diff --git a/bom/pom.xml b/bom/pom.xml
index 537d08f11a36..7f0162f63cf5 100644
--- a/bom/pom.xml
+++ b/bom/pom.xml
@@ -64,7 +64,7 @@ THE SOFTWARE.
         <!-- https://docs.spring.io/spring-security/site/docs/5.5.4/reference/html5/#getting-maven-no-boot -->
         <groupId>org.springframework.security</groupId>
         <artifactId>spring-security-bom</artifactId>
-        <version>5.8.5</version>
+        <version>5.8.6</version>
         <type>pom</type>
         <scope>import</scope>
       </dependency>
@@ -189,7 +189,7 @@ THE SOFTWARE.
       <dependency>
         <groupId>org.apache.ant</groupId>
         <artifactId>ant</artifactId>
-        <version>1.10.13</version>
+        <version>1.10.14</version>
       </dependency>
       <dependency>
         <groupId>org.apache.commons</groupId>
diff --git a/core/src/main/java/hudson/console/PlainTextConsoleOutputStream.java b/core/src/main/java/hudson/console/PlainTextConsoleOutputStream.java
index f3b5bd8adf7e..70bc85b7b110 100644
--- a/core/src/main/java/hudson/console/PlainTextConsoleOutputStream.java
+++ b/core/src/main/java/hudson/console/PlainTextConsoleOutputStream.java
@@ -28,6 +28,10 @@
 import java.io.DataInputStream;
 import java.io.IOException;
 import java.io.OutputStream;
+import java.nio.charset.Charset;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+import org.apache.commons.lang.StringEscapeUtils;
 
 /**
  * Filters out console notes.
@@ -36,6 +40,8 @@
  */
 public class PlainTextConsoleOutputStream extends LineTransformationOutputStream.Delegating {
 
+    private static final Logger LOGGER = Logger.getLogger(PlainTextConsoleOutputStream.class.getName());
+
     /**
      *
      */
@@ -64,7 +70,11 @@ protected void eol(byte[] in, int sz) throws IOException {
             int rest = sz - next;
             ByteArrayInputStream b = new ByteArrayInputStream(in, next, rest);
 
-            ConsoleNote.skip(new DataInputStream(b));
+            try {
+                ConsoleNote.skip(new DataInputStream(b));
+            } catch (IOException x) {
+                LOGGER.log(Level.FINE, "Failed to skip annotation from \"" + StringEscapeUtils.escapeJava(new String(in, next, rest, Charset.defaultCharset())) + "\"", x);
+            }
 
             int bytesUsed = rest - b.available(); // bytes consumed by annotations
             written += bytesUsed;
diff --git a/core/src/main/java/hudson/model/Label.java b/core/src/main/java/hudson/model/Label.java
index 43604d408aac..b0c32f212a09 100644
--- a/core/src/main/java/hudson/model/Label.java
+++ b/core/src/main/java/hudson/model/Label.java
@@ -592,10 +592,16 @@ public static Set<LabelAtom> parse(@CheckForNull String labels) {
         final Set<LabelAtom> r = new TreeSet<>();
         labels = fixNull(labels);
         if (labels.length() > 0) {
-            final QuotedStringTokenizer tokenizer = new QuotedStringTokenizer(labels);
-            while (tokenizer.hasMoreTokens())
-                r.add(Jenkins.get().getLabelAtom(tokenizer.nextToken()));
+            Jenkins j = Jenkins.get();
+            LabelAtom labelAtom = j.tryGetLabelAtom(labels);
+            if (labelAtom == null) {
+                final QuotedStringTokenizer tokenizer = new QuotedStringTokenizer(labels);
+                while (tokenizer.hasMoreTokens())
+                    r.add(j.getLabelAtom(tokenizer.nextToken()));
+            } else {
+                r.add(labelAtom);
             }
+        }
         return r;
     }
 
diff --git a/core/src/main/java/hudson/model/Node.java b/core/src/main/java/hudson/model/Node.java
index 519d89c10970..2d34e6e90ade 100644
--- a/core/src/main/java/hudson/model/Node.java
+++ b/core/src/main/java/hudson/model/Node.java
@@ -68,6 +68,7 @@
 import net.sf.json.JSONObject;
 import org.jvnet.localizer.Localizable;
 import org.kohsuke.accmod.Restricted;
+import org.kohsuke.accmod.restrictions.NoExternalUse;
 import org.kohsuke.accmod.restrictions.ProtectedExternally;
 import org.kohsuke.stapler.BindInterceptor;
 import org.kohsuke.stapler.Stapler;
@@ -298,6 +299,17 @@ public OfflineCause getTemporaryOfflineCause() {
     public TagCloud<LabelAtom> getLabelCloud() {
         return new TagCloud<>(getAssignedLabels(), Label::getTiedJobCount);
     }
+
+    /**
+     * @return An immutable set of LabelAtom associated with the current node label.
+     */
+    @NonNull
+    @Restricted(NoExternalUse.class)
+    protected Set<LabelAtom> getLabelAtomSet() {
+        // Default implementation doesn't cache, since we can't hook on label updates.
+        return Collections.unmodifiableSet(Label.parse(getLabelString()));
+    }
+
     /**
      * Returns the possibly empty set of labels that are assigned to this node,
      * including the automatic {@link #getSelfLabel() self label}, manually
@@ -305,13 +317,13 @@ public TagCloud<LabelAtom> getLabelCloud() {
      * {@link LabelFinder} extension point.
      *
      * This method has a side effect of updating the hudson-wide set of labels
-     * and should be called after events that will change that - e.g. a agent
+     * and should be called after events that will change that - e.g. an agent
      * connecting.
      */
 
     @Exported
     public Set<LabelAtom> getAssignedLabels() {
-        Set<LabelAtom> r = Label.parse(getLabelString());
+        Set<LabelAtom> r = new HashSet<>(getLabelAtomSet());
         r.add(getSelfLabel());
         r.addAll(getDynamicLabels());
         return Collections.unmodifiableSet(r);
diff --git a/core/src/main/java/hudson/model/Slave.java b/core/src/main/java/hudson/model/Slave.java
index 22eb63cd2fc6..da5195a963cf 100644
--- a/core/src/main/java/hudson/model/Slave.java
+++ b/core/src/main/java/hudson/model/Slave.java
@@ -36,6 +36,7 @@
 import hudson.Util;
 import hudson.cli.CLI;
 import hudson.model.Descriptor.FormException;
+import hudson.model.labels.LabelAtom;
 import hudson.remoting.Callable;
 import hudson.remoting.Channel;
 import hudson.remoting.Which;
@@ -60,6 +61,7 @@
 import java.net.URLConnection;
 import java.util.ArrayList;
 import java.util.Collection;
+import java.util.Collections;
 import java.util.List;
 import java.util.Set;
 import java.util.jar.JarFile;
@@ -179,6 +181,7 @@ protected Slave(@NonNull String name, String remoteFS, ComputerLauncher launcher
         this.name = name;
         this.remoteFS = remoteFS;
         this.launcher = launcher;
+        this.labelAtomSet = Collections.unmodifiableSet(Label.parse(label));
     }
 
     /**
@@ -193,7 +196,7 @@ protected Slave(@NonNull String name, String nodeDescription, String remoteFS, i
         this.numExecutors = numExecutors;
         this.mode = mode;
         this.remoteFS = Util.fixNull(remoteFS).trim();
-        this.label = Util.fixNull(labelString).trim();
+        this.labelAtomSet = Collections.unmodifiableSet(Label.parse(labelString));
         this.launcher = launcher;
         this.retentionStrategy = retentionStrategy;
         getAssignedLabels();    // compute labels now
@@ -328,11 +331,24 @@ public String getLabelString() {
     @Override
     @DataBoundSetter
     public void setLabelString(String labelString) throws IOException {
-        this.label = Util.fixNull(labelString).trim();
+        _setLabelString(labelString);
         // Compute labels now.
         getAssignedLabels();
     }
 
+    private void _setLabelString(String labelString) {
+        this.label = Util.fixNull(labelString).trim();
+        this.labelAtomSet = Collections.unmodifiableSet(Label.parse(label));
+    }
+
+    @NonNull
+    private transient Set<LabelAtom> labelAtomSet;
+
+    @Override
+    protected Set<LabelAtom> getLabelAtomSet() {
+        return labelAtomSet;
+    }
+
     @Override
     public Callable<ClockDifference, IOException> getClockDifferenceCallable() {
         return new GetClockDifference1();
@@ -574,6 +590,7 @@ public int hashCode() {
     protected Object readResolve() {
         if (nodeProperties == null)
             nodeProperties = new DescribableList<>(this);
+        _setLabelString(label);
         return this;
     }
 
diff --git a/core/src/main/java/hudson/security/SecurityRealm.java b/core/src/main/java/hudson/security/SecurityRealm.java
index ca62a4d3fe0e..a134755fe95e 100644
--- a/core/src/main/java/hudson/security/SecurityRealm.java
+++ b/core/src/main/java/hudson/security/SecurityRealm.java
@@ -647,15 +647,27 @@ public static String getFrom() {
             from = request.getParameter("from");
         }
 
+        // On the 404 error page, use the session attribute it sets
+        if (request != null && request.getRequestURI().equals(request.getContextPath() + "/404")) {
+            final HttpSession session = request.getSession(false);
+            if (session != null) {
+                final Object attribute = session.getAttribute("from");
+                if (attribute != null) {
+                    from = attribute.toString();
+                }
+            }
+        }
+
         // If entry point was not found, try to deduce it from the request URI
-        // except pages related to login process
+        // except pages related to login process and the 404 error page
         if (from == null
                 && request != null
                 && request.getRequestURI() != null
-                && !request.getRequestURI().equals("/loginError")
-                && !request.getRequestURI().equals("/login")) {
-
-                from = request.getRequestURI();
+                // The custom login page makes the next two lines obsolete, but safer to have them.
+                && !request.getRequestURI().equals(request.getContextPath() + "/loginError")
+                && !request.getRequestURI().equals(request.getContextPath() + "/login")
+                && !request.getRequestURI().equals(request.getContextPath() + "/404")) {
+            from = request.getRequestURI();
         }
 
         // If deduced entry point isn't deduced yet or the content is a blank value
diff --git a/core/src/main/java/jenkins/ErrorAttributeFilter.java b/core/src/main/java/jenkins/ErrorAttributeFilter.java
new file mode 100644
index 000000000000..9163e409f61d
--- /dev/null
+++ b/core/src/main/java/jenkins/ErrorAttributeFilter.java
@@ -0,0 +1,30 @@
+package jenkins;
+
+import java.io.IOException;
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import jenkins.model.Jenkins;
+import org.kohsuke.accmod.Restricted;
+import org.kohsuke.accmod.restrictions.NoExternalUse;
+import org.springframework.security.core.Authentication;
+
+/**
+ * Record the current user authentication for later impersonation if the response is 404 Not Found.
+ *
+ * @see Jenkins#generateNotFoundResponse(org.kohsuke.stapler.StaplerRequest, org.kohsuke.stapler.StaplerResponse)
+ */
+@Restricted(NoExternalUse.class)
+public class ErrorAttributeFilter implements Filter {
+
+    public static final String USER_ATTRIBUTE = "jenkins.ErrorAttributeFilter.user";
+
+    @Override
+    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
+        final Authentication authentication = Jenkins.getAuthentication2();
+        servletRequest.setAttribute(USER_ATTRIBUTE, authentication);
+        filterChain.doFilter(servletRequest, servletResponse);
+    }
+}
diff --git a/core/src/main/java/jenkins/management/AdministrativeMonitorsDecorator.java b/core/src/main/java/jenkins/management/AdministrativeMonitorsDecorator.java
index eb9685f54ba0..cc1d5214e0ae 100644
--- a/core/src/main/java/jenkins/management/AdministrativeMonitorsDecorator.java
+++ b/core/src/main/java/jenkins/management/AdministrativeMonitorsDecorator.java
@@ -28,6 +28,7 @@
 import hudson.Extension;
 import hudson.diagnosis.ReverseProxySetupMonitor;
 import hudson.model.AdministrativeMonitor;
+import hudson.model.ManageJenkinsAction;
 import hudson.model.PageDecorator;
 import hudson.util.HudsonIsLoading;
 import hudson.util.HudsonIsRestarting;
@@ -53,9 +54,6 @@ public class AdministrativeMonitorsDecorator extends PageDecorator {
     private final Collection<String> ignoredJenkinsRestOfUrls = new ArrayList<>();
 
     public AdministrativeMonitorsDecorator() {
-        // redundant
-        ignoredJenkinsRestOfUrls.add("manage");
-
         // otherwise this would be added to every internal context menu building request
         ignoredJenkinsRestOfUrls.add("contextMenu");
 
@@ -165,6 +163,11 @@ public Collection<AdministrativeMonitor> getMonitorsToDisplay() {
             return null;
         }
 
+        // Don't show on Manage Jenkins
+        if (o instanceof ManageJenkinsAction) {
+            return null;
+        }
+
         // don't show for some URLs served directly by Jenkins
         if (o instanceof Jenkins) {
             String url = a.getRestOfUrl();
diff --git a/core/src/main/java/jenkins/model/Jenkins.java b/core/src/main/java/jenkins/model/Jenkins.java
index 9bf94cf9389a..29477e36d911 100644
--- a/core/src/main/java/jenkins/model/Jenkins.java
+++ b/core/src/main/java/jenkins/model/Jenkins.java
@@ -262,6 +262,7 @@
 import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletResponse;
 import jenkins.AgentProtocol;
+import jenkins.ErrorAttributeFilter;
 import jenkins.ExtensionComponentSet;
 import jenkins.ExtensionRefreshException;
 import jenkins.InitReactorRunner;
@@ -275,6 +276,7 @@
 import jenkins.security.ConfidentialStore;
 import jenkins.security.MasterToSlaveCallable;
 import jenkins.security.RedactSecretJsonInErrorMessageSanitizer;
+import jenkins.security.ResourceDomainConfiguration;
 import jenkins.security.SecurityListener;
 import jenkins.security.stapler.DoActionFilter;
 import jenkins.security.stapler.StaplerDispatchValidator;
@@ -930,7 +932,7 @@ protected Jenkins(File root, ServletContext context, PluginManager pluginManager
 
