Final #1920 update

Co-authored-by: jay0lee <4623536+jay0lee@users.noreply.github.com>

.github/workflows/build.yml

@@ -165,7 +165,7 @@ jobs:
         with:
           path: |
             cache.tar.xz
-          key: gam-${{ matrix.jid }}-20260523
+          key: gam-${{ matrix.jid }}-20260609
 
       - name: Untar Cache archive
         if: matrix.goal == 'build' && steps.cache-python-ssl.outputs.cache-hit == 'true'

pyproject.toml

@@ -18,7 +18,7 @@ dependencies = [
     "google-auth-oauthlib==1.4.0",
     "google-auth==2.53.0",
     "httplib2==0.31.2",
-    "lxml==6.1.0",
+    "lxml==6.1.1",
     "passlib==1.7.4",
     "pathvalidate==3.3.1",
     "pysocks==1.7.1",

src/GamCommands.txt

@@ -1618,7 +1618,8 @@ gam print alias|aliases [todrive <ToDriveAttribute>*]
          [limittoou <OrgUnitItem>])
         [user|users <EmailAddressList>] [group|groups <EmailAddressList>]
         [select <UserTypeEntity>]
-        [issuspended <Boolean>] [isarchived <Boolean>] [aliasmatchpattern <REMatchPattern>]
+        [issuspended [<Boolean>]] [isarchived [<Boolean>]]
+        [aliasmatchpattern <REMatchPattern>]
         [shownoneditable] [nogroups] [nousers]
         [onerowpertarget] [delimiter <Character>]
         [suppressnoaliasrows]
@@ -1665,11 +1666,15 @@ gam <UserTypeEntity> show analyticdatastreams
 <CalendarEntity> ::=
         <CalendarList> | <FileSelector> | <CSVFileSelector> | <CSVkmdSelector> | <CSVDataSelector>
 
-<CalendarACLRole> ::= editor|freebusy|freebusyreader|owner|reader|writer|none
-<CalendarACLScope> ::= <EmailAddress>|user:<EmailAdress>|group:<EmailAddress>|domain:<DomainName>|domain|default
-<CalendarACLScopeList> ::= "<CalendarACLScope>(,<CalendarACLScope>)*"
-<CalendarACLScopeEntity> ::=
-        <CalendarACLScopeList> | <FileSelector> | <CSVFileSelector> | <CSVkmdSelector> | <CSVDataSelector>
+<CalendarACLRole> ::=
+         editor|freebusy|freebusyreader|owner|reader|writer|writerwithoutprivateaccess|none
+<CalendarACLScope> ::=
+        <EmailAddress>|user:<EmailAdress>|group:<EmailAddress>|
+        domain:<DomainName>|domain|default
+<CalendarACLScopeList> ::=
+        "<CalendarACLScope>(,<CalendarACLScope>)*"
+<CalendarACLScopeEntity>::=
+        <CalendarACLScopeList> | <FileSelector> | <CSVkmdSelector> | <CSVDataSelector>
 
 gam calendars <CalendarEntity> create|add acls|calendaracls <CalendarACLRole> <CalendarACLScopeEntity> [sendnotifications <Boolean>]
 gam calendars <CalendarEntity> update acls|calendaracls <CalendarACLRole> <CalendarACLScopeEntity> [sendnotifications <Boolean>]
@@ -4894,10 +4899,15 @@ gam print resources [todrive <ToDriveAttribute>*] [allfields|<ResourceFieldName>
         [formatjson [quotechar <Character>]]
         [showitemcountonly]
 
-<CalendarACLRole> ::= editor|freebusy|freebusyreader|owner|reader|writer|none
-<CalendarACLScope> ::= <EmailAddress>|user:<EmailAdress>|group:<EmailAddress>|domain:<DomainName>|domain|default
-<CalendarACLScopeList> ::= "<CalendarACLScope>(,<CalendarACLScope>)*"
-<CalendarACLScopeEntity> ::= <CalendarACLScopeList> | <FileSelector> | <CSVFileSelector> | <CSVkmdSelector> | <CSVDataSelector>
+<CalendarACLRole> ::=
+         editor|freebusy|freebusyreader|owner|reader|writer|writerwithoutprivateaccess|none
+<CalendarACLScope> ::=
+        <EmailAddress>|user:<EmailAdress>|group:<EmailAddress>|
+        domain:<DomainName>|domain|default
+<CalendarACLScopeList> ::=
+        "<CalendarACLScope>(,<CalendarACLScope>)*"
+<CalendarACLScopeEntity>::=
+        <CalendarACLScopeList> | <FileSelector> | <CSVkmdSelector> | <CSVDataSelector>
 
 gam resource <ResourceID> create|add acls|calendaracls <CalendarACLRole> <CalendarACLScopeEntity> [sendnotifications <Boolean>]
 gam resource <ResourceID> update acls|calendaracls <CalendarACLRole> <CalendarACLScopeEntity> [sendnotifications <Boolean>]
@@ -6021,7 +6031,9 @@ gam print users [todrive <ToDriveAttribute>*]
         (filtermultiattrcustom <UserMultiAttributeFilterName> <String>)*
         [delimiter <Character>] [sortheaders [<Boolean>]] [scalarsfirst [<Boolean>]]
         [formatjson [quotechar <Character>]] [quoteplusphonenumbers]
-        [issuspended <Boolean>] [isarchived <Boolean>] [aliasmatchpattern <REMatchPattern>]
+        ([issuspended [<Boolean>]] [isarchived [<Boolean>]])|(isdisabled [<Boolean>])]
+        [disabledafter <DateTime>] [disabledbefore <DateTime>]
+        [aliasmatchpattern <REMatchPattern>]
         [showvalidcolumn] (addcsvdata <FieldName> <String>)* [includecsvdatainjson [<Boolean>]]
         [showitemcountonly]
 
@@ -6040,7 +6052,9 @@ gam print users [todrive <ToDriveAttribute>*] select <UserTypeEntity>
         (filtermultiattrcustom <UserMultiAttributeFilterName> <String>)*
         [delimiter <Character>] [sortheaders [<Boolean>]] [scalarsfirst [<Boolean>]]
         [formatjson [quotechar <Character>]] [quoteplusphonenumbers]
-        [issuspended <Boolean>] [isarchived <Boolean>] [aliasmatchpattern <REMatchPattern>]
+        ([issuspended [<Boolean>]] [isarchived [<Boolean>]])|(isdisabled [<Boolean>])]
+        [disabledafter <DateTime>] [disabledbefore <DateTime>]
+        [aliasmatchpattern <REMatchPattern>]
         [showvalidcolumn] (addcsvdata <FieldName> <String>)* [includecsvdatainjson [<Boolean>]]
         [showitemcountonly]
 
@@ -6057,7 +6071,9 @@ gam <UserTypeEntity> print users [todrive <ToDriveAttribute>*]
         (filtermultiattrcustom <UserMultiAttributeFilterName> <String>)*
         [delimiter <Character>] [sortheaders [<Boolean>]] [scalarsfirst [<Boolean>]]
         [formatjson [quotechar <Character>]] [quoteplusphonenumbers]
-        [issuspended <Boolean>] [isarchived <Boolean>] [aliasmatchpattern <REMatchPattern>]
+        ([issuspended [<Boolean>]] [isarchived [<Boolean>]])|(isdisabled [<Boolean>])]
+        [disabledafter <DateTime>] [disabledbefore <DateTime>]
+        [aliasmatchpattern <REMatchPattern>]
         [showvalidcolumn] (addcsvdata <FieldName> <String>)* [includecsvdatainjson [<Boolean>]]
         [showitemcountonly]
 
@@ -6126,7 +6142,8 @@ gam <UserTypeEntity> print businessprofileaccounts [todrive <ToDriveAttribute>*]
 
 # Users - Calendars
 
-<CalendarACLRole> ::= editor|freebusy|freebusyreader|owner|reader|writer
+<CalendarACLRole> ::=
+         editor|freebusy|freebusyreader|owner|reader|writer|writerwithoutprivateaccess|none
 
 <CalendarSelectProperty> ::=
         (minaccessrole <CalendarACLRole>)|
@@ -7041,6 +7058,7 @@ gam <UserTypeEntity> move drivefile <DriveFileEntity> [newfilename <DriveFileNam
         [copysubfolderpermissions [<Boolean>]]
         [copysubfolderinheritedpermissions [<Boolean>]]
         [copysubfoldernoniheritedpermissions never|always|syncallfolders|syncupdatedfolders]
+        [movefilepermissions [<Boolean>]]
         [excludepermissionsfromdomains|includepermissionsfromdomains <DomainNameList>]
         (mappermissionsemail <EmailAddress> <EmailAddress>)* [mappermissionsemailfile <CSVFileInput> endcsv]
         (mappermissionsdomain <DomainName> <DomainName>)*

src/GamUpdate.txt

@@ -1,3 +1,21 @@
+7.45.00
+
+Added options `isdisabled [<Boolean>]`, `disabledafter <DateTime>` and  `disabledbefore <DateTime>`
+to `gam print users`. These options along with `issuspended [<Boolean>]` and `isarchived [<Boolean>]`
+are useful when identifying users to deprovision.
+
+Added option `movefilepermissions [<Boolean>]]` to `gam <UserTypeEntity> move drivefile` that, when False,
+causes GAM to remove ACLs from a file before moving it; this will be most useful when moving files to
+Shared Drives so that only the Shared Drive ACls apply. When not specified or set True, file permissions
+are not removed; this is the current GAM behavior.
+
+Upgraded to OpenSSL 4.0.1.
+
+7.44.03
+
+Added `writerwithoutprivateaccess` to `<CalendarACLRole>`; this will become effective 2026-06-29.
+* See: https://developers.google.com/workspace/calendar/release-notes#June_01_2026
+
 7.44.02
 
 Added fields `bluetoothadapterinfo` and `osversioncompliance` to `<CrOSFieldName>` for use

src/gam/__init__.py

@@ -25,7 +25,7 @@ https://github.com/GAM-team/GAM/wiki
 """
 
 __author__ = 'GAM Team <google-apps-manager@googlegroups.com>'
-__version__ = '7.44.02'
+__version__ = '7.45.00'
 __license__ = 'Apache License 2.0 (http://www.apache.org/licenses/LICENSE-2.0)'
 
 # pylint: disable=wrong-import-position
@@ -19492,14 +19492,32 @@ def getUserGroupDomainQueryFilters(myarg, kwargsDict):
     return False
   return True
 
-def makeUserGroupDomainQueryFilters(kwargsDict):
+def makeUserGroupDomainQueryFilters(kwargsDict, isSuspended, isArchived, isDisabled):
+  def addToQuery(query, keyword, value):
+    pquery = query
+    if not pquery:
+      pquery = ''
+    else:
+      pquery += ' '
+    pquery += f'{keyword}={value}'
+    kwargsQueries.append((kwargs, pquery))
+
   kwargsQueries = []
   for kwargs in kwargsDict['list']:
     for query in kwargsDict['queries']:
-      kwargsQueries.append((kwargs, query))
+      if isDisabled is not None:
+        addToQuery(query, 'isArchived', isDisabled)
+        addToQuery(query, 'isSuspended', isDisabled)
+      elif isSuspended is not None or isArchived is not None:
+        if isArchived is not None:
+          addToQuery(query, 'isArchived', isArchived)
+        if isSuspended is not None:
+          addToQuery(query, 'isSuspended', isSuspended)
+      else:
+        kwargsQueries.append((kwargs, query))
   return kwargsQueries
 
