+            userMessageDao.findByEntityId(12L);
+            result = userMessage;
+
+            userMessageDefaultService.scheduleSending(userMessage, userMessageLog);
+            times = 1;
+
+        }};
+
+        //tested method
+        userMessageDefaultService.sendEnqueuedMessage(messageId);
+
+        new FullVerifications() {{
+            reprogrammableService.setRescheduleInfo(userMessageLog, withAny(new Date()));
+            userMessageLogDao.update(userMessageLog);
+
+        }};
+    }
+
+    @Test(expected = UserMessageException.class)
+    public void test_sendEnqueued_nextAttemptAfterNowException(final @Injectable UserMessageLog userMessageLog,
+                                                               final @Injectable UserMessage userMessage) {
+        final String messageId = UUID.randomUUID().toString();
+
+        new Expectations(userMessageDefaultService) {{
+            userMessageLogDao.findByMessageId(messageId, MSHRole.SENDING);
+            result = userMessageLog;
+
+            userMessageLog.getMessageStatus();
+            result = MessageStatus.SEND_ENQUEUED;
+
+            domibusPropertyProvider.getIntegerProperty(DOMIBUS_RESEND_BUTTON_ENABLED_RECEIVED_MINUTES);
+            result = 2;
+
+            userMessageLog.getReceived();
+            result = DateUtils.addMinutes(new Date(), -3);
+
+            userMessageLog.getNextAttempt();
+            result = Date.from(ZonedDateTime
+                    .now(ZoneOffset.UTC)
+                    .plusMinutes(10)
+                    .toInstant());
+        }};
+
+        //tested method
+        userMessageDefaultService.sendEnqueuedMessage(messageId);
+
+        new FullVerifications() {};
+    }
+
     @Test
     public void getUserMessagePriority(@Injectable UserMessage userMessage) {
         String service = "my service";
diff --git a/Core/Domibus-MSH/src/test/java/eu/domibus/core/message/retention/MessageRetentionPartitionsServiceTest.java b/Core/Domibus-MSH/src/test/java/eu/domibus/core/message/retention/MessageRetentionPartitionsServiceTest.java
index dbb6c0b87e..8fec8d33c0 100644
--- a/Core/Domibus-MSH/src/test/java/eu/domibus/core/message/retention/MessageRetentionPartitionsServiceTest.java
+++ b/Core/Domibus-MSH/src/test/java/eu/domibus/core/message/retention/MessageRetentionPartitionsServiceTest.java
@@ -2,11 +2,9 @@
 
 import eu.domibus.api.model.DatabasePartition;
 import eu.domibus.api.multitenancy.DomainContextProvider;
-import eu.domibus.api.multitenancy.DomainService;
 import eu.domibus.api.property.DomibusConfigurationService;
 import eu.domibus.api.property.DomibusPropertyProvider;
 import eu.domibus.api.util.DateUtil;
-//import eu.domibus.core.alerts.configuration.partitions.PartitionsConfigurationManager;
 import eu.domibus.api.util.DbSchemaUtil;
 import eu.domibus.core.alerts.configuration.common.AlertConfigurationService;
 import eu.domibus.core.alerts.service.EventService;
@@ -21,18 +19,15 @@
 import org.junit.Test;
 import org.junit.runner.RunWith;
 
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.Date;
-import java.util.List;
+import java.util.*;
 
 import static eu.domibus.api.property.DomibusPropertyMetadataManagerSPI.DOMIBUS_EARCHIVE_ACTIVE;
 import static eu.domibus.api.property.DomibusPropertyMetadataManagerSPI.DOMIBUS_PARTITIONS_DROP_CHECK_MESSAGES_EARCHIVED;
-import static eu.domibus.core.message.retention.MessageRetentionPartitionsService.DEFAULT_PARTITION;
-import static eu.domibus.core.message.retention.MessageRetentionPartitionsService.PARTITION_NAME_REGEXP;
+import static eu.domibus.core.message.retention.PartitionService.PARTITION_NAME_REGEXP;
+import static eu.domibus.core.message.retention.PartitionServiceTest.*;
 import static org.hamcrest.MatcherAssert.assertThat;
 import static org.hamcrest.Matchers.empty;
-import static org.junit.Assert.*;
+import static org.junit.Assert.assertFalse;
 
 /**
  * @author idragusa
@@ -41,12 +36,7 @@
 @RunWith(JMockit.class)
 public class MessageRetentionPartitionsServiceTest {
 
-    public static final DatabasePartition DB_PARTITION_DEFAULT = new DatabasePartition(DEFAULT_PARTITION, 220000000000000000L);
-    public static final DatabasePartition DB_PARTITION_MESSAGES_BEFORE_PARTIONING = new DatabasePartition("P123", 230701090000000000L);
-    public static final DatabasePartition DB_PARTITION_UNTIL_NOW_MINUS_1H = new DatabasePartition("SYS_P111", 230702080000000000L);
-    public static final DatabasePartition DB_PARTITION_UNTIL_NOW = new DatabasePartition("SYS_P222", 230702090000000000L);
-    public static final DatabasePartition DB_PARTITION_UNTIL_NOW_PLUS_1H = new DatabasePartition("SYS_P333", 230702100000000000L);
-    public static final Long NOW_AS_NUMBER = 230702090000000000L;
+public static final Long NOW_AS_NUMBER = 230702090000000000L;
     public static final long TWO_HOURS = 20000000000L;
 
     @Tested
@@ -91,8 +81,8 @@ public void testPartitionName() {
         String partitionNameOld = "P23032207";
         String partitionNameNew = "SYS_P12345";
 
-        Assert.assertTrue(partitionNameOld.matches(MessageRetentionPartitionsService.PARTITION_NAME_REGEXP));
-        Assert.assertTrue(partitionNameNew.matches(MessageRetentionPartitionsService.PARTITION_NAME_REGEXP));
+        Assert.assertTrue(partitionNameOld.matches(PARTITION_NAME_REGEXP));
+        Assert.assertTrue(partitionNameNew.matches(PARTITION_NAME_REGEXP));
     }
 
     @Test
@@ -149,15 +139,19 @@ public void verifySafeGuard() {
 
     @Test
     public void testGetExpiredPartitionsWithNothingExpired() {
+        List<DatabasePartition> partitions = Arrays.asList(
+                DB_PARTITION_DEFAULT,
+                DB_PARTITION_MESSAGES_BEFORE_PARTIONING
+        );
         new Expectations() {{
             domibusConfigurationService.isMultiTenantAware();
             result = false;
 
             userMessageDao.findAllPartitions();
-            result = Arrays.asList(
-                    DB_PARTITION_DEFAULT,
-                    DB_PARTITION_MESSAGES_BEFORE_PARTIONING
-            );
+            result = partitions;
+
+            partitionService.getNewestNonDefaultPartition(partitions);
+            result = DB_PARTITION_MESSAGES_BEFORE_PARTIONING;
 
             partitionService.getPartitionHighValueFromDate(withAny(new Date()));
             result = NOW_AS_NUMBER - TWO_HOURS;
@@ -169,6 +163,28 @@ public void testGetExpiredPartitionsWithNothingExpired() {
         assertThat(expiredPartitions, empty());
     }
 
+    @Test
+    public void testGetExpiredPartitionsWithNoPartitions() {
+        List<DatabasePartition> partitions = Collections.singletonList(
+                DB_PARTITION_DEFAULT
+        );
+        new Expectations() {{
+            domibusConfigurationService.isMultiTenantAware();
+            result = false;
+
+            userMessageDao.findAllPartitions();
+            result = partitions;
+
+            partitionService.getNewestNonDefaultPartition(partitions);
+            result = null;
+
+        }};
+
+        List<String> expiredPartitions = messageRetentionPartitionsService.getExpiredPartitionNames(120);
+
+        assertThat(expiredPartitions, empty());
+    }
+
     @Test
     public void testGetExpiredPartitionsWithOneExpiredPartition() {
         new Expectations() {{
@@ -189,17 +205,6 @@ public void testGetExpiredPartitionsWithOneExpiredPartition() {
         }};
 
         List<String> expiredPartitions = messageRetentionPartitionsService.getExpiredPartitionNames(120);
-        assertTrue(expiredPartitions.size() > 0);
-    }
-
-    @Test
-    public void testGetNewestNonDefaultPartition(){
-        DatabasePartition newestNonDefaultPartition = MessageRetentionPartitionsService.getNewestNonDefaultPartition(Arrays.asList(
-                DB_PARTITION_DEFAULT,
-                DB_PARTITION_MESSAGES_BEFORE_PARTIONING,
-                DB_PARTITION_UNTIL_NOW_MINUS_1H,
-                DB_PARTITION_UNTIL_NOW_PLUS_1H
-        ));
-        assertEquals(DB_PARTITION_UNTIL_NOW_PLUS_1H, newestNonDefaultPartition);
+        assertFalse(expiredPartitions.isEmpty());
     }
-}
\ No newline at end of file
+}
diff --git a/Core/Domibus-MSH/src/test/java/eu/domibus/core/message/retention/PartitionServiceTest.java b/Core/Domibus-MSH/src/test/java/eu/domibus/core/message/retention/PartitionServiceTest.java
new file mode 100644
index 0000000000..d2119f09e8
--- /dev/null
+++ b/Core/Domibus-MSH/src/test/java/eu/domibus/core/message/retention/PartitionServiceTest.java
@@ -0,0 +1,40 @@
+package eu.domibus.core.message.retention;
+
+import eu.domibus.api.model.DatabasePartition;
+import org.junit.Before;
+import org.junit.Test;
+
+import java.util.Arrays;
+
+import static eu.domibus.core.message.retention.PartitionService.DEFAULT_PARTITION;
+import static org.junit.Assert.assertEquals;
+
+/**
+ * @author François Gautier
+ * @since 5.1
+ */
+public class PartitionServiceTest {
+    public static final DatabasePartition DB_PARTITION_DEFAULT = new DatabasePartition(DEFAULT_PARTITION, 220000000000000000L);
+    public static final DatabasePartition DB_PARTITION_MESSAGES_BEFORE_PARTIONING = new DatabasePartition("P123", 230701090000000000L);
+    public static final DatabasePartition DB_PARTITION_UNTIL_NOW_MINUS_1H = new DatabasePartition("SYS_P111", 230702080000000000L);
+    public static final DatabasePartition DB_PARTITION_UNTIL_NOW = new DatabasePartition("SYS_P222", 230702090000000000L);
+    public static final DatabasePartition DB_PARTITION_UNTIL_NOW_PLUS_1H = new DatabasePartition("SYS_P333", 230702100000000000L);
+    private PartitionService partitionService;
+
+
+    @Before
+    public void setUp() throws Exception {
+        partitionService = new PartitionService(null);
+    }
+
+    @Test
+    public void testGetNewestNonDefaultPartition(){
+        DatabasePartition newestNonDefaultPartition = partitionService.getNewestNonDefaultPartition(Arrays.asList(
+                DB_PARTITION_DEFAULT,
+                DB_PARTITION_MESSAGES_BEFORE_PARTIONING,
+                DB_PARTITION_UNTIL_NOW_MINUS_1H,
+                DB_PARTITION_UNTIL_NOW_PLUS_1H
+        ));
+        assertEquals(DB_PARTITION_UNTIL_NOW_PLUS_1H, newestNonDefaultPartition);
+    }
+}
diff --git a/Core/Domibus-MSH/src/test/java/eu/domibus/core/multitenancy/DomainTaskExecutorTestImpl.java b/Core/Domibus-MSH/src/test/java/eu/domibus/core/multitenancy/DomainTaskExecutorTestImpl.java
index b83d518907..6e4a550699 100644
--- a/Core/Domibus-MSH/src/test/java/eu/domibus/core/multitenancy/DomainTaskExecutorTestImpl.java
+++ b/Core/Domibus-MSH/src/test/java/eu/domibus/core/multitenancy/DomainTaskExecutorTestImpl.java
@@ -22,6 +22,11 @@ public <T> T submit(Callable<T> task) {
         }
     }
 
+    @Override
+    public <T> T submitWithSecurityContext(Callable<T> task) {
+        return submit(task);
+    }
+
     @Override
     public <T> T submit(Callable<T> task, Domain domain) {
         try {
@@ -40,6 +45,11 @@ public void submit(Runnable task) {
         }
     }
 
+    @Override
+    public void submitWithSecurityContext(Runnable task) {
+
+    }
+
     @Override
     public Future<?> submit(Runnable task, boolean waitForTask) {
         try {
diff --git a/Core/Domibus-MSH/src/test/java/eu/domibus/core/plugin/handler/MessageRetrieverImplTest.java b/Core/Domibus-MSH/src/test/java/eu/domibus/core/plugin/handler/MessageRetrieverImplTest.java
index 7c0ba826ad..70f9098d61 100644
--- a/Core/Domibus-MSH/src/test/java/eu/domibus/core/plugin/handler/MessageRetrieverImplTest.java
+++ b/Core/Domibus-MSH/src/test/java/eu/domibus/core/plugin/handler/MessageRetrieverImplTest.java
@@ -5,7 +5,6 @@
 import eu.domibus.api.model.MSHRole;
 import eu.domibus.api.model.UserMessage;
 import eu.domibus.api.model.UserMessageLog;
-import eu.domibus.api.pmode.PModeConstants;
 import eu.domibus.api.security.AuthUtils;
 import eu.domibus.common.ErrorResult;
 import eu.domibus.core.error.ErrorLogEntry;
@@ -34,20 +33,6 @@
 public class MessageRetrieverImplTest {
     private static final String MESS_ID = UUID.randomUUID().toString();
 
-    private static final String GREEN = "green_gw";
-    private static final String RED = "red_gw";
-    private static final String AGREEMENT = "";
-    private static final String SERVICE = "testService1";
-    private static final String ACTION = "TC2Leg1";
-    private static final String LEG = "pushTestcase1tc2Action";
-
-    private final String pModeKey = GREEN + PModeConstants.PMODEKEY_SEPARATOR +
-            RED + PModeConstants.PMODEKEY_SEPARATOR +
-            SERVICE + PModeConstants.PMODEKEY_SEPARATOR +
-            ACTION + PModeConstants.PMODEKEY_SEPARATOR +
-            AGREEMENT + PModeConstants.PMODEKEY_SEPARATOR +
-            LEG;
-
     @Tested
     MessageRetrieverImpl messageRetriever;
 
@@ -110,25 +95,25 @@ public void testDownloadMessageOK_RetentionNonZero(@Injectable UserMessage userM
         }};
     }
 
-//    @Test
-//    public void testDownloadMessageNoMsgFound() {
-//        new Expectations() {{
-//            userMessageService.getByMessageId(MESS_ID, MSHRole.RECEIVING);
-//            result = new eu.domibus.messaging.MessageNotFoundException(MESS_ID);
-//        }};
-//
-//        try {
-//            messageRetriever.downloadMessage(MESS_ID);
-//            Assert.fail("It should throw " + MessageNotFoundException.class.getCanonicalName());
-//        } catch (eu.domibus.messaging.MessageNotFoundException mnfEx) {
-//            //OK
-//        }
-//
-//        new Verifications() {{
-//            userMessageLogService.findByMessageId(MESS_ID);
-//            times = 0;
-//        }};
-//    }
+    @Test
+    public void testDownloadMessageNoMsgFound() {
+        new Expectations() {{
+            userMessageService.getByMessageId(MESS_ID, MSHRole.RECEIVING);
+            result = new eu.domibus.messaging.MessageNotFoundException(MESS_ID);
+        }};
+
+        try {
+            messageRetriever.downloadMessage(MESS_ID);
+            Assert.fail("It should throw " + MessageNotFoundException.class.getCanonicalName());
+        } catch (eu.domibus.messaging.MessageNotFoundException mnfEx) {
+            //OK
+        }
+
+        new Verifications() {{
+            userMessageLogService.findByMessageId(MESS_ID);
+            times = 0;
+        }};
+    }
 
     @Test
     public void testGetErrorsForMessageOk(@Injectable ErrorLogEntry errorLogEntry, @Injectable UserMessageLog userMessageLog) throws MessageNotFoundException, DuplicateMessageException {
@@ -146,15 +131,13 @@ public void testGetErrorsForMessageOk(@Injectable ErrorLogEntry errorLogEntry, @
         new Verifications() {{
             errorLogService.convert(errorLogEntry);
             times = 1;
-            Assert.assertNotNull(results);
         }};
+        Assert.assertNotNull(results);
 
     }
 
     @Test
     public void testGetErrorsForMessageOk_Exception(@Injectable ErrorLogEntry errorLogEntry, @Injectable UserMessageLog userMessageLog) {
-        List<ErrorLogEntry> list = new ArrayList<>();
-        list.add(errorLogEntry);
         new Expectations() {{
             userMessageLogService.findByMessageId(MESS_ID);
             result = new DuplicateMessageFoundException(MESS_ID);
@@ -169,6 +152,28 @@ public void testGetErrorsForMessageOk_Exception(@Injectable ErrorLogEntry errorL
 
     }
 
+    @Test
+    public void testGetErrorsForMessageOk_NotFound(@Injectable ErrorLogEntry errorLogEntry, @Injectable UserMessageLog userMessageLog) throws MessageNotFoundException, DuplicateMessageException {
+        List<ErrorLogEntry> list = new ArrayList<>();
+        list.add(errorLogEntry);
+        new Expectations() {{
+            userMessageSecurityService.checkMessageAuthorizationWithUnsecureLoginAllowed(MESS_ID);
+            result = new eu.domibus.api.messaging.MessageNotFoundException(MESS_ID);
+
+            errorLogService.getErrorsForMessage(MESS_ID);
+            result = list;
+        }};
+
+        final List<? extends ErrorResult> results = messageRetriever.getErrorsForMessage(MESS_ID);
+
+        new Verifications() {{
+            errorLogService.convert(errorLogEntry);
+            times = 1;
+        }};
+        Assert.assertNotNull(results);
+
+    }
+
     @Test
     public void browseMessage(@Injectable UserMessage userMessage) {
         String messageId = "123";
diff --git a/Core/Domibus-MSH/src/test/java/eu/domibus/core/plugin/handler/MessageSubmitterImplTest.java b/Core/Domibus-MSH/src/test/java/eu/domibus/core/plugin/handler/MessageSubmitterImplTest.java
index ef092fce65..61792fcc12 100644
--- a/Core/Domibus-MSH/src/test/java/eu/domibus/core/plugin/handler/MessageSubmitterImplTest.java
+++ b/Core/Domibus-MSH/src/test/java/eu/domibus/core/plugin/handler/MessageSubmitterImplTest.java
@@ -4,6 +4,7 @@
 import eu.domibus.api.message.validation.UserMessageValidatorSpiService;
 import eu.domibus.api.payload.PartInfoService;
 import eu.domibus.api.plugin.BackendConnectorService;
+import eu.domibus.api.property.DomibusPropertyProvider;
 import eu.domibus.api.security.AuthUtils;
 import eu.domibus.common.model.configuration.Party;
 import eu.domibus.core.error.ErrorLogService;
@@ -103,6 +104,8 @@ public class MessageSubmitterImplTest {
     @Injectable
     BackendConnectorService backendConnectorService;
 
+    @Injectable
+    DomibusPropertyProvider domibusPropertyProvider;
 
     @Test
     public void testcreateNewParty() {
diff --git a/Core/Domibus-MSH/src/test/java/eu/domibus/core/property/DomibusPropertyResourceHelperImplTest.java b/Core/Domibus-MSH/src/test/java/eu/domibus/core/property/DomibusPropertyResourceHelperImplTest.java
index 775dbdb3cc..bc91184efb 100644
--- a/Core/Domibus-MSH/src/test/java/eu/domibus/core/property/DomibusPropertyResourceHelperImplTest.java
+++ b/Core/Domibus-MSH/src/test/java/eu/domibus/core/property/DomibusPropertyResourceHelperImplTest.java
@@ -129,7 +129,7 @@ public void setPropertyValue() {
         String value = "propValue";
 
         new Expectations(configurationPropertyResourceHelper) {{
-            configurationPropertyResourceHelper.validateProperty(name, value);
+            configurationPropertyResourceHelper.validatePropertyWrite(name, value);
         }};
 
         configurationPropertyResourceHelper.setPropertyValue(name, isDomain, value);
@@ -146,7 +146,7 @@ public void setPropertyValueError() {
         String value = "propValue";
 
         new Expectations(configurationPropertyResourceHelper) {{
-            configurationPropertyResourceHelper.validateProperty(name, value);
+            configurationPropertyResourceHelper.validatePropertyWrite(name, value);
             authUtils.isSuperAdmin();
             result = false;
         }};
@@ -166,7 +166,7 @@ public void setPropertyValueGlobal() throws Exception {
         String value = "propValue";
 
         new Expectations(configurationPropertyResourceHelper) {{
-            configurationPropertyResourceHelper.validateProperty(name, value);
+            configurationPropertyResourceHelper.validatePropertyWrite(name, value);
             authUtils.isSuperAdmin();
             result = true;
         }};
@@ -457,7 +457,7 @@ public void validateProperty(@Mocked DomibusProperty prop, @Mocked DomibusProper
             configurationPropertyResourceHelper.validatePropertyValue(propertyValue, propMeta);
         }};
 
-        configurationPropertyResourceHelper.validateProperty(propertyName, propertyValue);
+        configurationPropertyResourceHelper.validatePropertyWrite(propertyName, propertyValue);
 
         new Verifications() {{
             configurationPropertyResourceHelper.validatePropertyMetadata(propertyName, propMeta);
diff --git a/Core/Domibus-MSH/src/test/java/eu/domibus/core/spring/DomibusContextLoaderListenerTest.java b/Core/Domibus-MSH/src/test/java/eu/domibus/core/spring/DomibusContextLoaderListenerTest.java
index e8707fe532..c8fe784158 100644
--- a/Core/Domibus-MSH/src/test/java/eu/domibus/core/spring/DomibusContextLoaderListenerTest.java
+++ b/Core/Domibus-MSH/src/test/java/eu/domibus/core/spring/DomibusContextLoaderListenerTest.java
@@ -2,6 +2,7 @@
 
 import ch.qos.logback.classic.LoggerContext;
 import eu.domibus.core.plugin.classloader.PluginClassLoader;
+import eu.domibus.core.util.WarningUtil;
 import eu.domibus.logging.DomibusLogger;
 import mockit.*;
 import mockit.integration.junit4.JMockit;
@@ -54,6 +55,7 @@ public void contextDestroyed_ok(@Mocked ServletContextEvent servletContextEvent,
                                     @Mocked LoggerContext loggerContext,
                                     @Mocked DomibusLogger domibusLogger) {
         Deencapsulation.setField(domibusContextLoaderListener, "LOG", domibusLogger);
+        Deencapsulation.setField(ShutdownUtils.class, "LOG", domibusLogger);
 
         new Expectations() {{
 
@@ -72,6 +74,9 @@ public void contextDestroyed_ok(@Mocked ServletContextEvent servletContextEvent,
             domibusLogger.info("Closing PluginClassLoader");
             times = 1;
 
+            domibusLogger.warn(WarningUtil.warnOutput("Domibus is stopping."));
+            times = 1;
+
             domibusLogger.info("Stop ch.qos.logback.classic.LoggerContext");
             times = 1;
 
@@ -103,6 +108,7 @@ public void contextDestroyed_exception(@Mocked ServletContextEvent servletContex
                                            @Mocked LoggerContext loggerContext,
                                            @Mocked DomibusLogger domibusLogger) {
         Deencapsulation.setField(domibusContextLoaderListener, "LOG", domibusLogger);
+        Deencapsulation.setField(ShutdownUtils.class, "LOG", domibusLogger);
 
         pluginClassLoader.throwExceptionOnClose();
 
@@ -127,6 +133,9 @@ public void contextDestroyed_exception(@Mocked ServletContextEvent servletContex
             domibusLogger.warn(anyString, (Throwable) any);
             times = 1;
 
+            domibusLogger.warn(WarningUtil.warnOutput("Domibus is stopping."));
+            times = 1;
+
             domibusLogger.info("Stop ch.qos.logback.classic.LoggerContext");
             times = 1;
 
@@ -166,4 +175,4 @@ public void throwExceptionOnClose() {
             throwExceptionOnClose = true;
         }
     }
-}
\ No newline at end of file
+}
diff --git a/Core/Domibus-MSH/src/test/java/eu/domibus/core/user/multitenancy/SuperUserManagementServiceImplTest.java b/Core/Domibus-MSH/src/test/java/eu/domibus/core/user/multitenancy/SuperUserManagementServiceImplTest.java
index f3f006bf33..dd6da2049d 100644
--- a/Core/Domibus-MSH/src/test/java/eu/domibus/core/user/multitenancy/SuperUserManagementServiceImplTest.java
+++ b/Core/Domibus-MSH/src/test/java/eu/domibus/core/user/multitenancy/SuperUserManagementServiceImplTest.java
@@ -90,29 +90,6 @@ public class SuperUserManagementServiceImplTest {
     @Injectable
     AuthCoreMapper authCoreMapper;
 
-    @Test
-    public void updateUsers() {
-        User user = new User() {{
-            setUserName("user1");
-            setAuthorities(Arrays.asList(AuthRole.ROLE_USER.toString()));
-        }};
-
-        User sUser = new User() {{
-            setUserName("super1");
-            setAuthorities(Arrays.asList(AuthRole.ROLE_AP_ADMIN.toString()));
-        }};
-
-        List<User> all = Arrays.asList(user, sUser);
-
-        superUserManagementService.updateUsers(all);
-
-        new Verifications() {{
-            SecurityContextHolder.getContext().getAuthentication();
-            SecurityContextHolder.getContext().setAuthentication((Authentication) any);
-            domainTaskExecutor.submit((Runnable) any);
-        }};
-    }
-
     @Test
     public void changePassword() {
         String username = "u1", currentPassword = "pass1", newPassword = "newPass1";
diff --git a/Core/Domibus-MSH/src/test/java/eu/domibus/core/util/DateUtilImplTest.java b/Core/Domibus-MSH/src/test/java/eu/domibus/core/util/DateUtilImplTest.java
index 397f694451..87b7942eee 100644
--- a/Core/Domibus-MSH/src/test/java/eu/domibus/core/util/DateUtilImplTest.java
+++ b/Core/Domibus-MSH/src/test/java/eu/domibus/core/util/DateUtilImplTest.java
@@ -235,6 +235,12 @@ public void getDateHour() {
         assertEquals(ZonedDateTime.of(LocalDateTime.of(2023, 9, 18, 20, 0), ZoneOffset.UTC), dateHour);
     }
 
+    @Test
+    public void getDateHour_default() {
+        ZonedDateTime dateHour = dateUtilImpl.getDateHour("101000000000000");
+        assertEquals(ZonedDateTime.of(LocalDateTime.of(2000, 1, 1, 0, 0), ZoneOffset.UTC), dateHour);
+    }
+
     @Test
     public void getDateMinutesAgo() {
         // Ensure we return the same "now" both in this test ("current") and in the dateUtilImpl#getMinutesAgo(int) ("minutesAgo")
diff --git a/Core/Domibus-MSH/src/test/java/eu/domibus/web/rest/AlertResourceTest.java b/Core/Domibus-MSH/src/test/java/eu/domibus/web/rest/AlertResourceTest.java
index 0805520a66..79ed04f339 100644
--- a/Core/Domibus-MSH/src/test/java/eu/domibus/web/rest/AlertResourceTest.java
+++ b/Core/Domibus-MSH/src/test/java/eu/domibus/web/rest/AlertResourceTest.java
@@ -19,6 +19,7 @@
 import eu.domibus.web.rest.ro.AlertResult;
 import mockit.*;
 import org.junit.Assert;
+import org.junit.Ignore;
 import org.junit.Test;
 
 import javax.xml.bind.ValidationException;
@@ -68,7 +69,7 @@ public void findAlertsTest() throws ValidationException {
             result = alerts;
         }};
         String[] params = {"USER"};
-        AlertFilterRequestRO req = new AlertFilterRequestRO(){{
+        AlertFilterRequestRO req = new AlertFilterRequestRO() {{
             setOrderBy("col1");
             setProcessed("false");
             setParameters(params);
@@ -128,7 +129,9 @@ public void processAlerts_domainAlerts(@Injectable AlertRo alertRo, @Injectable
         List<AlertRo> alertRos = Lists.newArrayList(alertRo);
 
         new Expectations(alertResource) {{
-            alertResource.filterDomainAlerts(alertRos); result = Lists.newArrayList(alert);;
+            alertResource.filterDomainAlerts(alertRos);
+            result = Lists.newArrayList(alert);
+            ;
             alertResource.filterSuperAlerts(alertRos);
             alertResource.filterDeletedDomainAlerts(alertRos);
             alertResource.filterDeletedSuperAlerts(alertRos);
@@ -140,9 +143,10 @@ public void processAlerts_domainAlerts(@Injectable AlertRo alertRo, @Injectable
         alertResource.processAlerts(alertRos);
 
         // THEN
-        new FullVerifications(1) {{
+        new Verifications(1) {{
             List<Alert> domainAlerts;
-            alertService.updateAlertProcessed(domainAlerts = withCapture()); times = 1;
+            alertService.updateAlertProcessed(domainAlerts = withCapture());
+            times = 1;
             assertEquals("Should have updated the domain alerts with the correct alert",
                     Lists.newArrayList(alert), domainAlerts);
         }};
@@ -154,8 +158,11 @@ public void processAlerts_superAlerts(@Injectable AlertRo alertRo, @Injectable A
         List<AlertRo> alertRos = Lists.newArrayList(alertRo);
 
         new Expectations(alertResource) {{
+            authUtils.isSuperAdmin();
+            result = true;
             alertResource.filterDomainAlerts(alertRos);
-            alertResource.filterSuperAlerts(alertRos); result = Lists.newArrayList(alert);;
+            alertResource.filterSuperAlerts(alertRos);
+            result = Lists.newArrayList(alert);
             alertResource.filterDeletedDomainAlerts(alertRos);
             alertResource.filterDeletedSuperAlerts(alertRos);
             alertService.deleteAlerts((List<Alert>) any);
@@ -174,7 +181,8 @@ public void processAlerts_superAlerts(@Injectable AlertRo alertRo, @Injectable A
         // THEN
         new FullVerifications() {{
             List<List<Alert>> invocations = new ArrayList<>();
-            alertService.updateAlertProcessed(withCapture(invocations)); times = 2;
+            alertService.updateAlertProcessed(withCapture(invocations));
+            times = 2;
             assertEquals("Should have scheduled the update of super alerts with the correct alert",
                     Lists.newArrayList(alert), invocations.get(1));
         }};
@@ -188,7 +196,8 @@ public void processAlerts_deletedDomainAlerts(@Injectable AlertRo alertRo, @Inje
         new Expectations(alertResource) {{
             alertResource.filterDomainAlerts(alertRos);
             alertResource.filterSuperAlerts(alertRos);
-            alertResource.filterDeletedDomainAlerts(alertRos); result = Lists.newArrayList(alert);
+            alertResource.filterDeletedDomainAlerts(alertRos);
+            result = Lists.newArrayList(alert);
             alertResource.filterDeletedSuperAlerts(alertRos);
             domainTaskExecutor.submit((Runnable) any);
             alertService.updateAlertProcessed((List<Alert>) any);
@@ -198,7 +207,7 @@ public void processAlerts_deletedDomainAlerts(@Injectable AlertRo alertRo, @Inje
         alertResource.processAlerts(alertRos);
 