             Trigger.timer = new java.util.Timer("Jenkins cron thread");
             queue = new Queue(LoadBalancer.CONSISTENT_HASH);
-
+            labelAtomSet = Collections.unmodifiableSet(Label.parse(label));
             try {
                 dependencyGraph = DependencyGraph.EMPTY;
             } catch (InternalError e) {
@@ -1088,6 +1090,7 @@ protected Object readResolve() {
             /* deserializing without a value set means we need to migrate */
             nodeRenameMigrationNeeded = true;
         }
+        _setLabelString(label);
 
         return this;
     }
@@ -1468,6 +1471,14 @@ public boolean hasPeople() {
     }
 
     public Api getApi() {
+        /* Do not show "REST API" link in footer when on 404 error page */
+        final StaplerRequest req = Stapler.getCurrentRequest();
+        if (req != null) {
+            final Object attribute = req.getAttribute("javax.servlet.error.message");
+            if (attribute != null) {
+                return null;
+            }
+        }
         return new Api(this);
     }
 
@@ -2114,6 +2125,20 @@ public Label getLabel(String expr) {
         }
     }
 
+    /**
+     * Returns the label atom of the given name, only if it already exists.
+     * @return non-null if the label atom already exists.
+     */
+    @Restricted(NoExternalUse.class)
+    public @Nullable LabelAtom tryGetLabelAtom(@NonNull String name) {
+        Label label = labels.get(name);
+        if (label instanceof LabelAtom) {
+            return (LabelAtom) label;
+        }
+        return null;
+    }
+
+
     /**
      * Gets all the active labels in the current system.
      */
@@ -2126,6 +2151,14 @@ public Set<Label> getLabels() {
         return r;
     }
 
+    @NonNull
+    private transient Set<LabelAtom> labelAtomSet;
+
+    @Override
+    protected Set<LabelAtom> getLabelAtomSet() {
+        return labelAtomSet;
+    }
+
     public Set<LabelAtom> getLabelAtoms() {
         Set<LabelAtom> r = new TreeSet<>();
         for (Label l : labels.values()) {
@@ -3291,10 +3324,17 @@ public String getLabelString() {
 
     @Override
     public void setLabelString(String label) throws IOException {
-        this.label = label;
+        _setLabelString(label);
         save();
     }
 
+    private void _setLabelString(String label) {
+        this.label = label;
+        if (Jenkins.getInstanceOrNull() != null) { // avoid on unit tests
+            this.labelAtomSet = Collections.unmodifiableSet(Label.parse(label));
+        }
+    }
+
     @NonNull
     @Override
     public LabelAtom getSelfLabel() {
@@ -4540,6 +4580,26 @@ public void doRestart(StaplerRequest req, StaplerResponse rsp) throws IOExceptio
         }
     }
 
+    /**
+     * Serve a custom 404 error page, configured in web.xml.
+     */
+    @WebMethod(name = "404")
+    @Restricted(NoExternalUse.class)
+    public void generateNotFoundResponse(StaplerRequest req, StaplerResponse rsp) throws ServletException, IOException {
+        if (ResourceDomainConfiguration.isResourceRequest(req)) {
+            rsp.forward(this, "_404_simple", req);
+        } else {
+            final Object attribute = req.getAttribute(ErrorAttributeFilter.USER_ATTRIBUTE);
+            if (attribute instanceof Authentication) {
+                try (ACLContext unused = ACL.as2((Authentication) attribute)) {
+                    rsp.forward(this, "_404", req);
+                }
+            } else {
+                rsp.forward(this, "_404", req);
+            }
+        }
+    }
+
     /**
      * Queues up a safe restart of Jenkins.
      * Builds that cannot continue while the controller is not running have to finish or pause before it can proceed.
@@ -5729,6 +5789,9 @@ public boolean shouldShowStackTrace() {
      * <p>See also:{@link #getUnprotectedRootActions}.
      */
     private static final Set<String> ALWAYS_READABLE_PATHS = new HashSet<>(Arrays.asList(
+        "404", // Web method
+        "_404", // .jelly
+        "_404_simple", // .jelly
         "login", // .jelly
         "loginError", // .jelly
         "logout", // #doLogout
diff --git a/core/src/main/java/jenkins/security/ResourceDomainFilter.java b/core/src/main/java/jenkins/security/ResourceDomainFilter.java
index eda15fe3e7c9..b88fc7045ff6 100644
--- a/core/src/main/java/jenkins/security/ResourceDomainFilter.java
+++ b/core/src/main/java/jenkins/security/ResourceDomainFilter.java
@@ -25,6 +25,7 @@
 package jenkins.security;
 
 import hudson.Extension;
+import hudson.Functions;
 import java.io.IOException;
 import java.util.Arrays;
 import java.util.HashSet;
@@ -49,14 +50,14 @@ public class ResourceDomainFilter implements HttpServletFilter {
 
     private static final Logger LOGGER = Logger.getLogger(ResourceDomainFilter.class.getName());
 
-    private static final Set<String> ALLOWED_PATHS = new HashSet<>(Arrays.asList("/" + ResourceDomainRootAction.URL, "/favicon.ico", "/favicon.svg", "/robots.txt"));
+    private static final Set<String> ALLOWED_PATHS = new HashSet<>(Arrays.asList("/" + ResourceDomainRootAction.URL, "/favicon.ico", "/favicon.svg", "/apple-touch-icon.png", "/mask-icon.svg", "/robots.txt", "/images/rage.svg"));
     public static final String ERROR_RESPONSE = "Jenkins serves only static files on this domain.";
 
     @Override
     public boolean handle(HttpServletRequest req, HttpServletResponse rsp) throws IOException, ServletException {
         if (ResourceDomainConfiguration.isResourceRequest(req)) {
             String path = req.getPathInfo();
-            if (!path.startsWith("/" + ResourceDomainRootAction.URL + "/") && !ALLOWED_PATHS.contains(path)) {
+            if (!path.startsWith("/" + ResourceDomainRootAction.URL + "/") && !ALLOWED_PATHS.contains(path) && !isAllowedPathWithResourcePrefix(path)) {
                 LOGGER.fine(() -> "Rejecting request to " + req.getRequestURL() + " from " + req.getRemoteAddr() + " on resource domain");
                 rsp.sendError(404, ERROR_RESPONSE);
                 return true;
@@ -66,4 +67,7 @@ public boolean handle(HttpServletRequest req, HttpServletResponse rsp) throws IO
         return false;
     }
 
+    private static boolean isAllowedPathWithResourcePrefix(String path) {
+        return path.startsWith(Functions.getResourcePath()) && ALLOWED_PATHS.contains(path.substring(Functions.getResourcePath().length()));
+    }
 }
diff --git a/core/src/main/java/jenkins/security/ResourceDomainRootAction.java b/core/src/main/java/jenkins/security/ResourceDomainRootAction.java
index a910800ea859..4de14ef1cfcb 100644
--- a/core/src/main/java/jenkins/security/ResourceDomainRootAction.java
+++ b/core/src/main/java/jenkins/security/ResourceDomainRootAction.java
@@ -74,6 +74,8 @@
 @Restricted(NoExternalUse.class)
 public class ResourceDomainRootAction implements UnprotectedRootAction {
 
+    private static final String RESOURCE_DOMAIN_ROOT_ACTION_ERROR = "jenkins.security.ResourceDomainRootAction.error";
+
     private static final Logger LOGGER = Logger.getLogger(ResourceDomainRootAction.class.getName());
 
     public static final String URL = "static-files";
@@ -104,12 +106,14 @@ public void doIndex(StaplerRequest req, StaplerResponse rsp) throws IOException
         if (ResourceDomainConfiguration.isResourceRequest(req)) {
             rsp.sendError(404, ResourceDomainFilter.ERROR_RESPONSE);
         } else {
+            req.setAttribute(RESOURCE_DOMAIN_ROOT_ACTION_ERROR, true);
             rsp.sendError(404, "Cannot handle requests to this URL unless on Jenkins resource URL.");
         }
     }
 
     public Object getDynamic(String id, StaplerRequest req, StaplerResponse rsp) throws Exception {
         if (!ResourceDomainConfiguration.isResourceRequest(req)) {
+            req.setAttribute(RESOURCE_DOMAIN_ROOT_ACTION_ERROR, true);
             rsp.sendError(404, "Cannot handle requests to this URL unless on Jenkins resource URL.");
             return null;
         }
diff --git a/core/src/main/resources/hudson/Messages_fr.properties b/core/src/main/resources/hudson/Messages_fr.properties
index 1c948734def7..543ae2f0dcba 100644
--- a/core/src/main/resources/hudson/Messages_fr.properties
+++ b/core/src/main/resources/hudson/Messages_fr.properties
@@ -49,6 +49,8 @@ Util.day   ={0} j
 Util.month ={0} mo.
 Util.year  ={0} an.
 
+UpdateCenter.DownloadButNotActivated=La mise à jour a été téléchargée avec succès. Elle sera activée lors du prochain démarrage
+
 FilePath.TildaDoesntWork=''~'' n''est supporté que sur les shells Unix.
 
 PluginManager.PortNotANumber=Le port n''est pas un nombre
diff --git a/core/src/main/resources/hudson/PluginManager/available.jelly b/core/src/main/resources/hudson/PluginManager/available.jelly
index 212deb493567..b0fa8f8fe5a3 100644
--- a/core/src/main/resources/hudson/PluginManager/available.jelly
+++ b/core/src/main/resources/hudson/PluginManager/available.jelly
@@ -32,8 +32,6 @@ THE SOFTWARE.
     <!-- no need for additional breadcrumb here as the side panel offers enough functionality to browse between different pages -->
 
     <l:main-panel>
-      <l:app-bar title="${%Plugins}" />
-
       <div class="jenkins-app-bar jenkins-app-bar--sticky">
         <div class="jenkins-app-bar__content">
           <l:search-bar clazz="jenkins-search--app-bar"
diff --git a/core/src/main/resources/hudson/PluginManager/installed.jelly b/core/src/main/resources/hudson/PluginManager/installed.jelly
index b312e0f680f1..8013742cf738 100644
--- a/core/src/main/resources/hudson/PluginManager/installed.jelly
+++ b/core/src/main/resources/hudson/PluginManager/installed.jelly
@@ -34,8 +34,6 @@ THE SOFTWARE.
     <!-- no need for additional breadcrumb here as the side panel offers enough functionality to browse between different pages -->
 
     <l:main-panel>
-      <l:app-bar title="${%Plugins}" />
-
       <j:set var="noPlugins"
              value="${empty(app.pluginManager.plugins) and empty(app.pluginManager.failedPlugins)}" />
 
diff --git a/core/src/main/resources/hudson/PluginManager/sidepanel.jelly b/core/src/main/resources/hudson/PluginManager/sidepanel.jelly
index 5a642c2f5971..0d3fc3fb43d3 100644
--- a/core/src/main/resources/hudson/PluginManager/sidepanel.jelly
+++ b/core/src/main/resources/hudson/PluginManager/sidepanel.jelly
@@ -28,6 +28,7 @@ THE SOFTWARE.
 <?jelly escape-by-default='true'?>
 <j:jelly xmlns:j="jelly:core" xmlns:st="jelly:stapler" xmlns:d="jelly:define" xmlns:l="/lib/layout" xmlns:t="/lib/hudson" xmlns:f="/lib/form" xmlns:i="jelly:fmt">
   <l:side-panel sticky="true">
+    <l:app-bar title="${%Plugins}" />
     <l:tasks>
       <l:task href="${rootURL}/manage/pluginManager/" icon="symbol-download" title="${%Updates}" badge="${app.updateCenter.badge}"/>
       <l:task href="${rootURL}/manage/pluginManager/available" icon="symbol-shopping-bag" title="${%Available plugins}"/>
diff --git a/core/src/main/resources/hudson/PluginManager/sidepanel_fr.properties b/core/src/main/resources/hudson/PluginManager/sidepanel_fr.properties
new file mode 100644
index 000000000000..c2f09529615c
--- /dev/null
+++ b/core/src/main/resources/hudson/PluginManager/sidepanel_fr.properties
@@ -0,0 +1,27 @@
+# The MIT License
+#
+# Copyright (c) 2023, Damian Szczepanik
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
+
+Updates=Mises à jour
+Available\ plugins=Plugins disponibles
+Installed\ plugins=Plugins installés
+Advanced\ settings=Paramètres avancés
+Download\ progress=Progression des téléchargements
diff --git a/core/src/main/resources/hudson/PluginManager/updates.jelly b/core/src/main/resources/hudson/PluginManager/updates.jelly
index 6bf1982d89fe..25402731273b 100644
--- a/core/src/main/resources/hudson/PluginManager/updates.jelly
+++ b/core/src/main/resources/hudson/PluginManager/updates.jelly
@@ -35,8 +35,6 @@ THE SOFTWARE.
     </l:header>
 
     <l:main-panel>
-      <l:app-bar title="${%Plugins}" />
-
       <div class="jenkins-app-bar jenkins-app-bar--sticky">
         <div class="jenkins-app-bar__content">
           <l:search-bar clazz="jenkins-search--app-bar"
diff --git a/core/src/main/resources/hudson/model/Job/configure_tr.properties b/core/src/main/resources/hudson/model/Job/configure_tr.properties
index 478b231c0282..dbd3cbfc3dd8 100644
--- a/core/src/main/resources/hudson/model/Job/configure_tr.properties
+++ b/core/src/main/resources/hudson/model/Job/configure_tr.properties
@@ -24,4 +24,8 @@ Strategy=Strateji
 name={0} isim
 Description=Açıklama
 LOADING=YÜKLENİYOR
+Configuration=Konfigürasyon
+Configure=Konfigürasyonu Düzenle
+General=Genel
 Save=Kaydet
+Apply=Uygula
diff --git a/core/src/main/resources/hudson/model/Messages_tr.properties b/core/src/main/resources/hudson/model/Messages_tr.properties
index fbf4917f3fb3..d7356b3d3fe7 100644
--- a/core/src/main/resources/hudson/model/Messages_tr.properties
+++ b/core/src/main/resources/hudson/model/Messages_tr.properties
@@ -101,11 +101,11 @@ Run.UnableToDelete={0} silinemiyor: {1}
 
 View.Permissions.Title=Görüntü
 Permalink.LastBuild=Son yapılandırma
-Permalink.LastStableBuild=Son stabil yapılandırma
+Permalink.LastStableBuild=Son kararlı yapılandırma
 Permalink.LastSuccessfulBuild=Son başarılı yapılandırma
 Permalink.LastFailedBuild=Son başarısız yapılandırma
 ManageJenkinsAction.DisplayName=Jenkins''i Yönet
-ParametersDefinitionProperty.DisplayName=Bu yapılandırma parametreleştirilmiştir.
+ParametersDefinitionProperty.DisplayName=Bu projeyi parametrik hale getir
 
 ManagementLink.Category.CONFIGURATION=Sistem Konfigürasyonu
 ManagementLink.Category.SECURITY=Güvenlik
diff --git a/core/src/main/resources/hudson/model/UpdateCenter/index_fr.properties b/core/src/main/resources/hudson/model/UpdateCenter/index_fr.properties
index d4484e9b7c4c..2a47892a3281 100644
--- a/core/src/main/resources/hudson/model/UpdateCenter/index_fr.properties
+++ b/core/src/main/resources/hudson/model/UpdateCenter/index_fr.properties
@@ -20,8 +20,4 @@
 # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 # THE SOFTWARE.
 