-def userFilters(kwargs, query, orgUnitPath, isSuspended, isArchived):
+def userFilters(kwargs, query, orgUnitPath):
   queryTitle = ''
   if kwargs.get('domain'):
     queryTitle += f'domain={kwargs["domain"]}, '
@@ -19512,18 +19530,6 @@ def userFilters(kwargs, query, orgUnitPath, isSuspended, isArchived):
       else:
         query += ' '
       query += f"orgUnitPath='{orgUnitPath}'"
-  if isSuspended is not None:
-    if query is None:
-      query = ''
-    else:
-      query += ' '
-    query += f'isSuspended={isSuspended}'
-  if isArchived is not None:
-    if query is None:
-      query = ''
-    else:
-      query += ' '
-    query += f'isArchived={isArchived}'
   if query is not None:
     queryTitle += f'query="{query}", '
   if queryTitle:
@@ -19535,7 +19541,8 @@ def userFilters(kwargs, query, orgUnitPath, isSuspended, isArchived):
 #	 [limittoou <OrgUnitItem>])
 #	[user|users <EmailAddressList>] [group|groups <EmailAddressList>]
 #	[select <UserTypeEntity>]
-#	[issuspended <Boolean>] [isarchived <Boolean>] [aliasmatchpattern <REMatchPattern>]
+#	[issuspended [<Boolean>]] [isarchived [<Boolean>]]
+#	[aliasmatchpattern <REMatchPattern>]
 #	[shownoneditable] [nogroups] [nousers]
 #	[onerowpertarget] [delimiter <Character>]
 #	[suppressnoaliasrows]
@@ -19639,10 +19646,10 @@ def doPrintAliases():
   if addCSVData:
     csvPF.AddTitles(sorted(addCSVData.keys()))
   if getUsers:
-    for kwargsQuery in makeUserGroupDomainQueryFilters(kwargsDict):
+    for kwargsQuery in makeUserGroupDomainQueryFilters(kwargsDict, isSuspended, isArchived, None):
       kwargs = kwargsQuery[0]
       query = kwargsQuery[1]
-      query, pquery = userFilters(kwargs, query, orgUnitPath, isSuspended, isArchived)
+      query, pquery = userFilters(kwargs, query, orgUnitPath)
       printGettingAllAccountEntities(Ent.USER, pquery)
       try:
         entityList = callGAPIpages(cd.users(), 'list', 'users',
@@ -19683,7 +19690,7 @@ def doPrintAliases():
     except (GAPI.userNotFound, GAPI.badRequest, GAPI.invalid, GAPI.forbidden, GAPI.invalidResource, GAPI.conditionNotMet) as e:
       entityActionFailedWarning([Ent.USER, user], str(e), i, count)
   if getGroups:
-    for kwargsQuery in makeUserGroupDomainQueryFilters(kwargsDict):
+    for kwargsQuery in makeUserGroupDomainQueryFilters(kwargsDict, None, None, None):
       kwargs = kwargsQuery[0]
       query = kwargsQuery[1]
       query, pquery = groupFilters(kwargs, query)
@@ -36496,7 +36503,7 @@ def doPrintGroups():
     setMemberDisplayTitles(memberDisplayOptions, csvPF)
   if entitySelection is None:
     entityList = []
-    for kwargsQuery in makeUserGroupDomainQueryFilters(kwargsDict):
+    for kwargsQuery in makeUserGroupDomainQueryFilters(kwargsDict, None, None, None):
       kwargs = kwargsQuery[0]
       query  = kwargsQuery[1]
       query, pquery = groupFilters(kwargs, query)
@@ -36724,7 +36731,7 @@ def getGroupMembersEntityList(cd, entityList, matchPatterns, fieldsList, kwargsD
   if entityList is None:
     updateFieldsForGroupMatchPatterns(matchPatterns, fieldsList)
     entityList = []
-    for kwargsQuery in makeUserGroupDomainQueryFilters(kwargsDict):
+    for kwargsQuery in makeUserGroupDomainQueryFilters(kwargsDict, None, None, None):
       kwargs = kwargsQuery[0]
       query  = kwargsQuery[1]
       query, pquery = groupFilters(kwargs, query)
@@ -40994,6 +41001,7 @@ CALENDAR_ACL_ROLES_MAP = {
   'read': 'reader',
   'reader': 'reader',
   'writer': 'writer',
+  'writerwithoutprivateaccess': 'writerWithoutPrivateAccess',
   'none': 'none',
   }
 
@@ -47473,7 +47481,7 @@ USER_MULTI_ATTR_FILTER_CHOICE_MAP = {
 
 INFO_USER_OPTIONS = {'noaliases', 'nobuildingnames', 'nogroups', 'nolicenses', 'nolicences', 'noschemas', 'schemas', 'userview'}
 USER_SKIP_OBJECTS = {'thumbnailPhotoEtag'}
-USER_TIME_OBJECTS = {'creationTime', 'deletionTime', 'lastLoginTime', 'suspensionTime', 'archivalTime'}
+USER_TIME_OBJECTS = {'creationTime', 'deletionTime', 'lastLoginTime', 'suspensionTime', 'archivalTime', 'disabledTime'}
 
 def _getUserMultiAttributeFilters(myarg, userMultiAttributeFilters):
   up = getChoice(USER_MULTI_ATTR_FILTER_CHOICE_MAP, mapChoice=True)
@@ -48040,7 +48048,9 @@ USERS_INDEXED_TITLES = ['addresses', 'aliases', 'nonEditableAliases', 'emails',
 #	[userview] [basic|full|allfields | <UserFieldName>* | fields <UserFieldNameList>]
 #	[delimiter <Character>] [sortheaders] [formatjson [quotechar <Character>]] [quoteplusphonenumbers]
 #	[convertcrnl]
-#	[issuspended <Boolean>] [isarchived <Boolean>] [aliasmatchpattern <REMatchPattern>]
+#	([issuspended [<Boolean>]] [isarchived [<Boolean>]])|(isdisabled [<Boolean>])]
+#	[disabledafter <DateTime>] [disabledbefore <DateTime>]
+#	[aliasmatchpattern <REMatchPattern>]
 # 	[showitemcountonly]
 #	[showvalidcolumn] (addcsvdata <FieldName> <String>)* [includecsvdatainjson [<Boolean>]]
 #
@@ -48053,7 +48063,9 @@ USERS_INDEXED_TITLES = ['addresses', 'aliases', 'nonEditableAliases', 'emails',
 #	[userview] [basic|full|allfields | <UserFieldName>* | fields <UserFieldNameList>]
 #	[delimiter <Character>] [sortheaders] [formatjson [quotechar <Character>]] [quoteplusphonenumbers]
 #	[convertcrnl]
-#	[issuspended <Boolean>] [isarchived <Boolean>] [aliasmatchpattern <REMatchPattern>]
+#	([issuspended [<Boolean>]] [isarchived [<Boolean>]])|(isdisabled [<Boolean>])]
+#	[disabledafter <DateTime>] [disabledbefore <DateTime>]
+#	[aliasmatchpattern <REMatchPattern>]
 # 	[showitemcountonly]
 #	[showvalidcolumn] (addcsvdata <FieldName> <String>)* [includecsvdatainjson [<Boolean>]]
 #
@@ -48061,7 +48073,9 @@ USERS_INDEXED_TITLES = ['addresses', 'aliases', 'nonEditableAliases', 'emails',
 #	([domain <DomainName>] [(query <QueryUser>)|(queries <QueryUserList>)]
 #	 [limittoou <OrgUnitItem>] [deleted_only|only_deleted])|[select <UserTypeEntity>]
 #	[formatjson [quotechar <Character>]] [countonly]
-#	[issuspended <Boolean>] [isarchived <Boolean>] [aliasmatchpattern <REMatchPattern>]
+#	([issuspended [<Boolean>]] [isarchived [<Boolean>]])|(isdisabled [<Boolean>])]
+#	[disabledafter <DateTime>] [disabledbefore <DateTime>]
+#	[aliasmatchpattern <REMatchPattern>]
 # 	[showitemcountonly]
 #	[showvalidcolumn] (addcsvdata <FieldName> <String>)* [includecsvdatainjson [<Boolean>]]
 #
@@ -48088,18 +48102,86 @@ def doPrintUsers(entityList=None):
                                ensure_ascii=False, sort_keys=True)
       csvPF.WriteRowNoFilter(row)
 