         // THEN
-        new FullVerifications() {{
+        new Verifications() {{
             List<Alert> deletedAlerts;
             alertService.deleteAlerts(deletedAlerts = withCapture());
             assertEquals("Should have deleted the correct alerts", Lists.newArrayList(alert), deletedAlerts);
@@ -211,10 +220,13 @@ public void processAlerts_deletedSuperAlerts(@Injectable AlertRo alertRo, @Injec
         List<AlertRo> alertRos = Lists.newArrayList(alertRo);
 
         new Expectations(alertResource) {{
+            authUtils.isSuperAdmin();
+            result = true;
             alertResource.filterDomainAlerts(alertRos);
             alertResource.filterSuperAlerts(alertRos);
             alertResource.filterDeletedDomainAlerts(alertRos);
-            alertResource.filterDeletedSuperAlerts(alertRos); result = Lists.newArrayList(alert);
+            alertResource.filterDeletedSuperAlerts(alertRos);
+            result = Lists.newArrayList(alert);
             alertService.updateAlertProcessed((List<Alert>) any);
         }};
 
@@ -231,26 +243,35 @@ public void processAlerts_deletedSuperAlerts(@Injectable AlertRo alertRo, @Injec
         // THEN
         new FullVerifications() {{
             List<List<Alert>> invocations = new ArrayList<>();
-            alertService.deleteAlerts(withCapture(invocations)); times = 2;
+            alertService.deleteAlerts(withCapture(invocations));
+            times = 2;
             assertEquals("Should have deleted the correct super alerts",
                     Lists.newArrayList(alert), invocations.get(1));
         }};
     }
 
     @Test
+    @Ignore
     public void filterDomainAlerts(@Injectable AlertRo domainAlert, @Injectable AlertRo superAlert,
                                    @Injectable AlertRo deletedDomainAlert, @Injectable AlertRo deletedSuperAlert,
                                    @Injectable Alert filteredAlert) {
         // GIVEN
         new Expectations(alertResource) {{
-            domainAlert.isSuperAdmin(); result = false;
-            domainAlert.isDeleted(); result = false;
-            superAlert.isSuperAdmin(); result = true;
-            deletedDomainAlert.isSuperAdmin(); result = false;
-            deletedDomainAlert.isDeleted(); result = true;
-            deletedSuperAlert.isSuperAdmin(); result = true;
-
-            alertResource.toAlert(domainAlert); result = filteredAlert;
+            domainAlert.isSuperAdmin();
+            result = false;
+            domainAlert.isSuperAdmin();
+            result = true;
+            domainAlert.isDeleted();
+            result = false;
+            deletedDomainAlert.isSuperAdmin();
+            result = false;
+            deletedDomainAlert.isDeleted();
+            result = true;
+            deletedSuperAlert.isSuperAdmin();
+            result = true;
+
+            alertResource.toAlert(domainAlert);
+            result = filteredAlert;
         }};
 
         // WHEN
@@ -268,14 +289,21 @@ public void filterSuperAlerts(@Injectable AlertRo domainAlert, @Injectable Alert
                                   @Injectable Alert filteredAlert) {
         // GIVEN
         new Expectations(alertResource) {{
-            domainAlert.isSuperAdmin(); result = false;
-            superAlert.isSuperAdmin(); result = true;
-            superAlert.isDeleted(); result = false;
-            deletedDomainAlert.isSuperAdmin(); result = false;
-            deletedSuperAlert.isSuperAdmin(); result = true;
-            deletedSuperAlert.isDeleted(); result = true;
-
-            alertResource.toAlert(superAlert); result = filteredAlert;
+            domainAlert.isSuperAdmin();
+            result = false;
+            superAlert.isSuperAdmin();
+            result = true;
+            superAlert.isDeleted();
+            result = false;
+            deletedDomainAlert.isSuperAdmin();
+            result = false;
+            deletedSuperAlert.isSuperAdmin();
+            result = true;
+            deletedSuperAlert.isDeleted();
+            result = true;
+
+            alertResource.toAlert(superAlert);
+            result = filteredAlert;
         }};
 
         // WHEN
@@ -293,14 +321,21 @@ public void filterDeletedDomainAlerts(@Injectable AlertRo domainAlert, @Injectab
                                           @Injectable Alert filteredAlert) {
         // GIVEN
         new Expectations(alertResource) {{
-            domainAlert.isDeleted(); result = false;
-            superAlert.isDeleted(); result = false;
-            deletedDomainAlert.isDeleted(); result = true;
-            deletedDomainAlert.isSuperAdmin(); result = false;
-            deletedSuperAlert.isDeleted(); result = true;
-            deletedSuperAlert.isSuperAdmin(); result = true;
-
-            alertResource.toAlert(deletedDomainAlert); result = filteredAlert;
+            domainAlert.isDeleted();
+            result = false;
+            superAlert.isDeleted();
+            result = false;
+            deletedDomainAlert.isDeleted();
+            result = true;
+            deletedDomainAlert.isSuperAdmin();
+            result = false;
+            deletedSuperAlert.isDeleted();
+            result = true;
+            deletedSuperAlert.isSuperAdmin();
+            result = true;
+
+            alertResource.toAlert(deletedDomainAlert);
+            result = filteredAlert;
         }};
 
         // WHEN
@@ -318,14 +353,21 @@ public void filterDeletedSuperAlerts(@Injectable AlertRo domainAlert, @Injectabl
                                          @Injectable Alert filteredAlert) {
         // GIVEN
         new Expectations(alertResource) {{
-            domainAlert.isDeleted(); result = false;
-            superAlert.isDeleted(); result = false;
-            deletedDomainAlert.isDeleted(); result = true;
-            deletedDomainAlert.isSuperAdmin(); result = false;
-            deletedSuperAlert.isDeleted(); result = true;
-            deletedSuperAlert.isSuperAdmin(); result = true;
-
-            alertResource.toAlert(deletedSuperAlert); result = filteredAlert;
+            domainAlert.isDeleted();
+            result = false;
+            superAlert.isDeleted();
+            result = false;
+            deletedDomainAlert.isDeleted();
+            result = true;
+            deletedDomainAlert.isSuperAdmin();
+            result = false;
+            deletedSuperAlert.isDeleted();
+            result = true;
+            deletedSuperAlert.isSuperAdmin();
+            result = true;
+
+            alertResource.toAlert(deletedSuperAlert);
+            result = filteredAlert;
         }};
 
         // WHEN
@@ -342,8 +384,10 @@ public void filterDeletedSuperAlerts(@Injectable AlertRo domainAlert, @Injectabl
     public void toAlert(@Injectable AlertRo alertRo) {
         // GIVEN
         new Expectations() {{
-            alertRo.isProcessed(); result = true;
-            alertRo.getEntityId(); result = 13l;
+            alertRo.isProcessed();
+            result = true;
+            alertRo.getEntityId();
+            result = 13l;
         }};
 
         // WHEN
@@ -351,8 +395,8 @@ public void toAlert(@Injectable AlertRo alertRo) {
 
         //THEN
         new FullVerifications() {{
-           assertEquals("Should have set the correct entity ID when converting", 13, result.getEntityId());
-           assertTrue("Should have set the correct processed flag when converting", result.isProcessed());
+            assertEquals("Should have set the correct entity ID when converting", 13, result.getEntityId());
+            assertTrue("Should have set the correct processed flag when converting", result.isProcessed());
         }};
     }
 
diff --git a/Core/Domibus-MSH/src/test/java/eu/domibus/web/rest/DomibusPropertyResourceTest.java b/Core/Domibus-MSH/src/test/java/eu/domibus/web/rest/DomibusPropertyResourceTest.java
index 45dea73b8e..edf08d9f5d 100644
--- a/Core/Domibus-MSH/src/test/java/eu/domibus/web/rest/DomibusPropertyResourceTest.java
+++ b/Core/Domibus-MSH/src/test/java/eu/domibus/web/rest/DomibusPropertyResourceTest.java
@@ -7,6 +7,7 @@
 import eu.domibus.core.property.DomibusPropertiesFilter;
 import eu.domibus.core.property.DomibusPropertyMetadataMapper;
 import eu.domibus.core.property.DomibusPropertyResourceHelper;
+import eu.domibus.core.util.SecurityUtilImpl;
 import eu.domibus.web.rest.error.ErrorHandlerService;
 import eu.domibus.web.rest.ro.DomibusPropertyRO;
 import eu.domibus.web.rest.ro.PropertyFilterRequestRO;
@@ -52,6 +53,9 @@ public class DomibusPropertyResourceTest {
     @Injectable
     DomibusPropertyMetadataMapper domibusPropertyMetadataMapper;
 
+    @Injectable
+    SecurityUtilImpl securityUtil;
+
     @Test
     public void getProperty(@Mocked DomibusProperty prop, @Mocked DomibusPropertyRO convertedProp) {
         new Expectations() {{
diff --git a/Core/Domibus-MSH/src/test/java/eu/domibus/web/rest/LoggingResourceTest.java b/Core/Domibus-MSH/src/test/java/eu/domibus/web/rest/LoggingResourceTest.java
index 95713633df..5765cf35ae 100644
--- a/Core/Domibus-MSH/src/test/java/eu/domibus/web/rest/LoggingResourceTest.java
+++ b/Core/Domibus-MSH/src/test/java/eu/domibus/web/rest/LoggingResourceTest.java
@@ -48,31 +48,6 @@ public void setUp() {
         loggingResource = new LoggingResource(coreMapper, loggingService, errorHandlerService);
     }
 
-    @Test
-    public void testSetLogLevel(final @Mocked LoggingLevelRO loggingLevelRO) {
-        final String name = "eu.domibus";
-        final String level = "DEBUG";
-
-        new Expectations() {{
-            loggingLevelRO.getName();
-            result = name;
-
-            loggingLevelRO.getLevel();
-            result = level;
-
-        }};
-
-        //tested method
-        loggingResource.setLogLevel(loggingLevelRO);
-
-        new Verifications() {{
-            loggingService.setLoggingLevel(name, level);
-            times = 1;
-
-            loggingService.signalSetLoggingLevel(name, level);
-            times = 1;
-        }};
-    }
 
     @Test
     public void testGetLogLevel(final @Mocked List<LoggingEntry> loggingEntryList) {
diff --git a/Core/Domibus-MSH/src/test/java/eu/domibus/web/rest/MessageLogResourceParamTest.java b/Core/Domibus-MSH/src/test/java/eu/domibus/web/rest/MessageLogResourceParamTest.java
index 69eb902692..7b707b0d9d 100644
--- a/Core/Domibus-MSH/src/test/java/eu/domibus/web/rest/MessageLogResourceParamTest.java
+++ b/Core/Domibus-MSH/src/test/java/eu/domibus/web/rest/MessageLogResourceParamTest.java
@@ -210,7 +210,7 @@ private List<MessageLogInfo> getMessageList(MessageType messageType, Date date,
                 date, date, 1, 5, date, 1L,
                 "conversationId", 1L, 1L, "originalSender", "finalRecipient",
                 "refToMessageId", date, date, testMessage, false, false, 1L, 1L,
-                "pluginType", 1L, date);
+                "pluginType", 1L, date, date, date, date);
         result.add(messageLog);
         return result;
     }
diff --git a/Core/Domibus-MSH/src/test/java/eu/domibus/web/rest/PModeResourceTest.java b/Core/Domibus-MSH/src/test/java/eu/domibus/web/rest/PModeResourceTest.java
index 888237ca32..ff3753a647 100644
--- a/Core/Domibus-MSH/src/test/java/eu/domibus/web/rest/PModeResourceTest.java
+++ b/Core/Domibus-MSH/src/test/java/eu/domibus/web/rest/PModeResourceTest.java
@@ -241,6 +241,23 @@ public void testDeletePmodesSuccess() {
         Assert.assertEquals("PModes were deleted\n", response.getBody());
     }
 
+    @Test
+    public void testDeletePmodes_CannotDeleteCurrent() {
+        // Given
+        List<String> stringList = new ArrayList<>();
+        stringList.add("0");
+        stringList.add("1");
+        stringList.add("2");
+
+        // When
+        final ResponseEntity<String> response = pModeResource.deletePModes(stringList);
+
+        // Then
+        Assert.assertNotNull(response);
+        Assert.assertEquals(HttpStatus.BAD_REQUEST, response.getStatusCode());
+        Assert.assertEquals("Could not delete current PMode [0]", response.getBody());
+    }
+
     @Test
     public void testDeletePmodesException() {
         // Given
diff --git a/Core/Domibus-MSH/src/test/resources/config/domains/default/default-domibus.properties b/Core/Domibus-MSH/src/test/resources/config/domains/default/default-domibus.properties
index 2e9e586b72..3edfe0ed63 100644
--- a/Core/Domibus-MSH/src/test/resources/config/domains/default/default-domibus.properties
+++ b/Core/Domibus-MSH/src/test/resources/config/domains/default/default-domibus.properties
@@ -27,6 +27,9 @@
 #The location where the encrypted key is stored
 #default.domibus.password.encryption.key.location=${domibus.config.location}/domains/default/encrypt
 
+#Password can be viewed if true;
+#default.domibus.properties.password.view.allow=true
+
 #Number of console login attempt before the user is deactivated (default 5)
 #default.domibus.console.login.maximum.attempt=5
 
@@ -156,6 +159,8 @@ default.domibus.database.schema=default_domain_schema
 #The maximum size of message in bytes that can be downloaded via admin console
 #default.domibus.message.download.maxSize=10000000
 
+#If enabled, diagnostics data will be logged when a message submission fails
+#default.domibus.message.submission.diagnostics.enabled=false
 
 # ---------------------------------- Retry -------------------------------------
 
@@ -215,10 +220,13 @@ default.domibus.database.schema=default_domain_schema
 #not valid or it has been revoked Domibus will not accept the message (default is true)
 #default.domibus.sender.certificate.validation.onreceiving=true
 
-#If activated Domibus will verify before receiving a message, the validity and authorization on the sender's certificate. When disabled,
-#none of the other checks are performed on the sender's certificate.
+#If activated Domibus will verify before receiving a User Message when using Push/Pull or a Signal Acknowledgement (NRR) when using Pull, that the sender certificate is valid and not revoked
+# When disabled, none of the other checks are performed on the sender's certificate.
 #default.domibus.sender.trust.validation.onreceiving=true
 
+#If activated Domibus will verify before receiving syncronously a signal message following a push or pull request, that the sender certificate is valid and not revoked
+#default.domibus.sender.trust.validation.signal.sync.onreceiving=true
+
 #When this property is not empty Domibus will verify before receiving a message(using static or dynamic discovery), that the subject of the sender's certificate matches the regular expression.
 #default.domibus.sender.trust.validation.expression=
 
diff --git a/Core/Domibus-MSH/src/test/resources/config/domains/domain_name/domain_name-domibus.properties b/Core/Domibus-MSH/src/test/resources/config/domains/domain_name/domain_name-domibus.properties
index d92cd7bffd..051bbeb23f 100644
--- a/Core/Domibus-MSH/src/test/resources/config/domains/domain_name/domain_name-domibus.properties
+++ b/Core/Domibus-MSH/src/test/resources/config/domains/domain_name/domain_name-domibus.properties
@@ -27,6 +27,9 @@
 #The location where the encrypted key is stored
 #domain_name.domibus.password.encryption.key.location=${domibus.config.location}/domains/domain_name/encrypt
 
+#Password can be viewed if true;
+#domain_name.domibus.properties.password.view.allow=true
+
 #Number of console login attempt before the user is deactivated (default 5)
 #domain_name.domibus.console.login.maximum.attempt=5
 
@@ -265,10 +268,13 @@ domain_name.domibus.database.schema=domain_name_schema
 #not valid or it has been revoked Domibus will not accept the message (default is true)
 #domain_name.domibus.sender.certificate.validation.onreceiving=true
 
-#If activated Domibus will verify before receiving a message, the validity and authorization on the sender's certificate. When disabled,
-#none of the other checks are performed on the sender's certificate.
+#If activated Domibus will verify before receiving a User Message when using Push/Pull or a Signal Acknowledgement (NRR) when using Pull, that the sender certificate is valid and not revoked
+# When disabled, none of the other checks are performed on the sender's certificate.
 #domain_name.domibus.sender.trust.validation.onreceiving=true
 
+#If activated Domibus will verify before receiving syncronously a signal message following a push or pull request, that the sender certificate is valid and not revoked
+#domain_name.domibus.sender.trust.validation.signal.sync.onreceiving=true
+
 #When this property is not empty Domibus will verify before receiving a message(using static or dynamic discovery), that the subject of the sender's certificate matches the regular expression.
 #domain_name.domibus.sender.trust.validation.expression=
 
@@ -301,6 +307,9 @@ domain_name.domibus.database.schema=domain_name_schema
 # If set to false, Domibus fills in the value of the Mpc with the value of the EBMS3 defaultMpc ("http://docs.oasis-open.org/ebxml-msg/ebms/v3.0/ns/core/200704/defaultMPC")
 #domain_name.domibus.pmode.legconfiguration.mpc.enabled=true
 
+#If enabled, detailed diagnostics data will be logged when a message does not match the PMode
+#domain_name.domibus.pmode.legconfiguration.diagnostics.enabled=false
+
 # ---------------------------------- Dispatcher --------------------------------
 
 #Timeout values for communication between the Access Points
diff --git a/Core/Domibus-MSH/src/test/resources/config/domibus.properties b/Core/Domibus-MSH/src/test/resources/config/domibus.properties
index 6ef03f83ec..cccfb2cf7e 100644
--- a/Core/Domibus-MSH/src/test/resources/config/domibus.properties
+++ b/Core/Domibus-MSH/src/test/resources/config/domibus.properties
@@ -141,6 +141,14 @@ domibus.entityManagerFactory.jpaProperty.hibernate.hbm2ddl.auto=none
 #The list of protocols to be excluded from CRL list (possible values: http, https, ftp, file, ldap, etc)
 #domibus.certificate.crl.excludedProtocols=
 
+#Complexity rules for all properties passwords
+#Default value requires Minimum length: 16 characters; Maximum length: 32 characters; At least one letter in lowercase; At least one letter in uppercase; At least one digit; At least one special character
+#domibus.properties.passwordPolicy.pattern=^(?=.*[0-9])(?=.*[a-z])(?=.*[A-Z])(?=.*[~`!@#$%^&+=\\-_<>.,?:;*/()|\\[\\]{}'"\\\\]).{16,32}$
+
+#If true will enforce the complexity rules for all properties passwords by stopping Domibus
+#If set to false only warnings are logged
+#domibus.properties.passwordPolicy.enforce=false
+
 # ---------------------------------- Plugin Security ----------------------------------
 
 #Number of plugin users login attempts before the user is deactivated (default 5)
@@ -241,9 +249,13 @@ domibus.jms.connectionFactory.session.cache.size=1
 #Domibus will not accept the message (default is true)
 #domibus.sender.certificate.validation.onreceiving=true
 
-#If activated Domibus will verify before receiving a User Message if the sender's party name is part of the CN in the sender's certificate. If not,
-#Domibus will not accept the message (default is false)
+#If activated Domibus will verify before receiving a User Message when using Push/Pull or a Signal Acknowledgement (NRR) when using Pull, that the sender certificate is valid and not revoked
+# When disabled, none of the other checks are performed on the sender's certificate.
 domibus.sender.trust.validation.onreceiving=false
+
+#If activated Domibus will verify before receiving syncronously a signal message following a push or pull request, that the sender certificate is valid and not revoked
+domibus.sender.trust.validation.signal.sync.onreceiving=false
+
 #Check that the sender certificate subject name contains the message from partyId value.
 domibus.sender.certificate.subject.check=false
 
diff --git a/Core/Domibus-MSH/src/test/resources/keystores/mixed.jks b/Core/Domibus-MSH/src/test/resources/keystores/mixed.jks
new file mode 100644
index 0000000000..451550390e
Binary files /dev/null and b/Core/Domibus-MSH/src/test/resources/keystores/mixed.jks differ
diff --git a/Core/Domibus-MSH/upgrade-info.md b/Core/Domibus-MSH/upgrade-info.md
index 79b732e591..8e5c8aa3bb 100644
--- a/Core/Domibus-MSH/upgrade-info.md
+++ b/Core/Domibus-MSH/upgrade-info.md
@@ -14,9 +14,23 @@ Release checklist:
 
 
 # Domibus upgrade information
+## Domibus 5.1.6 (from 5.1.5)
+                - Replace the Domibus war and the default plugin(s) config file(s), property file(s) and jar(s) 
+                - Replace the default dss extension jar into "/domibus/conf/domibus/extensions/lib"
+                - No sql updates on the database schemas for both mysql and oracle
+## Domibus 5.1.5 (from 5.1.4)
+                - Replace the Domibus war and the default plugin(s) config file(s), property file(s) and jar(s) 
+                - Replace the default dss extension jar into "/domibus/conf/domibus/extensions/lib"
+                - No sql updates on the database schemas for both mysql and oracle
+#### Weblogic only
+                - Execute the WLST API script remove.py (from "/conf/domibus/scripts/upgrades") 5.1.4-to-5.1.5-WeblogicRemoveJDBCDatasource.properties to remove the eDeliveryDs datasource:
+                     wlstapi.cmd ../scripts/remove.py --property ../5.1.4-to-5.1.5-WeblogicRemoveJDBCDatasource.properties
+                - Execute the WLST API script import.py (from "/conf/domibus/scripts/upgrades") 5.1.4-to-5.1.5-WeblogicSingleServer.properties or 5.1.4-to-5.1.5-WeblogicCluster.properties to add the eDeliveryDs datasource with new configuration: 
+                     wlstapi.cmd ../scripts/import.py --property ../5.1.4-to-5.1.5-WeblogicCluster.properties
+
 ## Domibus 5.1.4 (from 5.1.3)
                 - Replace the Domibus war and the default plugin(s) config file(s), property file(s) and jar(s) 
-                - Run the appropriate DB upgrade script (mysql-5.1.2-to-5.4-upgrade.ddl for MySQL or oracle-5.1.2-to-5.1.4-upgrade.ddl for Oracle)
+                - Run the appropriate DB upgrade script (mysql-5.1.2-to-5.1.4-upgrade.ddl for MySQL or oracle-5.1.2-to-5.1.4-upgrade.ddl for Oracle)
                 - Update property name from "domibus.cacerts.validation.enabled" to "domibus.cacerts.download.enabled"
                 - Marked 'mustUnderstand' attribute from Domibus MSH Default WS Plugin Stubs V2 webservicePlugin-header.xsd as deprecated. The attribute will be removed in 6.0
 
@@ -242,7 +256,7 @@ Release checklist:
 ## Domibus 5.0.5 (from 5.0.4):
                 - Replace the Domibus war and the default plugin(s) config file(s), property file(s) and jar(s)
                 - Replace the default dss extension jar into  "/conf/domibus/extensions/lib"
-                - Run the appropriate DB upgrade script (mysql-5.0.4-to-5.0.5-upgrade.ddl for MySQL or oracle-5.0.4-to-5.0.5-upgrade-fix.ddl for Oracle)
+                - Run the appropriate DB upgrade script (mysql-5.0.2-to-5.0.5-upgrade.ddl for MySQL or oracle-5.0.2-to-5.0.5-upgrade.ddl for Oracle)
 ### Partitioning (only oracle)
 #### Situation A: upgrading an existing 5.0.4 database, that contains user messages and was partitioned
                     - Run as edelivery_user:
@@ -251,7 +265,7 @@ Release checklist:
 
 #### Situation B: upgrading an existing 5.0.4 database, that contains user messages and was not partitioned
                - Run as edelivery_user:
-    @oracle-5.0.4-to-5.0.5-upgrade-fix.ddl
+    @oracle-5.0.2-to-5.0.5-partitioning-upgrade.ddl
     @oracle-5.0.5-partitioning-fix.ddl
 ## Domibus 5.0.4 (from 5.0.3):
                 - Replace the Domibus war
@@ -424,56 +438,56 @@ Release checklist:
   ### DB upgrade script
                 - Run the appropriate DB upgrade script:
                     o [Oracle only]
-                        - single tenancy: oracle-4.2.9-to-5.0-upgrade.ddl
+                        - single tenancy: oracle-4.2.6-to-5.0-upgrade.ddl
                         - multitenancy:
-                            - general schema: oracle-4.2.9-to-5.0-multi-tenancy-upgrade.ddl
-                            - domain schemas: oracle-4.2.9-to-5.0-upgrade.ddl
+                            - general schema: oracle-4.2.6-to-5.0-multi-tenancy-upgrade.ddl
+                            - domain schemas: oracle-4.2.6-to-5.0-upgrade.ddl
                     o [MySQL only]
                         The scripts below - please adapt to your local configuration (i.e. users, database names) - can be run using either:
                             - the root user, specifying the target databases as part of the command. For example, for single tenancy:
-                                    mysql -u root -p domibus < mysql-4.2.9-to-5.0-upgrade.ddl
+                                    mysql -u root -p domibus < mysql-4.2.6-to-5.0-upgrade.ddl
                                 or, for multitenancy:
-                                    mysql -u root -p domibus_general < mysql-4.2.9-to-5.0-multi-tenancy-upgrade.ddl
-                                    mysql -u root -p domibus_domain_1 < mysql-4.2.9-to-5.0-upgrade.ddl
+                                    mysql -u root -p domibus_general < mysql-4.2.6-to-5.0-multi-tenancy-upgrade.ddl
+                                    mysql -u root -p domibus_domain_1 < mysql-4.2.6-to-5.0-upgrade.ddl
                             - the non-root user (e.g. edelivery): for which the root user must first relax the conditions on function creation by granting the SYSTEM_VARIABLES_ADMIN right to the non-root user:
                                     GRANT SYSTEM_VARIABLES_ADMIN ON *.* TO 'edelivery'@'localhost';
                               and then specifying the target databases as part of the command. For example, for single tenancy:
-                                     mysql -u edelivery -p domibus < mysql-4.2.9-to-5.0-upgrade.ddl
+                                     mysql -u edelivery -p domibus < mysql-4.2.6-to-5.0-upgrade.ddl
                                  or, for multitenancy:
-                                     mysql -u edelivery -p domibus_general < mysql-4.2.9-to-5.0-multi-tenancy-upgrade.ddl
-                                     mysql -u edelivery -p domibus_domain_1 < mysql-4.2.9-to-5.0-upgrade.ddl.
+                                     mysql -u edelivery -p domibus_general < mysql-4.2.6-to-5.0-multi-tenancy-upgrade.ddl
+                                     mysql -u edelivery -p domibus_domain_1 < mysql-4.2.6-to-5.0-upgrade.ddl.
   ### Data upgrade
                 - Data upgrade scripts should be run in order to migrate data from old tables to the new tables:
    #### Oracle only
                         Domibus application (.war) should be stopped while running these:
                             - single tenancy:
-                                - step 1: oracle-4.2.9-to-5.0-data-upgrade-step1.ddl (it will drop and then recreate new version of the tables - errors which appear during dropping could be ignored)
+                                - step 1: oracle-4.2.6-to-5.0-data-upgrade-step1.ddl (it will drop and then recreate new version of the tables - errors which appear during dropping could be ignored)
                                 - UTC date migration step: execute the migrate procedure from the MIGRATE_42_TO_50_utc_conversion package providing the correct TIMEZONE parameter - i.e. the timezone ID in which the date time values have been previously saved (e.g. 'Europe/Brussels') -;
-                                - step 2: oracle-4.2.9-to-5.0-data-upgrade-step2.ddl (it will create the package for data upgrade, run the upgrade procedure)
+                                - step 2: oracle-4.2.6-to-5.0-data-upgrade-step2.ddl (it will create the package for data upgrade, run the upgrade procedure)
                                 If upgrade procedure fails step 1 and step 2 could be run again. Once upgrade procedure ends successfully we could proceed to step 3
-                                - step 3: oracle-4.2.9-to-5.0-data-upgrade-step3.ddl (this step will finish the upgrade - during this step 4.2 version of the tables will be renamed to OLD_);
+                                - step 3: oracle-4.2.6-to-5.0-data-upgrade-step3.ddl (this step will finish the upgrade - during this step 4.2 version of the tables will be renamed to OLD_);
                                 This step isn't reversible so it must be executed once step 1 and step 2 are successful
-                                - (Optional) step 4: oracle-4.2.9-to-5.0-data-upgrade-step4.ddl (during this step the original tables and the upgrade subprograms are dropped)
+                                - (Optional) step 4: oracle-4.2.6-to-5.0-data-upgrade-step4.ddl (during this step the original tables and the upgrade subprograms are dropped)
                                 This step isn't reversible so it must be executed once step 1, step 2 and step3 are successful
                                 - (Optional) partitioning: oracle-5.0-partitioning.ddl (if you further plan on using Oracle partitions in an Enterprise Editions database)
                             - multitenancy:
                                 - general schema:
-                                    - step 1: oracle-4.2.9-to-5.0-data-upgrade-multi-tenancy-step1.ddl (it will drop and then recreate new version of the tables - errors which appear during dropping could be ignored)
+                                    - step 1: oracle-4.2.6-to-5.0-data-upgrade-multi-tenancy-step1.ddl (it will drop and then recreate new version of the tables - errors which appear during dropping could be ignored)
                                     - UTC date migration step: execute the migrate_multitenancy procedure from the MIGRATE_42_TO_50_utc_conversion package providing the correct TIMEZONE parameter - i.e. the timezone ID in which the date time values have been previously saved (e.g. 'Europe/Brussels') -;
-                                    - step 2: oracle-4.2.9-to-5.0-data-upgrade-multi-tenancy-step2.ddl (it will create the package for data upgrade, run the upgrade procedure)
+                                    - step 2: oracle-4.2.6-to-5.0-data-upgrade-multi-tenancy-step2.ddl (it will create the package for data upgrade, run the upgrade procedure)
                                     If upgrade procedure fails step 1 and step 2 could be run again. Once upgrade procedure ends successfully we could proceed to step 3
-                                    - step 3: oracle-4.2.9-to-5.0-data-upgrade-multi-tenancy-step3.ddl (this step will finish the upgrade - during this step 4.2 version of the tables will be renamed to OLD_);
+                                    - step 3: oracle-4.2.6-to-5.0-data-upgrade-multi-tenancy-step3.ddl (this step will finish the upgrade - during this step 4.2 version of the tables will be renamed to OLD_);
                                     This step isn't reversible so it must be executed once step 1 and step 2 are successful
-                                    - (Optional) step 4: oracle-4.2.9-to-5.0-data-upgrade-multi-tenancy-step4.ddl (during this step the original tables and the upgrade subprograms are dropped)
+                                    - (Optional) step 4: oracle-4.2.6-to-5.0-data-upgrade-multi-tenancy-step4.ddl (during this step the original tables and the upgrade subprograms are dropped)
                                     This step isn't reversible so it must be executed once step 1, step 2 and step3 are successful
                                 - domain schemas:
-                                    - step 1: oracle-4.2.9-to-5.0-data-upgrade-step1.ddl (it will drop and then recreate new version of the tables - errors which appear during dropping could be ignored)
+                                    - step 1: oracle-4.2.6-to-5.0-data-upgrade-step1.ddl (it will drop and then recreate new version of the tables - errors which appear during dropping could be ignored)
                                     - UTC date migration step: execute the migrate procedure from the MIGRATE_42_TO_50_utc_conversion package providing the correct TIMEZONE parameter - i.e. the timezone ID in which the date time values have been previously saved (e.g. 'Europe/Brussels') -;
-                                    - step 2: oracle-4.2.9-to-5.0-data-upgrade-step2.ddl (it will create the package for data upgrade, run the upgrade procedure)
+                                    - step 2: oracle-4.2.6-to-5.0-data-upgrade-step2.ddl (it will create the package for data upgrade, run the upgrade procedure)
                                     If upgrade procedure fails step 1 and step 2 could be run again. Once upgrade procedure ends successfully we could proceed to step 3
-                                    - step 3: oracle-4.2.9-to-5.0-data-upgrade-step3.ddl (this step will finish the upgrade - during this step 4.2 version of the tables will be renamed to OLD_);
+                                    - step 3: oracle-4.2.6-to-5.0-data-upgrade-step3.ddl (this step will finish the upgrade - during this step 4.2 version of the tables will be renamed to OLD_);
                                     This step isn't reversible so it must be executed once step 1 and step 2 are successful
-                                    - (Optional) step 4: oracle-4.2.9-to-5.0-data-upgrade-step4.ddl (during this step the original tables and the upgrade subprograms are dropped)
+                                    - (Optional) step 4: oracle-4.2.6-to-5.0-data-upgrade-step4.ddl (during this step the original tables and the upgrade subprograms are dropped)
                                     This step isn't reversible so it must be executed once step 1, step 2 and step3 are successful
                                     - (Optional) partitioning: oracle-5.0-partitioning.ddl (if you further plan on using Oracle partitions in an Enterprise Editions database)
                                     - grant privileges to the general schema using oracle-5.0-multi-tenancy-rights.sql, updating the schema names before execution
@@ -481,55 +495,55 @@ Release checklist:
 #### MySQL only
                         The scripts below - please adapt to your local configuration (i.e. users, database names) - can be run using either:
                     	    - the root user, specifying the target databases as part of the command. For example, for single tenancy:
-                                    mysql -u root -p domibus < mysql-4.2.9-to-5.0-data-upgrade-step1.ddl
+                                    mysql -u root -p domibus < mysql-4.2.6-to-5.0-data-upgrade-step1.ddl
                                 or, for multitenancy:
-                                    mysql -u root -p domibus_general < mysql-4.2.9-to-5.0-data-upgrade-multi-tenancy-step1.ddl
-                                    mysql -u root -p domibus_domain_1 < mysql-4.2.9-to-5.0-data-upgrade-step1.ddl
+                                    mysql -u root -p domibus_general < mysql-4.2.6-to-5.0-data-upgrade-multi-tenancy-step1.ddl
+                                    mysql -u root -p domibus_domain_1 < mysql-4.2.6-to-5.0-data-upgrade-step1.ddl
                             - or the non-root user (e.g. edelivery): for which the root user must first relax the conditions on function creation by granting the SYSTEM_VARIABLES_ADMIN right to the non-root user:
                                     GRANT SYSTEM_VARIABLES_ADMIN ON *.* TO 'edelivery'@'localhost';
                               and then specifying the target databases as part of the command. For example, for single tenancy:
-                                     mysql -u edelivery -p domibus < mysql-4.2.9-to-5.0-data-upgrade-step1.ddl
+                                     mysql -u edelivery -p domibus < mysql-4.2.6-to-5.0-data-upgrade-step1.ddl
                                  or, for multitenancy:
-                                     mysql -u edelivery -p domibus_general < mysql-4.2.9-to-5.0-data-upgrade-multi-tenancy-step1.ddl
-                                     mysql -u edelivery -p domibus_domain_1 < mysql-4.2.9-to-5.0-data-upgrade-step1.ddl.
+                                     mysql -u edelivery -p domibus_general < mysql-4.2.6-to-5.0-data-upgrade-multi-tenancy-step1.ddl
+                                     mysql -u edelivery -p domibus_domain_1 < mysql-4.2.6-to-5.0-data-upgrade-step1.ddl.
 