-Update\ Center=Centre de mise à jour
-warning=Une fois l''installation terminée, Jenkins doit être redémarré \
-  pour prendre en compte les nouveaux plugins.
-Installing\ Plugins/Upgrades=Installation/Mise à jour des Plugins
-Schedule\ Restart=Programmer un redémarrage
+Download\ progress=Progression du téléchargement
diff --git a/core/src/main/resources/hudson/triggers/SlowTriggerAdminMonitor/message.groovy b/core/src/main/resources/hudson/triggers/SlowTriggerAdminMonitor/message.groovy
index ca56053f434a..77bcedd36ebd 100644
--- a/core/src/main/resources/hudson/triggers/SlowTriggerAdminMonitor/message.groovy
+++ b/core/src/main/resources/hudson/triggers/SlowTriggerAdminMonitor/message.groovy
@@ -35,7 +35,7 @@ dl {
                         td(val.fullJobName)
                     } else {
                         td {
-                            a(job.getFullDisplayName(), href: job.getUrl(), class: 'model-link')
+                            a(job.getFullDisplayName(), href: rootURL + '/' + job.getUrl(), class: 'model-link')
                         }
                     }
                     td(Util.getTimeSpanString(val.duration))
diff --git a/core/src/main/resources/jenkins/model/Jenkins/_404.jelly b/core/src/main/resources/jenkins/model/Jenkins/_404.jelly
new file mode 100644
index 000000000000..4605b5926760
--- /dev/null
+++ b/core/src/main/resources/jenkins/model/Jenkins/_404.jelly
@@ -0,0 +1,57 @@
+<!--
+The MIT License
+
+Copyright (c) 2021 Daniel Beck
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
+-->
+
+<?jelly escape-by-default='true'?>
+<j:jelly xmlns:j="jelly:core" xmlns:st="jelly:stapler" xmlns:d="jelly:define" xmlns:l="/lib/layout" xmlns:t="/lib/hudson" xmlns:f="/lib/form" xmlns:i="jelly:fmt">
+    <!--
+      This is the page designated by web.xml to handle 404 errors. Show a nice error message and suggest logging in if applicable.
+      Generally kept very similar to 'oops.jelly'.
+    -->
+    <st:statusCode value="${response.getStatus()}" />
+    ${request.session.setAttribute('from', request.getAttribute('javax.servlet.error.request_uri'))}
+    <l:layout title="${%title(javax.servlet.error.message?:'Not Found')}" type="one-column">
+        <l:header />
+        <l:main-panel>
+            <h1 style="text-align: center">
+                <img src="${imagesURL}/rage.svg" height="179" width="154"/>
+                <span style="font-size:50px"><st:nbsp/>${%Oops!}</span>
+            </h1>
+            <div id="error-description" style="text-align: center">
+                <h2>${%title(javax.servlet.error.message?:'Not Found')}</h2>
+                <j:if test="${!request.getAttribute('jenkins.security.ResourceDomainRootAction.error')}">
+	                <p>
+	                    <j:choose>
+	                        <j:when test="${app.useSecurity}">
+                                ${%noAccess}
+		                    </j:when>
+		                    <j:otherwise>
+		                        ${%notFound}
+                            </j:otherwise>
+                        </j:choose>
+                    </p>
+                </j:if>
+            </div>
+        </l:main-panel>
+    </l:layout>
+</j:jelly>
diff --git a/core/src/main/resources/jenkins/model/Jenkins/_404.properties b/core/src/main/resources/jenkins/model/Jenkins/_404.properties
new file mode 100644
index 000000000000..c671d3ed833c
--- /dev/null
+++ b/core/src/main/resources/jenkins/model/Jenkins/_404.properties
@@ -0,0 +1,3 @@
+title = {0}
+noAccess = This page may not exist, or you may not have permission to see it.
+notFound = This page does not exist.
diff --git a/core/src/main/resources/jenkins/model/Jenkins/_404_simple.jelly b/core/src/main/resources/jenkins/model/Jenkins/_404_simple.jelly
new file mode 100644
index 000000000000..c6a876bb2955
--- /dev/null
+++ b/core/src/main/resources/jenkins/model/Jenkins/_404_simple.jelly
@@ -0,0 +1,61 @@
+<!--
+The MIT License
+
+Copyright (c) 2021 Daniel Beck
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
+-->
+
+<?jelly escape-by-default='true'?>
+<j:jelly xmlns:j="jelly:core" xmlns:st="jelly:stapler" xmlns:d="jelly:define" xmlns:l="/lib/layout"  xmlns:x="jelly:xml">
+    <!--
+      This is the page designated by web.xml to handle 404 errors on the resource domain.
+      We do not have access to all the javascript and css resources here, so render a simple page.
+      Do not use /lib/layout:layout with type="full-screen" here to prevent external contributions.
+    -->
+    <l:view contentType="text/html;charset=UTF-8">
+        <st:setHeader name="Expires" value="0" />
+        <st:setHeader name="Cache-Control" value="no-cache,no-store,must-revalidate" />
+        <st:setHeader name="X-Hudson-Theme" value="default" />
+        <st:setHeader name="Referrer-Policy" value="same-origin" />
+        <st:setHeader name="Cross-Origin-Opener-Policy" value="same-origin" />
+        <x:doctype name="html" />
+        <st:statusCode value="${response.getStatus()}" />
+        <html>
+            <head>
+                <title>${%title(javax.servlet.error.message?:'Not Found')}</title>
+                <link rel="icon" href="${resURL}/favicon.svg" type="image/svg+xml" />
+                <link rel="alternate icon" href="${resURL}/favicon.ico" sizes="any" />
+                <!-- TODO Determine need for these -->
+                <link rel="apple-touch-icon" href="${resURL}/apple-touch-icon.png" sizes="180x180" />
+                <link rel="mask-icon" href="${resURL}/mask-icon.svg" color="#191717" />
+            </head>
+            <body style="font-family: system-ui, sans-serif">
+                <h1 style="text-align: center">
+                    <img src="${imagesURL}/rage.svg" height="179" width="154" style="vertical-align: middle"/>
+                    <span style="font-size:50px"><st:nbsp/>${%Oops!}</span>
+                </h1>
+                <div style="text-align: center">
+                    <h2>${%title(javax.servlet.error.message?:'Not Found')}</h2>
+                    <a href="${h.inferHudsonURL(request)}">${%Back to Jenkins}</a>
+                </div>
+            </body>
+        </html>
+    </l:view>
+</j:jelly>
diff --git a/core/src/main/resources/jenkins/model/Jenkins/_404_simple.properties b/core/src/main/resources/jenkins/model/Jenkins/_404_simple.properties
new file mode 100644
index 000000000000..deedf181e429
--- /dev/null
+++ b/core/src/main/resources/jenkins/model/Jenkins/_404_simple.properties
@@ -0,0 +1 @@
+title = {0}
diff --git a/core/src/main/resources/jenkins/model/Messages_tr.properties b/core/src/main/resources/jenkins/model/Messages_tr.properties
index f3108bf971ec..ea0bb121c326 100644
--- a/core/src/main/resources/jenkins/model/Messages_tr.properties
+++ b/core/src/main/resources/jenkins/model/Messages_tr.properties
@@ -33,4 +33,4 @@ Hudson.ViewName=Hepsi
 ParameterizedJobMixIn.build_now=Şimdi Yapılandır
 BlockedBecauseOfBuildInProgress.shortDescription=Yapılandırma #{0} zaten işlemde {1}
 BlockedBecauseOfBuildInProgress.ETA=\ (ETA: {0})
-BuildDiscarderProperty.displayName=Eski Yapılandırmalardan Kurtul
+BuildDiscarderProperty.displayName=Eski yapılandırmalardan kurtul
diff --git a/core/src/main/resources/jenkins/triggers/Messages_tr.properties b/core/src/main/resources/jenkins/triggers/Messages_tr.properties
new file mode 100644
index 000000000000..9f075b4628ae
--- /dev/null
+++ b/core/src/main/resources/jenkins/triggers/Messages_tr.properties
@@ -0,0 +1 @@
+ReverseBuildTrigger.build_after_other_projects_are_built=Başka projeler yapılandırıldıktan sonra yapılandırma tetikle
diff --git a/core/src/main/resources/jenkins/views/JenkinsHeader/headerContent.jelly b/core/src/main/resources/jenkins/views/JenkinsHeader/headerContent.jelly
index b524562db973..ce78d10d37e2 100644
--- a/core/src/main/resources/jenkins/views/JenkinsHeader/headerContent.jelly
+++ b/core/src/main/resources/jenkins/views/JenkinsHeader/headerContent.jelly
@@ -43,7 +43,7 @@
             <div id="visible-am-insertion" class="page-header__am-wrapper" />
             <div id="visible-sec-am-insertion" class="page-header__am-wrapper" />
 
-            <!-- login field -->
+            <!-- user icon and login/logout links; only show if authentication is enabled and we're not handling a servlet error -->
             <j:if test="${app.useSecurity}">
                 <j:choose>
                     <j:when test="${!h.isAnonymous()}">
diff --git a/core/src/main/resources/lib/hudson/project/config-builders_tr.properties b/core/src/main/resources/lib/hudson/project/config-builders_tr.properties
index 4a9473f35148..0164548aeaba 100644
--- a/core/src/main/resources/lib/hudson/project/config-builders_tr.properties
+++ b/core/src/main/resources/lib/hudson/project/config-builders_tr.properties
@@ -21,4 +21,5 @@
 # THE SOFTWARE.
 
 Build=Yapılandırma
+Build\ Steps=Yapılandırma Adımları
 Add\ build\ step=Yapılandırma adımı ekle
diff --git a/core/src/main/resources/lib/hudson/project/config-concurrentBuild_tr.properties b/core/src/main/resources/lib/hudson/project/config-concurrentBuild_tr.properties
index 9f65dcded217..8e01433317f8 100644
--- a/core/src/main/resources/lib/hudson/project/config-concurrentBuild_tr.properties
+++ b/core/src/main/resources/lib/hudson/project/config-concurrentBuild_tr.properties
@@ -1,3 +1,3 @@
 # This file is under the MIT License by authors
 
-title.concurrentbuilds=Eğer gerekliyse eş zamanlı yaplandırmaları çalıştır
+title.concurrentbuilds=Gerekirse yaplandırmaları eşzamanlı çalıştır
diff --git a/core/src/main/resources/lib/hudson/project/config-disableBuild_tr.properties b/core/src/main/resources/lib/hudson/project/config-disableBuild_tr.properties
index 7503a2947110..f879e6502115 100644
--- a/core/src/main/resources/lib/hudson/project/config-disableBuild_tr.properties
+++ b/core/src/main/resources/lib/hudson/project/config-disableBuild_tr.properties
@@ -22,3 +22,6 @@
 
 Disable\ this\ project=Yapılandırmayı devre dışı bırak
 No\ new\ builds\ will\ be\ executed\ until\ the\ project\ is\ re-enabled.=Proje yeniden devreye alınana kadar yeni yapılandırma çalıştırılmayacaktır.
+Enabled=Etkin
+Disabled=Devre Dışı
+Enable\ or\ disable\ the\ current\ project=Bu projeyi etkinleştir veya devre dışı bırak
diff --git a/core/src/main/resources/lib/hudson/project/config-publishers2_tr.properties b/core/src/main/resources/lib/hudson/project/config-publishers2_tr.properties
index 62d71e587eb2..d674ffa65745 100644
--- a/core/src/main/resources/lib/hudson/project/config-publishers2_tr.properties
+++ b/core/src/main/resources/lib/hudson/project/config-publishers2_tr.properties
@@ -20,4 +20,5 @@
 # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 # THE SOFTWARE.
 
-Post-build\ Actions=Yapılandırma-sonrası Aksiyonlar
+Post-build\ Actions=Yapılandırma Sonrası Aksiyonlar
+Add\ post-build\ action=Yapılandırma sonrası aksiyonu ekle
diff --git a/core/src/main/resources/lib/hudson/project/config-publishers_tr.properties b/core/src/main/resources/lib/hudson/project/config-publishers_tr.properties
index 62d71e587eb2..0ebb2a0a5cca 100644
--- a/core/src/main/resources/lib/hudson/project/config-publishers_tr.properties
+++ b/core/src/main/resources/lib/hudson/project/config-publishers_tr.properties
@@ -20,4 +20,4 @@
 # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 # THE SOFTWARE.
 