+  def _getDisabledTimeStr(userEntity):
+    disabledTimeStr = ''
+    if isDisabled or (isSuspended and isArchived):
+      if 'suspensionTime' in userEntity:
+        if 'archivalTime' in userEntity:
+          disabledTimeStr = min(userEntity['suspensionTime'], userEntity['archivalTime'])
+        else:
+          disabledTimeStr = userEntity['suspensionTime']
+          userEntity['archivalTime'] = ''
+      elif 'archivalTime' in userEntity:
+        disabledTimeStr = userEntity['archivalTime']
+        userEntity['suspensionTime'] = ''
+    elif isSuspended:
+      if 'suspensionTime' in userEntity:
+        disabledTimeStr = userEntity['suspensionTime']
+    else: #isArchived
+      if 'archivalTime' in userEntity:
+        disabledTimeStr = userEntity['archivalTime']
+    return disabledTimeStr
+
   def _printUser(userEntity, i, count):
-    if (isSuspended is None and isArchived is None):
+    getDisabledTime = isDisabled or isSuspended or isArchived
+    if disabledAfterTime is not None or disabledBeforeTime is not None:
+      if not (isDisabled or isSuspended or isArchived):
+        return
+      if isDisabled:
+        if (not (('suspended' in userEntity and userEntity['suspended']) or
+                 ('archived' in userEntity and userEntity['archived']))):
+          return
+        if userEntity['primaryEmail'] in archivedSuspendedUsers:
+          return
+        archivedSuspendedUsers.add(userEntity['primaryEmail'])
+      else:
+        if (isSuspended and not ('suspended' in userEntity and userEntity['suspended'])):
+          return
+        if (isArchived and not ('archived' in userEntity and userEntity['archived'])):
+          return
+      disabledTimeStr = _getDisabledTimeStr(userEntity)
+      if not disabledTimeStr:
+        return
+      try:
+        disabledTime = arrow.get(disabledTimeStr)
+        if ((disabledAfterTime is not None and disabledTime < disabledAfterTime) or
+            (disabledBeforeTime is not None and disabledTime >= disabledBeforeTime)):
+          return
+      except (arrow.parser.ParserError, OverflowError):
+        return
+      userEntity.update({'disabled': True, 'disabledTime':  disabledTimeStr})
+      getDisabledTime = False
+      showUser = True
+    elif isDisabled is not None:
+      if isDisabled:
+        showUser = ((isDisabled == userEntity.get('suspended', False)) or
+                    (isDisabled == userEntity.get('archived', False)))
+      else:
+        showUser = ((isDisabled == userEntity.get('suspended', False)) and
+                    (isDisabled == userEntity.get('archived', False)))
+      if showUser and userEntity['primaryEmail'] in archivedSuspendedUsers:
+        return
+      archivedSuspendedUsers.add(userEntity['primaryEmail'])
+      userEntity['disabled'] = isDisabled
+    elif (isSuspended is None and isArchived is None):
       showUser = True
     elif (isSuspended is not None and isArchived is None):
-      showUser = isSuspended == userEntity.get('suspended', isSuspended)
-    elif (isSuspended is None and isArchived is not  None):
-      showUser = isArchived == userEntity.get('archived', isArchived)
-    else:
-      showUser = ((isSuspended == userEntity.get('suspended', isSuspended)) or
-                  (isArchived == userEntity.get('archived', isArchived)))
+      showUser = isSuspended == userEntity.get('suspended', False)
+      userEntity['disabled'] = isSuspended
+    elif (isSuspended is None and isArchived is not None):
+      showUser = isArchived == userEntity.get('archived', False)
+      userEntity['disabled'] = isArchived
+    else: # (isSuspended is not None and isArchived is not None)
+      showUser = ((isSuspended == userEntity.get('suspended', False)) and
+                  (isArchived == userEntity.get('archived', False)))
+      if showUser and userEntity['primaryEmail'] in archivedSuspendedUsers:
+        return
+      archivedSuspendedUsers.add(userEntity['primaryEmail'])
+      userEntity['disabled'] = isSuspended or isArchived
     if not showUser:
       return
+    if getDisabledTime:
+      userEntity['disabledTime'] =  _getDisabledTimeStr(userEntity)
     if getIsGuestUser and 'isGuestUser' not in userEntity:
       userEntity['isGuestUser'] = False
     if showValidColumn:
@@ -48241,7 +48323,9 @@ def doPrintUsers(entityList=None):
   schemaParms = _initSchemaParms('basic')
   projectionSet = False
   getIsGuestUser = oneLicensePerRow = quotePlusPhoneNumbers = showDeleted = False
-  aliasMatchPattern = isArchived = isSuspended = orgUnitPath = orgUnitPathLower = orderBy = sortOrder = None
+  aliasMatchPattern = orgUnitPath = orgUnitPathLower = orderBy = sortOrder = None
+  disabledAfterTime = disabledBeforeTime = isArchived = isDisabled = isSuspended = None
+  archivedSuspendedUsers = set()
   viewType = 'admin_view'
   delimiter = GC.Values[GC.CSV_OUTPUT_FIELD_DELIMITER]
   showValidColumn = ''
@@ -48264,8 +48348,17 @@ def doPrintUsers(entityList=None):
       _, entityList = getEntityToModify(defaultEntityType=Cmd.ENTITY_USERS)
     elif myarg == 'issuspended':
       isSuspended = getBoolean()
+      isDisabled = None
     elif myarg == 'isarchived':
       isArchived = getBoolean()
+      isDisabled = None
+    elif myarg == 'isdisabled':
+      isDisabled  = getBoolean()
+      isSuspended = isArchived = None
+    elif myarg == 'disabledafter':
+      disabledAfterTime, _, _ = getTimeOrDeltaFromNow(True)
+    elif myarg == 'disabledbefore':
+      disabledBeforeTime, _, _ = getTimeOrDeltaFromNow(True)
     elif myarg == 'orderby':
       orderBy, sortOrder = getOrderBySortOrder(USERS_ORDERBY_CHOICE_MAP)
     elif myarg == 'userview':
@@ -48374,17 +48467,28 @@ def doPrintUsers(entityList=None):
       lic = buildGAPIObject(API.LICENSING)
       if skus is None:
         skus = SKU.getAllSKUs() if not GM.Globals[GM.LICENSE_SKUS] else GM.Globals[GM.LICENSE_SKUS]
+  if ((disabledAfterTime is not None or disabledBeforeTime is not None) and
+      isArchived is None and isDisabled is None and isSuspended is None):
+    isDisabled = True
   if entityList is None:
     sortRows = False
     if orgUnitPath is not None and fieldsList:
       fieldsList.append('orgUnitPath')
     getIsGuestUser = not fieldsList or 'isGuestUser' in fieldsList
+    if isSuspended is not None or isArchived is not None or isDisabled is not None:
+      if len(kwargsDict['queries']) == 1 and kwargsDict['queries'][0] is None:
+        kwargsDict['queries'][0] = ''
+      if fieldsList:
+        if isSuspended is not None or isDisabled is not None:
+          fieldsList.extend(USER_FIELDS_CHOICE_MAP['suspended'])
+        if isArchived is not None or isDisabled is not None:
+          fieldsList.extend(USER_FIELDS_CHOICE_MAP['archived'])
     fields = getItemFieldsFromFieldsList('users', fieldsList)
     itemCount = 0
-    for kwargsQuery in makeUserGroupDomainQueryFilters(kwargsDict):
+    for kwargsQuery in makeUserGroupDomainQueryFilters(kwargsDict, isSuspended, isArchived, isDisabled):
       kwargs = kwargsQuery[0]
       query  = kwargsQuery[1]
-      query, pquery = userFilters(kwargs, query, orgUnitPath, isSuspended, isArchived)
+      query, pquery = userFilters(kwargs, query, orgUnitPath)
       printGettingAllAccountEntities(Ent.USER, pquery)
       pageMessage = getPageMessage(showFirstLastItems=True)
       try:
@@ -48448,10 +48552,10 @@ def doPrintUsers(entityList=None):
     sortRows = True
 # If no individual fields were specified (allfields, basic, full) or individual fields other than primaryEmail were specified, look up each user
     getIsGuestUser = not fieldsList or 'isGuestUser' in fieldsList
-    if isSuspended is not None and fieldsList:
-      fieldsList.append('suspended')
-    if isArchived is not None and fieldsList:
-      fieldsList.append('archived')
+    if (isSuspended is not None or isDisabled is not None) and fieldsList:
+      fieldsList.extend(USER_FIELDS_CHOICE_MAP['suspended'])
+    if (isArchived is not None or isDisabled is not None) and fieldsList:
+      fieldsList.extend(USER_FIELDS_CHOICE_MAP['archived'])
     if projectionSet or len(set(fieldsList)) > 1 or showValidColumn:
       jcount = len(entityList)
       fields = getFieldsFromFieldsList(fieldsList)
@@ -63002,6 +63106,7 @@ def initCopyMoveOptions(copyCmd):
     'copyTopFolderNonInheritedPermissions': COPY_NONINHERITED_PERMISSIONS_ALWAYS,
     'copySubFolderNonInheritedPermissions': COPY_NONINHERITED_PERMISSIONS_ALWAYS,
     'noCopyNonInheritedPermissions': COPY_NONINHERITED_PERMISSIONS_NEVER,
+    'moveFilePermissions': True,
     'excludePermissionsFromDomains': set(),
     'includePermissionsFromDomains': set(),
     'mapPermissionsEmails': {},
@@ -63121,6 +63226,8 @@ def getCopyMoveOptions(myarg, copyMoveOptions):
           copyMoveOptions['mergeWithParent'] = False
       elif myarg == 'createshortcutsfornonmovablefiles':
         copyMoveOptions['createShortcutsForNonmovableFiles'] = getBoolean()
+      elif myarg == 'movefilepermissions':
+        copyMoveOptions['moveFilePermissions'] = getBoolean()
       else:
         return False
 # Copy arguments
@@ -64452,20 +64559,24 @@ def _updateMoveFilePermissions(drive, user, i, count,
     return [Ent.USER, user, entityType, title, Ent.PERMISSION, permstr]
 
   def isPermissionDeletable(kvList, permission):
-    domain = ''
-    if copyMoveOptions['excludePermissionsFromDomains'] or copyMoveOptions['includePermissionsFromDomains']:
+    if not copyMoveOptions['moveFilePermissions']:
+      notMovedMessage = 'movefilepermissions false'
+    elif permission.pop('deleted', False):
+      notMovedMessage = f"{permission['type']} {permission['emailAddress']} deleted"
+    elif copyMoveOptions['excludePermissionsFromDomains'] or copyMoveOptions['includePermissionsFromDomains']:
+      domain = ''
       if permission['type'] in {'group', 'user'}:
         atLoc = permission.get('emailAddress', '').find('@')
         if atLoc > 0:
           domain = permission['emailAddress'][atLoc+1:].lower()
       elif permission['type'] == 'domain':
         domain = permission.get('domain', '').lower()
-    if domain and domain in copyMoveOptions['excludePermissionsFromDomains']:
-      notMovedMessage = f'domain {domain} excluded'
-    elif domain and copyMoveOptions['includePermissionsFromDomains'] and domain not in copyMoveOptions['includePermissionsFromDomains']:
-      notMovedMessage = f'domain {domain} not included'
-    elif permission.pop('deleted', False):
-      notMovedMessage = f"{permission['type']} {permission['emailAddress']} deleted"
+      if domain and domain in copyMoveOptions['excludePermissionsFromDomains']:
+        notMovedMessage = f'domain {domain} excluded'
+      elif domain and copyMoveOptions['includePermissionsFromDomains'] and domain not in copyMoveOptions['includePermissionsFromDomains']:
+        notMovedMessage = f'domain {domain} not included'
+      else:
+        return False
     else:
       return False
     deleteSourcePerms[permission['id']] = permission.copy()
@@ -64644,6 +64755,7 @@ def _recursiveUpdateMovePermissions(drive, user, i, count,
 #	[copypermissionroles <DriveFileACLRoleList>]
 #	[copypermissiontypes <DriveFileACLTypeList>]
 #	[synctopfoldernoniheritedpermissions [<Boolean>]] [syncsubfoldernoninheritedpermissions [<Boolean>]]
+#	[movefilepermissions [<Boolean>]]
 #	[excludepermissionsfromdomains|includepermissionsfromdomains <DomainNameList>]
 #	(mappermissionsemail <EmailAddress> <EmailAddress>)* [mappermissionsemailfile <CSVFileInput> endcsv]
 #	(mappermissionsdomain <DomainName> <DomainName>)*
@@ -65016,7 +65128,8 @@ def moveDriveFile(users):
       verifyOrganizer = getBoolean()
     else:
       unknownArgumentExit()
-  updateMovePermissions = (copyMoveOptions['excludePermissionsFromDomains'] or copyMoveOptions['includePermissionsFromDomains'] or
+  updateMovePermissions = ((not copyMoveOptions['moveFilePermissions']) or
+                           copyMoveOptions['excludePermissionsFromDomains'] or copyMoveOptions['includePermissionsFromDomains'] or
                            copyMoveOptions['mapPermissionsDomains'] or copyMoveOptions['mapPermissionsEmails'])
 
   i, count, users = getEntityArgument(users)

src/gam/cacerts.pem

@@ -67,35 +67,149 @@ tL4ndQavEi51mI38AjEAi/V3bNTIZargCyzuFJ0nN6T5U6VR5CmD1/iQMVtCnwr1
 /q4AaOeMSQ+2b1tbFfLn
 -----END CERTIFICATE-----
 