                         Domibus application (.war) should be stopped while running these:
                             - single tenancy:
-                                - step 1: mysql-4.2.9-to-5.0-data-upgrade-step1.ddl (it will drop and then recreate new version of the tables - errors which appear during dropping could be ignored)
+                                - step 1: mysql-4.2.6-to-5.0-data-upgrade-step1.ddl (it will drop and then recreate new version of the tables - errors which appear during dropping could be ignored)
                                 - UTC date migration step
                                     1. Identify your current named time zone such as 'Europe/Brussels', 'US/Eastern', 'MET' or 'UTC' (e.g. issue SELECT @@GLOBAL.time_zone, @@SESSION.time_zone;)
                                     2. Populate the MySQL time zone tables if not already done: https://dev.mysql.com/doc/refman/8.0/en/time-zone-support.html#time-zone-installation
                                     3. call the MIGRATE_42_TO_50_utc_conversion procedure providing the correct TIMEZONE named time zone parameter identified above - i.e. the timezone ID in which the date time values have been previously saved -;
-                                - step 2: mysql-4.2.9-to-5.0-data-upgrade-step2.ddl (it will create the package for data upgrade, run the upgrade procedure)
+                                - step 2: mysql-4.2.6-to-5.0-data-upgrade-step2.ddl (it will create the package for data upgrade, run the upgrade procedure)
                                 If upgrade procedure fails step 1 and step 2 could be run again. Once upgrade procedure ends successfully we could proceed to step 3
-                                - step 3: mysql-4.2.9-to-5.0-data-upgrade-step3.ddl (this step will finish the upgrade - during this step 4.2 version of the tables will be renamed to OLD_);
+                                - step 3: mysql-4.2.6-to-5.0-data-upgrade-step3.ddl (this step will finish the upgrade - during this step 4.2 version of the tables will be renamed to OLD_);
                                 This step isn't reversible so it must be executed once step 1 and step 2 are successful
-                                - (Optional) step 4: mysql-4.2.9-to-5.0-data-upgrade-step4.ddl (during this step the original tables and the upgrade subprograms are dropped)
+                                - (Optional) step 4: mysql-4.2.6-to-5.0-data-upgrade-step4.ddl (during this step the original tables and the upgrade subprograms are dropped)
                                 This step isn't reversible so it must be executed once step 1, step 2 and step3 are successful
                             - multitenancy:
                                 - general database:
-                                    - step 1: mysql-4.2.9-to-5.0-data-upgrade-multi-tenancy-step1.ddl (it will drop and then recreate new version of the tables - errors which appear during dropping could be ignored)
+                                    - step 1: mysql-4.2.6-to-5.0-data-upgrade-multi-tenancy-step1.ddl (it will drop and then recreate new version of the tables - errors which appear during dropping could be ignored)
                                     - UTC date migration step
                                         1. Identify your current named time zone such as 'Europe/Brussels', 'US/Eastern', 'MET' or 'UTC' (e.g. issue SELECT @@GLOBAL.time_zone, @@SESSION.time_zone;)
                                         2. Populate the MySQL time zone tables if not already done: https://dev.mysql.com/doc/refman/8.0/en/time-zone-support.html#time-zone-installation
                                         3. call the MIGRATE_42_TO_50_utc_conversion_multitenancy procedure providing the correct TIMEZONE named time zone parameter identified above - i.e. the timezone ID in which the date time values have been previously saved -;
-                                    - step 2: mysql-4.2.9-to-5.0-data-upgrade-multi-tenancy-step2.ddl (it will create the package for data upgrade, run the upgrade procedure)
+                                    - step 2: mysql-4.2.6-to-5.0-data-upgrade-multi-tenancy-step2.ddl (it will create the package for data upgrade, run the upgrade procedure)
                                     If upgrade procedure fails step 1 and step 2 could be run again. Once upgrade procedure ends successfully we could proceed to step 3
-                                    - step 3: mysql-4.2.9-to-5.0-data-upgrade-multi-tenancy-step3.ddl (this step will finish the upgrade - during this step 4.2 version of the tables will be renamed to OLD_);
+                                    - step 3: mysql-4.2.6-to-5.0-data-upgrade-multi-tenancy-step3.ddl (this step will finish the upgrade - during this step 4.2 version of the tables will be renamed to OLD_);
                                     This step isn't reversible so it must be executed once step 1 and step 2 are successful
-                                    - (Optional) step 4: mysql-4.2.9-to-5.0-data-upgrade-multi-tenancy-step4.ddl (during this step the original tables and the upgrade subprograms are dropped)
+                                    - (Optional) step 4: mysql-4.2.6-to-5.0-data-upgrade-multi-tenancy-step4.ddl (during this step the original tables and the upgrade subprograms are dropped)
                                     This step isn't reversible so it must be executed once step 1, step 2 and step3 are successful
                                 - domain databases:
-                                    - step 1: mysql-4.2.9-to-5.0-data-upgrade-step1.ddl (it will drop and then recreate new version of the tables - errors which appear during dropping could be ignored)
+                                    - step 1: mysql-4.2.6-to-5.0-data-upgrade-step1.ddl (it will drop and then recreate new version of the tables - errors which appear during dropping could be ignored)
                                     - UTC date migration step
                                         1. Identify your current named time zone such as 'Europe/Brussels', 'US/Eastern', 'MET' or 'UTC' (e.g. issue SELECT @@GLOBAL.time_zone, @@SESSION.time_zone;)
                                         2. Populate the MySQL time zone tables if not already done: https://dev.mysql.com/doc/refman/8.0/en/time-zone-support.html#time-zone-installation
                                         3. call the MIGRATE_42_TO_50_utc_conversion procedure providing the correct TIMEZONE named time zone parameter identified above - i.e. the timezone ID in which the date time values have been previously saved -;
-                                    - step 2: mysql-4.2.9-to-5.0-data-upgrade-step2.ddl (it will create the package for data upgrade, run the upgrade procedure)
+                                    - step 2: mysql-4.2.6-to-5.0-data-upgrade-step2.ddl (it will create the package for data upgrade, run the upgrade procedure)
                                     If upgrade procedure fails step 1 and step 2 could be run again. Once upgrade procedure ends successfully we could proceed to step 3
-                                    - step 3: mysql-4.2.9-to-5.0-data-upgrade-step3.ddl (this step will finish the upgrade - during this step 4.2 version of the tables will be renamed to OLD_);
+                                    - step 3: mysql-4.2.6-to-5.0-data-upgrade-step3.ddl (this step will finish the upgrade - during this step 4.2 version of the tables will be renamed to OLD_);
                                     This step isn't reversible so it must be executed once step 1 and step 2 are successful
-                                    - (Optional) step 4: mysql-4.2.9-to-5.0-data-upgrade-step4.ddl (during this step the original tables and the upgrade subprograms are dropped)
+                                    - (Optional) step 4: mysql-4.2.6-to-5.0-data-upgrade-step4.ddl (during this step the original tables and the upgrade subprograms are dropped)
                                     This step isn't reversible so it must be executed once step 1, step 2 and step3 are successful
   ### Cache
                 - Update the "/conf/domibus/internal/ehcache.xml" cache definitions file:
diff --git a/Core/Domibus-archive-client/pom.xml b/Core/Domibus-archive-client/pom.xml
index 2550b751d3..f32ecaf851 100644
--- a/Core/Domibus-archive-client/pom.xml
+++ b/Core/Domibus-archive-client/pom.xml
@@ -2,7 +2,7 @@
     <parent>
         <artifactId>core</artifactId>
         <groupId>org.niis</groupId>
-        <version>2.4.0</version>
+        <version>2.5.0</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
     <artifactId>harmony-archive-client</artifactId>
diff --git a/Core/Domibus-archive-webhook-swagger/pom.xml b/Core/Domibus-archive-webhook-swagger/pom.xml
index 8a70081280..16d0378369 100644
--- a/Core/Domibus-archive-webhook-swagger/pom.xml
+++ b/Core/Domibus-archive-webhook-swagger/pom.xml
@@ -8,10 +8,10 @@
     <parent>
         <groupId>org.niis</groupId>
         <artifactId>core</artifactId>
-        <version>2.4.0</version>
+        <version>2.5.0</version>
     </parent>
 
-    <artifactId>Domibus-archive-webhook-swagger</artifactId>
+    <artifactId>harmony-archive-webhook-swagger</artifactId>
     <packaging>war</packaging>
     <name>Harmony eArchive webhook swagger definition</name>
     <properties>
diff --git a/Core/Domibus-ext-model/pom.xml b/Core/Domibus-ext-model/pom.xml
index 2dd806f453..525485a88f 100644
--- a/Core/Domibus-ext-model/pom.xml
+++ b/Core/Domibus-ext-model/pom.xml
@@ -5,7 +5,7 @@
     <parent>
         <artifactId>core</artifactId>
         <groupId>org.niis</groupId>
-        <version>2.4.0</version>
+        <version>2.5.0</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 
diff --git a/Core/Domibus-iam-spi/pom.xml b/Core/Domibus-iam-spi/pom.xml
index 20baf61679..cb2f328636 100644
--- a/Core/Domibus-iam-spi/pom.xml
+++ b/Core/Domibus-iam-spi/pom.xml
@@ -5,7 +5,7 @@
     <parent>
         <artifactId>core</artifactId>
         <groupId>org.niis</groupId>
-        <version>2.4.0</version>
+        <version>2.5.0</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 
diff --git a/Core/Domibus-plugin-api/pom.xml b/Core/Domibus-plugin-api/pom.xml
index 21aaebd49b..74410426f4 100644
--- a/Core/Domibus-plugin-api/pom.xml
+++ b/Core/Domibus-plugin-api/pom.xml
@@ -9,7 +9,7 @@
     <parent>
         <groupId>org.niis</groupId>
         <artifactId>core</artifactId>
-        <version>2.4.0</version>
+        <version>2.5.0</version>
     </parent>
     <artifactId>harmony-plugin-api</artifactId>
     <packaging>jar</packaging>
@@ -119,6 +119,10 @@
             <groupId>org.apache.cxf</groupId>
             <artifactId>cxf-rt-transports-http</artifactId>
         </dependency>
+        <dependency>
+            <groupId>org.apache.commons</groupId>
+            <artifactId>commons-collections4</artifactId>
+        </dependency>
         <!-- End Apache -->
 
         <!-- Start Test -->
diff --git a/Core/Domibus-plugin-api/src/main/java/eu/domibus/plugin/AbstractBackendConnector.java b/Core/Domibus-plugin-api/src/main/java/eu/domibus/plugin/AbstractBackendConnector.java
index b648f2156f..e596ea2d59 100644
--- a/Core/Domibus-plugin-api/src/main/java/eu/domibus/plugin/AbstractBackendConnector.java
+++ b/Core/Domibus-plugin-api/src/main/java/eu/domibus/plugin/AbstractBackendConnector.java
@@ -69,7 +69,7 @@ public String submit(final U message) throws MessagingProcessingException {
             final Submission messageData = getMessageSubmissionTransformer().transformToSubmission(message);
             final String messageId = messageSubmitter.submit(messageData, this.getName());
             LOG.putMDC(DomibusLogger.MDC_MESSAGE_ID, messageId);
-            LOG.businessInfo(DomibusMessageCode.BUS_MESSAGE_SUBMITTED);
+            LOG.businessInfo(DomibusMessageCode.BUS_MESSAGE_SUBMITTED, messageData.getFirstFromPartyId(), messageData.getFirstToPartyId());
             return messageId;
         } catch (IllegalArgumentException iaEx) {
             LOG.businessError(DomibusMessageCode.BUS_MESSAGE_SUBMIT_FAILED, iaEx);
@@ -217,8 +217,8 @@ public MessageStatus getStatus(final Long messageEntityId) throws MessageNotFoun
     @Override
     public List<ErrorResult> getErrorsForMessage(final String messageId) throws DuplicateMessageException {
         List<ErrorResult> errorResults = new ArrayList<>();
-        try{
-            errorResults= new ArrayList<>(this.messageRetriever.getErrorsForMessage(messageId));
+        try {
+            errorResults = new ArrayList<>(this.messageRetriever.getErrorsForMessage(messageId));
         } catch (MessageNotFoundException e) {
             LOG.error("Message [{}] does not exist", messageId);
         }
@@ -312,7 +312,7 @@ protected boolean doIsEnabled(String domainCode) {
         // fallback to the domibus property provider delegate
         DomainDTO domain = domainExtService.getDomain(domainCode);
         String value = domibusPropertyExtService.getProperty(domain, domainEnabledPropertyName);
-        LOG.info("Checking domibus property manager: reading property [{}]=[{}] to see if the plugin is enabled.", domainEnabledPropertyName, value);
+        LOG.debug("Checking domibus property manager: reading property [{}]=[{}] to see if the plugin is enabled.", domainEnabledPropertyName, value);
         return BooleanUtils.toBoolean(value);
     }
 
diff --git a/Core/Domibus-plugin-api/src/main/java/eu/domibus/plugin/Submission.java b/Core/Domibus-plugin-api/src/main/java/eu/domibus/plugin/Submission.java
index 7ed1390af6..472f848680 100644
--- a/Core/Domibus-plugin-api/src/main/java/eu/domibus/plugin/Submission.java
+++ b/Core/Domibus-plugin-api/src/main/java/eu/domibus/plugin/Submission.java
@@ -2,8 +2,9 @@
 
 import eu.domibus.logging.DomibusLogger;
 import eu.domibus.logging.DomibusLoggerFactory;
+import org.apache.commons.lang3.StringUtils;
 import org.apache.commons.lang3.builder.ToStringBuilder;
-import org.springframework.util.StringUtils;
+import org.apache.commons.collections4.CollectionUtils;
 
 import javax.activation.DataHandler;
 import java.util.*;
@@ -46,6 +47,45 @@ public class Submission {
     private ProcessingType processingType;
 
 
+    public String format() {
+        StringBuilder sb = new StringBuilder();
+        sb.append("Submission Details:\n");
+        sb.append("     Message Entity ID: ").append(messageEntityId == null ? "null" : messageEntityId).append("\n");
+        sb.append("     Message ID: ").append(messageId == null ? "null" : messageId).append("\n");
+        sb.append("     Ref To Message ID: ").append(refToMessageId == null ? "null" : refToMessageId).append("\n");
+        sb.append("     Conversation ID: ").append(conversationId == null ? "null" : conversationId).append("\n");
+        sb.append("     Action: ").append(action == null ? "null" : action).append("\n");
+        sb.append("     Service: ").append(service == null ? "null" : "value: " + service + " type: " + serviceType).append("\n");
+        sb.append("     Agreement Ref: ").append(agreementRef == null ? "null" : "value: " + agreementRef + " type: " + agreementRefType).append("\n");
+        sb.append("     FromRole: ").append(fromRole == null ? "null" : fromRole).append("\n");
+        sb.append("     ToRole: ").append(toRole == null ? "null" : toRole).append("\n");
+        sb.append("     MPC: ").append(mpc == null ? "null" : mpc).append("\n");
+        sb.append("Message Properties: ").append(CollectionUtils.isEmpty(messageProperties) ? "none\n" : "\n");
+        if (CollectionUtils.isNotEmpty(messageProperties)) {
+            for (TypedProperty messageProperty : messageProperties) {
+                sb.append("    ").append(messageProperty.getKey()).append(": ").append(messageProperty.getValue()).append("\n");
+            }
+        }
+        sb.append("From Party Info: ").append(fromParties == null ? "null\n" : "\n");
+        if (fromParties != null) {
+            if (fromParties.iterator().hasNext()) {
+                Submission.Party fromParty = fromParties.iterator().next();
+                sb.append("    From Party: \n");
+                sb.append("       Party ID: ").append(fromParty.getPartyId() == null ? "null\n" : "value: " + fromParty.getPartyId() + " type: " + fromParty.getPartyIdType()).append("\n");
+            }
+        }
+        sb.append("To Party Info: ").append(fromParties == null ? "null\n" : "\n");
+        if (toParties != null) {
+            if (toParties.iterator().hasNext()) {
+                Submission.Party toParty = toParties.iterator().next();
+                sb.append("    To Party: \n");
+                sb.append("       Party ID: ").append(toParty.getPartyId() == null ? "null\n" : "value: " + toParty.getPartyId() + " type: " + toParty.getPartyIdType()).append("\n");
+            }
+        }
+        return sb.toString();
+    }
+
+
     /**
      * Getter for mpc
      * <p>
@@ -396,6 +436,16 @@ public Set<Submission.Party> getFromParties() {
         return this.fromParties;
     }
 
+    /**
+     * Returns the partyId for the first From party, or null if there is no From party
+     */
+    public String getFirstFromPartyId() {
+        if (this.fromParties == null || this.fromParties.isEmpty()) {
+            return null;
+        }
+        return this.fromParties.iterator().next().getPartyId();
+    }
+
     /**
      * This method adds one message property to the plugin. The optional type attribute is not set.
      * <p>
@@ -461,6 +511,16 @@ public Set<Submission.Party> getToParties() {
         return this.toParties;
     }
 
+    /**
+     * Returns the partyId for the first To party, or null if there is no To party
+     */
+    public String getFirstToPartyId() {
+        if (this.toParties == null || this.toParties.isEmpty()) {
+            return null;
+        }
+        return this.toParties.iterator().next().getPartyId();
+    }
+
     /**
      * Returns a {@link java.util.Set} of {@link eu.domibus.plugin.Submission.Payload} elements representing the payloads
      * of this plugin. A {@link eu.domibus.plugin.Submission.Payload} contains information describing the payload and the payload itself.
@@ -821,7 +881,7 @@ public static class Description {
         private Locale lang;
 
         public Description(Locale lang, String description) {
-            if (!StringUtils.hasLength(description)) {
+            if (StringUtils.isEmpty(description)) {
                 throw new IllegalArgumentException("description must not be empty");
             }
 
diff --git a/Core/pom.xml b/Core/pom.xml
index fb55455fcc..7b1d16d61e 100644
--- a/Core/pom.xml
+++ b/Core/pom.xml
@@ -8,7 +8,7 @@
     <parent>
         <groupId>org.niis</groupId>
         <artifactId>harmony</artifactId>
-        <version>2.4.0</version>
+        <version>2.5.0</version>
     </parent>
 
     <artifactId>core</artifactId>
diff --git a/Plugin-FS/Domibus-default-fs-plugin/pom.xml b/Plugin-FS/Domibus-default-fs-plugin/pom.xml
index 51f8e4e26d..468925f773 100644
--- a/Plugin-FS/Domibus-default-fs-plugin/pom.xml
+++ b/Plugin-FS/Domibus-default-fs-plugin/pom.xml
@@ -8,7 +8,7 @@
     <parent>
         <groupId>org.niis</groupId>
         <artifactId>plugin-fs</artifactId>
-        <version>2.4.0</version>
+        <version>2.5.0</version>
     </parent>
     <artifactId>harmony-default-fs-plugin</artifactId>
     <packaging>jar</packaging>
diff --git a/Plugin-FS/Domibus-default-fs-plugin/src/main/java/eu/domibus/plugin/fs/FSMessageTransformer.java b/Plugin-FS/Domibus-default-fs-plugin/src/main/java/eu/domibus/plugin/fs/FSMessageTransformer.java
index 79ae5449c6..919ebb06d3 100644
--- a/Plugin-FS/Domibus-default-fs-plugin/src/main/java/eu/domibus/plugin/fs/FSMessageTransformer.java
+++ b/Plugin-FS/Domibus-default-fs-plugin/src/main/java/eu/domibus/plugin/fs/FSMessageTransformer.java
@@ -330,16 +330,19 @@ protected void setCollaborationInfoToSubmission(Submission submission, Collabora
     }
 
     protected CollaborationInfo getCollaborationInfoFromSubmission(Submission submission) {
-        AgreementRef agreementRef = objectFactory.createAgreementRef();
-        agreementRef.setType(submission.getAgreementRefType());
-        agreementRef.setValue(submission.getAgreementRef());
+        CollaborationInfo collaborationInfo = objectFactory.createCollaborationInfo();
+
+        if (StringUtils.isNotBlank(submission.getAgreementRef())) {
+            AgreementRef agreementRef = objectFactory.createAgreementRef();
+            agreementRef.setType(submission.getAgreementRefType());
+            agreementRef.setValue(submission.getAgreementRef());
+            collaborationInfo.setAgreementRef(agreementRef);
+        }
 
         Service service = objectFactory.createService();
         service.setType(submission.getServiceType());
         service.setValue(submission.getService());
 
-        CollaborationInfo collaborationInfo = objectFactory.createCollaborationInfo();
-        collaborationInfo.setAgreementRef(agreementRef);
         collaborationInfo.setService(service);
         collaborationInfo.setAction(submission.getAction());
         collaborationInfo.setConversationId(submission.getConversationId());
diff --git a/Plugin-FS/Domibus-default-fs-plugin/src/main/java/eu/domibus/plugin/fs/FSPluginImpl.java b/Plugin-FS/Domibus-default-fs-plugin/src/main/java/eu/domibus/plugin/fs/FSPluginImpl.java
index 1dff816e1e..f29ea7c4b5 100644
--- a/Plugin-FS/Domibus-default-fs-plugin/src/main/java/eu/domibus/plugin/fs/FSPluginImpl.java
+++ b/Plugin-FS/Domibus-default-fs-plugin/src/main/java/eu/domibus/plugin/fs/FSPluginImpl.java
@@ -204,6 +204,7 @@ public void deliverMessage(DeliverMessageEvent event) {
                 LOG.debug("FSMessage payloads for message [{}] will be scheduled for saving", messageId);
 
                 final DomainDTO domainDTO = fsDomainService.fsDomainToDomibusDomain(fsPluginDomain);
+                //TODO: replace with a submitLongRunningTaskWithSecurityContext variant(like submit methods have)
                 final Authentication currentAuthentication = SecurityContextHolder.getContext().getAuthentication();
                 domainTaskExtExecutor.submitLongRunningTask(() -> {
                     SecurityContextHolder.getContext().setAuthentication(currentAuthentication);
@@ -409,7 +410,7 @@ protected StringBuilder getErrorFileContent(ErrorResult errorResult) {
                 errorResult.getTimestamp() == null ? null : errorResult.getTimestamp().toString());
     }
 
-    protected void handleSentMessage(String domain, String messageId) {
+    protected void handleSentMessage(String domain, String messageId, boolean retryIfNotFound) {
         LOG.debug("Preparing to handle sent message using domain [{}] and messageId [{}]", domain, messageId);
 
         try (FileObject rootDir = fsFilesManager.setUpFileSystem(domain);
@@ -436,9 +437,15 @@ protected void handleSentMessage(String domain, String messageId) {
                     }
                 }
             } else {
-                LOG.error("The successfully sent message file [{}] was not found in domain [{}]", messageId, domain);
+                if (retryIfNotFound) {
+                    LOG.debug("Successfully sent message file [{}] not found. It may not have been renamed yet", messageId);
+                    Thread.sleep(3000L);
+                    handleSentMessage(domain, messageId, false);
+                } else {
+                    LOG.error("The successfully sent message file [{}] was not found in domain [{}]", messageId, domain);
+                }
             }
-        } catch (FileSystemException e) {
+        } catch (FileSystemException | InterruptedException e) {
             LOG.error("Error handling the successfully sent message file [" + messageId + "]", e);
         }
     }
@@ -476,7 +483,7 @@ public void messageStatusChanged(MessageStatusChangeEvent event) {
         if (isSendingEvent(event)) {
             renameMessageFile(domain, messageId, event.getToStatus());
         } else if (isSendSuccessEvent(event)) {
-            handleSentMessage(domain, messageId);
+            handleSentMessage(domain, messageId, true);
         } else if (isSendFailedEvent(event)) {
             handleSendFailedMessage(domain, messageId);
         }
diff --git a/Plugin-FS/Domibus-default-fs-plugin/src/main/java/eu/domibus/plugin/fs/worker/FSSendMessagesService.java b/Plugin-FS/Domibus-default-fs-plugin/src/main/java/eu/domibus/plugin/fs/worker/FSSendMessagesService.java
index 1322ad1432..7ca24b8966 100644
--- a/Plugin-FS/Domibus-default-fs-plugin/src/main/java/eu/domibus/plugin/fs/worker/FSSendMessagesService.java
+++ b/Plugin-FS/Domibus-default-fs-plugin/src/main/java/eu/domibus/plugin/fs/worker/FSSendMessagesService.java
@@ -388,11 +388,11 @@ protected void clearObservedFiles(String domain) {
         LOG.trace("Starting clear of the observed files for domain [{}]; there are [{}] entries", domain, observedFilesInfo.size());
 
         int delta = 2 * fsPluginProperties.getSendWorkerInterval(domain) + fsPluginProperties.getSendDelay(domain);
-        long currentTime = new Date().getTime();
+        long thresholdTime = new Date().getTime() - delta;
         String[] keys = observedFilesInfo.keySet().toArray(new String[]{});
         for (String key : keys) {
             FileInfo fileInfo = observedFilesInfo.get(key);
-            if (fileInfo.getDomain().equals(domain) && ((currentTime - fileInfo.getModified()) > delta)) {
+            if (fileInfo != null && StringUtils.equalsIgnoreCase(fileInfo.getDomain(), domain) && fileInfo.getModified() < thresholdTime) {
                 LOG.debug("File [{}] is old and will not be observed anymore", key);
                 observedFilesInfo.remove(key);
             }
diff --git a/Plugin-FS/Domibus-default-fs-plugin/src/test/java/eu/domibus/plugin/fs/FSPluginImplTest.java b/Plugin-FS/Domibus-default-fs-plugin/src/test/java/eu/domibus/plugin/fs/FSPluginImplTest.java
index ffcdcc9069..ccabeb24b5 100644
--- a/Plugin-FS/Domibus-default-fs-plugin/src/test/java/eu/domibus/plugin/fs/FSPluginImplTest.java
+++ b/Plugin-FS/Domibus-default-fs-plugin/src/test/java/eu/domibus/plugin/fs/FSPluginImplTest.java
@@ -551,7 +551,7 @@ public void testMessageStatusChanged_SendSuccessArchive(@Injectable MessageStatu
         backendFS.messageStatusChanged(event);
 
         new Verifications() {{
-            backendFS.handleSentMessage(domain, messageId);
+            backendFS.handleSentMessage(domain, messageId, true);
         }};
 
     }
@@ -602,7 +602,7 @@ public void testHandleSentMessage(@Injectable FileObject contentFile,
 
         }};
 
-        backendFS.handleSentMessage(null, messageId);
+        backendFS.handleSentMessage(null, messageId, true);
 
         new Verifications() {{
             fsFilesManager.moveFile(contentFile, archivedFile);
diff --git a/Plugin-FS/pom.xml b/Plugin-FS/pom.xml
index 7adb8a2121..b676ab63ae 100644
--- a/Plugin-FS/pom.xml
+++ b/Plugin-FS/pom.xml
@@ -8,7 +8,7 @@
     <parent>
         <groupId>org.niis</groupId>
         <artifactId>harmony</artifactId>
-        <version>2.4.0</version>
+        <version>2.5.0</version>
     </parent>
 
     <artifactId>plugin-fs</artifactId>
diff --git a/Plugin-JMS/Domibus-default-jms-plugin/pom.xml b/Plugin-JMS/Domibus-default-jms-plugin/pom.xml
index 2ad6b78b47..9cf7fb248e 100644
--- a/Plugin-JMS/Domibus-default-jms-plugin/pom.xml
+++ b/Plugin-JMS/Domibus-default-jms-plugin/pom.xml
@@ -8,7 +8,7 @@
     <parent>
         <groupId>org.niis</groupId>
         <artifactId>plugin-jms</artifactId>
-        <version>2.4.0</version>
+        <version>2.5.0</version>
     </parent>
 