-Post-build\ Actions=Yapılandırma-sonrası Aksiyonlar
+Post-build\ Actions=Yapılandırma Sonrası Aksiyonlar
diff --git a/core/src/main/resources/lib/hudson/project/makeDisabled_tr.properties b/core/src/main/resources/lib/hudson/project/makeDisabled_tr.properties
index 12685be25f23..f13c9b783140 100644
--- a/core/src/main/resources/lib/hudson/project/makeDisabled_tr.properties
+++ b/core/src/main/resources/lib/hudson/project/makeDisabled_tr.properties
@@ -20,5 +20,6 @@
 # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 # THE SOFTWARE.
 
-Disable\ Project=Projeyi devre dışı bırak
+Disable\ Project=Projeyi Devre Dışı Bırak
 This\ project\ is\ currently\ disabled=Bu proje şimdilik devre dışı
+Enable=Etkinleştir
diff --git a/core/src/main/resources/lib/layout/pane.jelly b/core/src/main/resources/lib/layout/pane.jelly
index 7e10c3d59d71..e7c4a04a8245 100644
--- a/core/src/main/resources/lib/layout/pane.jelly
+++ b/core/src/main/resources/lib/layout/pane.jelly
@@ -52,7 +52,7 @@ THE SOFTWARE.
     </st:attribute>
   </st:documentation>
   <j:set var="paneIsCollapsed" value="${h.isCollapsed(attrs.id)}" />
-  <div class="pane-frame track-mouse ${paneIsCollapsed ? 'collapsed' : 'expanded'}" id="${attrs.id}">
+  <div class="pane-frame ${paneIsCollapsed ? 'collapsed' : 'expanded'}" id="${attrs.id}">
     <div class="pane-header">
       <span class="pane-header-title">
         <j:out value="${title}"/>
diff --git a/pom.xml b/pom.xml
index 078ae5d1a9de..7a511432872c 100644
--- a/pom.xml
+++ b/pom.xml
@@ -73,7 +73,7 @@ THE SOFTWARE.
   </issueManagement>
 
   <properties>
-    <revision>2.420</revision>
+    <revision>2.421</revision>
     <changelist>-SNAPSHOT</changelist>
 
     <!-- configuration for patch tracker plugin  -->
diff --git a/test/pom.xml b/test/pom.xml
index f47fab8029de..5faa39fff2b0 100644
--- a/test/pom.xml
+++ b/test/pom.xml
@@ -95,13 +95,13 @@ THE SOFTWARE.
         <!-- RequireUpperBoundDeps via mailer and junit -->
         <groupId>org.jenkins-ci.plugins</groupId>
         <artifactId>display-url-api</artifactId>
-        <version>2.3.8</version>
+        <version>2.3.9</version>
       </dependency>
       <dependency>
         <!-- requireUpperBoundDeps via matrix-project and junit -->
         <groupId>org.jenkins-ci.plugins</groupId>
         <artifactId>script-security</artifactId>
-        <version>1269.v639888f5e366</version>
+        <version>1271.vdede89739a_81</version>
       </dependency>
     </dependencies>
   </dependencyManagement>
@@ -116,7 +116,7 @@ THE SOFTWARE.
     <dependency>
       <groupId>${project.groupId}</groupId>
       <artifactId>jenkins-test-harness</artifactId>
-      <version>2053.v0ea_6fc5d99b_f</version>
+      <version>2058.va_7b_41a_286207</version>
       <scope>test</scope>
       <exclusions>
         <exclusion>
@@ -209,7 +209,7 @@ THE SOFTWARE.
     <dependency>
       <groupId>org.jenkins-ci.plugins</groupId>
       <artifactId>matrix-auth</artifactId>
-      <version>3.1.10</version>
+      <version>3.2</version>
       <scope>test</scope>
     </dependency>
     <dependency>
@@ -221,7 +221,7 @@ THE SOFTWARE.
     <dependency>
       <groupId>org.jenkins-ci.plugins</groupId>
       <artifactId>structs</artifactId>
-      <version>324.va_f5d6774f3a_d</version>
+      <version>325.vcb_307d2a_2782</version>
       <scope>test</scope>
     </dependency>
     <dependency>
diff --git a/test/src/test/java/hudson/console/AnnotatedLargeTextTest.java b/test/src/test/java/hudson/console/AnnotatedLargeTextTest.java
index dcd3b96c3210..825bd2b60460 100644
--- a/test/src/test/java/hudson/console/AnnotatedLargeTextTest.java
+++ b/test/src/test/java/hudson/console/AnnotatedLargeTextTest.java
@@ -27,6 +27,7 @@
 import static org.hamcrest.MatcherAssert.assertThat;
 import static org.hamcrest.Matchers.containsString;
 import static org.hamcrest.Matchers.hasItem;
+import static org.hamcrest.Matchers.matchesRegex;
 import static org.junit.Assert.assertEquals;
 
 import hudson.MarkupText;
@@ -52,7 +53,7 @@ public class AnnotatedLargeTextTest {
     public static JenkinsRule r = new JenkinsRule();
 
     @Rule
-    public LoggerRule logging = new LoggerRule().record(ConsoleAnnotationOutputStream.class, Level.FINE).capture(100);
+    public LoggerRule logging = new LoggerRule().record(ConsoleAnnotationOutputStream.class, Level.FINE).record(PlainTextConsoleOutputStream.class, Level.FINE).capture(100);
 
     @Test
     public void smokes() throws Exception {
@@ -138,6 +139,29 @@ public void badMac() throws Exception {
                         + "AAA\\u001B[0myour home.\\n\"")); // TODO assert that this is IOException: MAC mismatch
     }
 
+    @Issue("JENKINS-61452")
+    @Test
+    public void corruptedNote() throws Exception {
+        ByteBuffer buf = new ByteBuffer();
+        PrintStream ps = new PrintStream(buf, true, StandardCharsets.UTF_8);
+        ps.print("Some text.\n");
+        ps.print("Go back to " + TestNote.encodeTo("/root", "your home") + ".\n");
+        ps.print("More text.\n");
+        String original = buf.toString();
+        String corrupted = original.replace("+", "\u0000");
+        buf = new ByteBuffer();
+        buf.write(corrupted.getBytes());
+        AnnotatedLargeText<Void> text = new AnnotatedLargeText<>(buf, StandardCharsets.UTF_8, true, null);
+        ByteArrayOutputStream baos = new ByteArrayOutputStream();
+        text.writeLogTo(0, baos);
+        assertThat(baos.toString(StandardCharsets.UTF_8), matchesRegex("Some text[.]\nGo back to .*your home[.]\nMore text[.]\n"));
+        assertThat(logging.getMessages(), hasItem(matchesRegex("Failed to skip annotation from .+")));
+        StringWriter w = new StringWriter();
+        text.writeHtmlTo(0, w);
+        assertThat(w.toString(), matchesRegex("Some text[.]\nGo back to .*your home[.]\nMore text[.]\n"));
+        assertThat(logging.getMessages(), hasItem(matchesRegex("Failed to resurrect annotation from .+")));
+    }
+
     /** Simplified version of {@link HyperlinkNote}. */
     static class TestNote extends ConsoleNote<Void> {
         private final String url;
diff --git a/test/src/test/java/hudson/model/CauseTest.java b/test/src/test/java/hudson/model/CauseTest.java
index 5b709c5d3112..4f4fba4e8121 100644
--- a/test/src/test/java/hudson/model/CauseTest.java
+++ b/test/src/test/java/hudson/model/CauseTest.java
@@ -32,13 +32,15 @@
 import static org.junit.Assert.assertTrue;
 
 import hudson.XmlFile;
+import hudson.model.queue.QueueTaskFuture;
 import hudson.tasks.BuildTrigger;
 import hudson.util.StreamTaskListener;
 import java.io.ByteArrayOutputStream;
 import java.io.File;
 import java.io.IOException;
 import java.nio.charset.Charset;
-import java.util.concurrent.Future;
+import java.util.ArrayList;
+import java.util.List;
 import java.util.concurrent.atomic.AtomicBoolean;
 import java.util.regex.Pattern;
 import jenkins.model.Jenkins;
@@ -78,22 +80,29 @@ public class CauseTest {
         FreeStyleProject a = j.createFreeStyleProject("a");
         FreeStyleProject b = j.createFreeStyleProject("b");
         FreeStyleProject c = j.createFreeStyleProject("c");
+        List<QueueTaskFuture<FreeStyleBuild>> futures = new ArrayList<>();
         Run<?, ?> last = null;
         for (int i = 1; i <= 10; i++) {
             Cause cause = last == null ? null : new Cause.UpstreamCause(last);
-            Future<? extends Run<?, ?>> next1 = a.scheduleBuild2(0, cause);
-            a.scheduleBuild2(0, cause);
+            QueueTaskFuture<FreeStyleBuild> next1 = a.scheduleBuild2(0, cause);
+            futures.add(next1);
+            futures.add(a.scheduleBuild2(0, cause));
             cause = new Cause.UpstreamCause(next1.get());
-            Future<? extends Run<?, ?>> next2 = b.scheduleBuild2(0, cause);
-            b.scheduleBuild2(0, cause);
+            QueueTaskFuture<FreeStyleBuild> next2 = b.scheduleBuild2(0, cause);
+            futures.add(next2);
+            futures.add(b.scheduleBuild2(0, cause));
             cause = new Cause.UpstreamCause(next2.get());
-            Future<? extends Run<?, ?>> next3 = c.scheduleBuild2(0, cause);
-            c.scheduleBuild2(0, cause);
+            QueueTaskFuture<FreeStyleBuild> next3 = c.scheduleBuild2(0, cause);
+            futures.add(next3);
+            futures.add(c.scheduleBuild2(0, cause));
             last = next3.get();
         }
         int count = new XmlFile(Run.XSTREAM, new File(last.getRootDir(), "build.xml")).asString().split(Pattern.quote("<hudson.model.Cause_-UpstreamCause")).length;
         assertFalse("too big at " + count, count > 100);
         //j.interactiveBreak();
+        for (QueueTaskFuture<FreeStyleBuild> future : futures) {
+            j.assertBuildStatusSuccess(j.waitForCompletion(future.waitForStart()));
+        }
     }
 