-# Operating CA: DigiCert
-# Issuer: CN=DigiCert Assured ID Root CA O=DigiCert Inc OU=www.digicert.com
-# Subject: CN=DigiCert Assured ID Root CA O=DigiCert Inc OU=www.digicert.com
-# Label: "DigiCert Assured ID Root CA"
-# Serial: 17154717934120587862167794914071425081
-# MD5 Fingerprint: 87:ce:0b:7b:2a:0e:49:00:e1:58:71:9b:37:a8:93:72
-# SHA1 Fingerprint: 05:63:b8:63:0d:62:d7:5a:bb:c8:ab:1e:4b:df:b5:a8:99:b2:4d:43
-# SHA256 Fingerprint: 3e:90:99:b5:01:5e:8f:48:6c:00:bc:ea:9d:11:1e:e7:21:fa:ba:35:5a:89:bc:f1:df:69:56:1e:3d:c6:32:5c
+# Operating CA: Google Trust Services LLC
+# Subject: C = US, O = Google Trust Services LLC, CN = GTS Root R1
+# Issuer: C = US, O = Google Trust Services LLC, CN = GTS Root R1
+# Label: "GTS Root R1"
+# Serial: 0203E5936F31B01349886BA217
+# MD5 Fingerprint: 05:FE:D0:BF:71:A8:A3:76:63:DA:01:E0:D8:52:DC:40
+# SHA1 Fingerprint: E5:8C:1C:C4:91:3B:38:63:4B:E9:10:6E:E3:AD:8E:6B:9D:D9:81:4A
+# SHA256 Fingerprint: D9:47:43:2A:BD:E7:B7:FA:90:FC:2E:6B:59:10:1B:12:80:E0:E1:C7:E4:E4:0F:A3:C6:88:7F:FF:57:A7:F4:CF
 -----BEGIN CERTIFICATE-----
-MIIDtzCCAp+gAwIBAgIQDOfg5RfYRv6P5WD8G/AwOTANBgkqhkiG9w0BAQUFADBl
-MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
-d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJv
-b3QgQ0EwHhcNMDYxMTEwMDAwMDAwWhcNMzExMTEwMDAwMDAwWjBlMQswCQYDVQQG
-EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl
-cnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgQ0EwggEi
-MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtDhXO5EOAXLGH87dg+XESpa7c
-JpSIqvTO9SA5KFhgDPiA2qkVlTJhPLWxKISKityfCgyDF3qPkKyK53lTXDGEKvYP
-mDI2dsze3Tyoou9q+yHyUmHfnyDXH+Kx2f4YZNISW1/5WBg1vEfNoTb5a3/UsDg+
-wRvDjDPZ2C8Y/igPs6eD1sNuRMBhNZYW/lmci3Zt1/GiSw0r/wty2p5g0I6QNcZ4
-VYcgoc/lbQrISXwxmDNsIumH0DJaoroTghHtORedmTpyoeb6pNnVFzF1roV9Iq4/
-AUaG9ih5yLHa5FcXxH4cDrC0kqZWs72yl+2qp/C3xag/lRbQ/6GW6whfGHdPAgMB
-AAGjYzBhMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW
-BBRF66Kv9JLLgjEtUYunpyGd823IDzAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYun
-pyGd823IDzANBgkqhkiG9w0BAQUFAAOCAQEAog683+Lt8ONyc3pklL/3cmbYMuRC
-dWKuh+vy1dneVrOfzM4UKLkNl2BcEkxY5NM9g0lFWJc1aRqoR+pWxnmrEthngYTf
-fwk8lOa4JiwgvT2zKIn3X/8i4peEH+ll74fg38FnSbNd67IJKusm7Xi+fT8r87cm
-NW1fiQG2SVufAQWbqz0lwcy2f8Lxb4bG+mRo64EtlOtCt/qMHt1i8b5QZ7dsvfPx
-H2sMNgcWfzd8qVttevESRmCD1ycEvkvOl77DZypoEd+A5wwzZr8TDRRu838fYxAe
-+o0bJW1sj6W3YQGx0qMmoRBxna3iw/nDmVG3KwcIzi7mULKn+gpFL6Lw8g==
+MIIFVzCCAz+gAwIBAgINAgPlk28xsBNJiGuiFzANBgkqhkiG9w0BAQwFADBHMQsw
+CQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEU
+MBIGA1UEAxMLR1RTIFJvb3QgUjEwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAw
+MDAwWjBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZp
+Y2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjEwggIiMA0GCSqGSIb3DQEBAQUA
+A4ICDwAwggIKAoICAQC2EQKLHuOhd5s73L+UPreVp0A8of2C+X0yBoJx9vaMf/vo
+27xqLpeXo4xL+Sv2sfnOhB2x+cWX3u+58qPpvBKJXqeqUqv4IyfLpLGcY9vXmX7w
+Cl7raKb0xlpHDU0QM+NOsROjyBhsS+z8CZDfnWQpJSMHobTSPS5g4M/SCYe7zUjw
+TcLCeoiKu7rPWRnWr4+wB7CeMfGCwcDfLqZtbBkOtdh+JhpFAz2weaSUKK0Pfybl
+qAj+lug8aJRT7oM6iCsVlgmy4HqMLnXWnOunVmSPlk9orj2XwoSPwLxAwAtcvfaH
+szVsrBhQf4TgTM2S0yDpM7xSma8ytSmzJSq0SPly4cpk9+aCEI3oncKKiPo4Zor8
+Y/kB+Xj9e1x3+naH+uzfsQ55lVe0vSbv1gHR6xYKu44LtcXFilWr06zqkUspzBmk
+MiVOKvFlRNACzqrOSbTqn3yDsEB750Orp2yjj32JgfpMpf/VjsPOS+C12LOORc92
+wO1AK/1TD7Cn1TsNsYqiA94xrcx36m97PtbfkSIS5r762DL8EGMUUXLeXdYWk70p
+aDPvOmbsB4om3xPXV2V4J95eSRQAogB/mqghtqmxlbCluQ0WEdrHbEg8QOB+DVrN
+VjzRlwW5y0vtOUucxD/SVRNuJLDWcfr0wbrM7Rv1/oFB2ACYPTrIrnqYNxgFlQID
+AQABo0IwQDAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4E
+FgQU5K8rJnEaK0gnhS9SZizv8IkTcT4wDQYJKoZIhvcNAQEMBQADggIBAJ+qQibb
+C5u+/x6Wki4+omVKapi6Ist9wTrYggoGxval3sBOh2Z5ofmmWJyq+bXmYOfg6LEe
+QkEzCzc9zolwFcq1JKjPa7XSQCGYzyI0zzvFIoTgxQ6KfF2I5DUkzps+GlQebtuy
+h6f88/qBVRRiClmpIgUxPoLW7ttXNLwzldMXG+gnoot7TiYaelpkttGsN/H9oPM4
+7HLwEXWdyzRSjeZ2axfG34arJ45JK3VmgRAhpuo+9K4l/3wV3s6MJT/KYnAK9y8J
+ZgfIPxz88NtFMN9iiMG1D53Dn0reWVlHxYciNuaCp+0KueIHoI17eko8cdLiA6Ef
+MgfdG+RCzgwARWGAtQsgWSl4vflVy2PFPEz0tv/bal8xa5meLMFrUKTX5hgUvYU/
+Z6tGn6D/Qqc6f1zLXbBwHSs09dR2CQzreExZBfMzQsNhFRAbd03OIozUhfJFfbdT
+6u9AWpQKXCBfTkBdYiJ23//OYb2MI3jSNwLgjt7RETeJ9r/tSQdirpLsQBqvFAnZ
+0E6yove+7u7Y/9waLd64NnHi/Hm3lCXRSHNboTXns5lndcEZOitHTtNCjv0xyBZm
+2tIMPNuzjsmhDYAPexZ3FL//2wmUspO8IFgV6dtxQ/PeEMMA3KgqlbbC1j+Qa3bb
+bP6MvPJwNQzcmRk13NfIRmPVNnGuV/u3gm3c
+-----END CERTIFICATE-----
+
+# Operating CA: Google Trust Services LLC
+# Subject: C = US, O = Google Trust Services LLC, CN = GTS Root R2
+# Issuer: C = US, O = Google Trust Services LLC, CN = GTS Root R2
+# Label: "GTS Root R2"
+# Serial: 0203E5AEC58D04251AAB1125AA
+# MD5 Fingerprint=1E:39:C0:53:E6:1E:29:82:0B:CA:52:55:36:5D:57:DC
+# SHA1 Fingerprint=9A:44:49:76:32:DB:DE:FA:D0:BC:FB:5A:7B:17:BD:9E:56:09:24:94
+# SHA256 Fingerprint=8D:25:CD:97:22:9D:BF:70:35:6B:DA:4E:B3:CC:73:40:31:E2:4C:F0:0F:AF:CF:D3:2D:C7:6E:B5:84:1C:7E:A8
+-----BEGIN CERTIFICATE-----
+MIIFVzCCAz+gAwIBAgINAgPlrsWNBCUaqxElqjANBgkqhkiG9w0BAQwFADBHMQsw
+CQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEU
+MBIGA1UEAxMLR1RTIFJvb3QgUjIwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAw
+MDAwWjBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZp
+Y2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjIwggIiMA0GCSqGSIb3DQEBAQUA
+A4ICDwAwggIKAoICAQDO3v2m++zsFDQ8BwZabFn3GTXd98GdVarTzTukk3LvCvpt
+nfbwhYBboUhSnznFt+4orO/LdmgUud+tAWyZH8QiHZ/+cnfgLFuv5AS/T3KgGjSY
+6Dlo7JUle3ah5mm5hRm9iYz+re026nO8/4Piy33B0s5Ks40FnotJk9/BW9BuXvAu
+MC6C/Pq8tBcKSOWIm8Wba96wyrQD8Nr0kLhlZPdcTK3ofmZemde4wj7I0BOdre7k
+RXuJVfeKH2JShBKzwkCX44ofR5GmdFrS+LFjKBC4swm4VndAoiaYecb+3yXuPuWg
+f9RhD1FLPD+M2uFwdNjCaKH5wQzpoeJ/u1U8dgbuak7MkogwTZq9TwtImoS1mKPV
++3PBV2HdKFZ1E66HjucMUQkQdYhMvI35ezzUIkgfKtzra7tEscszcTJGr61K8Yzo
+dDqs5xoic4DSMPclQsciOzsSrZYuxsN2B6ogtzVJV+mSSeh2FnIxZyuWfoqjx5RW
+Ir9qS34BIbIjMt/kmkRtWVtd9QCgHJvGeJeNkP+byKq0rxFROV7Z+2et1VsRnTKa
+G73VululycslaVNVJ1zgyjbLiGH7HrfQy+4W+9OmTN6SpdTi3/UGVN4unUu0kzCq
+gc7dGtxRcw1PcOnlthYhGXmy5okLdWTK1au8CcEYof/UVKGFPP0UJAOyh9OktwID
+AQABo0IwQDAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4E
+FgQUu//KjiOfT5nK2+JopqUVJxce2Q4wDQYJKoZIhvcNAQEMBQADggIBAB/Kzt3H
+vqGf2SdMC9wXmBFqiN495nFWcrKeGk6c1SuYJF2ba3uwM4IJvd8lRuqYnrYb/oM8
+0mJhwQTtzuDFycgTE1XnqGOtjHsB/ncw4c5omwX4Eu55MaBBRTUoCnGkJE+M3DyC
+B19m3H0Q/gxhswWV7uGugQ+o+MePTagjAiZrHYNSVc61LwDKgEDg4XSsYPWHgJ2u
+NmSRXbBoGOqKYcl3qJfEycel/FVL8/B/uWU9J2jQzGv6U53hkRrJXRqWbTKH7QMg
+yALOWr7Z6v2yTcQvG99fevX4i8buMTolUVVnjWQye+mew4K6Ki3pHrTgSAai/Gev
+HyICc/sgCq+dVEuhzf9gR7A/Xe8bVr2XIZYtCtFenTgCR2y59PYjJbigapordwj6
+xLEokCZYCDzifqrXPW+6MYgKBesntaFJ7qBFVHvmJ2WZICGoo7z7GJa7Um8M7YNR
+TOlZ4iBgxcJlkoKM8xAfDoqXvneCbT+PHV28SSe9zE8P4c52hgQjxcCMElv924Sg
+JPFI/2R80L5cFtHvma3AH/vLrrw4IgYmZNralw4/KBVEqE8AyvCazM90arQ+POuV
+7LXTWtiBmelDGDfrs7vRWGJB82bSj6p4lVQgw1oudCvV0b4YacCs1aTPObpRhANl
+6WLAYv7YTVWW4tAR+kg0Eeye7QUd5MjWHYbL
+-----END CERTIFICATE-----
+
+# Operating CA: Google Trust Services LLC
+# Subject: C = US, O = Google Trust Services LLC, CN = GTS Root R3
+# Issuer: C = US, O = Google Trust Services LLC, CN = GTS Root R3
+# Label: "GTS Root R3"
+# Serial: 0203E5B882EB20F825276D3D66
+# MD5 Fingerprint: 3E:E7:9D:58:02:94:46:51:94:E5:E0:22:4A:8B:E7:73
+# SHA1 Fingerprint: ED:E5:71:80:2B:C8:92:B9:5B:83:3C:D2:32:68:3F:09:CD:A0:1E:46
+# SHA256 Fingerprint: 34:D8:A7:3E:E2:08:D9:BC:DB:0D:95:65:20:93:4B:4E:40:E6:94:82:59:6E:8B:6F:73:C8:42:6B:01:0A:6F:48
+-----BEGIN CERTIFICATE-----
+MIICCTCCAY6gAwIBAgINAgPluILrIPglJ209ZjAKBggqhkjOPQQDAzBHMQswCQYD
+VQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIG
+A1UEAxMLR1RTIFJvb3QgUjMwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAwMDAw
+WjBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2Vz
+IExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjMwdjAQBgcqhkjOPQIBBgUrgQQAIgNi
+AAQfTzOHMymKoYTey8chWEGJ6ladK0uFxh1MJ7x/JlFyb+Kf1qPKzEUURout736G
+jOyxfi//qXGdGIRFBEFVbivqJn+7kAHjSxm65FSWRQmx1WyRRK2EE46ajA2ADDL2
+4CejQjBAMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW
+BBTB8Sa6oC2uhYHP0/EqEr24Cmf9vDAKBggqhkjOPQQDAwNpADBmAjEA9uEglRR7
+VKOQFhG/hMjqb2sXnh5GmCCbn9MN2azTL818+FsuVbu/3ZL3pAzcMeGiAjEA/Jdm
+ZuVDFhOD3cffL74UOO0BzrEXGhF16b0DjyZ+hOXJYKaV11RZt+cRLInUue4X
+-----END CERTIFICATE-----
+
+# Operating CA: Google Trust Services LLC
+# Subject: C = US, O = Google Trust Services LLC, CN = GTS Root R4
+# Issuer: C = US, O = Google Trust Services LLC, CN = GTS Root R4
+# Label: "GTS Root R4"
+# Serial: 0203E5C068EF631A9C72905052
+# MD5 Fingerprint=43:96:83:77:19:4D:76:B3:9D:65:52:E4:1D:22:A5:E8
+# SHA1 Fingerprint=77:D3:03:67:B5:E0:0C:15:F6:0C:38:61:DF:7C:E1:3B:92:46:4D:47
+# SHA256 Fingerprint=34:9D:FA:40:58:C5:E2:63:12:3B:39:8A:E7:95:57:3C:4E:13:13:C8:3F:E6:8F:93:55:6C:D5:E8:03:1B:3C:7D
+-----BEGIN CERTIFICATE-----
+MIICCTCCAY6gAwIBAgINAgPlwGjvYxqccpBQUjAKBggqhkjOPQQDAzBHMQswCQYD
+VQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIG
+A1UEAxMLR1RTIFJvb3QgUjQwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAwMDAw
+WjBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2Vz
+IExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjQwdjAQBgcqhkjOPQIBBgUrgQQAIgNi
+AATzdHOnaItgrkO4NcWBMHtLSZ37wWHO5t5GvWvVYRg1rkDdc/eJkTBa6zzuhXyi
+QHY7qca4R9gq55KRanPpsXI5nymfopjTX15YhmUPoYRlBtHci8nHc8iMai/lxKvR
+HYqjQjBAMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW
+BBSATNbrdP9JNqPV2Py1PsVq8JQdjDAKBggqhkjOPQQDAwNpADBmAjEA6ED/g94D
+9J+uHXqnLrmvT/aDHQ4thQEd0dlq7A/Cr8deVl5c1RxYIigL9zC2L7F8AjEA8GE8
+p/SgguMh1YQdc4acLa/KNJvxn7kjNuK8YAOdgLOaVsjh4rsUecrNIdSUtUlD
+-----END CERTIFICATE-----
+
+# Operating CA: Google Trust Services LLC
+# Subject: OU = GlobalSign ECC Root CA - R4, O = GlobalSign, CN = GlobalSign
+# Issuer: OU = GlobalSign ECC Root CA - R4, O = GlobalSign, CN = GlobalSign
+# Label: "GlobalSign R4"
+# Serial: 0203E57EF53F93FDA50921B2A6
+# MD5 Fingerprint: 26:29:F8:6D:E1:88:BF:A2:65:7F:AA:C4:CD:0F:7F:FC
+# SHA1 Fingerprint: 6B:A0:B0:98:E1:71:EF:5A:AD:FE:48:15:80:77:10:F4:BD:6F:0B:28
+# SHA256 Fingerprint: B0:85:D7:0B:96:4F:19:1A:73:E4:AF:0D:54:AE:7A:0E:07:AA:FD:AF:9B:71:DD:08:62:13:8A:B7:32:5A:24:A2
+-----BEGIN CERTIFICATE-----
+MIIB3DCCAYOgAwIBAgINAgPlfvU/k/2lCSGypjAKBggqhkjOPQQDAjBQMSQwIgYD
+VQQLExtHbG9iYWxTaWduIEVDQyBSb290IENBIC0gUjQxEzARBgNVBAoTCkdsb2Jh
+bFNpZ24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMTIxMTEzMDAwMDAwWhcNMzgw
+MTE5MDMxNDA3WjBQMSQwIgYDVQQLExtHbG9iYWxTaWduIEVDQyBSb290IENBIC0g
+UjQxEzARBgNVBAoTCkdsb2JhbFNpZ24xEzARBgNVBAMTCkdsb2JhbFNpZ24wWTAT
+BgcqhkjOPQIBBggqhkjOPQMBBwNCAAS4xnnTj2wlDp8uORkcA6SumuU5BwkWymOx
+uYb4ilfBV85C+nOh92VC/x7BALJucw7/xyHlGKSq2XE/qNS5zowdo0IwQDAOBgNV
+HQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUVLB7rUW44kB/
++wpu+74zyTyjhNUwCgYIKoZIzj0EAwIDRwAwRAIgIk90crlgr/HmnKAWBVBfw147
+bmF0774BxL4YSFlhgjICICadVGNA3jdgUM/I2O2dgq43mLyjj0xMqTQrbO/7lZsm
 -----END CERTIFICATE-----
 