     <artifactId>harmony-default-jms-plugin</artifactId>
diff --git a/Plugin-JMS/Domibus-default-jms-plugin/src/main/conf/tomcat/jms-plugin.properties b/Plugin-JMS/Domibus-default-jms-plugin/src/main/conf/tomcat/jms-plugin.properties
index 3d8bd45a92..caca899276 100644
--- a/Plugin-JMS/Domibus-default-jms-plugin/src/main/conf/tomcat/jms-plugin.properties
+++ b/Plugin-JMS/Domibus-default-jms-plugin/src/main/conf/tomcat/jms-plugin.properties
@@ -30,6 +30,7 @@
 #
 #### Properties identifying the business agreement and process, remove # to enable ####
 # jmsplugin.agreementRef=
+# jmsplugin.agreementRefType=
 # jmsplugin.service=
 # jmsplugin.serviceType=
 # jmsplugin.action=
diff --git a/Plugin-JMS/Domibus-default-jms-plugin/src/main/conf/weblogic/jms-plugin.properties b/Plugin-JMS/Domibus-default-jms-plugin/src/main/conf/weblogic/jms-plugin.properties
index 9ec4a4a03c..f1461e6a9d 100644
--- a/Plugin-JMS/Domibus-default-jms-plugin/src/main/conf/weblogic/jms-plugin.properties
+++ b/Plugin-JMS/Domibus-default-jms-plugin/src/main/conf/weblogic/jms-plugin.properties
@@ -30,6 +30,7 @@
 #
 #### Properties identifying the business agreement and process, remove # to enable ####
 # jmsplugin.agreementRef=
+# jmsplugin.agreementRefType=
 # jmsplugin.service=
 # jmsplugin.serviceType=
 # jmsplugin.action=
diff --git a/Plugin-JMS/Domibus-default-jms-plugin/src/main/conf/wildfly/jms-plugin.properties b/Plugin-JMS/Domibus-default-jms-plugin/src/main/conf/wildfly/jms-plugin.properties
index 79fb73a6be..e860c6105b 100644
--- a/Plugin-JMS/Domibus-default-jms-plugin/src/main/conf/wildfly/jms-plugin.properties
+++ b/Plugin-JMS/Domibus-default-jms-plugin/src/main/conf/wildfly/jms-plugin.properties
@@ -30,6 +30,7 @@
 #
 #### Properties identifying the business agreement and process, remove # to enable ####
 # jmsplugin.agreementRef=
+# jmsplugin.agreementRefType=
 # jmsplugin.service=
 # jmsplugin.serviceType=
 # jmsplugin.action=
diff --git a/Plugin-JMS/Domibus-default-jms-plugin/src/main/java/eu/domibus/plugin/jms/JMSMessageConstants.java b/Plugin-JMS/Domibus-default-jms-plugin/src/main/java/eu/domibus/plugin/jms/JMSMessageConstants.java
index d373153880..0e624e4d8d 100644
--- a/Plugin-JMS/Domibus-default-jms-plugin/src/main/java/eu/domibus/plugin/jms/JMSMessageConstants.java
+++ b/Plugin-JMS/Domibus-default-jms-plugin/src/main/java/eu/domibus/plugin/jms/JMSMessageConstants.java
@@ -33,6 +33,7 @@ private JMSMessageConstants() {}
     public static final String TO_PARTY_TYPE = "toPartyType";
     public static final String TO_ROLE = "toRole";
     public static final String PROPERTY_ORIGINAL_SENDER = "originalSender";
+    public static final String PROPERTY_ORIGINAL_SENDER_TYPE = "originalSenderType";
     public static final String PROPERTY_FINAL_RECIPIENT = "finalRecipient";
     public static final String PROPERTY_FINAL_RECIPIENT_TYPE = "finalRecipientType";
     public static final String PROPERTY_ENDPOINT = "endPointAddress";
@@ -50,6 +51,7 @@ private JMSMessageConstants() {}
     public static final String PROPERTY_TYPE_PREFIX = "propertyType_";
     private static final String PAYLOAD_NAME_PREFIX = "payload_";
     public static final String PAYLOAD_NAME_FORMAT = PAYLOAD_NAME_PREFIX + "{0}";
+    public static final String PAYLOAD_TYPE_FORMAT = PAYLOAD_NAME_FORMAT + "_Type";
     private static final String PAYLOAD_MIME_TYPE_SUFFIX = "_mimeType";
     public static final String PAYLOAD_MIME_TYPE_FORMAT = PAYLOAD_NAME_FORMAT + PAYLOAD_MIME_TYPE_SUFFIX;
     private static final String PAYLOAD_FILE_NAME_SUFFIX = "_fileName";
diff --git a/Plugin-JMS/Domibus-default-jms-plugin/src/main/java/eu/domibus/plugin/jms/JMSMessageTransformer.java b/Plugin-JMS/Domibus-default-jms-plugin/src/main/java/eu/domibus/plugin/jms/JMSMessageTransformer.java
index 0bb2d2bca5..7fd5e6ebfd 100644
--- a/Plugin-JMS/Domibus-default-jms-plugin/src/main/java/eu/domibus/plugin/jms/JMSMessageTransformer.java
+++ b/Plugin-JMS/Domibus-default-jms-plugin/src/main/java/eu/domibus/plugin/jms/JMSMessageTransformer.java
@@ -87,6 +87,7 @@ public MapMessage transformFromSubmission(final Submission submission, final Map
             for (final Submission.TypedProperty p : submission.getMessageProperties()) {
                 if (p.getKey().equals(PROPERTY_ORIGINAL_SENDER)) {
                     messageOut.setStringProperty(PROPERTY_ORIGINAL_SENDER, p.getValue());
+                    messageOut.setStringProperty(PROPERTY_ORIGINAL_SENDER_TYPE, p.getType());
                     continue;
                 }
                 if (p.getKey().equals(PROPERTY_ENDPOINT)) {
@@ -95,6 +96,7 @@ public MapMessage transformFromSubmission(final Submission submission, final Map
                 }
                 if (p.getKey().equals(PROPERTY_FINAL_RECIPIENT)) {
                     messageOut.setStringProperty(PROPERTY_FINAL_RECIPIENT, p.getValue());
+                    messageOut.setStringProperty(PROPERTY_FINAL_RECIPIENT_TYPE, p.getType());
                     continue;
                 }
                 //only reached if none of the predefined properties are set
@@ -102,8 +104,10 @@ public MapMessage transformFromSubmission(final Submission submission, final Map
                 messageOut.setStringProperty(PROPERTY_TYPE_PREFIX + p.getKey(), p.getType());
             }
             messageOut.setStringProperty(PROTOCOL, "AS4");
-            messageOut.setStringProperty(AGREEMENT_REF, submission.getAgreementRef());
-            messageOut.setStringProperty(AGREEMENT_REF_TYPE, submission.getAgreementRefType());
+            if (StringUtils.isNotBlank(submission.getAgreementRef())) {
+                messageOut.setStringProperty(AGREEMENT_REF, submission.getAgreementRef());
+                messageOut.setStringProperty(AGREEMENT_REF_TYPE, submission.getAgreementRefType());
+            }
             messageOut.setStringProperty(REF_TO_MESSAGE_ID, submission.getRefToMessageId());
 
             // save the first payload (payload_1) for the bodyload (if exists)
@@ -153,11 +157,27 @@ private int transformFromSubmissionHandlePayload(MapMessage messageOut, boolean
         } else {
             final String payContID = MessageFormat.format(PAYLOAD_MIME_CONTENT_ID_FORMAT, counter);
             final String propPayload = MessageFormat.format(PAYLOAD_NAME_FORMAT, counter);
-            final String payMimeTypeProp = MessageFormat.format(PAYLOAD_MIME_TYPE_FORMAT, counter);
-
             setPayloadDetailsInJMSMessage(messageOut, putAttachmentsInQueue, counter, userMessageEntityId, p, propPayload);
-            messageOut.setStringProperty(payMimeTypeProp, findMime(p.getPayloadProperties()));
             messageOut.setStringProperty(payContID, p.getContentId());
+
+            final String payloadNameFormat = MessageFormat.format(PAYLOAD_NAME_FORMAT, counter);
+            final String payloadTypeFormat = MessageFormat.format(PAYLOAD_TYPE_FORMAT, counter);
+            for (final Submission.TypedProperty property : p.getPayloadProperties()) {
+                if (property.getKey().equals(MIME_TYPE)) {
+                    final String payMimeTypeProp = MessageFormat.format(PAYLOAD_MIME_TYPE_FORMAT, counter);
+                    messageOut.setStringProperty(payMimeTypeProp, property.getValue());
+                    continue;
+                }
+                // this is set separately
+                if (property.getKey().equals(PAYLOAD_FILENAME)) {
+                    continue;
+                }
+
+                //only reached if none of the predefined properties are set
+                messageOut.setStringProperty(payloadNameFormat + "_" + property.getKey(), property.getValue());
+                messageOut.setStringProperty(payloadTypeFormat + "_" + property.getKey(), property.getType());
+            }
+
             counter++;
         }
         return counter;
@@ -334,8 +354,9 @@ private void populateMessageProperties(Submission target, MapMessage messageIn)
         }
         //not part of ebMS3, eCODEX legacy property
         String strOriginalSender = messageIn.getStringProperty(PROPERTY_ORIGINAL_SENDER);
+        String strOriginalSenderType = messageIn.getStringProperty(PROPERTY_ORIGINAL_SENDER_TYPE);
         if (isNotBlank(strOriginalSender)) {
-            target.addMessageProperty(PROPERTY_ORIGINAL_SENDER, strOriginalSender);
+            target.addMessageProperty(PROPERTY_ORIGINAL_SENDER, strOriginalSender, strOriginalSenderType);
         }
         String endpoint = messageIn.getStringProperty(PROPERTY_ENDPOINT);
         if (isNotEmpty(endpoint)) {
@@ -420,26 +441,39 @@ private void transformToSubmissionHandlePayload(MapMessage messageIn, Submission
         }
 
         List<String> addedProps = Arrays.asList(MessageFormat.format(PAYLOAD_MIME_TYPE_FORMAT, i), payFileNameProp, payloadNameProperty);
-        final String propPayload = MessageFormat.format(PAYLOAD_NAME_FORMAT, i);
+        final String payloadNameFormat = MessageFormat.format(PAYLOAD_NAME_FORMAT, i);
+        final String payloadTypeFormat = MessageFormat.format(PAYLOAD_TYPE_FORMAT, i);
+        final String payloadMimeContentIdPropName = MessageFormat.format(PAYLOAD_MIME_CONTENT_ID_FORMAT, i);
+
         Enumeration<String> allProps = messageIn.getPropertyNames();
         while (allProps.hasMoreElements()) {
             String key = allProps.nextElement();
-            if (!key.startsWith(propPayload) || propPayload.equals(key) || addedProps.contains(key)) {
+            // if it's not a property of payload i, it's an invalid property or was already added then ignore it
+            if ((!key.startsWith(payloadNameFormat)) || payloadNameFormat.equals(key) || addedProps.contains(key)) {
+                continue;
+            }
+            // if it's the type for a payload property, ignore it. It will be processed together with the property value
+            if (key.startsWith(payloadTypeFormat)) {
                 continue;
             }
-            String propName = key.substring(propPayload.length() + 1);
+            String propName = key.substring(payloadNameFormat.length() + 1);
             if (propName.isEmpty()) {
                 continue;
             }
-            partProperties.add(new Submission.TypedProperty(propName, messageIn.getStringProperty(key)));
+            // ignore mimeContentId because will be sent in href
+            if (key.equals(payloadMimeContentIdPropName)) {
+                continue;
+            }
+
+            String propertyValue = messageIn.getStringProperty(key);
+            String propertyType = messageIn.getStringProperty(payloadTypeFormat + "_" + propName);
+            partProperties.add(new Submission.TypedProperty(propName, propertyValue, propertyType));
         }
 
-        DataHandler payloadDataHandler = getPayloadDataHandler(messageIn, mimeType, propPayload);
+        DataHandler payloadDataHandler = getPayloadDataHandler(messageIn, mimeType, payloadNameFormat);
 
         boolean inBody = (i == 1 && "true".equalsIgnoreCase(bodyloadEnabled));
-
-        final String payContID = MessageFormat.format(PAYLOAD_MIME_CONTENT_ID_FORMAT, i);
-        final String contentId = trim(messageIn.getStringProperty(payContID));
+        final String contentId = trim(messageIn.getStringProperty(payloadMimeContentIdPropName));
         target.addPayload(contentId, payloadDataHandler, partProperties, inBody, null, null);
     }
 
diff --git a/Plugin-JMS/Domibus-default-jms-plugin/src/main/java/eu/domibus/plugin/jms/JMSPluginImpl.java b/Plugin-JMS/Domibus-default-jms-plugin/src/main/java/eu/domibus/plugin/jms/JMSPluginImpl.java
index 8c4a142ac7..28f318c998 100644
--- a/Plugin-JMS/Domibus-default-jms-plugin/src/main/java/eu/domibus/plugin/jms/JMSPluginImpl.java
+++ b/Plugin-JMS/Domibus-default-jms-plugin/src/main/java/eu/domibus/plugin/jms/JMSPluginImpl.java
@@ -13,6 +13,7 @@
 import eu.domibus.logging.DomibusLoggerFactory;
 import eu.domibus.logging.DomibusMessageCode;
 import eu.domibus.logging.MDCKey;
+import eu.domibus.messaging.DuplicateMessageException;
 import eu.domibus.messaging.MessageConstants;
 import eu.domibus.messaging.MessageNotFoundException;
 import eu.domibus.messaging.MessagingProcessingException;
@@ -30,7 +31,7 @@
 import javax.jms.*;
 import java.text.MessageFormat;
 import java.util.List;
-
+import static eu.domibus.logging.DomibusMessageCode.DUPLICATE_MESSAGEID;
 import static eu.domibus.plugin.jms.JMSMessageConstants.*;
 
 /**
@@ -103,10 +104,10 @@ public void receiveMessage(final MapMessage map) {
                 messageID = messageExtService.cleanMessageIdentifier(messageID);
                 LOG.putMDC(DomibusLogger.MDC_MESSAGE_ID, messageID);
             }
+            final String conversationId = map.getStringProperty(CONVERSATION_ID);
             final String jmsCorrelationID = map.getJMSCorrelationID();
             final String messageType = map.getStringProperty(JMSMessageConstants.JMS_BACKEND_MESSAGE_TYPE_PROPERTY_KEY);
-
-            LOG.info("Received message with messageId [{}], jmsCorrelationID [{}]", messageID, jmsCorrelationID);
+            LOG.businessInfo(DomibusMessageCode.BUS_MSG_RECEIVED_FROM_JMS_IN_QUEUE, messageID, conversationId, jmsCorrelationID);
 
             QueueContext queueContext = jmsMessageTransformer.getQueueContext(messageID, map);
             LOG.debug("Extracted queue context [{}]", queueContext);
@@ -123,10 +124,14 @@ public void receiveMessage(final MapMessage map) {
                 //in case the messageID is not sent by the user it will be generated
                 messageID = submit(map);
             } catch (final MessagingProcessingException e) {
+                if (e instanceof DuplicateMessageException){
+                    LOG.businessError(DUPLICATE_MESSAGEID, messageID);
+                }
                 LOG.error("Exception occurred receiving message [{}}], jmsCorrelationID [{}}]", messageID, jmsCorrelationID, e);
                 errorMessage = e.getMessage() + ": Error Code: " + (e.getEbms3ErrorCode() != null ? e.getEbms3ErrorCode().getErrorCodeName() : " not set");
             }
 
+            queueContext.setMessageId(messageID);
             sendReplyMessage(queueContext, errorMessage, jmsCorrelationID);
 
             LOG.info("Submitted message with messageId [{}], jmsCorrelationID [{}}]", messageID, jmsCorrelationID);
@@ -154,7 +159,10 @@ protected void sendReplyMessage(QueueContext queueContext, final String errorMes
     public void deliverMessage(final DeliverMessageEvent event) {
         checkEnabled();
 
-        String messageId = event.getMessageId();
+        final String messageId = event.getMessageId();
+        final String messageEntityId = event.getMessageEntityId().toString();
+        final String conversationId = event.getProps().get(MessageConstants.CONVERSATION_ID);
+        LOG.businessInfo(DomibusMessageCode.BUS_MSG_DELIVERED_TO_JMS_OUT_QUEUE, messageId, messageEntityId, conversationId);
         LOG.debug("Delivering message [{}] for final recipient [{}]", messageId, event.getProps().get(MessageConstants.FINAL_RECIPIENT));
 
         QueueContext queueContext = createQueueContext(event);
diff --git a/Plugin-JMS/Domibus-default-jms-plugin/src/test/java/eu/domibus/plugin/jms/JMSMessageTransformerTest.java b/Plugin-JMS/Domibus-default-jms-plugin/src/test/java/eu/domibus/plugin/jms/JMSMessageTransformerTest.java
index 2f22b481a0..d078e476e8 100644
--- a/Plugin-JMS/Domibus-default-jms-plugin/src/test/java/eu/domibus/plugin/jms/JMSMessageTransformerTest.java
+++ b/Plugin-JMS/Domibus-default-jms-plugin/src/test/java/eu/domibus/plugin/jms/JMSMessageTransformerTest.java
@@ -21,16 +21,12 @@
 import javax.ws.rs.core.MediaType;
 import java.io.File;
 import java.text.MessageFormat;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.List;
-import java.util.Set;
+import java.util.*;
 
 import static eu.domibus.plugin.jms.JMSMessageConstants.*;
 import static java.util.stream.Collectors.toList;
 import static org.apache.commons.lang3.StringUtils.equalsAnyIgnoreCase;
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.*;
 
 /**
  * Created by Arun Raj on 18/10/2016.
@@ -47,25 +43,31 @@ public class JMSMessageTransformerTest {
     private static final String PAYLOAD_ID = "cid:message";
     private static final String UNREGISTERED_PARTY_TYPE = "urn:oasis:names:tc:ebcore:partyid-type:unregistered";
     private static final String ORIGINAL_SENDER = "urn:oasis:names:tc:ebcore:partyid-type:unregistered:C1";
+    private static final String ORIGINAL_SENDER_TYPE = "urn:cef.eu:names:identifier:EAS:0007";
     private static final String FINAL_RECIPIENT = "urn:oasis:names:tc:ebcore:partyid-type:unregistered:C4";
-    private static final String FINAL_RECIPIENT_TYPE = "iso6523-actorid-upis";
+    private static final String FINAL_RECIPIENT_TYPE = "urn:cef.eu:names:identifier:EAS:0201";
     private static final String ACTION_TC1LEG1 = "TC1Leg1";
     private static final String PROTOCOL_AS4 = "AS4";
     private static final String SERVICE_NOPROCESS = "bdx:noprocess";
     private static final String SERVICE_TYPE_TC1 = "tc1";
     private static final String PAYLOAD_FILENAME = "FileName";
-    private static final String PAYLOAD_1_FILENAME = "payload_1_fileName";
     private static final String TEST_PROPERTY = "testProperty";
-    private static final String PAYLOAD_1_TEST_PROPERTY = "payload_1" + "_" + TEST_PROPERTY;
-    private static final String PAYLOAD_1_EMPTY_PROPERTY = "payload_1_";
+    private static final String TEST_PROPERTY1 = "testProperty1";
+
+    private static final String PAYLOAD_1_PROPERTY_VALUE = "payload_1_";
+    private static final String PAYLOAD_1_PROPERTY_TYPE = "payload_1_Type_";
+    private static final String PAYLOAD_1_EMPTY_PROPERTY = PAYLOAD_1_PROPERTY_VALUE;
+    private static final String PAYLOAD_1_MIME_CONTENT_ID = MessageFormat.format(PAYLOAD_MIME_CONTENT_ID_FORMAT, 1);
+    private static final String PAYLOAD_2_PROPERTY_VALUE = "payload_2_";
+    private static final String PAYLOAD_2_PROPERTY_TYPE = "payload_2_Type_";
 
-    private static final String PAYLOAD_2_FILENAME = "payload_2_fileName";
     private static final String FILENAME_TEST = "09878378732323.payload";
     private static final String CUSTOM_AGREEMENT_REF = "customAgreement";
     public static final String PROPERTY_TEST = "test";
     public static final String PROPERTY_PREFIX = "property_";
     public static final String PAY_LOAD = "PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPGhlbGxvPndvcmxkPC9oZWxsbz4=";
     public static final String TEST_VALUE = "testValue";
+    public static final String TEST_TYPE = "testType";
 
     @Injectable
     protected DomibusPropertyExtService domibusPropertyExtService;
@@ -98,7 +100,7 @@ public void transformFromSubmission_HappyFlow() throws Exception {
         submissionObj.setFromRole(INITIATOR_ROLE);
         submissionObj.addToParty(DOMIBUS_RED, UNREGISTERED_PARTY_TYPE);
         submissionObj.setToRole(RESPONDER_ROLE);
-        submissionObj.addMessageProperty(PROPERTY_ORIGINAL_SENDER, ORIGINAL_SENDER);
+        submissionObj.addMessageProperty(PROPERTY_ORIGINAL_SENDER, ORIGINAL_SENDER, ORIGINAL_SENDER_TYPE);
         submissionObj.addMessageProperty(PROPERTY_ENDPOINT, "http://localhost:8080/domibus/domibus-blue");
         submissionObj.addMessageProperty(PROPERTY_FINAL_RECIPIENT, FINAL_RECIPIENT, FINAL_RECIPIENT_TYPE);
         submissionObj.addMessageProperty(PROPERTY_TEST, "test property");
@@ -109,12 +111,15 @@ public void transformFromSubmission_HappyFlow() throws Exception {
 
         DataHandler payLoadDataHandler2 = new DataHandler(new ByteArrayDataSource(PAY_LOAD.getBytes(), DEFAULT_MT));
 
-
-        Submission.TypedProperty objTypedProperty1 = new Submission.TypedProperty(MIME_TYPE, DEFAULT_MT);
+        Submission.TypedProperty objTypedProperty1 = new Submission.TypedProperty(MIME_TYPE, DEFAULT_MT, "string");
         Submission.TypedProperty objTypedProperty2 = new Submission.TypedProperty(PAYLOAD_FILENAME, FILENAME_TEST);
+        Submission.TypedProperty testCustomProperty = new Submission.TypedProperty(TEST_PROPERTY, TEST_VALUE, TEST_TYPE);
+        Submission.TypedProperty testCustomProperty1 = new Submission.TypedProperty(TEST_PROPERTY1, TEST_VALUE);
         Collection<Submission.TypedProperty> listTypedProperty = new ArrayList<>();
         listTypedProperty.add(objTypedProperty1);
         listTypedProperty.add(objTypedProperty2);
+        listTypedProperty.add(testCustomProperty);
+        listTypedProperty.add(testCustomProperty1);
         Submission.Payload objPayload1 = new Submission.Payload(PAYLOAD_ID, payLoadDataHandler1, listTypedProperty, false, null, null);
 
         submissionObj.addPayload(objPayload1);
@@ -146,16 +151,22 @@ public void transformFromSubmission_HappyFlow() throws Exception {
         assertEquals(UNREGISTERED_PARTY_TYPE, messageMap.getStringProperty(TO_PARTY_TYPE));
         assertEquals(RESPONDER_ROLE, messageMap.getStringProperty(TO_ROLE));
         assertEquals(ORIGINAL_SENDER, messageMap.getStringProperty(PROPERTY_ORIGINAL_SENDER));
+        assertEquals(ORIGINAL_SENDER_TYPE, messageMap.getStringProperty(PROPERTY_ORIGINAL_SENDER_TYPE));
         assertEquals(FINAL_RECIPIENT, messageMap.getStringProperty(PROPERTY_FINAL_RECIPIENT));
+        assertEquals(FINAL_RECIPIENT_TYPE, messageMap.getStringProperty(PROPERTY_FINAL_RECIPIENT_TYPE));
         assertEquals("test property", messageMap.getStringProperty(PROPERTY_PREFIX + PROPERTY_TEST));
         assertEquals("12345", messageMap.getStringProperty(AGREEMENT_REF));
         assertEquals("123456", messageMap.getStringProperty(REF_TO_MESSAGE_ID));
         messageMap.setStringProperty(JMSMessageConstants.AGREEMENT_REF, "customAgreement");
         assertEquals("true", messageMap.getStringProperty(P1_IN_BODY));
 
+        assertEquals(DEFAULT_MT, messageMap.getStringProperty(PAYLOAD_2_PROPERTY_VALUE + "mimeType"));
         File file = new File(FILENAME_TEST);
-        assertEquals(file.getName(), messageMap.getStringProperty(PAYLOAD_2_FILENAME));
-
+        assertEquals(file.getName(), messageMap.getStringProperty(PAYLOAD_2_PROPERTY_VALUE + "fileName"));
+        assertEquals(TEST_VALUE, messageMap.getStringProperty(PAYLOAD_2_PROPERTY_VALUE + TEST_PROPERTY));
+        assertEquals(TEST_TYPE, messageMap.getStringProperty(PAYLOAD_2_PROPERTY_TYPE + TEST_PROPERTY));
+        assertEquals(TEST_VALUE, messageMap.getStringProperty(PAYLOAD_2_PROPERTY_VALUE + TEST_PROPERTY1));
+        assertNull(messageMap.getStringProperty(PAYLOAD_2_PROPERTY_TYPE + TEST_PROPERTY1));
     }
 
     /*
@@ -177,13 +188,16 @@ public void transformToSubmission_HappyFlow() throws Exception {
         messageMap.setStringProperty(FROM_ROLE, INITIATOR_ROLE);
         messageMap.setStringProperty(TO_ROLE, RESPONDER_ROLE);
         messageMap.setStringProperty(PROPERTY_ORIGINAL_SENDER, ORIGINAL_SENDER);
+        messageMap.setStringProperty(PROPERTY_ORIGINAL_SENDER_TYPE, ORIGINAL_SENDER_TYPE);
         messageMap.setStringProperty(PROPERTY_FINAL_RECIPIENT, FINAL_RECIPIENT);
         messageMap.setStringProperty(PROPERTY_FINAL_RECIPIENT_TYPE, FINAL_RECIPIENT_TYPE);
         messageMap.setStringProperty(PROTOCOL, PROTOCOL_AS4);
         messageMap.setStringProperty(AGREEMENT_REF, "customAgreement");
         messageMap.setStringProperty(AGREEMENT_REF_TYPE, "ref_type");
-        messageMap.setStringProperty(PAYLOAD_1_FILENAME, FILENAME_TEST);
-        messageMap.setStringProperty(PAYLOAD_1_TEST_PROPERTY, TEST_VALUE);
+        messageMap.setStringProperty(PAYLOAD_1_PROPERTY_VALUE + "fileName", FILENAME_TEST);
+        messageMap.setStringProperty(PAYLOAD_1_PROPERTY_VALUE + TEST_PROPERTY, TEST_VALUE);
+        messageMap.setStringProperty(PAYLOAD_1_PROPERTY_TYPE + TEST_PROPERTY, TEST_TYPE);
+        messageMap.setStringProperty(PAYLOAD_1_PROPERTY_VALUE + TEST_PROPERTY1, TEST_VALUE);
         messageMap.setStringProperty(PAYLOAD_1_EMPTY_PROPERTY, "blabla");
 
         messageMap.setStringProperty(PROPERTY_PREFIX + PROPERTY_TEST, "test property");
@@ -192,7 +206,7 @@ public void transformToSubmission_HappyFlow() throws Exception {
         messageMap.setJMSCorrelationID("12345");
 
         messageMap.setStringProperty(JMSMessageConstants.TOTAL_NUMBER_OF_PAYLOADS, "2");
-        messageMap.setStringProperty(MessageFormat.format(PAYLOAD_MIME_CONTENT_ID_FORMAT, 1), PAYLOAD_ID);
+        messageMap.setStringProperty(PAYLOAD_1_MIME_CONTENT_ID, PAYLOAD_ID);
         messageMap.setStringProperty(MessageFormat.format(PAYLOAD_MIME_TYPE_FORMAT, 1), DEFAULT_MT);
         messageMap.setStringProperty(MessageFormat.format(PAYLOAD_FILE_NAME_FORMAT, 1), "filename");
         messageMap.setStringProperty(MessageFormat.format(JMS_PAYLOAD_NAME_FORMAT, 1), JMS_PAYLOAD_NAME_FORMAT + "name");
@@ -227,6 +241,7 @@ public void transformToSubmission_HappyFlow() throws Exception {
 
 
         assertEquals(ORIGINAL_SENDER, getMandatoryProperty(messageProperties, PROPERTY_ORIGINAL_SENDER).getValue());
+        assertEquals(ORIGINAL_SENDER_TYPE, getMandatoryProperty(messageProperties, PROPERTY_ORIGINAL_SENDER).getType());
         assertEquals(FINAL_RECIPIENT, getMandatoryProperty(messageProperties, PROPERTY_FINAL_RECIPIENT).getValue());
         assertEquals(FINAL_RECIPIENT_TYPE, getMandatoryProperty(messageProperties, PROPERTY_FINAL_RECIPIENT).getType());
         assertEquals("test property", getMandatoryProperty(messageProperties, PROPERTY_TEST).getValue());
@@ -241,10 +256,19 @@ public void transformToSubmission_HappyFlow() throws Exception {
 
         assertEquals(6, typedProperties.size());
 
-        assertTrue(typedProperties.stream().anyMatch(el -> el.getKey().equals(TEST_PROPERTY)));
-        assertTrue(typedProperties.stream().anyMatch(el -> el.getValue().equals(TEST_VALUE)));
+        Submission.TypedProperty testProperty = typedProperties.stream().filter(el -> el.getKey().equals(TEST_PROPERTY)).findFirst().orElse(null);
+        assertNotNull(testProperty);
+        assertEquals(TEST_VALUE, testProperty.getValue());
+        assertEquals(TEST_TYPE, testProperty.getType());
+
+        Submission.TypedProperty testProperty1 = typedProperties.stream().filter(el -> el.getKey().equals(TEST_PROPERTY1)).findFirst().orElse(null);
+        assertNotNull(testProperty1);
+        assertEquals(TEST_VALUE, testProperty1.getValue());
+        assertNull(testProperty1.getType());
+
+        assertFalse(typedProperties.stream().anyMatch(el -> el.getKey().equals(PAYLOAD_1_EMPTY_PROPERTY)));
 
-        assertTrue(!typedProperties.stream().anyMatch(el -> el.getKey().equals(PAYLOAD_1_EMPTY_PROPERTY)));
+        assertFalse(typedProperties.stream().anyMatch(el -> el.getKey().equals(PAYLOAD_1_MIME_CONTENT_ID)));
 
         assertEquals(DEFAULT_MT, getMandatoryProperties(typedProperties, MIME_TYPE).get(0).getValue());
         assertEquals(MediaType.APPLICATION_OCTET_STREAM, getMandatoryProperties(typedProperties, MIME_TYPE).get(1).getValue());
@@ -302,7 +326,7 @@ public void transformToSubmission_TrimWhiteSpaces() throws Exception {
         messageMap.setJMSCorrelationID("12345");
 
         messageMap.setStringProperty(JMSMessageConstants.TOTAL_NUMBER_OF_PAYLOADS, "1");
-        messageMap.setStringProperty(MessageFormat.format(PAYLOAD_MIME_CONTENT_ID_FORMAT, 1), "\t" + PAYLOAD_ID + "   ");
+        messageMap.setStringProperty(PAYLOAD_1_MIME_CONTENT_ID, "\t" + PAYLOAD_ID + "   ");
         messageMap.setStringProperty(MessageFormat.format(PAYLOAD_MIME_TYPE_FORMAT, 1), "   " + DEFAULT_MT + "\t\t");
         messageMap.setBytes(MessageFormat.format(PAYLOAD_NAME_FORMAT, 1), PAY_LOAD.getBytes());
 