 
diff --git a/test/src/test/java/hudson/model/labels/LabelBenchmarkTest.java b/test/src/test/java/hudson/model/labels/LabelBenchmarkTest.java
new file mode 100644
index 000000000000..3f429ad46158
--- /dev/null
+++ b/test/src/test/java/hudson/model/labels/LabelBenchmarkTest.java
@@ -0,0 +1,82 @@
+package hudson.model.labels;
+
+import static org.junit.Assert.assertTrue;
+
+import hudson.model.Label;
+import hudson.slaves.DumbSlave;
+import hudson.slaves.JNLPLauncher;
+import java.nio.file.Files;
+import java.nio.file.Paths;
+import java.util.concurrent.TimeUnit;
+import jenkins.benchmark.jmh.JmhBenchmark;
+import jenkins.benchmark.jmh.JmhBenchmarkState;
+import org.junit.Test;
+import org.openjdk.jmh.annotations.Benchmark;
+import org.openjdk.jmh.annotations.Mode;
+import org.openjdk.jmh.infra.Blackhole;
+import org.openjdk.jmh.results.format.ResultFormatType;
+import org.openjdk.jmh.runner.Runner;
+import org.openjdk.jmh.runner.options.ChainedOptionsBuilder;
+import org.openjdk.jmh.runner.options.OptionsBuilder;
+
+public class LabelBenchmarkTest {
+    @Test
+    public void runBenchmark() throws Exception {
+        // run the minimum possible number of iterations
+        ChainedOptionsBuilder options = new OptionsBuilder()
+                .mode(Mode.AverageTime)
+                .forks(1)
+                .result("jmh-report.json")
+                .resultFormat(ResultFormatType.JSON)
+                .operationsPerInvocation(1)
+                .threads(1)
+                .warmupForks(0)
+                .warmupIterations(0)
+                .measurementBatchSize(1)
+                .measurementIterations(1)
+                .timeUnit(TimeUnit.NANOSECONDS)
+                .shouldFailOnError(true)
+                .include(LabelBenchmarkTest.class.getName() + ".*");
+        new Runner(options.build()).run();
+        assertTrue(Files.exists(Paths.get("jmh-report.json")));
+    }
+
+    @JmhBenchmark
+    public static class NodeLabelBenchmark {
+        public static class StateImpl extends JmhBenchmarkState {
+            @Override
+            public void setup() throws Exception {
+                DumbSlave test = new DumbSlave("test", "/tmp/slave", new JNLPLauncher());
+                test.setLabelString("a b c");
+                getJenkins().addNode(test);
+            }
+        }
+
+        @Benchmark
+        public void nodeGetAssignedLabels(StateImpl state, Blackhole blackhole) {
+            blackhole.consume(state.getJenkins().getNode("test").getAssignedLabels());
+        }
+    }
+
+
+    @JmhBenchmark
+    public static class LabelBenchmark {
+        public static class MyState extends JmhBenchmarkState {
+        }
+
+        @Benchmark
+        public void simpleLabel(MyState state, Blackhole blackhole) {
+            blackhole.consume(Label.parse("some-label"));
+        }
+
+        @Benchmark
+        public void complexLabel(MyState state, Blackhole blackhole) {
+            blackhole.consume(Label.parse("label1 && label2"));
+        }
+
+        @Benchmark
+        public void jenkinsGetAssignedLabels(MyState state, Blackhole blackhole) {
+            blackhole.consume(state.getJenkins().getAssignedLabels());
+        }
+    }
+}
diff --git a/test/src/test/java/jenkins/model/ErrorPageTest.java b/test/src/test/java/jenkins/model/ErrorPageTest.java
new file mode 100644
index 000000000000..939dd20c60a3
--- /dev/null
+++ b/test/src/test/java/jenkins/model/ErrorPageTest.java
@@ -0,0 +1,186 @@
+package jenkins.model;
+
+import static org.hamcrest.MatcherAssert.assertThat;
+import static org.hamcrest.Matchers.containsString;
+import static org.hamcrest.Matchers.not;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertThrows;
+
+import hudson.ExtensionList;
+import java.net.URL;
+import java.nio.charset.StandardCharsets;
+import java.util.Arrays;
+import java.util.List;
+import jenkins.security.ResourceDomainConfiguration;
+import org.htmlunit.FailingHttpStatusCodeException;
+import org.htmlunit.Page;
+import org.htmlunit.html.HtmlPage;
+import org.junit.Assert;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized;
+import org.jvnet.hudson.test.Issue;
+import org.jvnet.hudson.test.JenkinsRule;
+import org.jvnet.hudson.test.MockAuthorizationStrategy;
+import org.kohsuke.stapler.Dispatcher;
+
+@RunWith(Parameterized.class)
+public class ErrorPageTest {
+
+    @Rule
+    public JenkinsRule j = new JenkinsRule();
+
+    @Parameterized.Parameters
+    public static List<String> contexts() {
+        return Arrays.asList("/jenkins", "");
+    }
+
+    public ErrorPageTest(String context) {
+        j.contextPath = context;
+    }
+
+    @Test
+    @Issue("JENKINS-71087")
+    public void nice404ErrorPage() throws Exception {
+        try (JenkinsRule.WebClient wc = j.createWebClient()) {
+            Dispatcher.TRACE = false;
+
+            /* Start with no security realm configured */
+
+            { // basic error page
+                final FailingHttpStatusCodeException ex = assertThrows(FailingHttpStatusCodeException.class, () -> wc.goTo("foo"));
+                assertEquals(404, ex.getStatusCode());
+                final String content = ex.getResponse().getContentAsString(StandardCharsets.UTF_8);
+                assertThat(content, not(containsString(j.contextPath + "/login?from=")));
+                assertThat(content, containsString("This page does not exist."));
+                assertThat(content, not(containsString("REST API")));
+            }
+
+            { // paths are fine on error page even when nested
+                final FailingHttpStatusCodeException ex = assertThrows(FailingHttpStatusCodeException.class, () -> wc.goTo("foo/bar/baz/"));
+                assertEquals(404, ex.getStatusCode());
+                final String content = ex.getResponse().getContentAsString(StandardCharsets.UTF_8);
+                assertThat(content, not(containsString(j.contextPath + "/login?from=")));
+                assertThat(content, containsString("This page does not exist."));
+                assertThat(content, not(containsString("REST API")));
+            }
+
+            { // resource root action have custom (less) error message content
+                final FailingHttpStatusCodeException ex = assertThrows(FailingHttpStatusCodeException.class, () -> wc.goTo("static-files/foo"));
+                assertEquals(404, ex.getStatusCode());
+                final String content = ex.getResponse().getContentAsString(StandardCharsets.UTF_8);
+                assertThat(content, not(containsString(j.contextPath + "/login?from=")));
+                assertThat(content, not(containsString("This page does not exist.")));
+                assertThat(content, not(containsString("This page may not exist, or you may not have permission to see it.")));
+                assertThat(content, not(containsString("REST API")));
+            }
+
+            /* Set up security realm and request as anonymous, we expect login link and hedged response */
+            j.jenkins.setSecurityRealm(j.createDummySecurityRealm());
+            j.jenkins.setAuthorizationStrategy(new MockAuthorizationStrategy().grant(Jenkins.ADMINISTER).everywhere().toAuthenticated().grant(Jenkins.READ).everywhere().toEveryone());
+
+            { // basic error page
+                final FailingHttpStatusCodeException ex = assertThrows(FailingHttpStatusCodeException.class, () -> wc.goTo("foo"));
+                assertEquals(404, ex.getStatusCode());
+                final String content = ex.getResponse().getContentAsString(StandardCharsets.UTF_8);
+                assertThat(content, containsString(j.contextPath + "/login?from=" + j.contextPath.replace("/", "%2F") + "%2Ffoo"));
+                assertThat(content, not(containsString(j.contextPath + "/login?from=" + j.contextPath.replace("/", "%2F") + "%2F404")));
+                assertThat(content, containsString("This page may not exist, or you may not have permission to see it."));
+                assertThat(content, not(containsString("REST API")));
+            }
+
+            { // paths are fine on error page even when nested
+                final FailingHttpStatusCodeException ex = assertThrows(FailingHttpStatusCodeException.class, () -> wc.goTo("foo/bar/baz/"));
+                assertEquals(404, ex.getStatusCode());
+                final String content = ex.getResponse().getContentAsString(StandardCharsets.UTF_8);
+                assertThat(content, containsString(j.contextPath + "/login?from=" + j.contextPath.replace("/", "%2F") + "%2Ffoo%2Fbar%2Fbaz%2F"));
+                assertThat(content, not(containsString(j.contextPath + "/login?from=" + j.contextPath.replace("/", "%2F") + "%2F404")));
+                assertThat(content, containsString("This page may not exist, or you may not have permission to see it."));
+                assertThat(content, not(containsString("REST API")));
+            }
+
+            { // resource root action have custom (less) error message content
+                final FailingHttpStatusCodeException ex = assertThrows(FailingHttpStatusCodeException.class, () -> wc.goTo("static-files/foo"));
+                assertEquals(404, ex.getStatusCode());
+                final String content = ex.getResponse().getContentAsString(StandardCharsets.UTF_8);
+                assertThat(content, containsString(j.contextPath + "/login?from=" + j.contextPath.replace("/", "%2F") + "%2Fstatic-files%2Ffoo"));
+                assertThat(content, not(containsString(j.contextPath + "/login?from=" + j.contextPath.replace("/", "%2F") + "%2F404")));
+                assertThat(content, not(containsString("This page does not exist.")));
+                assertThat(content, not(containsString("This page may not exist, or you may not have permission to see it.")));
+                assertThat(content, not(containsString("REST API")));
+            }
+
+            /* With the security realm still set up, log in and expect the profile link to show */
+            wc.login("alice");
+
+            { // basic error page
+                final FailingHttpStatusCodeException ex = assertThrows(FailingHttpStatusCodeException.class, () -> wc.goTo("foo"));
+                assertEquals(404, ex.getStatusCode());
+                final String content = ex.getResponse().getContentAsString(StandardCharsets.UTF_8);
+                assertThat(content, not(containsString(j.contextPath + "/login?from=")));
+                assertThat(content, containsString("user/alice"));
+                assertThat(content, containsString("This page may not exist, or you may not have permission to see it."));
+                assertThat(content, not(containsString("REST API")));
+            }
+
+            { // paths are fine on error page even when nested
+                final FailingHttpStatusCodeException ex = assertThrows(FailingHttpStatusCodeException.class, () -> wc.goTo("foo/bar/baz/"));
+                assertEquals(404, ex.getStatusCode());
+                final String content = ex.getResponse().getContentAsString(StandardCharsets.UTF_8);
+                assertThat(content, not(containsString(j.contextPath + "/login?from=")));
+                assertThat(content, containsString("user/alice"));
+                assertThat(content, containsString("This page may not exist, or you may not have permission to see it."));
+                assertThat(content, not(containsString("REST API")));
+            }
+
+            { // resource root action have custom (less) error message content
+                final FailingHttpStatusCodeException ex = assertThrows(FailingHttpStatusCodeException.class, () -> wc.goTo("static-files/foo"));
+                assertEquals(404, ex.getStatusCode());
+                final String content = ex.getResponse().getContentAsString(StandardCharsets.UTF_8);
+                assertThat(content, not(containsString(j.contextPath + "/login?from=")));
+                assertThat(content, containsString("user/alice"));
+                assertThat(content, not(containsString("This page does not exist.")));
+                assertThat(content, not(containsString("This page may not exist, or you may not have permission to see it.")));
+                assertThat(content, not(containsString("REST API")));
+            }
+        } finally {
+            Dispatcher.TRACE = true;
+        }
+    }
+
+    @Test
+    @Issue("JENKINS-71087")
+    public void kindaNice404ErrorPageOnResourceDomain() throws Exception {
+        final String resourceRoot;
+        { // Setup stolen from ResourceDomainTest
+            URL root = j.getURL(); // which always will use "localhost", see JenkinsRule#getURL()
+            Assert.assertTrue(root.toString().contains("localhost")); // to be safe
+
+            resourceRoot = root.toString().replace("localhost", "127.0.0.1");
+            ResourceDomainConfiguration configuration = ExtensionList.lookupSingleton(ResourceDomainConfiguration.class);
+            configuration.setUrl(resourceRoot);
+        }
+
+        try (JenkinsRule.WebClient wc = j.createWebClient()) {
+            wc.setThrowExceptionOnFailingStatusCode(false);
+
+            @SuppressWarnings("deprecation") // we need to not access the usual Jenkins URLs
+            final Page page = wc.getPage(resourceRoot + "foo");
+            wc.setThrowExceptionOnFailingStatusCode(true);
+
+            assertEquals(404, page.getWebResponse().getStatusCode());
+            final String content = page.getWebResponse().getContentAsString(StandardCharsets.UTF_8);
+            assertThat(content, containsString("Back to Jenkins"));
+            assertThat(content, containsString("Jenkins serves only static files on this domain."));
+            assertThat(content, not(containsString("REST API")));
+            if (page.isHtmlPage()) {
+                final HtmlPage htmlPage = (HtmlPage) page;
+                final Page nextPage = htmlPage.getAnchorByText("Back to Jenkins").click();
+                final String nextContent = nextPage.getWebResponse().getContentAsString(StandardCharsets.UTF_8);
+                assertThat(nextContent, containsString("Welcome to Jenkins"));
+                assertThat(nextContent, containsString("REST API")); // Rest API exists for Jenkins main page
+            }
+        }
+    }
+}
diff --git a/war/package.json b/war/package.json
index 363ea601b452..624e298bd07b 100644
--- a/war/package.json
+++ b/war/package.json
@@ -34,12 +34,12 @@
     "eslint-config-prettier": "9.0.0",
     "handlebars-loader": "1.7.3",
     "mini-css-extract-plugin": "2.7.6",
-    "postcss": "8.4.27",
+    "postcss": "8.4.28",
     "postcss-loader": "7.3.3",
     "postcss-preset-env": "9.1.1",
-    "postcss-scss": "4.0.6",
-    "prettier": "3.0.1",
-    "sass": "1.65.1",
+    "postcss-scss": "4.0.7",
+    "prettier": "3.0.2",
+    "sass": "1.66.1",
     "sass-loader": "13.3.2",
     "style-loader": "3.3.3",
     "stylelint": "15.10.2",
@@ -62,5 +62,5 @@
     "defaults",
     "not IE 11"
   ],
-  "packageManager": "yarn@3.6.1"
+  "packageManager": "yarn@3.6.2"
 }
diff --git a/war/pom.xml b/war/pom.xml
index 963a3b0d50fc..809ecf86c968 100644
--- a/war/pom.xml
+++ b/war/pom.xml
@@ -50,8 +50,8 @@ THE SOFTWARE.
     <!-- frontend-maven-plugin will install this Yarn version as bootstrap, then hand over control to Yarn Berry. -->
     <yarn.version>1.22.19</yarn.version>
     <!-- maven-antrun-plugin will download this Yarn version. -->
-    <yarn-berry.version>3.6.1</yarn-berry.version>
-    <yarn-berry.sha256sum>811210abb5fb5751da12ead8a9cbc0c150b07e43ac9cbedec6752d22abfd2bd6</yarn-berry.sha256sum>
+    <yarn-berry.version>3.6.2</yarn-berry.version>
+    <yarn-berry.sha256sum>506981787ad29ec22e9c904a0d630c3b03b2e5c078b074990404aabbf2fb007b</yarn-berry.sha256sum>
   </properties>
 
   <dependencyManagement>
diff --git a/war/src/main/js/add-item.scss b/war/src/main/js/add-item.scss
index b9ef9eb9e930..e033c98a5de5 100644
--- a/war/src/main/js/add-item.scss
+++ b/war/src/main/js/add-item.scss
@@ -1,5 +1,3 @@
-@use "widgets/variables";
-
 /*
  * Widget styles
  */
diff --git a/war/src/main/js/widgets/variables.scss b/war/src/main/js/widgets/variables.scss
deleted file mode 100644
index 4137129e1b39..000000000000
--- a/war/src/main/js/widgets/variables.scss
+++ /dev/null
@@ -1,16 +0,0 @@
-:root {
-  --medium-translucent: rgba(255, 255, 255, 0.75);
-
-  --shade-hint: rgba(0, 0, 0, 0.025);
-  --shade: rgba(0, 0, 0, 0.1);
-
-  --line-blue: #69c;
-  --line-green: #acb;
-
-  --danger: #d24939;
-  --danger-line: #be3a2b;
-  --danger-dark: #a23225;
-  --danger-dark-line: #942e22;
-
-  --input-line-height: 2.25em;
-}
diff --git a/war/src/main/scss/abstracts/colors.scss b/war/src/main/scss/abstracts/_colors.scss
similarity index 100%
rename from war/src/main/scss/abstracts/colors.scss
rename to war/src/main/scss/abstracts/_colors.scss
diff --git a/war/src/main/scss/abstracts/_index.scss b/war/src/main/scss/abstracts/_index.scss
new file mode 100644
index 000000000000..4ac76fba5a00
--- /dev/null
+++ b/war/src/main/scss/abstracts/_index.scss
@@ -0,0 +1,2 @@
+@use "colors";
+@use "theme";
diff --git a/war/src/main/scss/abstracts/mixins.scss b/war/src/main/scss/abstracts/_mixins.scss
similarity index 100%
rename from war/src/main/scss/abstracts/mixins.scss
rename to war/src/main/scss/abstracts/_mixins.scss
diff --git a/war/src/main/scss/abstracts/theme.scss b/war/src/main/scss/abstracts/_theme.scss
similarity index 85%
rename from war/src/main/scss/abstracts/theme.scss
rename to war/src/main/scss/abstracts/_theme.scss
index c2bb35014d07..abc5fd3cb928 100644
--- a/war/src/main/scss/abstracts/theme.scss
+++ b/war/src/main/scss/abstracts/_theme.scss
@@ -51,12 +51,13 @@ $semantics: (
 