 # Operating CA: DigiCert
@@ -153,36 +267,6 @@ JjZ91eQ0hjkCMHw2U/Aw5WJjOpnitqM7mzT6HtoQknFekROn3aRukswy1vUhZscv
 6pZjamVFkpUBtA==
 -----END CERTIFICATE-----
 
-# Operating CA: DigiCert
-# Issuer: CN=DigiCert Global Root CA O=DigiCert Inc OU=www.digicert.com
-# Subject: CN=DigiCert Global Root CA O=DigiCert Inc OU=www.digicert.com
-# Label: "DigiCert Global Root CA"
-# Serial: 10944719598952040374951832963794454346
-# MD5 Fingerprint: 79:e4:a9:84:0d:7d:3a:96:d7:c0:4f:e2:43:4c:89:2e
-# SHA1 Fingerprint: a8:98:5d:3a:65:e5:e5:c4:b2:d7:d6:6d:40:c6:dd:2f:b1:9c:54:36
-# SHA256 Fingerprint: 43:48:a0:e9:44:4c:78:cb:26:5e:05:8d:5e:89:44:b4:d8:4f:96:62:bd:26:db:25:7f:89:34:a4:43:c7:01:61
------BEGIN CERTIFICATE-----
-MIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUFADBh
-MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
-d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD
-QTAeFw0wNjExMTAwMDAwMDBaFw0zMTExMTAwMDAwMDBaMGExCzAJBgNVBAYTAlVT
-MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j
-b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMIIBIjANBgkqhkiG
-9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jvhEXLeqKTTo1eqUKKPC3eQyaKl7hLOllsB
-CSDMAZOnTjC3U/dDxGkAV53ijSLdhwZAAIEJzs4bg7/fzTtxRuLWZscFs3YnFo97
-nh6Vfe63SKMI2tavegw5BmV/Sl0fvBf4q77uKNd0f3p4mVmFaG5cIzJLv07A6Fpt
-43C/dxC//AH2hdmoRBBYMql1GNXRor5H4idq9Joz+EkIYIvUX7Q6hL+hqkpMfT7P
-T19sdl6gSzeRntwi5m3OFBqOasv+zbMUZBfHWymeMr/y7vrTC0LUq7dBMtoM1O/4
-gdW7jVg/tRvoSSiicNoxBN33shbyTApOB6jtSj1etX+jkMOvJwIDAQABo2MwYTAO
-BgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA95QNVbR
-TLtm8KPiGxvDl7I90VUwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUw
-DQYJKoZIhvcNAQEFBQADggEBAMucN6pIExIK+t1EnE9SsPTfrgT1eXkIoyQY/Esr
-hMAtudXH/vTBH1jLuG2cenTnmCmrEbXjcKChzUyImZOMkXDiqw8cvpOp/2PV5Adg
-06O/nVsJ8dWO41P0jmP6P6fbtGbfYmbW0W5BjfIttep3Sp+dWOIrWcBAI+0tKIJF
-PnlUkiaY4IBIqDfv8NZ5YBberOgOzW6sRBc4L0na4UU+Krk2U886UAb3LujEV0ls
-YSEY1QSteDwsOoBrp+uvFRTp2InBuThs4pFsiv9kuXclVzDAGySj4dzp30d8tbQk
-CAUw7C29C79Fv1C5qfPrmAESrciIxpg0X40KPMbp1ZWVbd4=
------END CERTIFICATE-----
 
 # Operating CA: DigiCert
 # Issuer: CN=DigiCert Global Root G2 O=DigiCert Inc OU=www.digicert.com
@@ -239,37 +323,6 @@ oAIwOWZbwmSNuJ5Q3KjVSaLtx9zRSX8XAbjIho9OjIgrqJqpisXRAL34VOKa5Vt8
 sycX
 -----END CERTIFICATE-----
 