@@ -363,6 +387,7 @@ public void transformToSubmission_FallbackToDefaults() throws Exception {
         MapMessage messageMap = new ActiveMQMapMessage();
         messageMap.setStringProperty(JMSMessageConstants.JMS_BACKEND_MESSAGE_TYPE_PROPERTY_KEY, "submitMessage");
         messageMap.setStringProperty(JMSMessageConstants.PROPERTY_ORIGINAL_SENDER, ORIGINAL_SENDER);
+        messageMap.setStringProperty(JMSMessageConstants.PROPERTY_ORIGINAL_SENDER_TYPE, ORIGINAL_SENDER_TYPE);
         messageMap.setStringProperty(JMSMessageConstants.PROPERTY_FINAL_RECIPIENT, FINAL_RECIPIENT);
         messageMap.setStringProperty(JMSMessageConstants.PROPERTY_FINAL_RECIPIENT_TYPE, FINAL_RECIPIENT_TYPE);
         messageMap.setStringProperty(JMSMessageConstants.PROTOCOL, PROTOCOL_AS4);
@@ -371,7 +396,7 @@ public void transformToSubmission_FallbackToDefaults() throws Exception {
         messageMap.setJMSCorrelationID("12345");
 
         messageMap.setStringProperty(JMSMessageConstants.TOTAL_NUMBER_OF_PAYLOADS, "1");
-        messageMap.setStringProperty(MessageFormat.format(PAYLOAD_MIME_CONTENT_ID_FORMAT, 1), "Content_id");
+        messageMap.setStringProperty(PAYLOAD_1_MIME_CONTENT_ID, "Content_id");
         messageMap.setStringProperty(MessageFormat.format(PAYLOAD_MIME_TYPE_FORMAT, 1), "type_format");
         messageMap.setBytes(MessageFormat.format(PAYLOAD_NAME_FORMAT, 1), PAY_LOAD.getBytes());
 
diff --git a/Plugin-JMS/Domibus-default-jms-plugin/src/test/resources/config/test-jms-plugin-default.properties b/Plugin-JMS/Domibus-default-jms-plugin/src/test/resources/config/test-jms-plugin-default.properties
index ecae8539ee..c9b347e888 100644
--- a/Plugin-JMS/Domibus-default-jms-plugin/src/test/resources/config/test-jms-plugin-default.properties
+++ b/Plugin-JMS/Domibus-default-jms-plugin/src/test/resources/config/test-jms-plugin-default.properties
@@ -30,6 +30,7 @@
 #
 #### Properties identifying the business agreement and process, remove # to enable ####
 # jmsplugin.agreementRef=
+# jmsplugin.agreementRefType=
 # jmsplugin.service=
 # jmsplugin.serviceType=
 # jmsplugin.action=
diff --git a/Plugin-JMS/pom.xml b/Plugin-JMS/pom.xml
index 3ffe23419c..7aba56467c 100644
--- a/Plugin-JMS/pom.xml
+++ b/Plugin-JMS/pom.xml
@@ -8,7 +8,7 @@
     <parent>
         <groupId>org.niis</groupId>
         <artifactId>harmony</artifactId>
-        <version>2.4.0</version>
+        <version>2.5.0</version>
     </parent>
 
     <artifactId>plugin-jms</artifactId>
diff --git a/Plugin-WS/Domibus-default-ws-plugin-backend-ws-stubs/pom.xml b/Plugin-WS/Domibus-default-ws-plugin-backend-ws-stubs/pom.xml
index bc489bd415..9a5b9fce04 100644
--- a/Plugin-WS/Domibus-default-ws-plugin-backend-ws-stubs/pom.xml
+++ b/Plugin-WS/Domibus-default-ws-plugin-backend-ws-stubs/pom.xml
@@ -10,7 +10,7 @@
     <parent>
         <groupId>org.niis</groupId>
         <artifactId>plugin-ws</artifactId>
-        <version>2.4.0</version>
+        <version>2.5.0</version>
     </parent>
 
     <artifactId>harmony-default-ws-plugin-backend-ws-stubs</artifactId>
diff --git a/Plugin-WS/Domibus-default-ws-plugin-backend-ws-test/pom.xml b/Plugin-WS/Domibus-default-ws-plugin-backend-ws-test/pom.xml
index 5b25404293..d99970a42d 100644
--- a/Plugin-WS/Domibus-default-ws-plugin-backend-ws-test/pom.xml
+++ b/Plugin-WS/Domibus-default-ws-plugin-backend-ws-test/pom.xml
@@ -7,7 +7,7 @@
     <parent>
         <groupId>org.niis</groupId>
         <artifactId>plugin-ws</artifactId>
-        <version>2.4.0</version>
+        <version>2.5.0</version>
     </parent>
 
     <artifactId>harmony-default-ws-plugin-backend-ws-test</artifactId>
diff --git a/Plugin-WS/Domibus-default-ws-plugin-client/pom.xml b/Plugin-WS/Domibus-default-ws-plugin-client/pom.xml
index 3275f30c2f..0c97f85045 100644
--- a/Plugin-WS/Domibus-default-ws-plugin-client/pom.xml
+++ b/Plugin-WS/Domibus-default-ws-plugin-client/pom.xml
@@ -7,7 +7,7 @@
     <parent>
         <artifactId>plugin-ws</artifactId>
         <groupId>org.niis</groupId>
-        <version>2.4.0</version>
+        <version>2.5.0</version>
     </parent>
 
     <artifactId>Domibus-default-ws-plugin-client</artifactId>
@@ -49,6 +49,7 @@
             <version>${project.version}</version>
             <scope>compile</scope>
         </dependency>
+
         <dependency>
             <groupId>junit</groupId>
             <artifactId>junit</artifactId>
@@ -65,6 +66,7 @@
             <groupId>com.sun.activation</groupId>
             <artifactId>jakarta.activation</artifactId>
         </dependency>
+<!--        TEST-->
         <dependency>
             <groupId>com.sun.xml.ws</groupId>
             <artifactId>jaxws-rt</artifactId>
diff --git a/Plugin-WS/Domibus-default-ws-plugin-stub-utils/pom.xml b/Plugin-WS/Domibus-default-ws-plugin-stub-utils/pom.xml
index 49e8566261..b2d19988e9 100644
--- a/Plugin-WS/Domibus-default-ws-plugin-stub-utils/pom.xml
+++ b/Plugin-WS/Domibus-default-ws-plugin-stub-utils/pom.xml
@@ -7,7 +7,7 @@
     <parent>
         <groupId>org.niis</groupId>
         <artifactId>plugin-ws</artifactId>
-        <version>2.4.0</version>
+        <version>2.5.0</version>
     </parent>
 
     <artifactId>harmony-default-ws-plugin-stub-utils</artifactId>
diff --git a/Plugin-WS/Domibus-default-ws-plugin-stubs/pom.xml b/Plugin-WS/Domibus-default-ws-plugin-stubs/pom.xml
index d2f0fb6888..f2e02330d2 100644
--- a/Plugin-WS/Domibus-default-ws-plugin-stubs/pom.xml
+++ b/Plugin-WS/Domibus-default-ws-plugin-stubs/pom.xml
@@ -7,11 +7,11 @@
   <parent>
     <groupId>org.niis</groupId>
     <artifactId>plugin-ws</artifactId>
-    <version>2.4.0</version>
+    <version>2.5.0</version>
   </parent>
 
   <artifactId>harmony-default-ws-plugin-stubs</artifactId>
-  <version>2.4.0</version>
+  <version>2.5.0</version>
 
   <name>Harmony MSH Default WS Plugin Stubs V2</name>
 
diff --git a/Plugin-WS/Domibus-default-ws-plugin-stubs/src/main/resources/schemas/webservicePlugin-header.xsd b/Plugin-WS/Domibus-default-ws-plugin-stubs/src/main/resources/schemas/webservicePlugin-header.xsd
index 51bba86f3b..59b1d55126 100644
--- a/Plugin-WS/Domibus-default-ws-plugin-stubs/src/main/resources/schemas/webservicePlugin-header.xsd
+++ b/Plugin-WS/Domibus-default-ws-plugin-stubs/src/main/resources/schemas/webservicePlugin-header.xsd
@@ -24,13 +24,6 @@
         <xsd:sequence>
             <xsd:element name="UserMessage" type="UserMessage" minOccurs="0"/>
         </xsd:sequence>
-        <xsd:attribute name="mustUnderstand" type="xsd:boolean" use="optional">
-            <xsd:annotation>
-                <xsd:documentation>
-                    Deprecated. Will be removed in Domibus 6.0.
-                </xsd:documentation>
-            </xsd:annotation>
-        </xsd:attribute>
     </xsd:complexType>
 
     <xsd:simpleType name="ProcessingType">
diff --git a/Plugin-WS/Domibus-default-ws-plugin/pom.xml b/Plugin-WS/Domibus-default-ws-plugin/pom.xml
index 1ae3ac7561..7872c8ac96 100644
--- a/Plugin-WS/Domibus-default-ws-plugin/pom.xml
+++ b/Plugin-WS/Domibus-default-ws-plugin/pom.xml
@@ -8,7 +8,7 @@
     <parent>
         <groupId>org.niis</groupId>
         <artifactId>plugin-ws</artifactId>
-        <version>2.4.0</version>
+        <version>2.5.0</version>
     </parent>
     <artifactId>harmony-default-ws-plugin</artifactId>
     <packaging>jar</packaging>
diff --git a/Plugin-WS/Domibus-default-ws-plugin/src/main/conf/tomcat/ws-plugin.properties b/Plugin-WS/Domibus-default-ws-plugin/src/main/conf/tomcat/ws-plugin.properties
index 6e7a757aa1..6b9920d130 100644
--- a/Plugin-WS/Domibus-default-ws-plugin/src/main/conf/tomcat/ws-plugin.properties
+++ b/Plugin-WS/Domibus-default-ws-plugin/src/main/conf/tomcat/ws-plugin.properties
@@ -9,7 +9,7 @@
 #wsplugin.messages.pending.list.max=500
 
 #The notifications sent by Domibus to the plugin. The following values are possible: MESSAGE_RECEIVED,MESSAGE_FRAGMENT_RECEIVED,MESSAGE_SEND_FAILURE,MESSAGE_FRAGMENT_SEND_FAILURE,MESSAGE_RECEIVED_FAILURE,MESSAGE_FRAGMENT_RECEIVED_FAILURE,MESSAGE_SEND_SUCCESS,MESSAGE_FRAGMENT_SEND_SUCCESS,MESSAGE_STATUS_CHANGE,MESSAGE_FRAGMENT_STATUS_CHANGE,MESSAGE_DELETE_BATCH,MESSAGE_DELETED
-#wsplugin.messages.notifications=MESSAGE_RECEIVED,MESSAGE_SEND_FAILURE,MESSAGE_RECEIVED_FAILURE,MESSAGE_SEND_SUCCESS,MESSAGE_STATUS_CHANGE
+#wsplugin.messages.notifications=MESSAGE_RECEIVED,MESSAGE_SEND_FAILURE,MESSAGE_RECEIVED_FAILURE,MESSAGE_SEND_SUCCESS,MESSAGE_STATUS_CHANGE,MESSAGE_DELETE_BATCH,MESSAGE_DELETED
 
 #Timeout values for communication between the ws plugin and the backend service
 #ConnectionTimeOut - Specifies the amount of time, in milliseconds, that the consumer will attempt to establish a connection before it times out. 0 is infinite.
diff --git a/Plugin-WS/Domibus-default-ws-plugin/src/main/conf/weblogic/ws-plugin.properties b/Plugin-WS/Domibus-default-ws-plugin/src/main/conf/weblogic/ws-plugin.properties
index 36b6207339..e44bf1ab06 100644
--- a/Plugin-WS/Domibus-default-ws-plugin/src/main/conf/weblogic/ws-plugin.properties
+++ b/Plugin-WS/Domibus-default-ws-plugin/src/main/conf/weblogic/ws-plugin.properties
@@ -9,7 +9,7 @@
 #wsplugin.messages.pending.list.max=500
 
 #The notifications sent by Domibus to the plugin. The following values are possible: MESSAGE_RECEIVED,MESSAGE_FRAGMENT_RECEIVED,MESSAGE_SEND_FAILURE,MESSAGE_FRAGMENT_SEND_FAILURE,MESSAGE_RECEIVED_FAILURE,MESSAGE_FRAGMENT_RECEIVED_FAILURE,MESSAGE_SEND_SUCCESS,MESSAGE_FRAGMENT_SEND_SUCCESS,MESSAGE_STATUS_CHANGE,MESSAGE_FRAGMENT_STATUS_CHANGE,MESSAGE_DELETE_BATCH,MESSAGE_DELETED
-#wsplugin.messages.notifications=MESSAGE_RECEIVED,MESSAGE_SEND_FAILURE,MESSAGE_RECEIVED_FAILURE,MESSAGE_SEND_SUCCESS,MESSAGE_STATUS_CHANGE
+#wsplugin.messages.notifications=MESSAGE_RECEIVED,MESSAGE_SEND_FAILURE,MESSAGE_RECEIVED_FAILURE,MESSAGE_SEND_SUCCESS,MESSAGE_STATUS_CHANGE,MESSAGE_DELETE_BATCH,MESSAGE_DELETED
 
 #Timeout values for communication between the ws plugin and the backend service
 #ConnectionTimeOut - Specifies the amount of time, in milliseconds, that the consumer will attempt to establish a connection before it times out. 0 is infinite.
diff --git a/Plugin-WS/Domibus-default-ws-plugin/src/main/conf/wildfly/ws-plugin.properties b/Plugin-WS/Domibus-default-ws-plugin/src/main/conf/wildfly/ws-plugin.properties
index 36b6207339..e44bf1ab06 100644
--- a/Plugin-WS/Domibus-default-ws-plugin/src/main/conf/wildfly/ws-plugin.properties
+++ b/Plugin-WS/Domibus-default-ws-plugin/src/main/conf/wildfly/ws-plugin.properties
@@ -9,7 +9,7 @@
 #wsplugin.messages.pending.list.max=500
 
 #The notifications sent by Domibus to the plugin. The following values are possible: MESSAGE_RECEIVED,MESSAGE_FRAGMENT_RECEIVED,MESSAGE_SEND_FAILURE,MESSAGE_FRAGMENT_SEND_FAILURE,MESSAGE_RECEIVED_FAILURE,MESSAGE_FRAGMENT_RECEIVED_FAILURE,MESSAGE_SEND_SUCCESS,MESSAGE_FRAGMENT_SEND_SUCCESS,MESSAGE_STATUS_CHANGE,MESSAGE_FRAGMENT_STATUS_CHANGE,MESSAGE_DELETE_BATCH,MESSAGE_DELETED
-#wsplugin.messages.notifications=MESSAGE_RECEIVED,MESSAGE_SEND_FAILURE,MESSAGE_RECEIVED_FAILURE,MESSAGE_SEND_SUCCESS,MESSAGE_STATUS_CHANGE
+#wsplugin.messages.notifications=MESSAGE_RECEIVED,MESSAGE_SEND_FAILURE,MESSAGE_RECEIVED_FAILURE,MESSAGE_SEND_SUCCESS,MESSAGE_STATUS_CHANGE,MESSAGE_DELETE_BATCH,MESSAGE_DELETED
 
 #Timeout values for communication between the ws plugin and the backend service
 #ConnectionTimeOut - Specifies the amount of time, in milliseconds, that the consumer will attempt to establish a connection before it times out. 0 is infinite.
diff --git a/Plugin-WS/Domibus-default-ws-plugin/src/main/java/eu/domibus/plugin/ws/connector/WSPluginImpl.java b/Plugin-WS/Domibus-default-ws-plugin/src/main/java/eu/domibus/plugin/ws/connector/WSPluginImpl.java
index 5f8f6c1cd8..758fe12b87 100644
--- a/Plugin-WS/Domibus-default-ws-plugin/src/main/java/eu/domibus/plugin/ws/connector/WSPluginImpl.java
+++ b/Plugin-WS/Domibus-default-ws-plugin/src/main/java/eu/domibus/plugin/ws/connector/WSPluginImpl.java
@@ -127,7 +127,7 @@ public String submitFromOldPlugin(final eu.domibus.plugin.ws.generated.header.co
             final Submission messageData = getMessageSubmissionTransformer().transformToSubmission(message);
             messageData.setProcessingType(null);
             final String messageId = this.messageSubmitter.submit(messageData, this.getName());
-            LOG.businessInfo(DomibusMessageCode.BUS_MESSAGE_SUBMITTED);
+            LOG.businessInfo(DomibusMessageCode.BUS_MESSAGE_SUBMITTED, messageData.getFirstFromPartyId(), messageData.getFirstToPartyId());
             return messageId;
         } catch (IllegalArgumentException iaEx) {
             LOG.businessError(DomibusMessageCode.BUS_MESSAGE_SUBMIT_FAILED, iaEx);
diff --git a/Plugin-WS/Domibus-default-ws-plugin/src/main/java/eu/domibus/plugin/ws/property/WSPluginPropertyManager.java b/Plugin-WS/Domibus-default-ws-plugin/src/main/java/eu/domibus/plugin/ws/property/WSPluginPropertyManager.java
index bfa3984bc6..0623badd77 100644
--- a/Plugin-WS/Domibus-default-ws-plugin/src/main/java/eu/domibus/plugin/ws/property/WSPluginPropertyManager.java
+++ b/Plugin-WS/Domibus-default-ws-plugin/src/main/java/eu/domibus/plugin/ws/property/WSPluginPropertyManager.java
@@ -82,7 +82,7 @@ public WSPluginPropertyManager() {
                 new DomibusPropertyMetadataDTO(DISPATCHER_SEND_QUEUE_NAME, Type.STRING, Module.WS_PLUGIN, Usage.GLOBAL),
                 new DomibusPropertyMetadataDTO(DISPATCHER_SEND_QUEUE_CONCURRENCY, Type.CONCURRENCY, Module.WS_PLUGIN, Usage.DOMAIN, true),
                 new DomibusPropertyMetadataDTO(DISPATCHER_PUSH_AUTH_USERNAME, Type.STRING, Module.WS_PLUGIN, Usage.DOMAIN),
-                new DomibusPropertyMetadataDTO(DISPATCHER_PUSH_AUTH_PASSWORD, Type.STRING, Module.WS_PLUGIN, Usage.DOMAIN),
+                new DomibusPropertyMetadataDTO(DISPATCHER_PUSH_AUTH_PASSWORD, Type.PASSWORD, Module.WS_PLUGIN, Usage.DOMAIN),
                 new DomibusPropertyMetadataDTO(PUSH_MARK_AS_DOWNLOADED, Type.BOOLEAN, Module.WS_PLUGIN, Usage.DOMAIN, true)
         );
         knownProperties = allProperties.stream().collect(toMap(DomibusPropertyMetadataDTO::getName, identity()));
diff --git a/Plugin-WS/Domibus-default-ws-plugin/src/main/java/eu/domibus/plugin/ws/webservice/StubDtoTransformer.java b/Plugin-WS/Domibus-default-ws-plugin/src/main/java/eu/domibus/plugin/ws/webservice/StubDtoTransformer.java
index 47c5b2ac69..da199503e6 100644
--- a/Plugin-WS/Domibus-default-ws-plugin/src/main/java/eu/domibus/plugin/ws/webservice/StubDtoTransformer.java
+++ b/Plugin-WS/Domibus-default-ws-plugin/src/main/java/eu/domibus/plugin/ws/webservice/StubDtoTransformer.java
@@ -12,7 +12,6 @@
 import eu.domibus.plugin.ws.exception.WSPluginException;
 import eu.domibus.plugin.ws.generated.header.common.model.org.oasis_open.docs.ebxml_msg.ebms.v3_0.ns.core._200704.*;
 import org.apache.commons.lang3.StringUtils;
-import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
 import java.time.LocalDateTime;
@@ -77,10 +76,12 @@ private void generateCollaborationInfo(final Submission submission, final UserMe
         final CollaborationInfo collaborationInfo = new CollaborationInfo();
         collaborationInfo.setConversationId(submission.getConversationId());
         collaborationInfo.setAction(submission.getAction());
-        final AgreementRef agreementRef = new AgreementRef();
-        agreementRef.setValue(submission.getAgreementRef());
-        agreementRef.setType(submission.getAgreementRefType());
-        collaborationInfo.setAgreementRef(agreementRef);
+        if (StringUtils.isNotBlank(submission.getAgreementRef())) {
+            final AgreementRef agreementRef = new AgreementRef();
+            agreementRef.setValue(submission.getAgreementRef());
+            agreementRef.setType(submission.getAgreementRefType());
+            collaborationInfo.setAgreementRef(agreementRef);
+        }
         final Service service = new Service();
         service.setValue(submission.getService());
         service.setType(submission.getServiceType());
@@ -266,7 +267,7 @@ private void populatePayloadInfo(Submission result, UserMessage messaging) {
                 for (final Property property : extPartInfo.getPartProperties().getProperty()) {
                     String propertyName = trim(property.getName());
                     String propertyValue = trim(property.getValue());
-                    if(PAYLOAD_PROPERTY_FILE_PATH.equals(propertyName)) {
+                    if (PAYLOAD_PROPERTY_FILE_PATH.equalsIgnoreCase(propertyName)) {
                         propertyValue = "-";
                     }
                     if (StringUtils.equals(propertyName, MessageConstants.PAYLOAD_PROPERTY_FILE_NAME)) {
diff --git a/Plugin-WS/Domibus-default-ws-plugin/src/main/java/eu/domibus/plugin/ws/webservice/WebServiceImpl.java b/Plugin-WS/Domibus-default-ws-plugin/src/main/java/eu/domibus/plugin/ws/webservice/WebServiceImpl.java
index 951ea84a76..e8320f9a61 100644
--- a/Plugin-WS/Domibus-default-ws-plugin/src/main/java/eu/domibus/plugin/ws/webservice/WebServiceImpl.java
+++ b/Plugin-WS/Domibus-default-ws-plugin/src/main/java/eu/domibus/plugin/ws/webservice/WebServiceImpl.java
@@ -224,13 +224,6 @@ private void initPartInfoPayLoad(SubmitRequest submitRequest, ExtendedPartInfo e
             } catch (MalformedURLException e) {
                 throw new SubmitMessageFault("Invalid filepath property", generateDefaultFaultDetail(ErrorCode.WS_PLUGIN_0005, filepath), e);
             }
-            final PartProperties partProperties = extendedPartInfo.getPartProperties();
-
-            Property prop = new Property();
-            prop.setName(PAYLOAD_PROPERTY_FILE_PATH);
-            prop.setValue(filepath);
-            partProperties.getProperty().add(prop);
-            extendedPartInfo.setPartProperties(partProperties);
             extendedPartInfo.setPayloadDatahandler(dataHandler);
         }
 
@@ -539,10 +532,12 @@ public void retrieveMessage(RetrieveMessageRequest retrieveMessageRequest,
         userMessage = downloadUserMessage(trimmedMessageId, markAsDownloaded);
 
         // To avoid blocking errors during the Header's response validation
-        if (StringUtils.isEmpty(userMessage.getCollaborationInfo().getAgreementRef().getValue())) {
+        if (userMessage.getCollaborationInfo().getAgreementRef() != null && StringUtils.isEmpty(userMessage.getCollaborationInfo().getAgreementRef().getValue())) {
             userMessage.getCollaborationInfo().setAgreementRef(null);
         }
-        Messaging messaging = EBMS_OBJECT_FACTORY.createMessaging();
+
+
+        Messaging messaging = new Messaging();
         messaging.setUserMessage(userMessage);
         ebMSHeaderInfo.value = messaging;
         retrieveMessageResponse.value = WEBSERVICE_OF.createRetrieveMessageResponse();
diff --git a/Plugin-WS/Domibus-default-ws-plugin/src/main/java/eu/domibus/plugin/ws/webservice/deprecated/StubDtoTransformer.java b/Plugin-WS/Domibus-default-ws-plugin/src/main/java/eu/domibus/plugin/ws/webservice/deprecated/StubDtoTransformer.java
index 80b8883cf0..679948bb70 100644
--- a/Plugin-WS/Domibus-default-ws-plugin/src/main/java/eu/domibus/plugin/ws/webservice/deprecated/StubDtoTransformer.java
+++ b/Plugin-WS/Domibus-default-ws-plugin/src/main/java/eu/domibus/plugin/ws/webservice/deprecated/StubDtoTransformer.java
@@ -75,10 +75,12 @@ private void generateCollaborationInfo(final Submission submission, final UserMe
         final CollaborationInfo collaborationInfo = new CollaborationInfo();
         collaborationInfo.setConversationId(submission.getConversationId());
         collaborationInfo.setAction(submission.getAction());
-        final AgreementRef agreementRef = new AgreementRef();
-        agreementRef.setValue(submission.getAgreementRef());
-        agreementRef.setType(submission.getAgreementRefType());
-        collaborationInfo.setAgreementRef(agreementRef);
+        if (StringUtils.isNotBlank(submission.getAgreementRef())) {
+            final AgreementRef agreementRef = new AgreementRef();
+            agreementRef.setValue(submission.getAgreementRef());
+            agreementRef.setType(submission.getAgreementRefType());
+            collaborationInfo.setAgreementRef(agreementRef);
+        }
         final Service service = new Service();
         service.setValue(submission.getService());
         service.setType(submission.getServiceType());
diff --git a/Plugin-WS/Domibus-default-ws-plugin/src/main/java/eu/domibus/plugin/ws/webservice/deprecated/WebServicePluginImpl.java b/Plugin-WS/Domibus-default-ws-plugin/src/main/java/eu/domibus/plugin/ws/webservice/deprecated/WebServicePluginImpl.java
index b1244c143b..bc60abf91d 100644
--- a/Plugin-WS/Domibus-default-ws-plugin/src/main/java/eu/domibus/plugin/ws/webservice/deprecated/WebServicePluginImpl.java
+++ b/Plugin-WS/Domibus-default-ws-plugin/src/main/java/eu/domibus/plugin/ws/webservice/deprecated/WebServicePluginImpl.java
@@ -329,9 +329,10 @@ public void retrieveMessage(RetrieveMessageRequest retrieveMessageRequest,
         retrieveMessageResponse.value = WEBSERVICE_OF.createRetrieveMessageResponse();
         fillInfoPartsForLargeFilesWs(retrieveMessageResponse, messagingWs);
         // To avoid blocking errors during the Header's response validation
-        if (StringUtils.isEmpty(userMessage.getCollaborationInfo().getAgreementRef().getValue())) {
+        if (userMessage.getCollaborationInfo().getAgreementRef() != null && StringUtils.isEmpty(userMessage.getCollaborationInfo().getAgreementRef().getValue())) {
             userMessage.getCollaborationInfo().setAgreementRef(null);
         }
+
         ebMSHeaderInfo.value = messagingMapper.messagingFromEntity(messagingWs);
 
         try {
diff --git a/Plugin-WS/Domibus-default-ws-plugin/src/main/resources/config/ws-plugin-default.properties b/Plugin-WS/Domibus-default-ws-plugin/src/main/resources/config/ws-plugin-default.properties
index be6a80b1f6..e05aa6a94e 100644
--- a/Plugin-WS/Domibus-default-ws-plugin/src/main/resources/config/ws-plugin-default.properties
+++ b/Plugin-WS/Domibus-default-ws-plugin/src/main/resources/config/ws-plugin-default.properties
@@ -25,7 +25,7 @@ wsplugin.messages.push.failed.list.max=500
 wsplugin.messages.repush.list.max=100
 
 #The notifications sent by Domibus to the plugin. The following values are possible: MESSAGE_RECEIVED,MESSAGE_FRAGMENT_RECEIVED,MESSAGE_SEND_FAILURE,MESSAGE_FRAGMENT_SEND_FAILURE,MESSAGE_RECEIVED_FAILURE,MESSAGE_FRAGMENT_RECEIVED_FAILURE,MESSAGE_SEND_SUCCESS,MESSAGE_FRAGMENT_SEND_SUCCESS,MESSAGE_STATUS_CHANGE,MESSAGE_FRAGMENT_STATUS_CHANGE,MESSAGE_DELETE_BATCH,MESSAGE_DELETED
-wsplugin.messages.notifications=MESSAGE_RECEIVED,MESSAGE_SEND_FAILURE,MESSAGE_RECEIVED_FAILURE,MESSAGE_SEND_SUCCESS,MESSAGE_STATUS_CHANGE
+wsplugin.messages.notifications=MESSAGE_RECEIVED,MESSAGE_SEND_FAILURE,MESSAGE_RECEIVED_FAILURE,MESSAGE_SEND_SUCCESS,MESSAGE_STATUS_CHANGE,MESSAGE_DELETE_BATCH,MESSAGE_DELETED
 
 #Timeout values for communication between the ws plugin and the backend service
 #ConnectionTimeOut - Specifies the amount of time, in milliseconds, that the consumer will attempt to establish a connection before it times out. 0 is infinite.
diff --git a/Plugin-WS/Domibus-ws-stubs/pom.xml b/Plugin-WS/Domibus-ws-stubs/pom.xml
index 32b22f7329..249200cabb 100644
--- a/Plugin-WS/Domibus-ws-stubs/pom.xml
+++ b/Plugin-WS/Domibus-ws-stubs/pom.xml
@@ -7,7 +7,7 @@
     <parent>
         <groupId>org.niis</groupId>
         <artifactId>plugin-ws</artifactId>
-        <version>2.4.0</version>
+        <version>2.5.0</version>
     </parent>
 
     <artifactId>harmony-ws-stubs</artifactId>
diff --git a/Plugin-WS/pom.xml b/Plugin-WS/pom.xml
index 08b4b0f59d..431bf9a72f 100644
--- a/Plugin-WS/pom.xml
+++ b/Plugin-WS/pom.xml
@@ -8,7 +8,7 @@
     <parent>
         <groupId>org.niis</groupId>
         <artifactId>harmony</artifactId>
-        <version>2.4.0</version>
+        <version>2.5.0</version>
     </parent>
 
     <artifactId>plugin-ws</artifactId>
diff --git a/Tomcat/Domibus-MSH-jms-activemq/pom.xml b/Tomcat/Domibus-MSH-jms-activemq/pom.xml
index ccf53fc2ad..5b760f3ae2 100644
--- a/Tomcat/Domibus-MSH-jms-activemq/pom.xml
+++ b/Tomcat/Domibus-MSH-jms-activemq/pom.xml
@@ -8,7 +8,7 @@
     <parent>
         <groupId>org.niis</groupId>
         <artifactId>tomcat</artifactId>
-        <version>2.4.0</version>
+        <version>2.5.0</version>
     </parent>
     <artifactId>harmony-msh-jms-activemq</artifactId>
     <packaging>jar</packaging>
diff --git a/Tomcat/Domibus-MSH-taskexecutor-tomcat/pom.xml b/Tomcat/Domibus-MSH-taskexecutor-tomcat/pom.xml
index 491c4bfd51..562b75e3f8 100644
--- a/Tomcat/Domibus-MSH-taskexecutor-tomcat/pom.xml
+++ b/Tomcat/Domibus-MSH-taskexecutor-tomcat/pom.xml
@@ -8,7 +8,7 @@
     <parent>
         <groupId>org.niis</groupId>
         <artifactId>tomcat</artifactId>
-        <version>2.4.0</version>
+        <version>2.5.0</version>
     </parent>
     <artifactId>harmony-msh-taskexecutor-tomcat</artifactId>
     <packaging>jar</packaging>
diff --git a/Tomcat/Domibus-MSH-tomcat-distribution/pom.xml b/Tomcat/Domibus-MSH-tomcat-distribution/pom.xml
index 5b54df3722..cf3d5a2b17 100644
--- a/Tomcat/Domibus-MSH-tomcat-distribution/pom.xml
+++ b/Tomcat/Domibus-MSH-tomcat-distribution/pom.xml
@@ -6,7 +6,7 @@
     <parent>
         <groupId>org.niis</groupId>
         <artifactId>tomcat</artifactId>
-        <version>2.4.0</version>
+        <version>2.5.0</version>
     </parent>
 
     <artifactId>harmony-MSH-tomcat-distribution</artifactId>
diff --git a/Tomcat/Domibus-MSH-tomcat/pom.xml b/Tomcat/Domibus-MSH-tomcat/pom.xml
index 599cdbcb7d..1d46bcf076 100644
--- a/Tomcat/Domibus-MSH-tomcat/pom.xml
+++ b/Tomcat/Domibus-MSH-tomcat/pom.xml
@@ -6,7 +6,7 @@
     <parent>
         <groupId>org.niis</groupId>
         <artifactId>tomcat</artifactId>
-        <version>2.4.0</version>
+        <version>2.5.0</version>
     </parent>
 
     <artifactId>harmony-MSH-tomcat</artifactId>
diff --git a/Tomcat/Domibus-MSH-tomcat/src/main/conf/domibus/domibus.properties b/Tomcat/Domibus-MSH-tomcat/src/main/conf/domibus/domibus.properties
index 0cf8145cfa..2e4f62816d 100644
--- a/Tomcat/Domibus-MSH-tomcat/src/main/conf/domibus/domibus.properties
+++ b/Tomcat/Domibus-MSH-tomcat/src/main/conf/domibus/domibus.properties
@@ -237,6 +237,9 @@ domibus.entityManagerFactory.jpaProperty.hibernate.id.new_generator_mappings=fal
 #The location where the encrypted key is stored
 #domibus.password.encryption.key.location=${domibus.config.location}/internal/encrypt
 
+#Password can be viewed if true;
+#domibus.properties.password.view.allow=true
+
 #To activate security set this to false
 #domibus.auth.unsecureLoginAllowed=true
 
@@ -268,6 +271,14 @@ domibus.entityManagerFactory.jpaProperty.hibernate.id.new_generator_mappings=fal
 #Enable caching of CRLs by certificate. Note that, while a CRL is cached, any certificates that were revoked since it was cached would still be accepted
 #domibus.certificate.crlByCert.cache.enabled=true
 
+#Complexity rules for all properties passwords
+#Default value requires Minimum length: 16 characters; Maximum length: 32 characters; At least one letter in lowercase; At least one letter in uppercase; At least one digit; At least one special character
+#domibus.properties.passwordPolicy.pattern=^(?=.*[0-9])(?=.*[a-z])(?=.*[A-Z])(?=.*[~`!@#$%^&+=\\-_<>.,?:;*/()|\\[\\]{}'"\\\\]).{16,32}$
+
+#If true will enforce the complexity rules for all properties passwords by stopping Domibus
+#If set to false only warnings are logged
+#domibus.properties.passwordPolicy.enforce=false
+
 # ---------------------------------- Extensions ----------------------------------
 
 #Name of the authentication extension used to verify the chain trust. Default is CXF
@@ -315,6 +326,9 @@ domibus.entityManagerFactory.jpaProperty.hibernate.id.new_generator_mappings=fal
 #Default user password generation policy enabled/disabled (by default is enabled)
 #domibus.passwordPolicy.defaultUser.autogeneratePassword=true
 
+#Default user password regeneration policy enabled/disabled (by default is disabled).
+#domibus.passwordPolicy.defaultUser.reGeneratePassword=false
+
 #Cron expression that specifies the frequency of the password expiration check
 #domibus.passwordPolicies.check.cron=0 0 0/1 * * ?
 