   // branding
   --secondary: hsl(240, 10%, 50%);
-  --focus: #3fb3f7;
+  --focus-input-border: #063f61;
+  --focus-input-glow: #{color.change(#0b6aa2, $alpha: 0.25)};
+
+  // Deprecated
   --focus-btn-primary: #{color.change(#0b6aa2, $alpha: 0.5)};
   --focus-btn-secondary: #{color.change(#0b6aa2, $alpha: 0.5)};
   --focus-btn-danger: #{color.change(#cc0003, $alpha: 0.5)};
-  --focus-input-border: #063f61;
-  --focus-input-glow: #{color.change(#0b6aa2, $alpha: 0.25)};
 
   // State colors
   --primary-hover: #0587d4;
@@ -71,36 +72,23 @@ $semantics: (
   // Background colors
   --background: var(--white);
 
-  // Borders
-  --line-green: #acb;
-  --medium-translucent: rgba(255, 255, 255, 0.75);
-
-  // Page header colors
-  --logo-bg: var(--white);
+  // Header
   --brand-link-color: var(--secondary);
   --header-link-color: var(--white);
   --header-link-color-active: #f5f5f5;
-  --header-link-outline: var(--focus);
   --header-search-border: var(--white);
   --search-input-color: var(--brand-link-color);
   --search-bg: var(--white);
   --search-box-completion-bg: var(--primary-hover);
   --search-box-shadow: 0 1px 7px 0 rgba(0, 0, 0, 0.3);
-
-  // Header classic colors
   --header-bg-classic: #000;
   --header-link-bg-classic-hover: #404040;
   --header-link-bg-classic-active: #404040;
-
-  // Header dimensions
   --header-item-border-radius: 4px;
 
   // Breadcrumbs bar
   --breadcrumbs-bar-background: hsla(240, 20%, 96.5%, 0.8);
 
-  // Footer
-  --footer-background: hsla(240, 20%, 96.5%, 0.8);
-
   // Alert call outs
   --alert-success-text-color: #155724;
   --alert-success-bg-color: #d4edda;
@@ -118,19 +106,19 @@ $semantics: (
   // Typography
   --text-color-secondary: var(--secondary);
 
-  // Button generic
+  // Deprecated - Button generic
   --btn-font-weight: bold;
   --btn-text-color: var(--white);
   --btn-font-size: var(--font-size-xs);
   --btn-line-height: 1rem;
   --btn-large-font-size: var(--font-size-sm);
   --btn-large-line-height: 1.25rem;
-  // Button primary
+  // Deprecated - Button primary
   --button-color--primary: var(--background);
   --btn-primary-bg: #063f61;
   --btn-primary-bg-hover: lighten(#063f61, 7.5%);
   --btn-primary-bg-active: lighten(#063f61, 12%);
-  // Button primary
+  // Deprecated - Button primary
   --btn-secondary-color: var(--secondary);
   --btn-secondary-bg: var(--btn-text-color);
   --btn-secondary-border: var(--medium-grey);
@@ -143,7 +131,7 @@ $semantics: (
   --btn-secondary-color--active: var(--primary-active);
   --btn-secondary-bg--active: var(--btn-secondary-bg);
   --btn-secondary-border--active: var(--primary-active);
-  // Button link
+  // Deprecated - Button link
   --btn-link-color: var(--accent-color);
   --btn-link-font-weight: var(--link-font-weight);
   --btn-link-color--hover: var(--primary-hover);
@@ -151,10 +139,6 @@ $semantics: (
   --btn-link-color--active: var(--primary-active);
   --btn-link-bg--active: var(--light-grey);
 
-  // Help area
-  --help-area-bg-color: var(--very-light-grey);
-  --configure-job-help-area-bg-color: var(--medium-translucent);
-
   // Table
   --table-background: var(--panel-header-bg-color);
   --table-header-foreground: var(--text-color);
@@ -250,25 +234,7 @@ $semantics: (
   --tabs-item-foreground--selected: var(--link-color);
   --tabs-border-radius: calc((10px + 34px) / 2);
 
-  // Deprecated
-  --tab-link-border-radius: 10px;
-  --tab-link-border-width: 2px;
-  --tab-link-padding-x: 0.75rem;
-  --tab-link-padding-y: 0.375rem;
-  --tab-link-font-weight: bold;
-  --tab-link-text-color: var(--text-color-secondary);
-  --tab-link-bg: transparent;
-  --tab-link-border-color: var(--light-grey);
-  --tab-link-text-color--hover: var(--tab-link-text-color); // Redundant?
-  --tab-link-bg--hover: var(--light-grey);
-  --tab-link-border-color--hover: var(--tab-link-bg--hover); // Redundant?
-  --tab-link-text-color--active: var(--tab-link-text-color); // Redundant?
-  --tab-link-bg--active: var(--light-grey);
-  --tab-link-border-color--active: var(--tab-link-checked-bg); // Redundant?
-  --tab-link-checked-text-color: var(--white);
-  --tab-link-checked-bg: var(--dark-grey);
-  --tab-link-checked-border-color: var(--tab-link-checked-bg);
-  // Tabbar baseline
+  // Deprecated - Tabbar baseline
   --tab-baseline-width: 2px;
   --tab-baseline-color: var(--light-grey);
   --tab-baseline-default-display: none;
@@ -310,21 +276,14 @@ $semantics: (
   --standard-transition: 0.3s ease;
   --elastic-transition: 0.3s cubic-bezier(0, 0.68, 0.5, 1.5);
 
-  // Pop out menus
+  // Deprecated - Pop out menus
   --menu-text-color: black;
   --menu-bg-color: var(--white);
   --menu-selected-color: #b3d4ff;
   --menu-box-shadow: 0 3px 10px rgba(0, 0, 0, 0.3);
 
-  // Manage component
-  --manage-option-bg-color--hover: var(--very-light-grey);
-  --manage-option-bg-color--active: var(--light-grey);
-  --manage-option-border-color: var(--medium-grey);
-
-  // Add form widget / configure job
+  // Deprecated - Add form widget / configure job
   --light-bg-color: #eee;
-  --bright-bg-color: #f9f9f9;
-  --brightest-bg-color: var(--white);
   --light-bg-color--hover: rgba(255, 255, 255, 0.65);
   --add-item-btn-decorator-border-color: #acb;
   --add-item-btn-decorator-bg-color: rgba(245, 249, 239, 0.75);
@@ -341,10 +300,6 @@ $semantics: (
   // Auto complete
   --auto-complete-bg-color--prehighlight: #b3d4ff;
 
-  // Call to action
-  --call-to-action-link-color: #000;
-  --call-to-action-text-color: var(--alert-info-text-color);
-
   // Default button
   --button-background: hsla(240, 25%, 75%, 0.1);
   --button-background--hover: hsla(240, 25%, 75%, 0.175);
diff --git a/war/src/main/scss/base/breakpoints.scss b/war/src/main/scss/base/_breakpoints.scss
similarity index 100%
rename from war/src/main/scss/base/breakpoints.scss
rename to war/src/main/scss/base/_breakpoints.scss
diff --git a/war/src/main/scss/base/core.scss b/war/src/main/scss/base/_core.scss
similarity index 100%
rename from war/src/main/scss/base/core.scss
rename to war/src/main/scss/base/_core.scss
diff --git a/war/src/main/scss/base/display.scss b/war/src/main/scss/base/_display.scss
similarity index 100%
rename from war/src/main/scss/base/display.scss
rename to war/src/main/scss/base/_display.scss
diff --git a/war/src/main/scss/base/_index.scss b/war/src/main/scss/base/_index.scss
new file mode 100644
index 000000000000..d971080a49a3
--- /dev/null
+++ b/war/src/main/scss/base/_index.scss
@@ -0,0 +1,9 @@
+@use "breakpoints";
+@use "core";
+@use "display";
+@use "layout-commons";
+@use "spacing";
+@use "style";
+@use "typography";
+@use "visibility-utils";
+@use "yui-compatibility";
diff --git a/war/src/main/scss/base/layout-commons.scss b/war/src/main/scss/base/_layout-commons.scss
similarity index 100%
rename from war/src/main/scss/base/layout-commons.scss
rename to war/src/main/scss/base/_layout-commons.scss
diff --git a/war/src/main/scss/base/spacing.scss b/war/src/main/scss/base/_spacing.scss
similarity index 100%
rename from war/src/main/scss/base/spacing.scss
rename to war/src/main/scss/base/_spacing.scss
diff --git a/war/src/main/scss/base/style.scss b/war/src/main/scss/base/_style.scss
similarity index 83%
rename from war/src/main/scss/base/style.scss
rename to war/src/main/scss/base/_style.scss
index 22acd9884ee4..e1957b7f01c1 100644
--- a/war/src/main/scss/base/style.scss
+++ b/war/src/main/scss/base/_style.scss
@@ -22,19 +22,6 @@
  * THE SOFTWARE.
  */
 
-/* Panel */
-@media (width >= 1600px) {
-  body#jenkins.j-hide-left #main-panel {
-    max-width: 75%;
-  }
-}
-
-@media (width >= 2000px) {
-  body#jenkins.j-hide-left #main-panel {
-    max-width: 85%;
-  }
-}
-
 form {
   margin: 0;
 }
@@ -97,23 +84,6 @@ td.no-wrap {
   border-radius: var(--form-input-border-radius);
 }
 
-/* #header .login {
-  position: relative;
-  top: 6px;
-  color: white;
-  margin-right: 10px;
-}
-
-#header .login a, #header .login a:visited {
-  color: white;
-  text-decoration: none;
-}
-
-#header .login a:hover {
-    text-decoration: underline;
-    color: #ccc;
-} */
-
 a.lowkey:link {
   text-decoration: none;
   color: inherit;
@@ -156,22 +126,6 @@ a.tip:hover span {
   text-align: left;
 }
 
-.call-to-action {
-  display: table;
-  margin-bottom: 5px;
-  padding: 10px;
-  background-color: var(--alert-info-bg-color);
-  border-left: 4px solid #577baa;
-  color: var(--call-to-action-text-color);
-}
-
-.call-to-action a,
-.call-to-action a:visited {
-  color: var(--call-to-action-link-color);
-  font-weight: bold;
-  font-size: larger;
-}
-
 img {
   vertical-align: middle;
   border: 0;
@@ -186,17 +140,6 @@ table.tab {
   border-collapse: collapse;
 }
 
-td.selected_tab {
-  vertical-align: middle;
-  border: 1px #090 solid;
-  background: #fff;
-}
-
-td.tab_filler {
-  background: #fff;
-  border-bottom: 1px #090 solid;
-}
-
 td.tab {
   vertical-align: middle;
   border: 1px #090 solid;
@@ -246,10 +189,6 @@ pre.console {
   white-space: nowrap;
 }
 
-.setting-checkbox {
-  font-weight: 500;
-}
-
 .setting-help {
   margin-left: 0.5rem;
   margin-right: 0.5rem;
@@ -304,84 +243,15 @@ pre.console {
   flex-shrink: 1;
 }
 
-/* div that looks like a hyperlink */
-.pseudoLink {
-  cursor: pointer;
-}
-
 .advancedBody {
   display: none;
 }
 
-.scm_info {
-  width: 480px;
-}
-
-.build-keep {
-  font-weight: bold;
-}
-
-.task-header {
-  display: block;
-  border-bottom: 1px #090 solid;
-  font-weight: bold;
-  font-size: var(--font-size-xs);
-}
-
 .jenkins-not-applicable {
   color: darkgrey;
   font-style: italic;
 }
 
-.smallfont {
-  font-size: 9px;
-}
-
-#foldertab {
-  padding: 4px 0;
-  margin-left: 0;
-  border-bottom: 1px solid #090;
-  font:
-    bold 12px Helvetica,
-    Arial,
-    sans-serif;
-}
-
-#foldertab li {
-  list-style: none;
-  margin: 0;
-  display: inline;
-}
-
-#foldertab li a {
-  padding: 4px 0.5em;
-  margin-left: 3px;
-  border: 1px solid #090;
-  border-bottom: none;
-  background: #090;
-  text-decoration: none;
-}
-
-#foldertab li a:link {
-  color: white;
-}
-
-#foldertab li a:visited {
-  color: white;
-}
-
-#foldertab li a:hover {
-  color: white;
-  background: #6c0;
-  border-color: #6c0;
-}
-
-#foldertab li a#current {
-  background: white;
-  border-bottom: 1px solid white;
-  color: black;
-}
-
 .changeset-message {
   padding: 0.8rem 1rem;
   border-radius: 10px;
@@ -398,25 +268,6 @@ pre.console {
   color: gray;
 }
 
-#login-field {
-  vertical-align: middle;
-  padding-right: 1em;
-  width: 1px;
-}
-
-#login-field span {
-  white-space: nowrap;
-  color: white;
-}
-
-#login-field a {
-  /*
-      link inside login field should be always white.
-      If I set this to inherit, it won't work in IE7
-     */
-  color: white;
-}
-
 .bottom-sticker,
 #bottom-sticker {
   position: sticky;
@@ -551,76 +402,6 @@ img.icon-help {
   vertical-align: text-top;
 }
 
-/* ====================== project view tab bar ===================================== */
-#viewList {
-  border: none;
-  margin-bottom: 0;
-  width: 100%;
-  white-space: nowrap;
-}
-
-#viewList td {
-  padding: 0;
-}
-
-#viewList td.inactive {
-  border: solid 1px #ccc;
-  border-bottom-color: #bbb;
-}
-
-#viewList td.inactive:hover {
-  background-color: #777;
-}
-
-#viewList td.inactive a {
-  text-decoration: none;
-  color: #444;
-}
-
-#viewList td.inactive a:hover {
-  color: #f1f1f1;
-}
-
-#viewList td.noleft {
-  border-left: none;
-}
-
-#viewList td.noright {
-  border-right: none;
-}
-
-#viewList td.active {
-  border: solid 1px #bbb;
-  padding: 0.5em;
-  border-bottom: none;
-  vertical-align: middle;
-  background-color: rgb(240, 240, 240);
-  font-weight: bold;
-  white-space: nowrap;
-}
-
-#viewList td.filler {
-  border: none;
-  border-bottom: solid 1px #bbb;
-  width: 100%;
-  text-align: right;
-}
-
-#viewList a {
-  display: block;
-  padding: 0.5em;
-  white-space: nowrap;
-}
-
-#projectstatus .header {
-  border-bottom: 1px solid var(--bigtable-header-border-color);
-}
-
-#projectstatus > thead > th {
-  text-align: left;
-  // padding: 7px 0px;
-}
-
 /* ============================ list view entries ======================== */
 div.listview-jobs {
   max-height: 300px;
@@ -629,24 +410,6 @@ div.listview-jobs {
   padding-left: 15px;
 }
 