-# Operating CA: DigiCert
-# Issuer: CN=DigiCert High Assurance EV Root CA O=DigiCert Inc OU=www.digicert.com
-# Subject: CN=DigiCert High Assurance EV Root CA O=DigiCert Inc OU=www.digicert.com
-# Label: "DigiCert High Assurance EV Root CA"
-# Serial: 3553400076410547919724730734378100087
-# MD5 Fingerprint: d4:74:de:57:5c:39:b2:d3:9c:85:83:c5:c0:65:49:8a
-# SHA1 Fingerprint: 5f:b7:ee:06:33:e2:59:db:ad:0c:4c:9a:e6:d3:8f:1a:61:c7:dc:25
-# SHA256 Fingerprint: 74:31:e5:f4:c3:c1:ce:46:90:77:4f:0b:61:e0:54:40:88:3b:a9:a0:1e:d0:0b:a6:ab:d7:80:6e:d3:b1:18:cf
------BEGIN CERTIFICATE-----
-MIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBs
-MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
-d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j
-ZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAwMFoXDTMxMTExMDAwMDAwMFowbDEL
-MAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3
-LmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFuY2Ug
-RVYgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbM5XPm
-+9S75S0tMqbf5YE/yc0lSbZxKsPVlDRnogocsF9ppkCxxLeyj9CYpKlBWTrT3JTW
-PNt0OKRKzE0lgvdKpVMSOO7zSW1xkX5jtqumX8OkhPhPYlG++MXs2ziS4wblCJEM
-xChBVfvLWokVfnHoNb9Ncgk9vjo4UFt3MRuNs8ckRZqnrG0AFFoEt7oT61EKmEFB
-Ik5lYYeBQVCmeVyJ3hlKV9Uu5l0cUyx+mM0aBhakaHPQNAQTXKFx01p8VdteZOE3
-hzBWBOURtCmAEvF5OYiiAhF8J2a3iLd48soKqDirCmTCv2ZdlYTBoSUeh10aUAsg
-EsxBu24LUTi4S8sCAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQF
-MAMBAf8wHQYDVR0OBBYEFLE+w2kD+L9HAdSYJhoIAu9jZCvDMB8GA1UdIwQYMBaA
-FLE+w2kD+L9HAdSYJhoIAu9jZCvDMA0GCSqGSIb3DQEBBQUAA4IBAQAcGgaX3Nec
-nzyIZgYIVyHbIUf4KmeqvxgydkAQV8GK83rZEWWONfqe/EW1ntlMMUu4kehDLI6z
-eM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFpmyPInngiK3BD41VHMWEZ71jF
-hS9OMPagMRYjyOfiZRYzy78aG6A9+MpeizGLYAiJLQwGXFK3xPkKmNEVX58Svnw2
-Yzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2/S6cCZdkGCe
-vEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep
-+OkuE6N36B9K
------END CERTIFICATE-----
 
 # Operating CA: DigiCert
 # Issuer: CN=DigiCert Trusted Root G4 O=DigiCert Inc OU=www.digicert.com
@@ -312,36 +365,6 @@ r/OSmbaz5mEP0oUA51Aa5BuVnRmhuZyxm7EAHu/QD09CbMkKvO5D+jpxpchNJqU1
 gKDWHrO8Dw9TdSmq6hN35N6MgSGtBxBHEa2HPQfRdbzP82Z+
 -----END CERTIFICATE-----
 
-# Operating CA: GlobalSign
-# Issuer: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA
-# Subject: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA
-# Label: "GlobalSign Root CA"
-# Serial: 4835703278459707669005204
-# MD5 Fingerprint: 3e:45:52:15:09:51:92:e1:b7:5d:37:9f:b1:87:29:8a
-# SHA1 Fingerprint: b1:bc:96:8b:d4:f4:9d:62:2a:a8:9a:81:f2:15:01:52:a4:1d:82:9c
-# SHA256 Fingerprint: eb:d4:10:40:e4:bb:3e:c7:42:c9:e3:81:d3:1e:f2:a4:1a:48:b6:68:5c:96:e7:ce:f3:c1:df:6c:d4:33:1c:99
------BEGIN CERTIFICATE-----
-MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG
-A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
-b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw
-MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i
-YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT
-aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ
-jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp
-xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp
-1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdG
-snUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJ
-U26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N8
-9iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E
-BTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0B
-AQUFAAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOz
-yj1hTdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE
-38NflNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymP
-AbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUad
-DKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME
-HMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A==
------END CERTIFICATE-----
-
 # Operating CA: GlobalSign
 # Issuer: CN=GlobalSign O=GlobalSign OU=GlobalSign Root CA - R3
 # Subject: CN=GlobalSign O=GlobalSign OU=GlobalSign Root CA - R3
@@ -669,148 +692,3 @@ VXyNWQKV3WKdwrnuWih0hKWbt5DHDAff9Yk2dDLWKMGwsAvgnEzDHNb842m1R0aB
 L6KCq9NjRHDEjf8tM7qtj3u1cIiuPhnPQCjY/MiQu12ZIvVS5ljFH4gxQ+6IHdfG
 jjxDah2nGN59PRbxYvnKkKj9
 -----END CERTIFICATE-----
-
-# Operating CA: Google Trust Services LLC
-# Subject: C = US, O = Google Trust Services LLC, CN = GTS Root R1
-# Issuer: C = US, O = Google Trust Services LLC, CN = GTS Root R1
-# Label: "GTS Root R1"
-# Serial: 0203E5936F31B01349886BA217
-# MD5 Fingerprint: 05:FE:D0:BF:71:A8:A3:76:63:DA:01:E0:D8:52:DC:40
-# SHA1 Fingerprint: E5:8C:1C:C4:91:3B:38:63:4B:E9:10:6E:E3:AD:8E:6B:9D:D9:81:4A
-# SHA256 Fingerprint: D9:47:43:2A:BD:E7:B7:FA:90:FC:2E:6B:59:10:1B:12:80:E0:E1:C7:E4:E4:0F:A3:C6:88:7F:FF:57:A7:F4:CF
------BEGIN CERTIFICATE-----
-MIIFVzCCAz+gAwIBAgINAgPlk28xsBNJiGuiFzANBgkqhkiG9w0BAQwFADBHMQsw
-CQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEU
-MBIGA1UEAxMLR1RTIFJvb3QgUjEwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAw
-MDAwWjBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZp
-Y2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjEwggIiMA0GCSqGSIb3DQEBAQUA
-A4ICDwAwggIKAoICAQC2EQKLHuOhd5s73L+UPreVp0A8of2C+X0yBoJx9vaMf/vo
-27xqLpeXo4xL+Sv2sfnOhB2x+cWX3u+58qPpvBKJXqeqUqv4IyfLpLGcY9vXmX7w
-Cl7raKb0xlpHDU0QM+NOsROjyBhsS+z8CZDfnWQpJSMHobTSPS5g4M/SCYe7zUjw
-TcLCeoiKu7rPWRnWr4+wB7CeMfGCwcDfLqZtbBkOtdh+JhpFAz2weaSUKK0Pfybl
-qAj+lug8aJRT7oM6iCsVlgmy4HqMLnXWnOunVmSPlk9orj2XwoSPwLxAwAtcvfaH
-szVsrBhQf4TgTM2S0yDpM7xSma8ytSmzJSq0SPly4cpk9+aCEI3oncKKiPo4Zor8
-Y/kB+Xj9e1x3+naH+uzfsQ55lVe0vSbv1gHR6xYKu44LtcXFilWr06zqkUspzBmk
-MiVOKvFlRNACzqrOSbTqn3yDsEB750Orp2yjj32JgfpMpf/VjsPOS+C12LOORc92
-wO1AK/1TD7Cn1TsNsYqiA94xrcx36m97PtbfkSIS5r762DL8EGMUUXLeXdYWk70p
-aDPvOmbsB4om3xPXV2V4J95eSRQAogB/mqghtqmxlbCluQ0WEdrHbEg8QOB+DVrN
-VjzRlwW5y0vtOUucxD/SVRNuJLDWcfr0wbrM7Rv1/oFB2ACYPTrIrnqYNxgFlQID
-AQABo0IwQDAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4E
-FgQU5K8rJnEaK0gnhS9SZizv8IkTcT4wDQYJKoZIhvcNAQEMBQADggIBAJ+qQibb
-C5u+/x6Wki4+omVKapi6Ist9wTrYggoGxval3sBOh2Z5ofmmWJyq+bXmYOfg6LEe
-QkEzCzc9zolwFcq1JKjPa7XSQCGYzyI0zzvFIoTgxQ6KfF2I5DUkzps+GlQebtuy
-h6f88/qBVRRiClmpIgUxPoLW7ttXNLwzldMXG+gnoot7TiYaelpkttGsN/H9oPM4
-7HLwEXWdyzRSjeZ2axfG34arJ45JK3VmgRAhpuo+9K4l/3wV3s6MJT/KYnAK9y8J
-ZgfIPxz88NtFMN9iiMG1D53Dn0reWVlHxYciNuaCp+0KueIHoI17eko8cdLiA6Ef
-MgfdG+RCzgwARWGAtQsgWSl4vflVy2PFPEz0tv/bal8xa5meLMFrUKTX5hgUvYU/
-Z6tGn6D/Qqc6f1zLXbBwHSs09dR2CQzreExZBfMzQsNhFRAbd03OIozUhfJFfbdT
-6u9AWpQKXCBfTkBdYiJ23//OYb2MI3jSNwLgjt7RETeJ9r/tSQdirpLsQBqvFAnZ
-0E6yove+7u7Y/9waLd64NnHi/Hm3lCXRSHNboTXns5lndcEZOitHTtNCjv0xyBZm
-2tIMPNuzjsmhDYAPexZ3FL//2wmUspO8IFgV6dtxQ/PeEMMA3KgqlbbC1j+Qa3bb
-bP6MvPJwNQzcmRk13NfIRmPVNnGuV/u3gm3c
------END CERTIFICATE-----
-
-# Operating CA: Google Trust Services LLC
-# Subject: C = US, O = Google Trust Services LLC, CN = GTS Root R2
-# Issuer: C = US, O = Google Trust Services LLC, CN = GTS Root R2
-# Label: "GTS Root R2"
-# Serial: 0203E5AEC58D04251AAB1125AA
-# MD5 Fingerprint=1E:39:C0:53:E6:1E:29:82:0B:CA:52:55:36:5D:57:DC
-# SHA1 Fingerprint=9A:44:49:76:32:DB:DE:FA:D0:BC:FB:5A:7B:17:BD:9E:56:09:24:94
-# SHA256 Fingerprint=8D:25:CD:97:22:9D:BF:70:35:6B:DA:4E:B3:CC:73:40:31:E2:4C:F0:0F:AF:CF:D3:2D:C7:6E:B5:84:1C:7E:A8
------BEGIN CERTIFICATE-----
-MIIFVzCCAz+gAwIBAgINAgPlrsWNBCUaqxElqjANBgkqhkiG9w0BAQwFADBHMQsw
-CQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEU
-MBIGA1UEAxMLR1RTIFJvb3QgUjIwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAw
-MDAwWjBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZp
-Y2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjIwggIiMA0GCSqGSIb3DQEBAQUA
-A4ICDwAwggIKAoICAQDO3v2m++zsFDQ8BwZabFn3GTXd98GdVarTzTukk3LvCvpt
-nfbwhYBboUhSnznFt+4orO/LdmgUud+tAWyZH8QiHZ/+cnfgLFuv5AS/T3KgGjSY
-6Dlo7JUle3ah5mm5hRm9iYz+re026nO8/4Piy33B0s5Ks40FnotJk9/BW9BuXvAu
-MC6C/Pq8tBcKSOWIm8Wba96wyrQD8Nr0kLhlZPdcTK3ofmZemde4wj7I0BOdre7k
-RXuJVfeKH2JShBKzwkCX44ofR5GmdFrS+LFjKBC4swm4VndAoiaYecb+3yXuPuWg
-f9RhD1FLPD+M2uFwdNjCaKH5wQzpoeJ/u1U8dgbuak7MkogwTZq9TwtImoS1mKPV
-+3PBV2HdKFZ1E66HjucMUQkQdYhMvI35ezzUIkgfKtzra7tEscszcTJGr61K8Yzo
-dDqs5xoic4DSMPclQsciOzsSrZYuxsN2B6ogtzVJV+mSSeh2FnIxZyuWfoqjx5RW
-Ir9qS34BIbIjMt/kmkRtWVtd9QCgHJvGeJeNkP+byKq0rxFROV7Z+2et1VsRnTKa
-G73VululycslaVNVJ1zgyjbLiGH7HrfQy+4W+9OmTN6SpdTi3/UGVN4unUu0kzCq
-gc7dGtxRcw1PcOnlthYhGXmy5okLdWTK1au8CcEYof/UVKGFPP0UJAOyh9OktwID
-AQABo0IwQDAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4E
-FgQUu//KjiOfT5nK2+JopqUVJxce2Q4wDQYJKoZIhvcNAQEMBQADggIBAB/Kzt3H
-vqGf2SdMC9wXmBFqiN495nFWcrKeGk6c1SuYJF2ba3uwM4IJvd8lRuqYnrYb/oM8
-0mJhwQTtzuDFycgTE1XnqGOtjHsB/ncw4c5omwX4Eu55MaBBRTUoCnGkJE+M3DyC
-B19m3H0Q/gxhswWV7uGugQ+o+MePTagjAiZrHYNSVc61LwDKgEDg4XSsYPWHgJ2u
-NmSRXbBoGOqKYcl3qJfEycel/FVL8/B/uWU9J2jQzGv6U53hkRrJXRqWbTKH7QMg
-yALOWr7Z6v2yTcQvG99fevX4i8buMTolUVVnjWQye+mew4K6Ki3pHrTgSAai/Gev
-HyICc/sgCq+dVEuhzf9gR7A/Xe8bVr2XIZYtCtFenTgCR2y59PYjJbigapordwj6
-xLEokCZYCDzifqrXPW+6MYgKBesntaFJ7qBFVHvmJ2WZICGoo7z7GJa7Um8M7YNR
-TOlZ4iBgxcJlkoKM8xAfDoqXvneCbT+PHV28SSe9zE8P4c52hgQjxcCMElv924Sg
-JPFI/2R80L5cFtHvma3AH/vLrrw4IgYmZNralw4/KBVEqE8AyvCazM90arQ+POuV
-7LXTWtiBmelDGDfrs7vRWGJB82bSj6p4lVQgw1oudCvV0b4YacCs1aTPObpRhANl
-6WLAYv7YTVWW4tAR+kg0Eeye7QUd5MjWHYbL
------END CERTIFICATE-----
-
-# Operating CA: Google Trust Services LLC
-# Subject: C = US, O = Google Trust Services LLC, CN = GTS Root R3
-# Issuer: C = US, O = Google Trust Services LLC, CN = GTS Root R3
-# Label: "GTS Root R3"
-# Serial: 0203E5B882EB20F825276D3D66
-# MD5 Fingerprint: 3E:E7:9D:58:02:94:46:51:94:E5:E0:22:4A:8B:E7:73
-# SHA1 Fingerprint: ED:E5:71:80:2B:C8:92:B9:5B:83:3C:D2:32:68:3F:09:CD:A0:1E:46
-# SHA256 Fingerprint: 34:D8:A7:3E:E2:08:D9:BC:DB:0D:95:65:20:93:4B:4E:40:E6:94:82:59:6E:8B:6F:73:C8:42:6B:01:0A:6F:48
------BEGIN CERTIFICATE-----
-MIICCTCCAY6gAwIBAgINAgPluILrIPglJ209ZjAKBggqhkjOPQQDAzBHMQswCQYD
-VQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIG
-A1UEAxMLR1RTIFJvb3QgUjMwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAwMDAw
-WjBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2Vz
-IExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjMwdjAQBgcqhkjOPQIBBgUrgQQAIgNi
-AAQfTzOHMymKoYTey8chWEGJ6ladK0uFxh1MJ7x/JlFyb+Kf1qPKzEUURout736G
-jOyxfi//qXGdGIRFBEFVbivqJn+7kAHjSxm65FSWRQmx1WyRRK2EE46ajA2ADDL2
-4CejQjBAMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW
-BBTB8Sa6oC2uhYHP0/EqEr24Cmf9vDAKBggqhkjOPQQDAwNpADBmAjEA9uEglRR7
-VKOQFhG/hMjqb2sXnh5GmCCbn9MN2azTL818+FsuVbu/3ZL3pAzcMeGiAjEA/Jdm
-ZuVDFhOD3cffL74UOO0BzrEXGhF16b0DjyZ+hOXJYKaV11RZt+cRLInUue4X
------END CERTIFICATE-----
-
-# Operating CA: Google Trust Services LLC
-# Subject: C = US, O = Google Trust Services LLC, CN = GTS Root R4
-# Issuer: C = US, O = Google Trust Services LLC, CN = GTS Root R4
-# Label: "GTS Root R4"
-# Serial: 0203E5C068EF631A9C72905052
-# MD5 Fingerprint=43:96:83:77:19:4D:76:B3:9D:65:52:E4:1D:22:A5:E8
-# SHA1 Fingerprint=77:D3:03:67:B5:E0:0C:15:F6:0C:38:61:DF:7C:E1:3B:92:46:4D:47
-# SHA256 Fingerprint=34:9D:FA:40:58:C5:E2:63:12:3B:39:8A:E7:95:57:3C:4E:13:13:C8:3F:E6:8F:93:55:6C:D5:E8:03:1B:3C:7D
------BEGIN CERTIFICATE-----
-MIICCTCCAY6gAwIBAgINAgPlwGjvYxqccpBQUjAKBggqhkjOPQQDAzBHMQswCQYD
-VQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIG
-A1UEAxMLR1RTIFJvb3QgUjQwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAwMDAw
-WjBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2Vz
-IExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjQwdjAQBgcqhkjOPQIBBgUrgQQAIgNi
-AATzdHOnaItgrkO4NcWBMHtLSZ37wWHO5t5GvWvVYRg1rkDdc/eJkTBa6zzuhXyi
-QHY7qca4R9gq55KRanPpsXI5nymfopjTX15YhmUPoYRlBtHci8nHc8iMai/lxKvR
-HYqjQjBAMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW
-BBSATNbrdP9JNqPV2Py1PsVq8JQdjDAKBggqhkjOPQQDAwNpADBmAjEA6ED/g94D
-9J+uHXqnLrmvT/aDHQ4thQEd0dlq7A/Cr8deVl5c1RxYIigL9zC2L7F8AjEA8GE8
-p/SgguMh1YQdc4acLa/KNJvxn7kjNuK8YAOdgLOaVsjh4rsUecrNIdSUtUlD
------END CERTIFICATE-----
-
-# Operating CA: Google Trust Services LLC
-# Subject: OU = GlobalSign ECC Root CA - R4, O = GlobalSign, CN = GlobalSign
-# Issuer: OU = GlobalSign ECC Root CA - R4, O = GlobalSign, CN = GlobalSign
-# Label: "GlobalSign R4"
-# Serial: 0203E57EF53F93FDA50921B2A6
-# MD5 Fingerprint: 26:29:F8:6D:E1:88:BF:A2:65:7F:AA:C4:CD:0F:7F:FC
-# SHA1 Fingerprint: 6B:A0:B0:98:E1:71:EF:5A:AD:FE:48:15:80:77:10:F4:BD:6F:0B:28
-# SHA256 Fingerprint: B0:85:D7:0B:96:4F:19:1A:73:E4:AF:0D:54:AE:7A:0E:07:AA:FD:AF:9B:71:DD:08:62:13:8A:B7:32:5A:24:A2
------BEGIN CERTIFICATE-----
-MIIB3DCCAYOgAwIBAgINAgPlfvU/k/2lCSGypjAKBggqhkjOPQQDAjBQMSQwIgYD
-VQQLExtHbG9iYWxTaWduIEVDQyBSb290IENBIC0gUjQxEzARBgNVBAoTCkdsb2Jh
-bFNpZ24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMTIxMTEzMDAwMDAwWhcNMzgw
-MTE5MDMxNDA3WjBQMSQwIgYDVQQLExtHbG9iYWxTaWduIEVDQyBSb290IENBIC0g
-UjQxEzARBgNVBAoTCkdsb2JhbFNpZ24xEzARBgNVBAMTCkdsb2JhbFNpZ24wWTAT
-BgcqhkjOPQIBBggqhkjOPQMBBwNCAAS4xnnTj2wlDp8uORkcA6SumuU5BwkWymOx
-uYb4ilfBV85C+nOh92VC/x7BALJucw7/xyHlGKSq2XE/qNS5zowdo0IwQDAOBgNV
-HQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUVLB7rUW44kB/
-+wpu+74zyTyjhNUwCgYIKoZIzj0EAwIDRwAwRAIgIk90crlgr/HmnKAWBVBfw147
-bmF0774BxL4YSFlhgjICICadVGNA3jdgUM/I2O2dgq43mLyjj0xMqTQrbO/7lZsm
------END CERTIFICATE-----