@@ -384,6 +398,9 @@ domibus.entityManagerFactory.jpaProperty.hibernate.id.new_generator_mappings=fal
 #Activates the plugin notification of Test messages
 #domibus.message.test.notification=false
 
+#If enabled, diagnostics data will be logged when a message submission fails
+#domibus.message.submission.diagnostics.enabled=false
+
 # ---------------------------------- Retry -------------------------------------
 
 #Retry Worker execution interval as a cron expression
@@ -502,10 +519,13 @@ domibus.entityManagerFactory.jpaProperty.hibernate.id.new_generator_mappings=fal
 #not valid or it has been revoked Domibus will not accept the message (default is true)
 #domibus.sender.certificate.validation.onreceiving=true
 
-#If activated Domibus will verify before receiving a message, the validity and authorization on the sender's certificate. When disabled,
-#none of the other checks are performed on the sender's certificate.
+#If activated Domibus will verify before receiving a User Message when using Push/Pull or a Signal Acknowledgement (NRR) when using Pull, that the sender certificate is valid and not revoked
+# When disabled, none of the other checks are performed on the sender's certificate.
 #domibus.sender.trust.validation.onreceiving=true
 
+#If activated Domibus will verify before receiving syncronously a signal message following a push or pull request, that the sender certificate is valid and not revoked
+#domibus.sender.trust.validation.signal.sync.onreceiving=true
+
 #When this property is not empty Domibus will verify before receiving a message(using static or dynamic discovery), that the subject of the sender's certificate matches the regular expression.
 #domibus.sender.trust.validation.expression=
 
@@ -547,6 +567,9 @@ domibus.sendMessage.messageIdPattern=^(?!.*[=])[\\x20-\\x7E]*$
 # If set to false, Domibus fills in the value of the Mpc with the value of the EBMS3 defaultMpc ("http://docs.oasis-open.org/ebxml-msg/ebms/v3.0/ns/core/200704/defaultMPC")
 #domibus.pmode.legconfiguration.mpc.enabled=true
 
+#If enabled, detailed diagnostics data will be logged when a message does not match the PMode
+#domibus.pmode.legconfiguration.diagnostics.enabled=false
+
 #Accepted Format for action (Default value: ^[^=]*$: all characters but '=' character )
 #domibus.pmode.validation.action.pattern=^[^=]*$
 
@@ -654,8 +677,8 @@ domibus.sendMessage.messageIdPattern=^(?!.*[=])[\\x20-\\x7E]*$
 #Cron expression used for configuring the partition worker scheduling. The partition worker verifies if partitions were properly created in advance
 #domibus.partitions.worker.cron=0 9 * * * ?
 
-#Number of days to check if partitions were successfully created in advance. Defaults to 7 days.
-#domibus.partitions.creation.days_to_check=7
+#Maximum number of expired partitions to be dropped by the retention worker in one run. Defaults to 10 partitions.
+#domibus.partitions.drop.max_partitions=10
 
 #When set to true, before dropping a partition, verifies if all messages on that partition were previously archived.
 #This check is a guard rail for dropping partitions when the eArchiving mechanism is disabled. Default is true.
diff --git a/Tomcat/Domibus-MSH-tomcat/src/test/java/eu/domibus/common/dao/UserMessageLogDaoIT.java b/Tomcat/Domibus-MSH-tomcat/src/test/java/eu/domibus/common/dao/UserMessageLogDaoIT.java
index c460877b55..ad43e58c4f 100644
--- a/Tomcat/Domibus-MSH-tomcat/src/test/java/eu/domibus/common/dao/UserMessageLogDaoIT.java
+++ b/Tomcat/Domibus-MSH-tomcat/src/test/java/eu/domibus/common/dao/UserMessageLogDaoIT.java
@@ -12,6 +12,8 @@
 import eu.domibus.core.plugin.BackendConnectorProvider;
 import eu.domibus.logging.DomibusLogger;
 import eu.domibus.logging.DomibusLoggerFactory;
+import org.hamcrest.CoreMatchers;
+import org.hamcrest.MatcherAssert;
 import eu.domibus.messaging.MessagingProcessingException;
 import eu.domibus.test.common.BackendConnectorMock;
 import org.junit.*;
@@ -33,7 +35,7 @@
 import static java.time.format.DateTimeFormatter.ofPattern;
 import static java.util.UUID.randomUUID;
 import static org.apache.commons.lang3.StringUtils.equalsAnyIgnoreCase;
-import static org.hamcrest.CoreMatchers.hasItems;
+import static org.hamcrest.CoreMatchers.*;
 import static org.hamcrest.MatcherAssert.assertThat;
 import static org.junit.Assert.*;
 import static org.mockito.ArgumentMatchers.anyString;
@@ -741,4 +743,37 @@ public void findMessagesToDeleteNotInFinalStatus() {
 
         assertEquals(2, msgs.size());
     }
+
+
+    @Test
+    @Transactional
+    public void findUnsentMessageIds() {
+        messageDaoTestUtil.clear();
+
+        String originalUser = "pluginUser1";
+        String originalSender = originalUser;
+        String finalRecipient = "pluginUser2";
+        String originalSender2 = finalRecipient;
+
+        messageDaoTestUtil.createUserMessageLog("not_found1", dateUtil.getDateMinutesAgo(5), MSHRole.SENDING, MessageStatus.SEND_ENQUEUED, finalRecipient, originalSender);
+        messageDaoTestUtil.createUserMessageLog("not_found2", dateUtil.getDateMinutesAgo(5), MSHRole.SENDING, MessageStatus.WAITING_FOR_RETRY, finalRecipient, originalSender);
+
+
+        messageDaoTestUtil.createUserMessageLog("msg1", dateUtil.getDateMinutesAgo(10), MSHRole.SENDING, MessageStatus.SEND_ENQUEUED, finalRecipient, originalSender);
+        messageDaoTestUtil.createUserMessageLog("msg2", dateUtil.getDateMinutesAgo(10), MSHRole.SENDING, WAITING_FOR_RETRY, finalRecipient, originalSender);
+        UserMessageLog notFound3 = messageDaoTestUtil.createUserMessageLog("not_found3", dateUtil.getDateMinutesAgo(10), MSHRole.SENDING, WAITING_FOR_RETRY, finalRecipient, originalSender);
+        messageDaoTestUtil.createUserMessageLog("not_found4", dateUtil.getDateMinutesAgo(10), MSHRole.SENDING, SEND_ENQUEUED, finalRecipient, originalSender);
+
+
+        List<String> unsentMessageIds = userMessageLogDao.findUnsentMessageIds(dateUtil.getDateMinutesAgo(10), notFound3.getEntityId());
+
+        assertEquals(2, unsentMessageIds.size());
+        MatcherAssert.assertThat(unsentMessageIds, CoreMatchers.allOf(
+                hasItem("msg1"),
+                hasItem("msg2"),
+                not(hasItem("not_found1")),
+                not(hasItem("not_found2")),
+                not(hasItem("not_found3")),
+                not(hasItem("not_found4"))));
+    }
 }
diff --git a/Tomcat/Domibus-MSH-tomcat/src/test/java/eu/domibus/core/earchive/job/EArchiveBatchUserMessageDaoIT.java b/Tomcat/Domibus-MSH-tomcat/src/test/java/eu/domibus/core/earchive/EArchiveBatchUserMessageDaoIT.java
similarity index 91%
rename from Tomcat/Domibus-MSH-tomcat/src/test/java/eu/domibus/core/earchive/job/EArchiveBatchUserMessageDaoIT.java
rename to Tomcat/Domibus-MSH-tomcat/src/test/java/eu/domibus/core/earchive/EArchiveBatchUserMessageDaoIT.java
index 1625b831b0..092d501521 100644
--- a/Tomcat/Domibus-MSH-tomcat/src/test/java/eu/domibus/core/earchive/job/EArchiveBatchUserMessageDaoIT.java
+++ b/Tomcat/Domibus-MSH-tomcat/src/test/java/eu/domibus/core/earchive/EArchiveBatchUserMessageDaoIT.java
@@ -1,4 +1,4 @@
-package eu.domibus.core.earchive.job;
+package eu.domibus.core.earchive;
 
 import eu.domibus.test.AbstractIT;
 import eu.domibus.api.earchive.EArchiveRequestType;
@@ -6,10 +6,6 @@
 import eu.domibus.api.util.DateUtil;
 import eu.domibus.common.JPAConstants;
 import eu.domibus.common.MessageDaoTestUtil;
-import eu.domibus.core.earchive.EArchiveBatchDao;
-import eu.domibus.core.earchive.EArchiveBatchEntity;
-import eu.domibus.core.earchive.EArchiveBatchUserMessage;
-import eu.domibus.core.earchive.EArchiveBatchUserMessageDao;
 import eu.domibus.core.message.UserMessageLogDao;
 import org.junit.Assert;
 import org.junit.Before;
diff --git a/Tomcat/Domibus-MSH-tomcat/src/test/java/eu/domibus/core/earchive/EArchivingRetentionServiceIT.java b/Tomcat/Domibus-MSH-tomcat/src/test/java/eu/domibus/core/earchive/EArchivingRetentionServiceIT.java
index c885461e06..4b45fb3739 100644
--- a/Tomcat/Domibus-MSH-tomcat/src/test/java/eu/domibus/core/earchive/EArchivingRetentionServiceIT.java
+++ b/Tomcat/Domibus-MSH-tomcat/src/test/java/eu/domibus/core/earchive/EArchivingRetentionServiceIT.java
@@ -108,11 +108,10 @@ public void setUp() throws Exception {
         temp = Files.createTempDirectory(Paths.get("target"), "tmpDirPrefix").toFile();
         LOG.info("temp folder created: [{}]", temp.getAbsolutePath());
 
-
-        domibusPropertyProvider.setProperty(DomainService.DEFAULT_DOMAIN, DOMIBUS_EARCHIVE_ACTIVE, "true");
-        domibusPropertyProvider.setProperty(DOMIBUS_EARCHIVE_ACTIVE, "true");
         domibusPropertyProvider.setProperty(DomainService.DEFAULT_DOMAIN, DOMIBUS_EARCHIVE_STORAGE_LOCATION, temp.getAbsolutePath());
         domibusPropertyProvider.setProperty(DOMIBUS_EARCHIVE_STORAGE_LOCATION, temp.getAbsolutePath());
+        domibusPropertyProvider.setProperty(DomainService.DEFAULT_DOMAIN, DOMIBUS_EARCHIVE_ACTIVE, "true");
+        domibusPropertyProvider.setProperty(DOMIBUS_EARCHIVE_ACTIVE, "true");
 
         storageProvider.initialize();
 
diff --git a/Tomcat/Domibus-MSH-tomcat/src/test/java/eu/domibus/core/earchive/eark/FileSystemEArchivePersistenceE2EIT.java b/Tomcat/Domibus-MSH-tomcat/src/test/java/eu/domibus/core/earchive/eark/FileSystemEArchivePersistenceE2EIT.java
index ed358e5f5a..79e33f1736 100644
--- a/Tomcat/Domibus-MSH-tomcat/src/test/java/eu/domibus/core/earchive/eark/FileSystemEArchivePersistenceE2EIT.java
+++ b/Tomcat/Domibus-MSH-tomcat/src/test/java/eu/domibus/core/earchive/eark/FileSystemEArchivePersistenceE2EIT.java
@@ -96,6 +96,7 @@ public class FileSystemEArchivePersistenceE2EIT extends AbstractIT {
 
     private String messageId;
     private String messageId2;
+    private String messageId3;
     private String batchId;
 
     @Transactional
@@ -109,12 +110,13 @@ public void setUp() throws Exception {
         //messageId = "43bb6883-77d2-4a41-bac4-52a485d50084@domibus.eu";
         messageId = UUID.randomUUID() + "@domibus.eu";
         messageId2 = UUID.randomUUID() + "@domibus.eu";
+        messageId3 = UUID.randomUUID() + "@domibus.eu";
 
         batchId = UUID.randomUUID().toString();
         batchEArchiveDTO = new BatchEArchiveDTOBuilder()
                 .batchId(batchId)
                 .messageEndId("")
-                .messages(Arrays.asList(messageId, messageId2))
+                .messages(Arrays.asList(messageId, messageId2, messageId3))
                 .createBatchEArchiveDTO();
         temp = Files.createTempDirectory(Paths.get("target"), "tmpDirPrefix").toFile();
         LOG.info("temp folder created: [{}]", temp.getAbsolutePath());
@@ -124,11 +126,12 @@ public void setUp() throws Exception {
 
         mshWebserviceTest.invoke(soapSampleUtil.createSOAPMessage("SOAPMessage4.xml", messageId, false));
         mshWebserviceTest.invoke(soapSampleUtil.createSOAPMessage("SOAPMessage4_compressed.xml", messageId2, true));
+        mshWebserviceTest.invoke(soapSampleUtil.createSOAPMessage("SOAPMessage4_noPropertyPart.xml", messageId3, false));
 
-        domibusPropertyProvider.setProperty(DomainService.DEFAULT_DOMAIN, DOMIBUS_EARCHIVE_ACTIVE, "true");
-        domibusPropertyProvider.setProperty(DOMIBUS_EARCHIVE_ACTIVE, "true");
         domibusPropertyProvider.setProperty(DomainService.DEFAULT_DOMAIN, DOMIBUS_EARCHIVE_STORAGE_LOCATION, temp.getAbsolutePath());
         domibusPropertyProvider.setProperty(DOMIBUS_EARCHIVE_STORAGE_LOCATION, temp.getAbsolutePath());
+        domibusPropertyProvider.setProperty(DomainService.DEFAULT_DOMAIN, DOMIBUS_EARCHIVE_ACTIVE, "true");
+        domibusPropertyProvider.setProperty(DOMIBUS_EARCHIVE_ACTIVE, "true");
 
         eArchiveFileStorageProvider.initialize();
 
@@ -149,11 +152,15 @@ public void tearDown() throws IOException {
     public void createEArkSipStructure() throws IOException {
         UserMessage byMessageId = userMessageDao.findByMessageId(messageId);
         UserMessage byMessageId2 = userMessageDao.findByMessageId(messageId2);
+        UserMessage byMessageId3 = userMessageDao.findByMessageId(messageId3);
         Date messageStartDate = new Date();
         Date messageEndDate = new Date();
 
-        DomibusEARKSIPResult fileObject = fileSystemEArchivePersistence.createEArkSipStructure(batchEArchiveDTO, Arrays.asList(new EArchiveBatchUserMessage(byMessageId.getEntityId(), messageId),
-                new EArchiveBatchUserMessage(byMessageId2.getEntityId(), messageId2)), messageStartDate, messageEndDate);
+        DomibusEARKSIPResult fileObject = fileSystemEArchivePersistence.createEArkSipStructure(batchEArchiveDTO,
+                Arrays.asList(
+                        new EArchiveBatchUserMessage(byMessageId.getEntityId(), messageId),
+                        new EArchiveBatchUserMessage(byMessageId2.getEntityId(), messageId2),
+                        new EArchiveBatchUserMessage(byMessageId3.getEntityId(), messageId3)), messageStartDate, messageEndDate);
         try (FileObject batchDirectory = VFS.getManager().resolveFile(fileObject.getDirectory().toUri())) {
 
             // must have more than one subfolder item
diff --git a/Tomcat/Domibus-MSH-tomcat/src/test/java/eu/domibus/core/earchive/job/EArchiveBatchDispatcherServiceIT.java b/Tomcat/Domibus-MSH-tomcat/src/test/java/eu/domibus/core/earchive/job/EArchiveBatchDispatcherServiceIT.java
index d62d8754d7..e85f483f41 100644
--- a/Tomcat/Domibus-MSH-tomcat/src/test/java/eu/domibus/core/earchive/job/EArchiveBatchDispatcherServiceIT.java
+++ b/Tomcat/Domibus-MSH-tomcat/src/test/java/eu/domibus/core/earchive/job/EArchiveBatchDispatcherServiceIT.java
@@ -103,6 +103,7 @@ public void setUp() throws Exception {
         messageId1 = UUID.randomUUID().toString();
         mshWebserviceTest.invoke(soapSampleUtil.createSOAPMessage("SOAPMessage4.xml", messageId1));
 
+        domibusPropertyProvider.setProperty(DomainService.DEFAULT_DOMAIN, DOMIBUS_EARCHIVE_STORAGE_LOCATION, "/tmp/earchive");
         domibusPropertyProvider.setProperty(DomainService.DEFAULT_DOMAIN, DOMIBUS_EARCHIVE_ACTIVE, "true");
         domibusPropertyProvider.setProperty(DomainService.DEFAULT_DOMAIN, DOMIBUS_ALERT_EARCHIVING_MSG_NON_FINAL_ACTIVE, "false");
         domibusPropertyProvider.setProperty(DomainService.DEFAULT_DOMAIN, DOMIBUS_EARCHIVE_BATCH_SIZE, "1");
diff --git a/Tomcat/Domibus-MSH-tomcat/src/test/java/eu/domibus/core/earchive/job/EArchivingStuckBatchesServiceIT.java b/Tomcat/Domibus-MSH-tomcat/src/test/java/eu/domibus/core/earchive/job/EArchivingStuckBatchesServiceIT.java
new file mode 100644
index 0000000000..610d0f71d6
--- /dev/null
+++ b/Tomcat/Domibus-MSH-tomcat/src/test/java/eu/domibus/core/earchive/job/EArchivingStuckBatchesServiceIT.java
@@ -0,0 +1,145 @@
+package eu.domibus.core.earchive.job;
+
+import eu.domibus.api.earchive.EArchiveBatchStatus;
+import eu.domibus.api.earchive.EArchiveRequestType;
+import eu.domibus.api.jms.JmsMessage;
+import eu.domibus.api.multitenancy.DomainService;
+import eu.domibus.api.property.DomibusPropertyProvider;
+import eu.domibus.api.util.DateUtil;
+import eu.domibus.common.MessageDaoTestUtil;
+import eu.domibus.core.earchive.EArchiveBatchDao;
+import eu.domibus.core.earchive.EArchiveBatchEntity;
+import eu.domibus.core.earchive.listener.EArchiveListener;
+import eu.domibus.core.earchive.storage.EArchiveFileStorageProvider;
+import eu.domibus.core.jms.JMSManagerImpl;
+import eu.domibus.core.message.UserMessageLogDao;
+import eu.domibus.logging.DomibusLogger;
+import eu.domibus.logging.DomibusLoggerFactory;
+import eu.domibus.test.AbstractIT;
+import org.apache.activemq.command.ActiveMQMessage;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.test.util.ReflectionTestUtils;
+import org.springframework.transaction.annotation.Transactional;
+
+import javax.jms.JMSException;
+import javax.jms.Queue;
+import javax.persistence.TypedQuery;
+import java.io.File;
+import java.io.IOException;
+import java.nio.file.Files;
+import java.nio.file.Paths;
+import java.util.Map;
+import java.util.UUID;
+
+import static eu.domibus.api.property.DomibusPropertyMetadataManagerSPI.DOMIBUS_EARCHIVE_ACTIVE;
+import static eu.domibus.api.property.DomibusPropertyMetadataManagerSPI.DOMIBUS_EARCHIVE_STORAGE_LOCATION;
+
+/**
+ * @author François Gautier
+ * @since 5.0
+ */
+@Transactional
+public class EArchivingStuckBatchesServiceIT extends AbstractIT {
+
+    private static final DomibusLogger LOG = DomibusLoggerFactory.getLogger(EArchivingStuckBatchesServiceIT.class);
+
+    @Autowired
+    EArchivingStuckBatchesService eArchivingStuckBatchesService;
+
+    @Autowired
+    EArchiveBatchDispatcherService eArchiveBatchDispatcherService;
+
+    @Autowired
+    EArchiveListener eArchiveListener;
+
+    @Autowired
+    EArchiveBatchDao eArchiveBatchDao;
+
+    @Autowired
+    UserMessageLogDao userMessageLogDao;
+
+    @Autowired
+    DateUtil dateUtil;
+
+    @Autowired
+    MessageDaoTestUtil messageDaoTestUtil;
+
+    @Autowired
+    protected EArchiveFileStorageProvider storageProvider;
+
+    @Autowired
+    protected DomibusPropertyProvider domibusPropertyProvider;
+
+    private File temp;
+
+    private EArchiveBatchEntity eArchiveBatchStarted;
+    private EArchiveBatchEntity eArchiveBatchQueued;
+
+    @Before
+    public void setup() throws IOException {
+
+        temp = Files.createTempDirectory(Paths.get("target"), "tmpDirPrefix").toFile();
+        LOG.info("temp folder created: [{}]", temp.getAbsolutePath());
+
+        domibusPropertyProvider.setProperty(DomainService.DEFAULT_DOMAIN, DOMIBUS_EARCHIVE_STORAGE_LOCATION, temp.getAbsolutePath());
+        domibusPropertyProvider.setProperty(DOMIBUS_EARCHIVE_STORAGE_LOCATION, temp.getAbsolutePath());
+        domibusPropertyProvider.setProperty(DomainService.DEFAULT_DOMAIN, DOMIBUS_EARCHIVE_ACTIVE, "true");
+        domibusPropertyProvider.setProperty(DOMIBUS_EARCHIVE_ACTIVE, "true");
+
+        storageProvider.initialize();
+
+        eArchiveBatchStarted = createEarchiveBatch(EArchiveBatchStatus.STARTED);
+        eArchiveBatchQueued = createEarchiveBatch(EArchiveBatchStatus.QUEUED);
+    }
+
+    private EArchiveBatchEntity createEarchiveBatch(EArchiveBatchStatus eArchiveBatchStatus) {
+        EArchiveBatchEntity eArchiveBatch = new EArchiveBatchEntity();
+        eArchiveBatch.setBatchId(UUID.randomUUID().toString());
+        eArchiveBatch.setRequestType(EArchiveRequestType.CONTINUOUS);
+        eArchiveBatch.setCreationTime(dateUtil.getUtcDate());
+        eArchiveBatch.setDateRequested(dateUtil.getDateMinutesAgo(1000));
+        eArchiveBatch.setEArchiveBatchStatus(eArchiveBatchStatus);
+        eArchiveBatch.setCreatedBy("test");
+        eArchiveBatchDao.create(eArchiveBatch);
+        return eArchiveBatch;
+    }
+
+    @Test
+    @Transactional
+    public void create() {
+        ReflectionTestUtils.setField(eArchiveBatchDispatcherService, "jmsManager", new JMSManagerImpl() {
+            public void sendMessageToQueue(JmsMessage message, Queue destination) {
+                ActiveMQMessage mqMessage = new ActiveMQMessage();
+                for (Map.Entry<String, String> stringStringEntry : message.getProperties().entrySet()) {
+                    try {
+                        mqMessage.setStringProperty(stringStringEntry.getKey(), stringStringEntry.getValue());
+                    } catch (JMSException e) {
+                        throw new RuntimeException(e);
+                    }
+                }
+                mqMessage.setJMSType(EArchiveBatchStatus.EXPORTED.name());
+                eArchiveListener.onMessage(mqMessage);
+            }
+        });
+        eArchivingStuckBatchesService.reExportStuckBatches();
+
+
+        EArchiveBatchEntity queued = eArchiveBatchDao.findByReference(eArchiveBatchQueued.getEntityId());
+        EArchiveBatchEntity started = eArchiveBatchDao.findByReference(eArchiveBatchStarted.getEntityId());
+
+        Assert.assertEquals(EArchiveBatchStatus.FAILED, queued.getEArchiveBatchStatus());
+        Assert.assertEquals(EArchiveBatchStatus.FAILED, started.getEArchiveBatchStatus());
+
+        Assert.assertEquals(EArchiveBatchStatus.EXPORTED, getEArchiveBatchEntityWithOrigin(queued).getEArchiveBatchStatus());
+        Assert.assertEquals(EArchiveBatchStatus.EXPORTED, getEArchiveBatchEntityWithOrigin(started).getEArchiveBatchStatus());
+    }
+
+    private EArchiveBatchEntity getEArchiveBatchEntityWithOrigin(EArchiveBatchEntity queued) {
+        TypedQuery<EArchiveBatchEntity> query = em.createQuery("SELECT eaum FROM EArchiveBatchEntity eaum where originalBatchId = :BATCH_ID", EArchiveBatchEntity.class);
+        query.setParameter("BATCH_ID", queued.getBatchId());
+        return query.getSingleResult();
+    }
+}
diff --git a/Tomcat/Domibus-MSH-tomcat/src/test/java/eu/domibus/property/DomibusPropertyResourceHelperIT.java b/Tomcat/Domibus-MSH-tomcat/src/test/java/eu/domibus/property/DomibusPropertyResourceHelperIT.java
index 400e5788d7..56d2d4759e 100644
--- a/Tomcat/Domibus-MSH-tomcat/src/test/java/eu/domibus/property/DomibusPropertyResourceHelperIT.java
+++ b/Tomcat/Domibus-MSH-tomcat/src/test/java/eu/domibus/property/DomibusPropertyResourceHelperIT.java
@@ -1,5 +1,6 @@
 package eu.domibus.property;
 
+import eu.domibus.api.security.AuthRole;
 import eu.domibus.test.AbstractIT;
 import eu.domibus.api.property.DomibusProperty;
 import eu.domibus.api.property.DomibusPropertyException;
@@ -13,9 +14,13 @@
 import org.junit.Ignore;
 import org.junit.Test;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.test.context.support.WithMockUser;
 import org.springframework.stereotype.Service;
 
+import java.util.Collections;
 import java.util.List;
 
 import static eu.domibus.api.property.DomibusPropertyMetadataManagerSPI.*;
@@ -48,8 +53,7 @@ public void setProperty_readonly() {
             Assert.assertTrue(ex.getMessage().contains("it is not writable"));
         }
     }
-
-    @Ignore
+    
     @Test
     public void setProperty_nonexistent() {
         String propertyName = "non-existent-property-test";
@@ -65,12 +69,12 @@ public void setProperty_nonexistent() {
     }
 
     @Test
-    @WithMockUser(username = "admin", roles={"AP_ADMIN"})
     public void setProperty_composable() {
         String propertyName = "composable_property_name";
         boolean isDomain = false;
-        DomibusPropertyMetadata propertyMetadata = DomibusPropertyMetadata.getGlobalProperty(propertyName);
+        DomibusPropertyMetadata propertyMetadata = DomibusPropertyMetadata.getOnTheFlyProperty(propertyName);
         propertyMetadata.setComposable(true);
+        propertyMetadata.setWritable(true);
         String propertyValue = "100";
         globalPropertyMetadataManager.getAllProperties().put(propertyName, propertyMetadata);
 