-/* ============================ parameters form ========================== */
-
-table.parameters {
-  border-collapse: collapse;
-}
-
-table.parameters > tbody > tr:first-child > td {
-  padding-top: 4px;
-}
-
-table.parameters .setting-description {
-  padding-bottom: 4px;
-}
-
-table.parameters > tbody:hover {
-  background-color: var(--table-parameters-bg--hover);
-}
-
 /* ============================ health report hover ========================== */
 
 .healthReport a {
@@ -1067,24 +830,6 @@ textarea {
   resize: vertical;
 }
 
-/*
- * TODO(andipabst): Not used after https://github.com/jenkinsci/jenkins/pull/4299,
- *                  remove once there are no more dependencies
- */
-#plugins .compatWarning {
-  white-space: normal;
-  margin-top: 0.5em;
-  padding-left: 2em;
-  color: #f00;
-}
-
-#plugins .securityWarning {
-  white-space: normal;
-  margin-top: 0.5em;
-  padding-left: 2em;
-  color: #f00;
-}
-
 /* ========================= progress bar ========================= */
 
 table.progress-bar {
@@ -1159,6 +904,7 @@ table.progress-bar.red td.progress-bar-done {
 }
 
 /* ========================= tags/labels ================== */
+// Used in core/src/main/java/hudson/util/TagCloud.java#getClassName
 
 /* tag0 is the least important tag in a tag cloud */
 .tag0 {
@@ -1281,11 +1027,6 @@ select.select-ajax-pending {
 }
 
 /* ========================= Button styles ================= */
-.btn-box {
-  display: block;
-  margin-top: 2em;
-}
-
 #disable-project {
   margin-top: 6px;
 }
diff --git a/war/src/main/scss/base/typography.scss b/war/src/main/scss/base/_typography.scss
similarity index 100%
rename from war/src/main/scss/base/typography.scss
rename to war/src/main/scss/base/_typography.scss
diff --git a/war/src/main/scss/base/visibility-utils.scss b/war/src/main/scss/base/_visibility-utils.scss
similarity index 100%
rename from war/src/main/scss/base/visibility-utils.scss
rename to war/src/main/scss/base/_visibility-utils.scss
diff --git a/war/src/main/scss/base/yui-compatibility.scss b/war/src/main/scss/base/_yui-compatibility.scss
similarity index 100%
rename from war/src/main/scss/base/yui-compatibility.scss
rename to war/src/main/scss/base/_yui-compatibility.scss
diff --git a/war/src/main/scss/modules/app-bar.scss b/war/src/main/scss/components/_app-bar.scss
similarity index 100%
rename from war/src/main/scss/modules/app-bar.scss
rename to war/src/main/scss/components/_app-bar.scss
diff --git a/war/src/main/scss/modules/badges.scss b/war/src/main/scss/components/_badges.scss
similarity index 100%
rename from war/src/main/scss/modules/badges.scss
rename to war/src/main/scss/components/_badges.scss
diff --git a/war/src/main/scss/modules/breadcrumbs.scss b/war/src/main/scss/components/_breadcrumbs.scss
similarity index 100%
rename from war/src/main/scss/modules/breadcrumbs.scss
rename to war/src/main/scss/components/_breadcrumbs.scss
diff --git a/war/src/main/scss/modules/buttons-deprecated.scss b/war/src/main/scss/components/_buttons-deprecated.scss
similarity index 100%
rename from war/src/main/scss/modules/buttons-deprecated.scss
rename to war/src/main/scss/components/_buttons-deprecated.scss
diff --git a/war/src/main/scss/modules/buttons.scss b/war/src/main/scss/components/_buttons.scss
similarity index 100%
rename from war/src/main/scss/modules/buttons.scss
rename to war/src/main/scss/components/_buttons.scss
diff --git a/war/src/main/scss/modules/content-blocks.scss b/war/src/main/scss/components/_content-blocks.scss
similarity index 100%
rename from war/src/main/scss/modules/content-blocks.scss
rename to war/src/main/scss/components/_content-blocks.scss
diff --git a/war/src/main/scss/modules/dialogs.scss b/war/src/main/scss/components/_dialogs.scss
similarity index 100%
rename from war/src/main/scss/modules/dialogs.scss
rename to war/src/main/scss/components/_dialogs.scss
diff --git a/war/src/main/scss/modules/dropdowns.scss b/war/src/main/scss/components/_dropdowns.scss
similarity index 100%
rename from war/src/main/scss/modules/dropdowns.scss
rename to war/src/main/scss/components/_dropdowns.scss
diff --git a/war/src/main/scss/modules/icons.scss b/war/src/main/scss/components/_icons.scss
similarity index 100%
rename from war/src/main/scss/modules/icons.scss
rename to war/src/main/scss/components/_icons.scss
diff --git a/war/src/main/scss/components/_index.scss b/war/src/main/scss/components/_index.scss
new file mode 100644
index 000000000000..70a4f6f62dd7
--- /dev/null
+++ b/war/src/main/scss/components/_index.scss
@@ -0,0 +1,24 @@
+@use "app-bar";
+@use "badges";
+@use "breadcrumbs";
+@use "buttons-deprecated";
+@use "buttons";
+@use "content-blocks";
+@use "dialogs";
+@use "dropdowns";
+@use "icons";
+@use "notice";
+@use "notifications";
+@use "page-footer";
+@use "page-header";
+@use "panes-and-bigtable";
+@use "progress-animation";
+@use "row-selection-controller";
+@use "section";
+@use "side-panel-tasks";
+@use "side-panel-widgets";
+@use "skip-link";
+@use "spinner";
+@use "table";
+@use "tabs";
+@use "tooltips";
diff --git a/war/src/main/scss/modules/notice.scss b/war/src/main/scss/components/_notice.scss
similarity index 100%
rename from war/src/main/scss/modules/notice.scss
rename to war/src/main/scss/components/_notice.scss
diff --git a/war/src/main/scss/modules/notifications.scss b/war/src/main/scss/components/_notifications.scss
similarity index 100%
rename from war/src/main/scss/modules/notifications.scss
rename to war/src/main/scss/components/_notifications.scss
diff --git a/war/src/main/scss/modules/page-footer.scss b/war/src/main/scss/components/_page-footer.scss
similarity index 100%
rename from war/src/main/scss/modules/page-footer.scss
rename to war/src/main/scss/components/_page-footer.scss
diff --git a/war/src/main/scss/modules/page-header.scss b/war/src/main/scss/components/_page-header.scss
similarity index 98%
rename from war/src/main/scss/modules/page-header.scss
rename to war/src/main/scss/components/_page-header.scss
index 3b1211777e01..13e63d91a771 100644
--- a/war/src/main/scss/modules/page-header.scss
+++ b/war/src/main/scss/components/_page-header.scss
@@ -57,7 +57,6 @@ a.page-header__brand-link {
   padding: 0.5rem;
   margin-right: 0 !important;
   font-weight: bold;
-  outline-color: var(--header-link-outline);
 
   &:link,
   &:visited {
diff --git a/war/src/main/scss/modules/panes-and-bigtable.scss b/war/src/main/scss/components/_panes-and-bigtable.scss
similarity index 100%
rename from war/src/main/scss/modules/panes-and-bigtable.scss
rename to war/src/main/scss/components/_panes-and-bigtable.scss
diff --git a/war/src/main/scss/modules/progress-animation.scss b/war/src/main/scss/components/_progress-animation.scss
similarity index 100%
rename from war/src/main/scss/modules/progress-animation.scss
rename to war/src/main/scss/components/_progress-animation.scss
diff --git a/war/src/main/scss/modules/row-selection-controller.scss b/war/src/main/scss/components/_row-selection-controller.scss
similarity index 100%
rename from war/src/main/scss/modules/row-selection-controller.scss
rename to war/src/main/scss/components/_row-selection-controller.scss
diff --git a/war/src/main/scss/modules/section.scss b/war/src/main/scss/components/_section.scss
similarity index 100%
rename from war/src/main/scss/modules/section.scss
rename to war/src/main/scss/components/_section.scss
diff --git a/war/src/main/scss/modules/side-panel-tasks.scss b/war/src/main/scss/components/_side-panel-tasks.scss
similarity index 100%
rename from war/src/main/scss/modules/side-panel-tasks.scss
rename to war/src/main/scss/components/_side-panel-tasks.scss
diff --git a/war/src/main/scss/modules/side-panel-widgets.scss b/war/src/main/scss/components/_side-panel-widgets.scss
similarity index 100%
rename from war/src/main/scss/modules/side-panel-widgets.scss
rename to war/src/main/scss/components/_side-panel-widgets.scss
diff --git a/war/src/main/scss/modules/skip-link.scss b/war/src/main/scss/components/_skip-link.scss
similarity index 100%
rename from war/src/main/scss/modules/skip-link.scss
rename to war/src/main/scss/components/_skip-link.scss
diff --git a/war/src/main/scss/modules/spinner.scss b/war/src/main/scss/components/_spinner.scss
similarity index 100%
rename from war/src/main/scss/modules/spinner.scss
rename to war/src/main/scss/components/_spinner.scss
diff --git a/war/src/main/scss/modules/table.scss b/war/src/main/scss/components/_table.scss
similarity index 100%
rename from war/src/main/scss/modules/table.scss
rename to war/src/main/scss/components/_table.scss
diff --git a/war/src/main/scss/modules/tabs.scss b/war/src/main/scss/components/_tabs.scss
similarity index 100%
rename from war/src/main/scss/modules/tabs.scss
rename to war/src/main/scss/components/_tabs.scss
diff --git a/war/src/main/scss/modules/tooltips.scss b/war/src/main/scss/components/_tooltips.scss
similarity index 100%
rename from war/src/main/scss/modules/tooltips.scss
rename to war/src/main/scss/components/_tooltips.scss
diff --git a/war/src/main/scss/form/checkbox.scss b/war/src/main/scss/form/_checkbox.scss
similarity index 100%
rename from war/src/main/scss/form/checkbox.scss
rename to war/src/main/scss/form/_checkbox.scss
diff --git a/war/src/main/scss/form/codemirror.scss b/war/src/main/scss/form/_codemirror.scss
similarity index 100%
rename from war/src/main/scss/form/codemirror.scss
rename to war/src/main/scss/form/_codemirror.scss
diff --git a/war/src/main/scss/form/file-upload.scss b/war/src/main/scss/form/_file-upload.scss
similarity index 100%
rename from war/src/main/scss/form/file-upload.scss
rename to war/src/main/scss/form/_file-upload.scss
diff --git a/war/src/main/scss/form/_index.scss b/war/src/main/scss/form/_index.scss
new file mode 100644
index 000000000000..c1d4457f5c22
--- /dev/null
+++ b/war/src/main/scss/form/_index.scss
@@ -0,0 +1,12 @@
+@use "checkbox";
+@use "codemirror";
+@use "file-upload";
+@use "input";
+@use "layout";
+@use "radio";
+@use "reorderable-list";
+@use "search-bar";
+@use "select";
+@use "textarea";
+@use "toggle-switch";
+@use "validation";
diff --git a/war/src/main/scss/form/input.scss b/war/src/main/scss/form/_input.scss
similarity index 100%
rename from war/src/main/scss/form/input.scss
rename to war/src/main/scss/form/_input.scss
diff --git a/war/src/main/scss/form/layout.scss b/war/src/main/scss/form/_layout.scss
similarity index 100%
rename from war/src/main/scss/form/layout.scss
rename to war/src/main/scss/form/_layout.scss
diff --git a/war/src/main/scss/form/radio.scss b/war/src/main/scss/form/_radio.scss
similarity index 100%
rename from war/src/main/scss/form/radio.scss
rename to war/src/main/scss/form/_radio.scss
diff --git a/war/src/main/scss/form/reorderable-list.scss b/war/src/main/scss/form/_reorderable-list.scss
similarity index 100%
rename from war/src/main/scss/form/reorderable-list.scss
rename to war/src/main/scss/form/_reorderable-list.scss
diff --git a/war/src/main/scss/form/search-bar.scss b/war/src/main/scss/form/_search-bar.scss
similarity index 99%
rename from war/src/main/scss/form/search-bar.scss
rename to war/src/main/scss/form/_search-bar.scss
index 9fcc47b862c4..a789b87a3e7e 100644
--- a/war/src/main/scss/form/search-bar.scss
+++ b/war/src/main/scss/form/_search-bar.scss
@@ -191,6 +191,7 @@
     --search-bar-height: 3rem;
 
     max-width: 50vw;
+    margin-block: -6px;
 