wiki/Calendars-Access.md

@@ -20,6 +20,9 @@ Calendar ACL roles (as seen in Calendar GUI):
   * `owner` - Make changes to events and manage sharing
   * `freebusy` & `freebusyreader` - See only free/busy (hide details)
 
+Added `writerwithoutprivateaccess` to `<CalendarACLRole>` in 7.44.03; this will become effective 2026-06-29.
+* See: https://developers.google.com/workspace/calendar/release-notes#June_01_2026
+
 ## API documentation
 * [Calendar API - ACLs](https://developers.google.com/google-apps/calendar/v3/reference/acl)
 
@@ -30,10 +33,15 @@ Calendar ACL roles (as seen in Calendar GUI):
 <CalendarEntity> ::= <CalendarList> | <FileSelector> | <CSVkmdSelector> | <CSVDataSelector>
         See: https://github.com/GAM-team/GAM/wiki/Collections-of-Items
 
-<CalendarACLRole> ::= editor|freebusy|freebusyreader|owner|reader|writer
-<CalendarACLScope> ::= <EmailAddress>|user:<EmailAdress>|group:<EmailAddress>|domain:<DomainName>|domain|default
-<CalendarACLScopeList> ::= "<CalendarACLScope>(,<CalendarACLScope>)*"
-<CalendarACLScopeEntity>::= <CalendarACLScopeList> | <FileSelector> | <CSVkmdSelector> | <CSVDataSelector>
+<CalendarACLRole> ::=
+         editor|freebusy|freebusyreader|owner|reader|writer|writerwithoutprivateaccess|none
+<CalendarACLScope> ::=
+        <EmailAddress>|user:<EmailAdress>|group:<EmailAddress>|
+        domain:<DomainName>|domain|default
+<CalendarACLScopeList> ::=
+        "<CalendarACLScope>(,<CalendarACLScope>)*"
+<CalendarACLScopeEntity>::=
+        <CalendarACLScopeList> | <FileSelector> | <CSVkmdSelector> | <CSVDataSelector>
 ```
 ## Manage calendar access
 ```

wiki/GamUpdates.md

@@ -10,6 +10,11 @@ Add the `-s` option to the end of the above commands to suppress creating the `g
 
 See [Downloads-Installs-GAM7](https://github.com/GAM-team/GAM/wiki/Downloads-Installs) for Windows or other options, including manual installation
 
+### 7.44.03
+
+Added `writerwithoutprivateaccess` to `<CalendarACLRole>`; this will become effective 2026-06-29.
+* See: https://developers.google.com/workspace/calendar/release-notes#June_01_2026
+
 ### 7.44.02
 