@@ -116,7 +120,8 @@ public void setProperty_nested() {
         String composablePropertyName = "composable_property_nested";
         String nestedPropertyName = composablePropertyName + ".prop1";
         boolean isDomain = true;
-        DomibusPropertyMetadata propertyMetadata = DomibusPropertyMetadata.getGlobalProperty(composablePropertyName);
+        DomibusPropertyMetadata propertyMetadata = DomibusPropertyMetadata.getOnTheFlyProperty(composablePropertyName);
+        propertyMetadata.setWritable(true);
         propertyMetadata.setComposable(true);
         String propertyValue = "100";
 
diff --git a/Tomcat/Domibus-MSH-tomcat/src/test/java/eu/domibus/property/DomibusPropertyValidatorServiceIT.java b/Tomcat/Domibus-MSH-tomcat/src/test/java/eu/domibus/property/DomibusPropertyValidatorServiceIT.java
new file mode 100644
index 0000000000..c8673e4e26
--- /dev/null
+++ b/Tomcat/Domibus-MSH-tomcat/src/test/java/eu/domibus/property/DomibusPropertyValidatorServiceIT.java
@@ -0,0 +1,63 @@
+package eu.domibus.property;
+
+/**
+ * @author Ionut Breaz
+ * @since 5.1.5
+ */
+
+import org.junit.Assert;
+import org.junit.Test;
+import eu.domibus.test.AbstractIT;
+
+import java.io.IOException;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.nio.file.Paths;
+import eu.domibus.logging.DomibusLogger;
+import eu.domibus.logging.DomibusLoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import eu.domibus.core.property.DomibusPropertyValidatorService;
+import eu.domibus.api.property.DomibusPropertyProvider;
+import eu.domibus.api.property.DomibusPropertyException;
+import static eu.domibus.api.property.DomibusPropertyMetadataManagerSPI.*;
+
+public class DomibusPropertyValidatorServiceIT extends AbstractIT {
+
+    @Autowired
+    DomibusPropertyProvider domibusPropertyProvider;
+
+    @Autowired
+    DomibusPropertyValidatorService domibusPropertyValidatorService;
+
+    private static final DomibusLogger LOG = DomibusLoggerFactory.getLogger(DomibusPropertyValidatorServiceIT.class);
+
+    @Test
+    public void testDomibusPropertyExceptionIsRaised() {
+        DomibusPropertyException exception = Assert.assertThrows(DomibusPropertyException.class,
+                () -> callPasswordPropertiesValidation(true));
+        Assert.assertTrue(exception.getMessage().contains("all password properties must match"));
+    }
+
+    @Test
+    public void testDomibusPropertyExceptionIsNotRaised() {
+         callPasswordPropertiesValidation(false);
+    }
+
+    private void callPasswordPropertiesValidation(boolean enforcePasswordPolicy) {
+        String enforcePreviousPropValue = domibusPropertyProvider.getProperty(DOMIBUS_PROPERTIES_PASSWORD_POLICY_ENFORCE);
+        String patternPreviousPropValue = domibusPropertyProvider.getProperty(DOMIBUS_PROPERTIES_PASSWORD_POLICY_PATTERN);
+        String passwordPreviousPropValue = domibusPropertyProvider.getProperty(DOMIBUS_SECURITY_KEY_PRIVATE_PASSWORD);
+
+        try {
+            domibusPropertyProvider.setProperty(DOMIBUS_PROPERTIES_PASSWORD_POLICY_ENFORCE, String.valueOf(enforcePasswordPolicy));
+            domibusPropertyProvider.setProperty(DOMIBUS_PROPERTIES_PASSWORD_POLICY_PATTERN, "^(?=.*[0-9])(?=.*[a-z])(?=.*[A-Z])(?=.*[~`!@#$%^&+=\\\\-_<>.,?:;*/()|\\\\[\\\\]{}'\"\\\\\\\\]).{16,32}$");
+            domibusPropertyProvider.setProperty(DOMIBUS_SECURITY_KEY_PRIVATE_PASSWORD, "test123");
+            domibusPropertyValidatorService.validatePropertiesPasswordPolicy();
+        }
+        finally {
+            domibusPropertyProvider.setProperty(DOMIBUS_PROPERTIES_PASSWORD_POLICY_ENFORCE, enforcePreviousPropValue);
+            domibusPropertyProvider.setProperty(DOMIBUS_PROPERTIES_PASSWORD_POLICY_PATTERN, patternPreviousPropValue);
+            domibusPropertyProvider.setProperty(DOMIBUS_SECURITY_KEY_PRIVATE_PASSWORD, passwordPreviousPropValue);
+        }
+    }
+}
diff --git a/Tomcat/Domibus-MSH-tomcat/src/test/java/eu/domibus/web/rest/LoggingResourceIT.java b/Tomcat/Domibus-MSH-tomcat/src/test/java/eu/domibus/web/rest/LoggingResourceIT.java
index e2cf60ee0b..16d3fd2b5c 100644
--- a/Tomcat/Domibus-MSH-tomcat/src/test/java/eu/domibus/web/rest/LoggingResourceIT.java
+++ b/Tomcat/Domibus-MSH-tomcat/src/test/java/eu/domibus/web/rest/LoggingResourceIT.java
@@ -3,22 +3,22 @@
 import com.fasterxml.jackson.annotation.JsonInclude;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule;
-import eu.domibus.test.AbstractIT;
-import eu.domibus.api.security.AuthRole;
 import eu.domibus.api.security.AuthUtils;
 import eu.domibus.core.converter.DomibusCoreMapper;
 import eu.domibus.core.logging.LoggingEntry;
 import eu.domibus.core.logging.LoggingService;
+import eu.domibus.test.AbstractIT;
 import eu.domibus.web.rest.ro.LoggingFilterRequestRO;
+import eu.domibus.web.rest.ro.LoggingLevelRO;
 import org.apache.commons.lang3.BooleanUtils;
 import org.junit.Before;
-import org.junit.Ignore;
 import org.junit.Test;
 import org.mockito.Mockito;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Primary;
+import org.springframework.http.MediaType;
 import org.springframework.security.test.context.support.WithMockUser;
 import org.springframework.test.web.servlet.MockMvc;
 import org.springframework.test.web.servlet.result.MockMvcResultMatchers;
@@ -30,8 +30,12 @@
 import java.util.List;
 
 import static org.hamcrest.CoreMatchers.hasItems;
+import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf;
+import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.httpBasic;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
 
 /**
  * @author François Gautier
@@ -84,9 +88,52 @@ public void getLogLevel_accessDenied() throws Exception {
 
     @Test
     @WithMockUser(username = "admin", roles = {"AP_ADMIN"})
-    @Ignore
+    public void setLogLevel_ok() throws Exception {
+        LoggingLevelRO loggingLevelRO = new LoggingLevelRO();
+        loggingLevelRO.setLevel("DEBUG");
+        loggingLevelRO.setName("eu.domibus");
+        Mockito.when(loggingService.exists(loggingLevelRO.getName())).thenReturn(true);
+        mockMvc.perform(post("/rest/logging/loglevel")
+                        .contentType(MediaType.APPLICATION_JSON)
+                        .content(asJsonString(loggingLevelRO)))
+                .andExpect(status().is2xxSuccessful())
+                .andReturn();
+    }
+
+    @Test
+    @WithMockUser(username = "admin", roles = {"AP_ADMIN"})
+    public void setLogLevel_nok_custom_name() throws Exception {
+        LoggingLevelRO loggingLevelRO = new LoggingLevelRO();
+        loggingLevelRO.setLevel("DEBUG");
+        loggingLevelRO.setName("custom.package");
+
+        Mockito.when(loggingService.exists(loggingLevelRO.getName())).thenReturn(false);
+
+        mockMvc.perform(post("/rest/logging/loglevel")
+                        .contentType(MediaType.APPLICATION_JSON)
+                        .content(asJsonString(loggingLevelRO)))
+                .andExpect(status().is4xxClientError())
+                .andReturn();
+    }
+
+    @Test
+    public void setLogLevel_nok_ALL() throws Exception {
+        LoggingLevelRO loggingLevelRO = new LoggingLevelRO();
+        loggingLevelRO.setLevel("CUSTOM_LEVEL");
+        loggingLevelRO.setName("eu.domibus");
+
+        mockMvc.perform(post("/rest/logging/loglevel")
+                        .with(httpBasic(TEST_PLUGIN_USERNAME, TEST_PLUGIN_PASSWORD))
+                        .with(csrf())
+                        .contentType(MediaType.APPLICATION_JSON)
+                        .content(asJsonString(loggingLevelRO)))
+                .andExpect(status().is4xxClientError())
+                .andReturn();
+    }
+
+    @Test
+    @WithMockUser(username = "admin", roles = {"AP_ADMIN"})
     public void getLogLevel_ok() throws Exception {
-        authUtils.setAuthenticationToSecurityContext("", "", AuthRole.ROLE_AP_ADMIN);
 
         final List<LoggingEntry> loggingEntryList = new ArrayList<>();
         LoggingEntry loggingLevelRO1 = new LoggingEntry();
diff --git a/Tomcat/Domibus-MSH-tomcat/src/test/resources/domibus.properties b/Tomcat/Domibus-MSH-tomcat/src/test/resources/domibus.properties
index faf9572f66..7a82f71580 100644
--- a/Tomcat/Domibus-MSH-tomcat/src/test/resources/domibus.properties
+++ b/Tomcat/Domibus-MSH-tomcat/src/test/resources/domibus.properties
@@ -147,6 +147,9 @@ domibus.passwordPolicy.pattern=
 
 domibus.passwordPolicy.defaultUser.autogeneratePassword=false
 
+#Default user password regeneration policy enabled/disabled (by default is disabled).
+domibus.passwordPolicy.defaultUser.reGeneratePassword=false
+
 # ---------------------------------- Security ----------------------------------
 
 #To activate security set this to false
@@ -170,6 +173,14 @@ domibus.passwordPolicy.defaultUser.autogeneratePassword=false
 #The list of protocols to be excluded from CRL list (possible values: http, https, ftp, file, ldap, etc)
 #domibus.certificate.crl.excludedProtocols=
 
+#Complexity rules for all properties passwords
+#Default value requires Minimum length: 16 characters; Maximum length: 32 characters; At least one letter in lowercase; At least one letter in uppercase; At least one digit; At least one special character
+#domibus.properties.passwordPolicy.pattern=^(?=.*[0-9])(?=.*[a-z])(?=.*[A-Z])(?=.*[~`!@#$%^&+=\\-_<>.,?:;*/()|\\[\\]{}'"\\\\]).{16,32}$
+
+#If true will enforce the complexity rules for all properties passwords by stopping Domibus
+#If set to false only warnings are logged
+#domibus.properties.passwordPolicy.enforce=false
+
 # ---------------------------------- Plugin Security ----------------------------------
 
 #Number of plugin users login attempts before the user is deactivated (default 5)
@@ -268,10 +279,13 @@ domibus.jms.connectionFactory.session.cache.size=1
 #Domibus will not accept the message (default is true)
 #domibus.sender.certificate.validation.onreceiving=true
 
-#If activated Domibus will verify before receiving a User Message if the sender's party name is part of the CN in the sender's certificate. If not,
-#Domibus will not accept the message (default is false)
+#If activated Domibus will verify before receiving a User Message when using Push/Pull or a Signal Acknowledgement (NRR) when using Pull, that the sender certificate is valid and not revoked
+# When disabled, none of the other checks are performed on the sender's certificate.
 domibus.sender.trust.validation.onreceiving=false
 
+#If activated Domibus will verify before receiving syncronously a signal message following a push or pull request, that the sender certificate is valid and not revoked
+domibus.sender.trust.validation.signal.sync.onreceiving=false
+
 #Check that the sender certificate subject name contains the message from partyId value.
 domibus.sender.certificate.subject.check=false
 
@@ -289,6 +303,9 @@ domibus.pmode.legconfiguration.mpc.validation.enabled=true
 # If set to false, Domibus fills in the value of the Mpc with the value of the EBMS3 defaultMpc ("http://docs.oasis-open.org/ebxml-msg/ebms/v3.0/ns/core/200704/defaultMPC")
 domibus.pmode.legconfiguration.mpc.enabled=true
 
+#If enabled, detailed diagnostics data will be logged when a message does not match the PMode
+domibus.pmode.legconfiguration.diagnostics.enabled=false
+
 #Accepted Format for action (Default value: ^[^=]*$: all characters but '=' character )
 domibus.pmode.validation.action.pattern=^[^=]*$
 
@@ -554,4 +571,4 @@ domibus.pull.request.send.per.job.cycle.per.mpc.MPC_NAME=1
 
 domibus.ui.pages.messageLogs.interval.default=0.5
 
-domibus.property.backup.history.max=2.5
\ No newline at end of file
+domibus.property.backup.history.max=2.5
diff --git a/Tomcat/Domibus-MSH-tomcat/src/test/resources/plugins/config/ws-plugin.properties b/Tomcat/Domibus-MSH-tomcat/src/test/resources/plugins/config/ws-plugin.properties
index 3f697088bd..c039a10ec5 100644
--- a/Tomcat/Domibus-MSH-tomcat/src/test/resources/plugins/config/ws-plugin.properties
+++ b/Tomcat/Domibus-MSH-tomcat/src/test/resources/plugins/config/ws-plugin.properties
@@ -17,7 +17,7 @@
 #wsplugin.messages.repush.list.max=100
 
 #The notifications sent by Domibus to the plugin. The following values are possible: MESSAGE_RECEIVED,MESSAGE_FRAGMENT_RECEIVED,MESSAGE_SEND_FAILURE,MESSAGE_FRAGMENT_SEND_FAILURE,MESSAGE_RECEIVED_FAILURE,MESSAGE_FRAGMENT_RECEIVED_FAILURE,MESSAGE_SEND_SUCCESS,MESSAGE_FRAGMENT_SEND_SUCCESS,MESSAGE_STATUS_CHANGE,MESSAGE_FRAGMENT_STATUS_CHANGE,MESSAGE_DELETE_BATCH,MESSAGE_DELETED
-#wsplugin.messages.notifications=MESSAGE_RECEIVED,MESSAGE_SEND_FAILURE,MESSAGE_RECEIVED_FAILURE,MESSAGE_SEND_SUCCESS,MESSAGE_STATUS_CHANGE
+#wsplugin.messages.notifications=MESSAGE_RECEIVED,MESSAGE_SEND_FAILURE,MESSAGE_RECEIVED_FAILURE,MESSAGE_SEND_SUCCESS,MESSAGE_STATUS_CHANGE,MESSAGE_DELETE_BATCH,MESSAGE_DELETED
 
 #Timeout values for communication between the ws plugin and the backend service
 #ConnectionTimeOut - Specifies the amount of time, in milliseconds, that the consumer will attempt to establish a connection before it times out. 0 is infinite.
diff --git a/Tomcat/Domibus-MSH-tomcat/src/test/resources/soapUI/AS4-test-guide-soapui-project.xml b/Tomcat/Domibus-MSH-tomcat/src/test/resources/soapUI/AS4-test-guide-soapui-project.xml
index 06c3821811..5ab76071bf 100644
--- a/Tomcat/Domibus-MSH-tomcat/src/test/resources/soapUI/AS4-test-guide-soapui-project.xml
+++ b/Tomcat/Domibus-MSH-tomcat/src/test/resources/soapUI/AS4-test-guide-soapui-project.xml
@@ -1024,11 +1024,6 @@
         <xsd:sequence>
           <xsd:element minOccurs="0" name="UserMessage" type="UserMessage"/>
         </xsd:sequence>
-        <xsd:attribute name="mustUnderstand" type="xsd:boolean" use="optional">
-          <xsd:annotation>
-            <xsd:documentation>Deprecated. Will be removed in Domibus 6.0.</xsd:documentation>
-          </xsd:annotation>
-        </xsd:attribute>
       </xsd:complexType>
       <xsd:simpleType name="ProcessingType">
         <xsd:restriction base="xsd:string">
diff --git a/Tomcat/pom.xml b/Tomcat/pom.xml
index db2a5b270f..893307b26e 100644
--- a/Tomcat/pom.xml
+++ b/Tomcat/pom.xml
@@ -8,7 +8,7 @@
     <parent>
         <groupId>org.niis</groupId>
         <artifactId>harmony</artifactId>
-        <version>2.4.0</version>
+        <version>2.5.0</version>
     </parent>
 
     <artifactId>tomcat</artifactId>
diff --git a/Weblogic/Domibus-MSH-jms-weblogic/pom.xml b/Weblogic/Domibus-MSH-jms-weblogic/pom.xml
index 055d9989d1..37d20d9d4d 100644
--- a/Weblogic/Domibus-MSH-jms-weblogic/pom.xml
+++ b/Weblogic/Domibus-MSH-jms-weblogic/pom.xml
@@ -8,7 +8,7 @@
     <parent>
         <groupId>eu.domibus</groupId>
         <artifactId>weblogic</artifactId>
-        <version>5.1.4</version>
+        <version>5.1.6</version>
     </parent>
     <artifactId>domibus-msh-jms-weblogic</artifactId>
     <packaging>jar</packaging>
diff --git a/Weblogic/Domibus-MSH-taskexecutor-weblogic/pom.xml b/Weblogic/Domibus-MSH-taskexecutor-weblogic/pom.xml
index 462ca48db4..5833ed9e8f 100644
--- a/Weblogic/Domibus-MSH-taskexecutor-weblogic/pom.xml
+++ b/Weblogic/Domibus-MSH-taskexecutor-weblogic/pom.xml
@@ -8,7 +8,7 @@
     <parent>
         <groupId>eu.domibus</groupId>
         <artifactId>weblogic</artifactId>
-        <version>5.1.4</version>
+        <version>5.1.6</version>
     </parent>
     <artifactId>domibus-msh-taskexecutor-weblogic</artifactId>
     <packaging>jar</packaging>
diff --git a/Weblogic/Domibus-MSH-weblogic-common/pom.xml b/Weblogic/Domibus-MSH-weblogic-common/pom.xml
index a5dbeecfb9..87db9b0b4e 100644
--- a/Weblogic/Domibus-MSH-weblogic-common/pom.xml
+++ b/Weblogic/Domibus-MSH-weblogic-common/pom.xml
@@ -6,7 +6,7 @@
     <parent>
         <groupId>eu.domibus</groupId>
         <artifactId>weblogic</artifactId>
-        <version>5.1.4</version>
+        <version>5.1.6</version>
     </parent>
 
     <artifactId>domibus-MSH-weblogic-common</artifactId>
diff --git a/Weblogic/Domibus-MSH-weblogic-common/src/main/conf/scripts/WeblogicCluster.properties b/Weblogic/Domibus-MSH-weblogic-common/src/main/conf/scripts/WeblogicCluster.properties
index 9bdc4bfb42..190dc86567 100644
--- a/Weblogic/Domibus-MSH-weblogic-common/src/main/conf/scripts/WeblogicCluster.properties
+++ b/Weblogic/Domibus-MSH-weblogic-common/src/main/conf/scripts/WeblogicCluster.properties
@@ -452,6 +452,7 @@ jms.subdeployment.items = 1
 jdbc.datasource.0.name=eDeliveryDs
 jdbc.datasource.0.targets=${application.module.target}
 jdbc.datasource.0.jndi.name=jdbc/cipaeDeliveryDs
+jdbc.datasource.0.transaction.protocol=None
 jdbc.datasource.0.pool.capacity.max=50
 jdbc.datasource.0.pool.connection.test.onreserv.enable=true
 jdbc.datasource.0.pool.connection.test.onreserv.sql=SQL SELECT 1 FROM DUAL
diff --git a/Weblogic/Domibus-MSH-weblogic-common/src/main/conf/scripts/WeblogicSingleServer.properties b/Weblogic/Domibus-MSH-weblogic-common/src/main/conf/scripts/WeblogicSingleServer.properties
index 62c4bd18da..e5cf106478 100644
--- a/Weblogic/Domibus-MSH-weblogic-common/src/main/conf/scripts/WeblogicSingleServer.properties
+++ b/Weblogic/Domibus-MSH-weblogic-common/src/main/conf/scripts/WeblogicSingleServer.properties
@@ -453,6 +453,7 @@ jms.subdeployment.items = 1
 jdbc.datasource.0.name=eDeliveryDs
 jdbc.datasource.0.targets=${application.module.target}
 jdbc.datasource.0.jndi.name=jdbc/cipaeDeliveryDs
+jdbc.datasource.0.transaction.protocol=None
 jdbc.datasource.0.pool.capacity.max=50
 jdbc.datasource.0.pool.connection.test.onreserv.enable=true
 jdbc.datasource.0.pool.connection.test.onreserv.sql=SQL SELECT 1 FROM DUAL
diff --git a/Weblogic/Domibus-MSH-weblogic-common/src/main/conf/scripts/upgrades/5.1.4-to-5.1.5-WeblogicCluster.properties b/Weblogic/Domibus-MSH-weblogic-common/src/main/conf/scripts/upgrades/5.1.4-to-5.1.5-WeblogicCluster.properties
new file mode 100644
index 0000000000..4d3f0c9c6b
--- /dev/null
+++ b/Weblogic/Domibus-MSH-weblogic-common/src/main/conf/scripts/upgrades/5.1.4-to-5.1.5-WeblogicCluster.properties
@@ -0,0 +1,68 @@
+script.log.level = DEBUG
+script.log.file = remove_jdbc.log
+
+# Connection properties
+domain.loading.type = connect
+# Specify the connect url for the domain
+# Ex: domain.connect.url = t3://158.167.29.63:7001
+domain.connect.url =
+# Specify the username for the connection
+# Ex: domain.connect.username = weblogic
+domain.connect.username =
+# Specify the password for the connection
+# Ex: domain.connect.password = weblogic
+domain.connect.password =
+# Domain name
+# Ex: domain.name = myDomain
+domain.name =
+# Location of the domain
+# This variable contains the parent folder of the domain
+# Ex: domain.location = /foo/bar (Unix) C:/foo/bar (Windows)
+domain.location =
+
+################################
+#Domibus application module target
+application.module.target=EDELIVERY_cluster
+
+#Domibus database url
+jdbc.datasource.driver.url=
+#Domibus database user name
+jdbc.datasource.driver.username=
+#Domibus database user password
+jdbc.datasource.driver.password=
+
+############################################################
+## JDBC datasource Server [eDeliveryDs]
+############################################################
+# Oracle configuration
+jdbc.datasource.0.name=eDeliveryDs
+jdbc.datasource.0.targets=${application.module.target}
+jdbc.datasource.0.jndi.name=jdbc/cipaeDeliveryDs
+jdbc.datasource.0.transaction.protocol=None
+jdbc.datasource.0.pool.capacity.max=50
+jdbc.datasource.0.pool.connection.test.onreserv.enable=true
+jdbc.datasource.0.pool.connection.test.onreserv.sql=SQL SELECT 1 FROM DUAL
+jdbc.datasource.0.driver.name=oracle.jdbc.driver.OracleDriver
+jdbc.datasource.0.driver.url=${jdbc.datasource.driver.url}
+jdbc.datasource.0.driver.password=${jdbc.datasource.driver.password}
+jdbc.datasource.0.driver.username=${jdbc.datasource.driver.username}
+jdbc.datasource.0.driver.properties.items=0
+
+# MySQL configuration
+#jdbc.datasource.0.name=eDeliveryDs
+#jdbc.datasource.0.targets=${application.module.target}
+#jdbc.datasource.0.jndi.name=jdbc/cipaeDeliveryDs
+#jdbc.datasource.0.pool.capacity.max=50
+#jdbc.datasource.0.transaction.protocol=None
+#jdbc.datasource.0.pool.connection.test.onreserv.enable=true
+#jdbc.datasource.0.pool.connection.test.onreserv.sql=SQL SELECT 1
+#jdbc.datasource.0.driver.name=com.mysql.cj.jdbc.Driver
+#jdbc.datasource.0.driver.url=${jdbc.datasource.driver.url}
+#jdbc.datasource.0.driver.password=${jdbc.datasource.driver.password}
+#jdbc.datasource.0.driver.username=${jdbc.datasource.driver.username}
+#jdbc.datasource.0.driver.properties.items=0
+
+############################################################
+## JDBC datasource index
+############################################################
+jdbc.datasource.items = 2
\ No newline at end of file
diff --git a/Weblogic/Domibus-MSH-weblogic-common/src/main/conf/scripts/upgrades/5.1.4-to-5.1.5-WeblogicRemoveJDBCDatasource.properties b/Weblogic/Domibus-MSH-weblogic-common/src/main/conf/scripts/upgrades/5.1.4-to-5.1.5-WeblogicRemoveJDBCDatasource.properties
new file mode 100644
index 0000000000..a7cb3b1ebe
--- /dev/null
+++ b/Weblogic/Domibus-MSH-weblogic-common/src/main/conf/scripts/upgrades/5.1.4-to-5.1.5-WeblogicRemoveJDBCDatasource.properties
@@ -0,0 +1,24 @@
+script.log.level = DEBUG
+script.log.file = remove_jdbc.log
+
+################################
+# Connection properties
+domain.loading.type = connect
+
+# Specify the connect url for the domain
+# Ex: domain.connect.url = t3://158.167.29.63:7001
+domain.connect.url =
+
+# Specify the username for the connection
+# Ex: domain.connect.username = weblogic
+domain.connect.username =
+
+# Specify the password for the connection
+# Ex: domain.connect.password = weblogic
+domain.connect.password =
+
+################################
+# Remove JDBC datasources
+################################
+remove.jdbc.resource.list = eDeliveryDs
+
diff --git a/Weblogic/Domibus-MSH-weblogic-common/src/main/conf/scripts/upgrades/5.1.4-to-5.1.5-WeblogicSingleServer.properties b/Weblogic/Domibus-MSH-weblogic-common/src/main/conf/scripts/upgrades/5.1.4-to-5.1.5-WeblogicSingleServer.properties
new file mode 100644
index 0000000000..cc14f0cca2
--- /dev/null
+++ b/Weblogic/Domibus-MSH-weblogic-common/src/main/conf/scripts/upgrades/5.1.4-to-5.1.5-WeblogicSingleServer.properties
@@ -0,0 +1,61 @@
+script.log.level = DEBUG
+script.log.file = remove_jdbc.log
+
+# Connection properties
+domain.loading.type = connect
+# Specify the connect url for the domain
+# Ex: domain.connect.url = t3://158.167.29.63:7001
+domain.connect.url =
+# Specify the username for the connection
+# Ex: domain.connect.username = weblogic
+domain.connect.username =
+# Specify the password for the connection
+# Ex: domain.connect.password = weblogic
+domain.connect.password =
+
+################################
+#Domibus application module target
+application.module.target=AdminServer
+
+#Domibus database url
+jdbc.datasource.driver.url=
+#Domibus database user name
+jdbc.datasource.driver.username=
+#Domibus database user password
+jdbc.datasource.driver.password=
+
+############################################################
+## JDBC datasource Server [eDeliveryDs]
+############################################################
+# Oracle configuration
+jdbc.datasource.0.name=eDeliveryDs
+jdbc.datasource.0.targets=${application.module.target}
+jdbc.datasource.0.jndi.name=jdbc/cipaeDeliveryDs
+jdbc.datasource.0.transaction.protocol=None
+jdbc.datasource.0.pool.capacity.max=50
+jdbc.datasource.0.pool.connection.test.onreserv.enable=true
+jdbc.datasource.0.pool.connection.test.onreserv.sql=SQL SELECT 1 FROM DUAL
+jdbc.datasource.0.driver.name=oracle.jdbc.driver.OracleDriver
+jdbc.datasource.0.driver.url=${jdbc.datasource.driver.url}
+jdbc.datasource.0.driver.password=${jdbc.datasource.driver.password}
+jdbc.datasource.0.driver.username=${jdbc.datasource.driver.username}
+jdbc.datasource.0.driver.properties.items=0
+
+# MySQL configuration
+#jdbc.datasource.0.name=eDeliveryDs
+#jdbc.datasource.0.targets=${application.module.target}
+#jdbc.datasource.0.jndi.name=jdbc/cipaeDeliveryDs
+#jdbc.datasource.0.pool.capacity.max=50
+#jdbc.datasource.0.transaction.protocol=None
+#jdbc.datasource.0.pool.connection.test.onreserv.enable=true
+#jdbc.datasource.0.pool.connection.test.onreserv.sql=SQL SELECT 1
+#jdbc.datasource.0.driver.name=com.mysql.cj.jdbc.Driver
+#jdbc.datasource.0.driver.url=${jdbc.datasource.driver.url}
+#jdbc.datasource.0.driver.password=${jdbc.datasource.driver.password}
+#jdbc.datasource.0.driver.username=${jdbc.datasource.driver.username}
+#jdbc.datasource.0.driver.properties.items=0
+
+############################################################
+## JDBC datasource index
+############################################################
+jdbc.datasource.items = 2
\ No newline at end of file
diff --git a/Weblogic/Domibus-MSH-weblogic-eu-login/pom.xml b/Weblogic/Domibus-MSH-weblogic-eu-login/pom.xml
index aeca0c7bf6..c14c90c58f 100644
--- a/Weblogic/Domibus-MSH-weblogic-eu-login/pom.xml
+++ b/Weblogic/Domibus-MSH-weblogic-eu-login/pom.xml
@@ -6,7 +6,7 @@
     <parent>
         <groupId>eu.domibus</groupId>
         <artifactId>weblogic</artifactId>
-        <version>5.1.4</version>
+        <version>5.1.6</version>
     </parent>
 
     <artifactId>domibus-MSH-weblogic-eu-login</artifactId>
diff --git a/Weblogic/Domibus-MSH-weblogic-eu-login/src/main/conf/domibus/domibus.properties b/Weblogic/Domibus-MSH-weblogic-eu-login/src/main/conf/domibus/domibus.properties
index 1f5bb5c580..21c7427ae1 100644
--- a/Weblogic/Domibus-MSH-weblogic-eu-login/src/main/conf/domibus/domibus.properties
+++ b/Weblogic/Domibus-MSH-weblogic-eu-login/src/main/conf/domibus/domibus.properties
@@ -178,6 +178,9 @@ domibus.entityManagerFactory.jpaProperty.hibernate.dialect=org.hibernate.dialect
 #The location where the encrypted key is stored
 #domibus.password.encryption.key.location=${domibus.config.location}/internal/encrypt
 
+#Password can be viewed if true;
+#domibus.properties.password.view.allow=true
+
 #To activate security set this to false
 #domibus.auth.unsecureLoginAllowed=true
 
@@ -209,6 +212,14 @@ domibus.entityManagerFactory.jpaProperty.hibernate.dialect=org.hibernate.dialect
 #Enable caching of CRLs by certificate. Note that, while a CRL is cached, any certificates that were revoked since it was cached would still be accepted
 #domibus.certificate.crlByCert.cache.enabled=true
 
+#Complexity rules for all properties passwords
+#Default value requires Minimum length: 16 characters; Maximum length: 32 characters; At least one letter in lowercase; At least one letter in uppercase; At least one digit; At least one special character
+#domibus.properties.passwordPolicy.pattern=^(?=.*[0-9])(?=.*[a-z])(?=.*[A-Z])(?=.*[~`!@#$%^&+=\\-_<>.,?:;*/()|\\[\\]{}'"\\\\]).{16,32}$
+
+#If true will enforce the complexity rules for all properties passwords by stopping Domibus
+#If set to false only warnings are logged
+#domibus.properties.passwordPolicy.enforce=false
+
 # ---------------------------------- Extensions ----------------------------------
 
 #Name of the authentication extension used to verify the chain trust. Default is CXF
@@ -256,6 +267,9 @@ domibus.entityManagerFactory.jpaProperty.hibernate.dialect=org.hibernate.dialect
 #Default user password generation policy enabled/disabled (by default is enabled)
 #domibus.passwordPolicy.defaultUser.autogeneratePassword=true
 
+#Default user password regeneration policy enabled/disabled (by default is disabled).
+#domibus.passwordPolicy.defaultUser.reGeneratePassword=false
+
 #Cron expression that specifies the frequency of the password expiration check
 #domibus.passwordPolicies.check.cron=0 0 0/1 * * ?
 
@@ -322,6 +336,9 @@ domibus.message.resend.cron = 0 0/1 * * * ?
 #Activates the plugin notification of Test messages
 #domibus.message.test.notification=false
 
+#If enabled, diagnostics data will be logged when a message submission fails
+#domibus.message.submission.diagnostics.enabled=false
+
 # ---------------------------------- Retry -------------------------------------
 
 #Retry Worker execution interval as a cron expression
@@ -449,10 +466,13 @@ domibus.message.resend.cron = 0 0/1 * * * ?
 #not valid or it has been revoked Domibus will not accept the message (default is true)
 #domibus.sender.certificate.validation.onreceiving=true
 
-#If activated Domibus will verify before receiving a message, the validity and authorization on the sender's certificate. When disabled,
-#none of the other checks are performed on the sender's certificate.
+#If activated Domibus will verify before receiving a User Message when using Push/Pull or a Signal Acknowledgement (NRR) when using Pull, that the sender certificate is valid and not revoked
+# When disabled, none of the other checks are performed on the sender's certificate.
 #domibus.sender.trust.validation.onreceiving=true
 
+#If activated Domibus will verify before receiving syncronously a signal message following a push or pull request, that the sender certificate is valid and not revoked
+#domibus.sender.trust.validation.signal.sync.onreceiving=true
+
 #When this property is not empty Domibus will verify before receiving a message(using static or dynamic discovery), that the subject of the sender's certificate matches the regular expression.
 #domibus.sender.trust.validation.expression=
 
@@ -494,6 +514,9 @@ domibus.sendMessage.messageIdPattern=^(?!.*[=])[\\x20-\\x7E]*$
 # If set to false, Domibus fills in the value of the Mpc with the value of the EBMS3 defaultMpc ("http://docs.oasis-open.org/ebxml-msg/ebms/v3.0/ns/core/200704/defaultMPC")
 #domibus.pmode.legconfiguration.mpc.enabled=true
 
+#If enabled, detailed diagnostics data will be logged when a message does not match the PMode
+#domibus.pmode.legconfiguration.diagnostics.enabled=false
+
 #Accepted Format for action (Default value: ^[^=]*$: all characters but '=' character )
 #domibus.pmode.validation.action.pattern=^[^=]*$
 
@@ -593,8 +616,8 @@ domibus.sendMessage.messageIdPattern=^(?!.*[=])[\\x20-\\x7E]*$
 #Cron expression used for configuring the partition worker scheduling. The partition worker verifies if partitions were properly created in advance
 #domibus.partitions.worker.cron=0 9 * * * ?
 