     &::before {
       content: "";
diff --git a/war/src/main/scss/form/select.scss b/war/src/main/scss/form/_select.scss
similarity index 100%
rename from war/src/main/scss/form/select.scss
rename to war/src/main/scss/form/_select.scss
diff --git a/war/src/main/scss/form/textarea.scss b/war/src/main/scss/form/_textarea.scss
similarity index 100%
rename from war/src/main/scss/form/textarea.scss
rename to war/src/main/scss/form/_textarea.scss
diff --git a/war/src/main/scss/form/toggle-switch.scss b/war/src/main/scss/form/_toggle-switch.scss
similarity index 100%
rename from war/src/main/scss/form/toggle-switch.scss
rename to war/src/main/scss/form/_toggle-switch.scss
diff --git a/war/src/main/scss/form/validation.scss b/war/src/main/scss/form/_validation.scss
similarity index 100%
rename from war/src/main/scss/form/validation.scss
rename to war/src/main/scss/form/_validation.scss
diff --git a/war/src/main/scss/pages/about.scss b/war/src/main/scss/pages/_about.scss
similarity index 100%
rename from war/src/main/scss/pages/about.scss
rename to war/src/main/scss/pages/_about.scss
diff --git a/war/src/main/scss/pages/dashboard.scss b/war/src/main/scss/pages/_dashboard.scss
similarity index 100%
rename from war/src/main/scss/pages/dashboard.scss
rename to war/src/main/scss/pages/_dashboard.scss
diff --git a/war/src/main/scss/pages/icon-legend.scss b/war/src/main/scss/pages/_icon-legend.scss
similarity index 100%
rename from war/src/main/scss/pages/icon-legend.scss
rename to war/src/main/scss/pages/_icon-legend.scss
diff --git a/war/src/main/scss/pages/_index.scss b/war/src/main/scss/pages/_index.scss
new file mode 100644
index 000000000000..8e019eebb7b0
--- /dev/null
+++ b/war/src/main/scss/pages/_index.scss
@@ -0,0 +1,7 @@
+@use "about";
+@use "dashboard";
+@use "icon-legend";
+@use "manage-jenkins";
+@use "plugin-manager";
+@use "setupWizardFirstUser";
+@use "setupWizardConfigureInstance";
diff --git a/war/src/main/scss/pages/manage-jenkins.scss b/war/src/main/scss/pages/_manage-jenkins.scss
similarity index 100%
rename from war/src/main/scss/pages/manage-jenkins.scss
rename to war/src/main/scss/pages/_manage-jenkins.scss
diff --git a/war/src/main/scss/pages/plugin-manager.scss b/war/src/main/scss/pages/_plugin-manager.scss
similarity index 100%
rename from war/src/main/scss/pages/plugin-manager.scss
rename to war/src/main/scss/pages/_plugin-manager.scss
diff --git a/war/src/main/scss/pages/setupWizardConfigureInstance.scss b/war/src/main/scss/pages/_setupWizardConfigureInstance.scss
similarity index 100%
rename from war/src/main/scss/pages/setupWizardConfigureInstance.scss
rename to war/src/main/scss/pages/_setupWizardConfigureInstance.scss
diff --git a/war/src/main/scss/pages/setupWizardFirstUser.scss b/war/src/main/scss/pages/_setupWizardFirstUser.scss
similarity index 100%
rename from war/src/main/scss/pages/setupWizardFirstUser.scss
rename to war/src/main/scss/pages/_setupWizardFirstUser.scss
diff --git a/war/src/main/scss/pages/sign-in-register.scss b/war/src/main/scss/pages/_sign-in-register.scss
similarity index 99%
rename from war/src/main/scss/pages/sign-in-register.scss
rename to war/src/main/scss/pages/_sign-in-register.scss
index 78b5cfd23a5e..cf77470897ce 100644
--- a/war/src/main/scss/pages/sign-in-register.scss
+++ b/war/src/main/scss/pages/_sign-in-register.scss
@@ -3,7 +3,7 @@
 @use "../base/typography";
 @use "../form/checkbox";
 @use "../form/input";
-@use "../modules/buttons";
+@use "../components/buttons";
 
 @property --opacity {
   syntax: "<angle>";
diff --git a/war/src/main/scss/styles.scss b/war/src/main/scss/styles.scss
index adc93d746d24..267fcbd6f6bb 100644
--- a/war/src/main/scss/styles.scss
+++ b/war/src/main/scss/styles.scss
@@ -1,53 +1,5 @@
-@use "./abstracts/colors";
-@use "./abstracts/theme";
-@use "./base/core";
-@use "./base/display";
-@use "./base/layout-commons";
-@use "./base/spacing";
-@use "./base/style";
-@use "./base/typography";
-@use "./base/visibility-utils";
-@use "./base/yui-compatibility";
-@use "./form/checkbox";
-@use "./form/codemirror";
-@use "./form/file-upload";
-@use "./form/input";
-@use "./form/layout";
-@use "./form/radio";
-@use "./form/reorderable-list";
-@use "./form/search-bar";
-@use "./form/select";
-@use "./form/textarea";
-@use "./form/toggle-switch";
-@use "./form/validation";
-@use "./modules/app-bar";
-@use "./modules/badges";
-@use "./modules/breadcrumbs";
-@use "./modules/buttons";
-@use "./modules/buttons-deprecated";
-@use "./modules/content-blocks";
-@use "./modules/dialogs";
-@use "./modules/dropdowns";
-@use "./modules/icons";
-@use "./modules/notice";
-@use "./modules/notifications";
-@use "./modules/page-footer";
-@use "./modules/page-header";
-@use "./modules/panes-and-bigtable";
-@use "./modules/section";
-@use "./modules/side-panel-tasks";
-@use "./modules/side-panel-widgets";
-@use "./modules/skip-link";
-@use "./modules/spinner";
-@use "./modules/progress-animation";
-@use "./modules/row-selection-controller";
-@use "./modules/table";
-@use "./modules/tabs";
-@use "./modules/tooltips";
-@use "./pages/about";
-@use "./pages/dashboard";
-@use "./pages/icon-legend";
-@use "./pages/manage-jenkins";
-@use "./pages/plugin-manager";
-@use "./pages/setupWizardFirstUser";
-@use "./pages/setupWizardConfigureInstance";
+@use "abstracts";
+@use "base";
+@use "components";
+@use "form";
+@use "pages";
diff --git a/war/src/main/webapp/WEB-INF/web.xml b/war/src/main/webapp/WEB-INF/web.xml
index 7122764ff009..29e9194decd2 100644
--- a/war/src/main/webapp/WEB-INF/web.xml
+++ b/war/src/main/webapp/WEB-INF/web.xml
@@ -80,6 +80,11 @@ THE SOFTWARE.
     <filter-class>hudson.security.csrf.CrumbFilter</filter-class>
     <async-supported>true</async-supported>
   </filter>
+  <filter>
+    <filter-name>error-attribute-filter</filter-name>
+    <filter-class>jenkins.ErrorAttributeFilter</filter-class>
+    <async-supported>true</async-supported>
+  </filter>
   <filter>
     <filter-name>plugins-filter</filter-name>
     <filter-class>hudson.util.PluginServletFilter</filter-class>
@@ -155,6 +160,10 @@ THE SOFTWARE.
     <filter-name>csrf-filter</filter-name>
     <url-pattern>/*</url-pattern>
   </filter-mapping>
+  <filter-mapping>
+    <filter-name>error-attribute-filter</filter-name>
+    <url-pattern>/*</url-pattern>
+  </filter-mapping>
   <filter-mapping>
     <filter-name>plugins-filter</filter-name>
     <url-pattern>/*</url-pattern>
@@ -257,6 +266,10 @@ THE SOFTWARE.
     <exception-type>java.lang.Throwable</exception-type>
     <location>/oops</location>
   </error-page>
+  <error-page>
+    <error-code>404</error-code>
+    <location>/404</location>
+  </error-page>
 
   <session-config>
     <cookie-config>
diff --git a/war/src/main/webapp/scripts/hudson-behavior.js b/war/src/main/webapp/scripts/hudson-behavior.js
index 258dfbdf395a..e93c5cedcfc1 100644
--- a/war/src/main/webapp/scripts/hudson-behavior.js
+++ b/war/src/main/webapp/scripts/hudson-behavior.js
@@ -611,16 +611,12 @@ function geval(script) {
  */
 // eslint-disable-next-line no-unused-vars
 function fireEvent(element, event) {
-  if (document.createEvent) {
-    // dispatch for firefox + others
-    let evt = document.createEvent("HTMLEvents");
-    evt.initEvent(event, true, true); // event type,bubbling,cancelable
-    return !element.dispatchEvent(evt);
-  } else {
-    // dispatch for IE
-    let evt = document.createEventObject();
-    return element.fireEvent("on" + event, evt);
-  }
+  return !element.dispatchEvent(
+    new Event(event, {
+      bubbles: true,
+      cancelable: true,
+    }),
+  );
 }
 
 // Behavior rules
@@ -1395,14 +1391,12 @@ function rowvgStartEachRow(recursive, f) {
     (function () {
       var cmdKeyDown = false;
       var mode = e.getAttribute("script-mode") || "text/x-groovy";
-      var readOnly = eval(e.getAttribute("script-readOnly")) || false;
 
       // eslint-disable-next-line no-unused-vars
       var w = CodeMirror.fromTextArea(e, {
         mode: mode,
         lineNumbers: true,
         matchBrackets: true,
-        readOnly: readOnly,
         onKeyEvent: function (editor, event) {
           function saveAndSubmit() {
             editor.save();
@@ -1788,28 +1782,6 @@ function rowvgStartEachRow(recursive, f) {
     },
   );
 
-  Behaviour.specify(".track-mouse", "-track-mouse", ++p, function (element) {
-    var DOM = YAHOO.util.Dom;
-
-    element.addEventListener("mouseenter", function () {
-      element.classList.add("mouseover");
-
-      var mousemoveTracker = function (event) {
-        var elementRegion = DOM.getRegion(element);
-        if (
-          event.x < elementRegion.left ||
-          event.x > elementRegion.right ||
-          event.y < elementRegion.top ||
-          event.y > elementRegion.bottom
-        ) {
-          element.classList.remove("mouseover");
-          document.removeEventListener("mousemove", mousemoveTracker);
-        }
-      };
-      document.addEventListener("mousemove", mousemoveTracker);
-    });
-  });
-
   window.addEventListener("load", function () {
     // Add a class to the bottom bar when it's stuck to the bottom of the screen
     const el = document.querySelector("#bottom-sticker");
diff --git a/war/yarn.lock b/war/yarn.lock
index 57535318721c..11a7fadae66c 100644
--- a/war/yarn.lock
+++ b/war/yarn.lock
@@ -4364,12 +4364,12 @@ __metadata:
     jquery: 3.7.0
     lodash: 4.17.21
     mini-css-extract-plugin: 2.7.6
-    postcss: 8.4.27
+    postcss: 8.4.28
     postcss-loader: 7.3.3
     postcss-preset-env: 9.1.1
-    postcss-scss: 4.0.6
-    prettier: 3.0.1
-    sass: 1.65.1
+    postcss-scss: 4.0.7
+    prettier: 3.0.2
+    sass: 1.66.1
     sass-loader: 13.3.2
     sortablejs: 1.15.0
     style-loader: 3.3.3
@@ -6013,12 +6013,12 @@ __metadata:
   languageName: node
   linkType: hard
 
-"postcss-scss@npm:4.0.6":
-  version: 4.0.6
-  resolution: "postcss-scss@npm:4.0.6"
+"postcss-scss@npm:4.0.7":
+  version: 4.0.7
+  resolution: "postcss-scss@npm:4.0.7"
   peerDependencies:
     postcss: ^8.4.19
-  checksum: 133a1cba31e2e167f4e841e66ec6a798eaf44c7911f9182ade0b5b1e71a8198814aa390b8c9d5db6b01358115232e5b15b1a4f8c5198acfccfb1f3fdbd328cdf
+  checksum: 579aa6807bf4934dd9bd3f8a257736c1121e189f2aa23853512e2a1be1005bac0136020d08e626998bcd3537080a1403f7a03a8cae277f3e0e314eb3c779db9c
   languageName: node
   linkType: hard
 
@@ -6073,14 +6073,14 @@ __metadata:
   languageName: node
   linkType: hard
 
-"postcss@npm:8.4.27, postcss@npm:^8.4.21, postcss@npm:^8.4.24, postcss@npm:^8.4.25":
-  version: 8.4.27
-  resolution: "postcss@npm:8.4.27"
+"postcss@npm:8.4.28, postcss@npm:^8.4.21, postcss@npm:^8.4.24, postcss@npm:^8.4.25":
+  version: 8.4.28
+  resolution: "postcss@npm:8.4.28"
   dependencies:
     nanoid: ^3.3.6
     picocolors: ^1.0.0
     source-map-js: ^1.0.2
-  checksum: 1cdd0c298849df6cd65f7e646a3ba36870a37b65f55fd59d1a165539c263e9b4872a402bf4ed1ca1bc31f58b68b2835545e33ea1a23b161a1f8aa6d5ded81e78
+  checksum: f605c24a36f7e400bad379735fbfc893ccb8d293ad6d419bb824db77cdcb69f43d614ef35f9f7091f32ca588d130ec60dbcf53b366e6bf88a8a64bbeb3c05f6d
   languageName: node
   linkType: hard
 
@@ -6091,12 +6091,12 @@ __metadata:
   languageName: node
   linkType: hard
 
-"prettier@npm:3.0.1":
-  version: 3.0.1
-  resolution: "prettier@npm:3.0.1"
+"prettier@npm:3.0.2":
+  version: 3.0.2
+  resolution: "prettier@npm:3.0.2"
   bin:
     prettier: bin/prettier.cjs
-  checksum: e1f3f16c7fe0495de3faa182597871f74927d787cce3c52095a66ff5d7eacc05173371d5f58bf12141a0a1b6bfe739a338531d6cf18b92c7256c1319f2c84e73
+  checksum: 118b59ddb6c80abe2315ab6d0f4dd1b253be5cfdb20622fa5b65bb1573dcd362e6dd3dcf2711dd3ebfe64aecf7bdc75de8a69dc2422dcd35bdde7610586b677a
   languageName: node
   linkType: hard
 
@@ -6412,16 +6412,16 @@ __metadata:
   languageName: node
   linkType: hard
 
-"sass@npm:1.65.1":
-  version: 1.65.1
-  resolution: "sass@npm:1.65.1"
+"sass@npm:1.66.1":
+  version: 1.66.1
+  resolution: "sass@npm:1.66.1"
   dependencies:
     chokidar: ">=3.0.0 <4.0.0"
     immutable: ^4.0.0
     source-map-js: ">=0.6.2 <2.0.0"
   bin:
     sass: sass.js
-  checksum: 33e325fc80cd07489992e0814cd4929496f87493ffe78c423c2dbafa5746a574e6f3bde20c2a3e4ea47b16ee3d6bc5afcf1d36b405227b829d6c4c9ddcc7f8e2
+  checksum: 74fc11d0fcd5e16c5331b57dd59865705a299c64e89f2b99646869caeb011dc8d0b6144a6c74a90c264e9ef70654207dbf44fc9b7e3393f8bd14809b904c8a52
   languageName: node
   linkType: hard