 Added fields `bluetoothadapterinfo` and `osversioncompliance` to `<CrOSFieldName>` for use

wiki/How-to-Upgrade-Legacy-GAM-to-GAM7.md

@@ -251,7 +251,7 @@ writes the credentials into the file oauth2.txt.
 ```
 gamteam@server:/Users/gamteam$ rm -f /Users/gamteam/GAMConfig/oauth2.txt
 gamteam@server:/Users/gamteam$ gam version
-GAM 7.44.02 - https://github.com/GAM-team/GAM - pyinstaller
+GAM 7.44.03 - https://github.com/GAM-team/GAM - pyinstaller
 GAM Team <google-apps-manager@googlegroups.com>
 Python 3.14.5 64-bit final
 macOS Tahoe 26.5 arm64
@@ -1034,7 +1034,7 @@ writes the credentials into the file oauth2.txt.
 ```
 C:\>del C:\GAMConfig\oauth2.txt
 C:\>gam version
-GAM 7.44.02 - https://github.com/GAM-team/GAM - pythonsource
+GAM 7.44.03 - https://github.com/GAM-team/GAM - pythonsource
 GAM Team <google-apps-manager@googlegroups.com>
 Python 3.14.5 64-bit final
 Windows 11 10.0.26200 AMD64

wiki/Users-Calendars-Access.md

@@ -14,6 +14,9 @@ Calendar ACL roles (as seen in Calendar GUI):
   * `owner` - Make changes to events and manage sharing
   * `freebusy` & `freebusyreader` - See only free/busy (hide details)
 
+Added `writerwithoutprivateaccess` to `<CalendarACLRole>` in 7.44.03; this will become effective 2026-06-29.
+* See: https://developers.google.com/workspace/calendar/release-notes#June_01_2026
+
 ## API documentation
 * [Calendar API - ACLs](https://developers.google.com/google-apps/calendar/v3/reference/acl)
 
@@ -55,10 +58,10 @@ Calendar ACL roles (as seen in Calendar GUI):
         (timezone <TimeZone>)
 
 <CalendarACLRole> ::=
-         editor|freebusy|freebusyreader|owner|reader|writer
+         editor|freebusy|freebusyreader|owner|reader|writer|writerwithoutprivateaccess|none
 <CalendarACLScope> ::=
         <EmailAddress>|user:<EmailAdress>|group:<EmailAddress>|
-         domain:<DomainName>|domain|default
+        domain:<DomainName>|domain|default
 <CalendarACLScopeList> ::=
         "<CalendarACLScope>(,<CalendarACLScope>)*"
 <CalendarACLScopeEntity>::=
@@ -150,3 +153,4 @@ This capability is no longer available, see: https://developers.google.com/works
 
 Data ownership can be transferred in the Google Calendar UI.
 
+See: https://workspaceupdates.googleblog.com/2026/03/an-update-on-secondary-calendar-lifecycle-changes-and-a-new-API.html

wiki/Users.md

@@ -1093,7 +1093,9 @@ gam print users [todrive <ToDriveAttribute>*]
         (filtermultiattrcustom <UserMultiAttributeFilterName> <String>)*
         [delimiter <Character>] [sortheaders [<Boolean>]] [scalarsfirst [<Boolean>]]
         [formatjson [quotechar <Character>]] [quoteplusphonenumbers]
-        [issuspended <Boolean>] [isarchived <Boolean>] [aliasmatchpattern <REMatchPattern>]
+        ([issuspended [<Boolean>]] [isarchived [<Boolean>]])|(isdisabled [<Boolean>])]
+        [disabledafter <DateTime>] [disabledbefore <DateTime>]
+        [aliasmatchpattern <REMatchPattern>]
         [showvalidcolumn] (addcsvdata <FieldName> <String>)* [includecsvdatainjson [<Boolean>]]
 ```
 
@@ -1103,8 +1105,41 @@ By default, users in all domains in the account are selected; these options allo
 * `(query <QueryUser>)|(queries <QueryUserList>)` - Limit users to those that match a query; each query is run against each domain
 * `limittoou <OrgUnitPath>|<OrgUnitID>` - Limit users to those in the specified `<OrgUnitItem>>`
 * `deleted_only|only_deleted` - Only display deleted users
-* `issuspended <Boolean>` - Limit users based on their status
-* `isarchived <Boolean>` - Limit users based on their status
+
+The `isarchived`, `issuspended` and `isdisabled` options can be used to select users based on their archival/suspension status.
+
+| Options | Users Displayed |
+|---------|-----------------|
+| None | All Users|
+| isarchived [true] | Archived Users |
+| isarchived false | Non-Archived Users |
+| issuspended [true] | Suspended Users |
+| issuspended false | Non-Suspended Users |
+| isarchived [true] issuspended [true] | Archived Users that are Suspended |
+| isarchived [true] issuspended false | Archived Users that are not Suspended |
+| isarchived false issuspended [true] | Suspended Users that are not Archived |
+| isarchived false issuspended false | Non-Archived and Non-Suspended Users |
+| isdisabled [true] | Archived or Suspended Users |
+| isdisabled false | Non-Archived and Non-Suspended Users |
+
+When any of `isarchived [true]`, `issuspended [true]`, `isdisabled [true]` are specified,
+the following options  can be used to further limit the users displayed.
+* `disabledafter <DateTime>` - Display users disabled on/after `<DateTime>`
+* `disabledbefore <DateTime>` - Display users disabled before `<DateTime>`
+
+### Examples
+Display users suspended more than 90 days ago.
+```
+gam print users issuspended disabledbefore -90d
+```
+Display users archived within the last 10 days.
+```
+gam print users isarchived disabledafter -10d
+```
+Display users archived/suspended  within a range.
+```
+gam print users isdisabled disabledafter -60d disabledbefore -30d
+```
 
 ### Print a header row and fields for users specified by `<UserTypeEntity>`
 ```
@@ -1121,7 +1156,9 @@ gam print users [todrive <ToDriveAttribute>*] select <UserTypeEntity>
         (filtermultiattrcustom <UserMultiAttributeFilterName> <String>)*
         [delimiter <Character>] [sortheaders [<Boolean>]] [scalarsfirst [<Boolean>]]
         [formatjson [quotechar <Character>]] [quoteplusphonenumbers]
-        [issuspended <Boolean>] [isarchived <Boolean>] [aliasmatchpattern <REMatchPattern>]
+        ([issuspended [<Boolean>]] [isarchived [<Boolean>]])|(isdisabled [<Boolean>])]
+        [disabledafter <DateTime>] [disabledbefore <DateTime>]
+        [aliasmatchpattern <REMatchPattern>]
         [showvalidcolumn] (addcsvdata <FieldName> <String>)* [includecsvdatainjson [<Boolean>]]
 
 gam <UserTypeEntity> print users [todrive <ToDriveAttribute>*]
@@ -1137,7 +1174,9 @@ gam <UserTypeEntity> print users [todrive <ToDriveAttribute>*]
         (filtermultiattrcustom <UserMultiAttributeFilterName> <String>)*
         [delimiter <Character>] [sortheaders [<Boolean>]] [scalarsfirst [<Boolean>]]
         [formatjson [quotechar <Character>]] [quoteplusphonenumbers]
-        [issuspended <Boolean>] [isarchived <Boolean>] [aliasmatchpattern <REMatchPattern>]
+        ([issuspended [<Boolean>]] [isarchived [<Boolean>]])|(isdisabled [<Boolean>])]
+        [disabledafter <DateTime>] [disabledbefore <DateTime>]
+        [aliasmatchpattern <REMatchPattern>]
         [showvalidcolumn] (addcsvdata <FieldName> <String>)* [includecsvdatainjson [<Boolean>]]
 ```
 
@@ -1175,6 +1214,41 @@ of a specified `type` or `customType`.
 * `filtermultiattrtype <UserMultiAttributeFilterName> <String>` - Display `<UserMultiAttributeFilterName>` if its `type` is `<String>`
 * `filtermultiattrcustom <UserMultiAttributeFilterName> <String>` - Display `<UserMultiAttributeFilterName>` if its `customType` is `<String>`
 
+The `isarchived`, `issuspended` and `isdisabled` options can be used to select users from `<UserTypeEntity>`  based on their archival/suspension status.
+
+| Options | Users Displayed |
+|---------|-----------------|
+| None | All Users|
+| isarchived [true] | Archived Users |
+| isarchived false | Non-Archived Users |
+| issuspended [true] | Suspended Users |
+| issuspended false | Non-Suspended Users |
+| isarchived [true] issuspended [true] | Archived Users that are Suspended |
+| isarchived [true] issuspended false | Archived Users that are not Suspended |
+| isarchived false issuspended [true] | Suspended Users that are not Archived |
+| isarchived false issuspended false | Non-Archived and Non-Suspended Users |
+| isdisabled [true] | Archived or Suspended Users |
+| isdisabled false | Non-Archived and Non-Suspended Users |
+
+When any of `isarchived [true]`, `issuspended [true]`, `isdisabled [true]` are specified,
+the following options  can be used to further limit the users displayed.
+* `disabledafter <DateTime>` - Display users disabled on/after `<DateTime>`
+* `disabledbefore <DateTime>` - Display users disabled before `<DateTime>`
+
+### Examples
+Display staff users suspended more than 90 days ago.
+```
+gam ou /Staff print users issuspended disabledbefore -90d
+```
+Display staff users archived within the last 10 days.
+```
+gam ou /Staff print users isarchived disabledafter -10d
+```
+Display staff users archived/suspended  within a range.
+```
+gam ou /Staff print users isdisabled disabledafter -60d disabledbefore -30d
+```
+
 By default, when aliases are displayed, all aliases are displayed. Use `aliasmatchpattern <REMatchPattern>`
 to limit the display of aliases to those that match `<REMatchPattern>`.
 

wiki/Version-and-Help.md

@@ -3,7 +3,7 @@
 Print the current version of Gam with details
 ```
 gam version
-GAM 7.44.02 - https://github.com/GAM-team/GAM - pyinstaller
+GAM 7.44.03 - https://github.com/GAM-team/GAM - pyinstaller
 GAM Team <google-apps-manager@googlegroups.com>
 Python 3.14.5 64-bit final
 macOS Tahoe 26.5 arm64
@@ -15,7 +15,7 @@ Time: 2026-02-15T07:51:00-08:00
 Print the current version of Gam with details and time offset information
 ```
 gam version timeoffset
-GAM 7.44.02 - https://github.com/GAM-team/GAM - pyinstaller
+GAM 7.44.03 - https://github.com/GAM-team/GAM - pyinstaller
 GAM Team <google-apps-manager@googlegroups.com>
 Python 3.14.5 64-bit final
 macOS Tahoe 26.5 arm64
@@ -27,7 +27,7 @@ Your system time differs from www.googleapis.com by less than 1 second
 Print the current version of Gam with extended details and SSL information
 ```
 gam version extended
-GAM 7.44.02 - https://github.com/GAM-team/GAM - pyinstaller
+GAM 7.44.03 - https://github.com/GAM-team/GAM - pyinstaller
 GAM Team <google-apps-manager@googlegroups.com>
 Python 3.14.5 64-bit final
 macOS Tahoe 26.5 arm64
@@ -68,7 +68,7 @@ MacOS High Sierra 10.13.6 x86_64
 Path: /Users/gamteam/bin/gam7
 Version Check:
   Current: 5.35.08
-   Latest: 7.44.02
+   Latest: 7.44.03
 echo $?
 1
 ```
@@ -76,7 +76,7 @@ echo $?
 Print the current version number without details
 ```
 gam version simple
-7.44.02
+7.44.03
 ```
 In Linux/MacOS you can do:
 ```
@@ -86,7 +86,7 @@ echo $VER
 Print the current version of Gam and address of this Wiki
 ```
 gam help
-GAM 7.44.02 - https://github.com/GAM-team/GAM
+GAM 7.44.03 - https://github.com/GAM-team/GAM
 GAM Team <google-apps-manager@googlegroups.com>
 Python 3.14.5 64-bit final
 macOS Tahoe 26.5 arm64