-#Number of days to check if partitions were successfully created in advance. Defaults to 7 days.
-#domibus.partitions.creation.days_to_check=7
+#Maximum number of expired partitions to be dropped by the retention worker in one run. Defaults to 10 partitions.
+#domibus.partitions.drop.max_partitions=10
 
 #When set to true, before dropping a partition, verifies if all messages on that partition were previously archived.
 #This check is a guard rail for dropping partitions when the eArchiving mechanism is disabled. Default is true.
@@ -734,41 +757,6 @@ domibus.sendMessage.messageIdPattern=^(?!.*[=])[\\x20-\\x7E]*$
 #Body of the email alerts that report the messages in a non-final state that are not processed anymore
 #domibus.ongoingMessagesSanitizing.alert.email.body=There are messages currently in ongoing statuses that are not processed anymore. Here is the list of IDs and statuses of these messages: [{messages}].
 
-# ---------------------------------- Alert management:Authentication module -----------------
-
-#Enable/disable the login failure alert of the authentication module.
-#domibus.alert.user.login_failure.active=true
-
-#Alert level for login failure.
-#domibus.alert.user.login_failure.level=LOW
-
-#Login failure mail subject.
-#domibus.alert.user.login_failure.mail.subject=Login failure
-
-#Enable/disable the account disable alert of the authentication module.
-#domibus.alert.user.account_disabled.active=true
-
-#Alert level for account disabled. Used in the email to be sent. Values: {LOW, MEDIUM, HIGH}
-#domibus.alert.user.account_disabled.level=HIGH
-
-#When should the account disabled alert be triggered.
-# 2 possible values:
-# AT_LOGON: An alert will be triggered each time a user tries to login to a disabled account.
-# WHEN_BLOCKED: An alert will be triggered once when the account got disabled.
-#domibus.alert.user.account_disabled.moment=WHEN_BLOCKED
-
-#Account disabled mail subject.
-#domibus.alert.user.account_disabled.subject=Account disabled
-
-#Enable/disable the account enabled alert of the authentication module.
-#domibus.alert.user.account_enabled.active=false
-
-#Alert level for account enabled. Used in the email to be sent. Values: {LOW, MEDIUM, HIGH}
-#domibus.alert.user.account_enabled.level=MEDIUM
-
-#Account enabled mail subject.
-#domibus.alert.user.account_enabled.subject=Account enabled
-
 # ---------------------------------- Alert management:Certificate scanner -----------------
 
 #Enable/disable the imminent certificate expiration alert of certificate scanner module.
diff --git a/Weblogic/Domibus-MSH-weblogic-eu-login/src/main/java/eu/domibus/weblogic/security/ECASSecurityConfiguration.java b/Weblogic/Domibus-MSH-weblogic-eu-login/src/main/java/eu/domibus/weblogic/security/ECASSecurityConfiguration.java
index 971027979b..0814383fda 100644
--- a/Weblogic/Domibus-MSH-weblogic-eu-login/src/main/java/eu/domibus/weblogic/security/ECASSecurityConfiguration.java
+++ b/Weblogic/Domibus-MSH-weblogic-eu-login/src/main/java/eu/domibus/weblogic/security/ECASSecurityConfiguration.java
@@ -7,6 +7,7 @@
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Conditional;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.http.HttpMethod;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
@@ -52,8 +53,8 @@ public void configureHttpSecurity(HttpSecurity http) throws Exception {
                 .and()
                 .sessionManagement().sessionFixation().none()
                 .and()
-                .authorizeRequests()
-                .antMatchers( "/rest/security/user/domain").authenticated();
+                // in EuLogin version, any user can change the current domain
+                .authorizeRequests().antMatchers(HttpMethod.PUT, "/rest/security/user/domain").authenticated();
 
     }
 
diff --git a/Weblogic/Domibus-MSH-weblogic-eu-login/src/main/java/eu/domibus/weblogic/security/ECASUserDetailsService.java b/Weblogic/Domibus-MSH-weblogic-eu-login/src/main/java/eu/domibus/weblogic/security/ECASUserDetailsService.java
index 6aa6026a81..075cd49d4c 100644
--- a/Weblogic/Domibus-MSH-weblogic-eu-login/src/main/java/eu/domibus/weblogic/security/ECASUserDetailsService.java
+++ b/Weblogic/Domibus-MSH-weblogic-eu-login/src/main/java/eu/domibus/weblogic/security/ECASUserDetailsService.java
@@ -106,7 +106,7 @@ public DomibusUserDetails loadUserByUsername(String username) throws UsernameNot
      * @throws IllegalAccessException
      */
     protected DomibusUserDetails createUserDetails(final String username) throws InvocationTargetException, NoSuchMethodException, ClassNotFoundException, IllegalAccessException {
-        LOG.debug("createUserDetails - start");
+        LOG.debug("createUserDetails for username: {} - start", username);
         List<AuthRole> authRoles = new LinkedList<>();
         Set<String> domainCodesFromLDAP = new HashSet<>();
 
@@ -120,7 +120,7 @@ protected DomibusUserDetails createUserDetails(final String username) throws Inv
         for (Principal principal : getPrincipals()) {
             LOG.debug("createUserDetails - principal name: {} and class: {}", principal.getName(), principal.getClass().getName());
             if (isUserGroupPrincipal(principal)) {
-                LOG.debug("Found a user group principal: {}", principal);
+                LOG.debug("Found a userGroup principal: {}", principal);
                 final String principalName = principal.getName();
 
                 //only Domibus mapped ldap groups
@@ -128,15 +128,17 @@ protected DomibusUserDetails createUserDetails(final String username) throws Inv
                     //search for user roles
                     if (userRoleMappings.get(principalName) != null) {
                         authRoles.add(userRoleMappings.get(principalName));
-                        LOG.debug("createUserDetails - userGroup added: {}", userRoleMappings.get(principalName));
+                        LOG.debug("createUserDetails - authority added: {}", userRoleMappings.get(principalName));
                     } else if (domainMappings.get(principalName) != null) {
                         domainCodesFromLDAP.add(domainMappings.get(principalName));
                         LOG.debug("createUserDetails - domain added: {}", domainCodesFromLDAP);
+                    } else {
+                        LOG.debug("createUserDetails - userGroup ignored: {}", principalName);
                     }
                 }
             } else {
-                LOG.debug("createUserDetails - user group is not principal");
-                if (isUserPrincipal(principal) && !username.equals(principal.getName())) {
+                LOG.debug("Principal {} is not a userGroup", principal);
+                if (isUserPrincipal(principal) && !StringUtils.equals(username, principal.getName())) {
                     LOG.error("Username {} does not match Principal {}", username, principal.getName());
                     throw new AccessDeniedException(
                             String.format("The provided username and the principal name do not match. username = %s, principal = %s", username, principal.getName()));
@@ -160,7 +162,7 @@ protected DomibusUserDetails createUserDetails(final String username) throws Inv
         domainContextProvider.clearCurrentDomain();
         domainContextProvider.setCurrentDomainWithValidation(domainCode);
 
-        LOG.debug("createUserDetails - end");
+        LOG.debug("createUserDetails for username: {} - end", username);
         return domibusUserDetails;
     }
 
@@ -240,7 +242,7 @@ private String getDomainCode(Domain domain) {
     }
 
     private boolean hasSuperAdminUserPrivilege(GrantedAuthority grantedAuthority) {
-        return StringUtils.equals(grantedAuthority.getAuthority(), AuthRole.ROLE_AP_ADMIN.name());
+        return grantedAuthority != null && StringUtils.equals(grantedAuthority.getAuthority(), AuthRole.ROLE_AP_ADMIN.name());
     }
 
     protected boolean isWeblogicSecurity() {
@@ -264,12 +266,12 @@ protected Set<Principal> getPrincipals()
     }
 
     private boolean isUserPrincipal(Principal principal) throws ClassNotFoundException {
-        LOG.debug("isUserPrincipal class={}", principal.getClass().getName());
+        LOG.trace("isUserPrincipal class={}", principal.getClass().getName());
         return Class.forName(ECAS_USER).isInstance(principal);
     }
 
     protected boolean isUserGroupPrincipal(Principal principal) throws ClassNotFoundException {
-        LOG.debug("isUserGroupPrincipal class={}", principal.getClass().getName());
+        LOG.trace("isUserGroupPrincipal class={}", principal.getClass().getName());
         return Class.forName(ECAS_GROUP).isInstance(principal);
     }
 
diff --git a/Weblogic/Domibus-MSH-weblogic/pom.xml b/Weblogic/Domibus-MSH-weblogic/pom.xml
index 481dfd8056..8fd0f98117 100644
--- a/Weblogic/Domibus-MSH-weblogic/pom.xml
+++ b/Weblogic/Domibus-MSH-weblogic/pom.xml
@@ -6,7 +6,7 @@
     <parent>
         <groupId>eu.domibus</groupId>
         <artifactId>weblogic</artifactId>
-        <version>5.1.4</version>
+        <version>5.1.6</version>
     </parent>
 
     <artifactId>domibus-MSH-weblogic</artifactId>
diff --git a/Weblogic/Domibus-MSH-weblogic/src/main/conf/domibus/domibus.properties b/Weblogic/Domibus-MSH-weblogic/src/main/conf/domibus/domibus.properties
index 915e12ed38..7338302ace 100644
--- a/Weblogic/Domibus-MSH-weblogic/src/main/conf/domibus/domibus.properties
+++ b/Weblogic/Domibus-MSH-weblogic/src/main/conf/domibus/domibus.properties
@@ -178,6 +178,9 @@ domibus.entityManagerFactory.jpaProperty.hibernate.dialect=org.hibernate.dialect
 #The location where the encrypted key is stored
 #domibus.password.encryption.key.location=${domibus.config.location}/internal/encrypt
 
+#Password can be viewed if true;
+#domibus.properties.password.view.allow=true
+
 #To activate security set this to false
 #domibus.auth.unsecureLoginAllowed=true
 
@@ -212,6 +215,14 @@ domibus.entityManagerFactory.jpaProperty.hibernate.dialect=org.hibernate.dialect
 #Position of the Bouncy Castle in the security providers list; Performance will decrease if the Bouncy Castle provider is moved downward in the list; We make sure that the Sun security provider remains at a higher preference (i.e. index 2) on Weblogic
 #domibus.security.provider.bouncyCastle.position=3
 
+#Complexity rules for all properties passwords
+#Default value requires Minimum length: 16 characters; Maximum length: 32 characters; At least one letter in lowercase; At least one letter in uppercase; At least one digit; At least one special character
+#domibus.properties.passwordPolicy.pattern=^(?=.*[0-9])(?=.*[a-z])(?=.*[A-Z])(?=.*[~`!@#$%^&+=\\-_<>.,?:;*/()|\\[\\]{}'"\\\\]).{16,32}$
+
+#If true will enforce the complexity rules for all properties passwords by stopping Domibus
+#If set to false only warnings are logged
+#domibus.properties.passwordPolicy.enforce=false
+
 # ---------------------------------- Extensions ----------------------------------
 
 #Name of the authentication extension used to verify the chain trust. Default is CXF
@@ -259,6 +270,9 @@ domibus.entityManagerFactory.jpaProperty.hibernate.dialect=org.hibernate.dialect
 #Default user password generation policy enabled/disabled (by default is enabled)
 #domibus.passwordPolicy.defaultUser.autogeneratePassword=true
 
+#Default user password regeneration policy enabled/disabled (by default is disabled).
+#domibus.passwordPolicy.defaultUser.reGeneratePassword=false
+
 #Cron expression that specifies the frequency of the password expiration check
 #domibus.passwordPolicies.check.cron=0 0 0/1 * * ?
 
@@ -325,6 +339,9 @@ domibus.message.resend.cron = 0 0/1 * * * ?
 #Activates the plugin notification of Test messages
 #domibus.message.test.notification=false
 
+#If enabled, diagnostics data will be logged when a message submission fails
+#domibus.message.submission.diagnostics.enabled=false
+
 # ---------------------------------- Retry -------------------------------------
 
 #Retry Worker execution interval as a cron expression
@@ -449,10 +466,13 @@ domibus.message.resend.cron = 0 0/1 * * * ?
 #not valid or it has been revoked Domibus will not accept the message (default is true)
 #domibus.sender.certificate.validation.onreceiving=true
 
-#If activated Domibus will verify before receiving a message, the validity and authorization on the sender's certificate. When disabled,
-#none of the other checks are performed on the sender's certificate.
+#If activated Domibus will verify before receiving a User Message when using Push/Pull or a Signal Acknowledgement (NRR) when using Pull, that the sender certificate is valid and not revoked
+# When disabled, none of the other checks are performed on the sender's certificate.
 #domibus.sender.trust.validation.onreceiving=true
 
+#If activated Domibus will verify before receiving syncronously a signal message following a push or pull request, that the sender certificate is valid and not revoked
+#domibus.sender.trust.validation.signal.sync.onreceiving=true
+
 #When this property is not empty Domibus will verify before receiving a message(using static or dynamic discovery), that the subject of the sender's certificate matches the regular expression.
 #domibus.sender.trust.validation.expression=
 
@@ -494,6 +514,9 @@ domibus.sendMessage.messageIdPattern=^(?!.*[=])[\\x20-\\x7E]*$
 # If set to false, Domibus fills in the value of the Mpc with the value of the EBMS3 defaultMpc ("http://docs.oasis-open.org/ebxml-msg/ebms/v3.0/ns/core/200704/defaultMPC")
 #domibus.pmode.legconfiguration.mpc.enabled=true
 
+#If enabled, detailed diagnostics data will be logged when a message does not match the PMode
+#domibus.pmode.legconfiguration.diagnostics.enabled=false
+
 #Accepted Format for action (Default value: ^[^=]*$: all characters but '=' character )
 #domibus.pmode.validation.action.pattern=^[^=]*$
 
@@ -593,8 +616,8 @@ domibus.sendMessage.messageIdPattern=^(?!.*[=])[\\x20-\\x7E]*$
 #Cron expression used for configuring the partition worker scheduling. The partition worker verifies if partitions were properly created in advance
 #domibus.partitions.worker.cron=0 9 * * * ?
 
-#Number of days to check if partitions were successfully created in advance. Defaults to 7 days.
-#domibus.partitions.creation.days_to_check=7
+#Maximum number of expired partitions to be dropped by the retention worker in one run. Defaults to 10 partitions.
+#domibus.partitions.drop.max_partitions=10
 
 #When set to true, before dropping a partition, verifies if all messages on that partition were previously archived.
 #This check is a guard rail for dropping partitions when the eArchiving mechanism is disabled. Default is true.
diff --git a/Weblogic/pom.xml b/Weblogic/pom.xml
index 576feada3d..13ed5f1407 100644
--- a/Weblogic/pom.xml
+++ b/Weblogic/pom.xml
@@ -8,7 +8,7 @@
     <parent>
         <groupId>eu.domibus</groupId>
         <artifactId>domibus</artifactId>
-        <version>5.1.4</version>
+        <version>5.1.6</version>
     </parent>
 
     <artifactId>weblogic</artifactId>
diff --git a/Wildfly/Domibus-MSH-jms-wildfly-artemis/pom.xml b/Wildfly/Domibus-MSH-jms-wildfly-artemis/pom.xml
index 3001e562b2..ca5cacd554 100644
--- a/Wildfly/Domibus-MSH-jms-wildfly-artemis/pom.xml
+++ b/Wildfly/Domibus-MSH-jms-wildfly-artemis/pom.xml
@@ -11,7 +11,7 @@
     <parent>
         <groupId>eu.domibus</groupId>
         <artifactId>wildfly</artifactId>
-        <version>5.1.4</version>
+        <version>5.1.6</version>
     </parent>
     <artifactId>domibus-msh-jms-wildfly-artemis</artifactId>
     <packaging>jar</packaging>
diff --git a/Wildfly/Domibus-MSH-taskexecutor-wildfly/pom.xml b/Wildfly/Domibus-MSH-taskexecutor-wildfly/pom.xml
index d6ae77f552..ba64349cfc 100644
--- a/Wildfly/Domibus-MSH-taskexecutor-wildfly/pom.xml
+++ b/Wildfly/Domibus-MSH-taskexecutor-wildfly/pom.xml
@@ -8,7 +8,7 @@
     <parent>
         <groupId>eu.domibus</groupId>
         <artifactId>wildfly</artifactId>
-        <version>5.1.4</version>
+        <version>5.1.6</version>
     </parent>
     <artifactId>domibus-msh-taskexecutor-wildfly</artifactId>
     <packaging>jar</packaging>
diff --git a/Wildfly/Domibus-MSH-wildfly/pom.xml b/Wildfly/Domibus-MSH-wildfly/pom.xml
index aa84ce9406..817b07802a 100644
--- a/Wildfly/Domibus-MSH-wildfly/pom.xml
+++ b/Wildfly/Domibus-MSH-wildfly/pom.xml
@@ -6,7 +6,7 @@
     <parent>
         <groupId>eu.domibus</groupId>
         <artifactId>wildfly</artifactId>
-        <version>5.1.4</version>
+        <version>5.1.6</version>
     </parent>
 
     <artifactId>domibus-MSH-wildfly</artifactId>
diff --git a/Wildfly/Domibus-MSH-wildfly/src/main/conf/domibus/domibus.properties b/Wildfly/Domibus-MSH-wildfly/src/main/conf/domibus/domibus.properties
index ac59f25f77..2ddeeef4cd 100644
--- a/Wildfly/Domibus-MSH-wildfly/src/main/conf/domibus/domibus.properties
+++ b/Wildfly/Domibus-MSH-wildfly/src/main/conf/domibus/domibus.properties
@@ -178,6 +178,9 @@ domibus.entityManagerFactory.jpaProperty.hibernate.id.new_generator_mappings=fal
 #The location where the encrypted key is stored
 #domibus.password.encryption.key.location=${domibus.config.location}/internal/encrypt
 
+#Password can be viewed if true;
+#domibus.properties.password.view.allow=true
+
 #To activate security set this to false
 #domibus.auth.unsecureLoginAllowed=true
 
@@ -212,6 +215,14 @@ domibus.entityManagerFactory.jpaProperty.hibernate.id.new_generator_mappings=fal
 #Position of the Bouncy Castle in the security providers list; Performance will decrease if the Bouncy Castle provider is moved downward in the list
 #domibus.security.provider.bouncyCastle.position=1
 
+#Complexity rules for all properties passwords
+#Default value requires Minimum length: 16 characters; Maximum length: 32 characters; At least one letter in lowercase; At least one letter in uppercase; At least one digit; At least one special character
+#domibus.properties.passwordPolicy.pattern=^(?=.*[0-9])(?=.*[a-z])(?=.*[A-Z])(?=.*[~`!@#$%^&+=\\-_<>.,?:;*/()|\\[\\]{}'"\\\\]).{16,32}$
+
+#If true will enforce the complexity rules for all properties passwords by stopping Domibus
+#If set to false only warnings are logged
+#domibus.properties.passwordPolicy.enforce=false
+
 # ---------------------------------- Extensions ----------------------------------
 
 #Name of the authentication extension used to verify the chain trust. Default is CXF
@@ -259,6 +270,9 @@ domibus.entityManagerFactory.jpaProperty.hibernate.id.new_generator_mappings=fal
 #Default user password generation policy enabled/disabled (by default is enabled)
 #domibus.passwordPolicy.defaultUser.autogeneratePassword=true
 
+#Default user password regeneration policy enabled/disabled (by default is disabled).
+#domibus.passwordPolicy.defaultUser.reGeneratePassword=false
+
 #Cron expression that specifies the frequency of the password expiration check
 #domibus.passwordPolicies.check.cron=0 0 0/1 * * ?
 
@@ -324,6 +338,9 @@ domibus.entityManagerFactory.jpaProperty.hibernate.id.new_generator_mappings=fal
 #Activates the plugin notification of Test messages
 #domibus.message.test.notification=false
 
+#If enabled, diagnostics data will be logged when a message submission fails
+#domibus.message.submission.diagnostics.enabled=false
+
 # ---------------------------------- Retry -------------------------------------
 
 #Retry Worker execution interval as a cron expression
@@ -445,10 +462,13 @@ domibus.entityManagerFactory.jpaProperty.hibernate.id.new_generator_mappings=fal
 #not valid or it has been revoked Domibus will not accept the message (default is true)
 #domibus.sender.certificate.validation.onreceiving=true
 
-#If activated Domibus will verify before receiving a message, the validity and authorization on the sender's certificate. When disabled,
-#none of the other checks are performed on the sender's certificate.
+#If activated Domibus will verify before receiving a User Message when using Push/Pull or a Signal Acknowledgement (NRR) when using Pull, that the sender certificate is valid and not revoked
+# When disabled, none of the other checks are performed on the sender's certificate.
 #domibus.sender.trust.validation.onreceiving=true
 
+#If activated Domibus will verify before receiving syncronously a signal message following a push or pull request, that the sender certificate is valid and not revoked
+#domibus.sender.trust.validation.signal.sync.onreceiving=true
+
 #When this property is not empty Domibus will verify before receiving a message(using static or dynamic discovery), that the subject of the sender's certificate matches the regular expression.
 #domibus.sender.trust.validation.expression=
 
@@ -490,6 +510,9 @@ domibus.sendMessage.messageIdPattern=^(?!.*[=])[\\x20-\\x7E]*$
 # If set to false, Domibus fills in the value of the Mpc with the value of the EBMS3 defaultMpc ("http://docs.oasis-open.org/ebxml-msg/ebms/v3.0/ns/core/200704/defaultMPC")
 #domibus.pmode.legconfiguration.mpc.enabled=true
 
+#If enabled, detailed diagnostics data will be logged when a message does not match the PMode
+#domibus.pmode.legconfiguration.diagnostics.enabled=false
+
 #Accepted Format for action (Default value: ^[^=]*$: all characters but '=' character )
 #domibus.pmode.validation.action.pattern=^[^=]*$
 
@@ -589,8 +612,8 @@ domibus.sendMessage.messageIdPattern=^(?!.*[=])[\\x20-\\x7E]*$
 #Cron expression used for configuring the partition worker scheduling. The partition worker verifies if partitions were properly created in advance
 #domibus.partitions.worker.cron=0 9 * * * ?
 
-#Number of days to check if partitions were successfully created in advance. Defaults to 7 days.
-#domibus.partitions.creation.days_to_check=7
+#Maximum number of expired partitions to be dropped by the retention worker in one run. Defaults to 10 partitions.
+#domibus.partitions.drop.max_partitions=10
 
 #Cron expression used to configure the sanitizer worker that targets messages not in a final state that are not processed anymore
 #domibus.ongoingMessagesSanitizing.worker.cron=0 0 0/2 ? * * *
diff --git a/Wildfly/pom.xml b/Wildfly/pom.xml
index 1b29c0a3fe..08717e1de9 100644
--- a/Wildfly/pom.xml
+++ b/Wildfly/pom.xml
@@ -8,7 +8,7 @@
     <parent>
         <groupId>eu.domibus</groupId>
         <artifactId>domibus</artifactId>
-        <version>5.1.4</version>
+        <version>5.1.6</version>
     </parent>
 
     <artifactId>wildfly</artifactId>
diff --git a/pom.xml b/pom.xml
index 5103f7eb7d..bc33654048 100644
--- a/pom.xml
+++ b/pom.xml
@@ -6,7 +6,7 @@
 
     <groupId>org.niis</groupId>
     <artifactId>harmony</artifactId>
-    <version>2.4.0</version>
+    <version>2.5.0</version>
     <packaging>pom</packaging>
     <name>Harmony MSH</name>
     <modules>
@@ -15,12 +15,12 @@
     <properties>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <!--!!Important!! Please update also the WSS4J, XmlSec and Saaj version in case you update the CXF version -->
-        <cxf.version>3.5.8</cxf.version>
+        <cxf.version>3.5.9</cxf.version>
         <wss4j-ws-security.version>2.4.3</wss4j-ws-security.version>
         <xmlsec.version>2.3.4</xmlsec.version>
         <messaging.saaj.version>1.5.3</messaging.saaj.version>
-        <spring.version>5.3.34</spring.version>
-        <spring.security.version>5.8.12</spring.security.version>
+        <spring.version>5.3.39</spring.version>
+        <spring.security.version>5.8.16</spring.security.version>
         <spring.session.core.version>2.7.4</spring.session.core.version>
         <spring.session.jdbc.version>2.7.4</spring.session.jdbc.version>
         <springdoc.version>1.6.15</springdoc.version>
@@ -53,7 +53,7 @@
         <dom4j.version>2.1.4</dom4j.version>
         <tika.version>2.7.0</tika.version>
         <peppol.version>2.4.0</peppol.version>
-        <dynamic.discovery.client.version>2.1</dynamic.discovery.client.version>
+        <dynamic.discovery.client.version>2.3</dynamic.discovery.client.version>
         <javax.validation.version>2.0.1.Final</javax.validation.version>
         <javax.ws.rs-api.version>2.1.1</javax.ws.rs-api.version>
         <jaxws-rt.version>2.3.6</jaxws-rt.version>
@@ -66,12 +66,12 @@
         <wiremock.version>2.27.2</wiremock.version>
         <handlebars.version>4.3.1</handlebars.version>
         <dropwizard.metrics.version>4.2.25</dropwizard.metrics.version>
-        <owasp.dependency.check.version>9.1.0</owasp.dependency.check.version>
+        <owasp.dependency.check.version>10.0.4</owasp.dependency.check.version>
         <maven-dependency-plugin.version>3.6.0</maven-dependency-plugin.version>
         <hikaricp.version>4.0.3</hikaricp.version>
         <wlthint3client.version>12.1.1</wlthint3client.version>
         <com.oracle.css.weblogic.security.wls_7.0.0.0.version>12.1.2-0-0</com.oracle.css.weblogic.security.wls_7.0.0.0.version>
-        <tomcat-embed.version>9.0.86</tomcat-embed.version>
+        <tomcat-embed.version>9.0.91</tomcat-embed.version>
         <json-smart.version>2.4.11</json-smart.version>
         <xbean-spring.version>4.23</xbean-spring.version> <!-- see ticket EDELIVERY-10294 -->
         <maven-jar-plugin.version>3.3.0</maven-jar-plugin.version>
@@ -144,6 +144,7 @@
         <commons-vfs2.version>2.9.0</commons-vfs2.version>
         <commons-lang.version>2.6</commons-lang.version>
         <jakarta.activation.version>1.2.2</jakarta.activation.version>
+        <jakarta.activation-api.version>2.1.1</jakarta.activation-api.version>
         <geronimo-1.1_spec.version>1.1.1</geronimo-1.1_spec.version>
         <geronimo-jms_2.0_spec.version>1.0-alpha-2</geronimo-jms_2.0_spec.version>
         <neethi.version>3.2.0</neethi.version>
@@ -174,6 +175,7 @@
         <maven-release-plugin.version>3.0.0</maven-release-plugin.version>
         <maven-enforcer-plugin.version>3.4.1</maven-enforcer-plugin.version>
         <maven-resources-plugin.version>3.0.0</maven-resources-plugin.version>
+        <owasp.nvd-api-key></owasp.nvd-api-key>
     </properties>
 
     <!-- Where are we looking for JARs -->
@@ -976,7 +978,7 @@
             <dependency>
                 <groupId>jakarta.activation</groupId>
                 <artifactId>jakarta.activation-api</artifactId>
-                <version>${jakarta.activation.version}</version>
+                <version>${jakarta.activation-api.version}</version>
             </dependency>
             <!-- Java mail -->
             <dependency>
@@ -1588,7 +1590,7 @@
                         <version>${owasp.dependency.check.version}</version>
                         <inherited>false</inherited>
                         <configuration>
-                            <nvdApiKey>${nvdApiKey}</nvdApiKey>
+                            <nvdApiKey>${owasp.nvd-api-key}</nvdApiKey>
                             <skipProvidedScope>true</skipProvidedScope>
                             <skipRuntimeScope>true</skipRuntimeScope>
                             <!-- Disable .Net Assembly Analyzer -->
diff --git a/project-check-exclude.xml b/project-check-exclude.xml
index 26aca5908f..6d734d84a7 100644
--- a/project-check-exclude.xml
+++ b/project-check-exclude.xml
@@ -128,6 +128,8 @@
         <cve>CVE-2023-40167</cve>
         <cve>CVE-2023-36479</cve>
         <cve>CVE-2023-44487</cve>
+        <cve>CVE-2024-6763</cve>
+        <cve>CVE-2024-9823</cve>
     </suppress>
 
     <suppress>
@@ -137,6 +139,14 @@
         <packageUrl regex="true">^pkg:maven/net\.minidev/accessors\-smart@.*$</packageUrl>
         <cve>CVE-2021-27568</cve>
     </suppress>
+    <suppress>
+        <notes><![CDATA[
+   file name: accessors-smart-2.4.8.jar
+   ]]></notes>
+        <packageUrl regex="true">^pkg:maven/net\.minidev/accessors\-smart@.*$</packageUrl>
+        <!--dependency brought by wiremock, used in testing environment-->
+        <cve>CVE-2023-1370</cve>
+    </suppress>
 
     <suppress>
         <notes><![CDATA[
@@ -288,6 +298,7 @@
         <notes><![CDATA[
    file name: wiremock-2.27.2.jar: swagger-ui-bundle.js
    ]]></notes>
+        <!--This is a dependency brought by wiremock and is used only in testing environment-->
         <packageUrl regex="true">^pkg:javascript/DOMPurify@.*$</packageUrl>
         <vulnerabilityName>Fix a possible XSS in Chrome that is hidden behind #enable-experimental-web-platform-features</vulnerabilityName>
         <vulnerabilityName>Fixed a new MathML-based bypass submitted by PewGrand. Fixed a new SVG-related bypass submitted by SecurityMB</vulnerabilityName>
@@ -297,6 +308,9 @@
         <vulnerabilityName>Fixed another bypass causing mXSS by using MathML</vulnerabilityName>
         <vulnerabilityName>Fixed several possible mXSS patterns, thanks @hackvertor</vulnerabilityName>
         <cve>CVE-2020-26870</cve>
+        <cve>CVE-2024-45801</cve>
+        <cve>CVE-2024-47875</cve>
+        <cve>CVE-2024-48910</cve>
     </suppress>
     <suppress>
         <notes><![CDATA[
@@ -690,4 +704,20 @@
         <!-- Brought as a dependency by commons-test, used in testing environment -->
         <cve>CVE-2014-9515</cve>
     </suppress>
+    <suppress>
+        <notes><![CDATA[
+   file name: xmlunit-core-2.7.0.jar
+   ]]></notes>
+        <!--This is a dependency brought by wiremock and is used only in testing environment-->
+        <packageUrl regex="true">^pkg:maven/org\.xmlunit/xmlunit\-core@.*$</packageUrl>
+        <vulnerabilityName>CVE-2024-31573</vulnerabilityName>
+    </suppress>
+    <suppress>
+        <notes><![CDATA[
+   file name: spring-webmvc-5.3.39.jar
+   ]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-webmvc@.*$</packageUrl>
+        <!--Domibus does not use WebMvc.fn or WebFlux.fn-->
+        <vulnerabilityName>CVE-2024-38816</vulnerabilityName>
+    </suppress>
 </suppressions>