diff --git a/.github/ISSUE_TEMPLATE/NUGETORG_ISSUE.yml b/.github/ISSUE_TEMPLATE/NUGETORG_ISSUE.yml
index 6f92bc63e7..cd498091ae 100644
--- a/.github/ISSUE_TEMPLATE/NUGETORG_ISSUE.yml
+++ b/.github/ISSUE_TEMPLATE/NUGETORG_ISSUE.yml
@@ -10,9 +10,9 @@ body:
 
        The more detail you provide, the more likely it will be for us to be able to identify what is going on and how to solve it!
 
-       ### For issues connecting to NuGet.org, please refer to [this guide](https://docs.microsoft.com/en-us/nuget/nuget-org/nuget-org-faq#nuget.org-not-accessible).
+       ### For issues connecting to NuGet.org, please refer to [this guide](https://docs.microsoft.com/nuget/nuget-org/nuget-org-faq#nuget.org-not-accessible).
 
-       ### For issues regarding your NuGet.org account, please refer to [this guide](https://docs.microsoft.com/en-us/nuget/nuget-org/nuget-org-faq#nuget.org-account-management).
+       ### For issues regarding your NuGet.org account, please refer to [this guide](https://docs.microsoft.com/nuget/nuget-org/nuget-org-faq#nuget.org-account-management).
   - type: dropdown
     id: impact
     attributes:
diff --git a/README.md b/README.md
index 85ce44c49a..ac4c0545ef 100644
--- a/README.md
+++ b/README.md
@@ -27,9 +27,26 @@ Now run the NuGet Gallery:
 Refer to [our documentation](./docs/) for information on how to develop the frontend, use AAD, and more.
 
 ## Deploy
+### Deploy to Azure
 
 You will find instructions on how to deploy the Gallery to Azure [here](https://github.com/NuGet/NuGetGallery/blob/master/docs/Deploying/README.md).
 
+### Deploy locally
+After you succeed in running the NuGet Gallery, you can create a publish profile to deploy locally (such as your local Windows computer). 
+
+The steps are:
+1. Select the `NuGetGallery` project in Solution Explore of Visual Studio. 
+2. Right click the project, and then click `Publish` in the pop-up menu. Create a publish profile and make sure the Target is set to `Folder`.
+3. Copy the contents of the `Target Location` to any folder you want. For the following example, assume the folder is `C:\ContosoSoftware\NuGetGallery`.
+4. Execute the command below to start the web app (note that the parameter `/path` of iisexpress.exe only supports absolute paths on Windows).
+    ```cmd
+    "C:\Program Files\IIS Express\iisexpress.exe" /path:C:\ContosoSoftware\NuGetGallery
+    ```
+
+Now you can access the local website with a web browser. The URL is `https://localhost`.
+
+After you deploy it, you don't need using Visual Studio to run it anymore.
+
 ## Contribute
 
 If you find a bug with the gallery, please visit the [Issue tracker](https://github.com/NuGet/NuGetGallery/issues) and 
diff --git a/src/NuGetGallery.Core/Frameworks/SupportedFrameworks.cs b/src/NuGetGallery.Core/Frameworks/SupportedFrameworks.cs
index 4c40002035..c9249437ce 100644
--- a/src/NuGetGallery.Core/Frameworks/SupportedFrameworks.cs
+++ b/src/NuGetGallery.Core/Frameworks/SupportedFrameworks.cs
@@ -25,6 +25,7 @@ public static class SupportedFrameworks
         public static readonly NuGetFramework MonoTouch = new NuGetFramework(FrameworkIdentifiers.MonoTouch, EmptyVersion);
         public static readonly NuGetFramework MonoMac = new NuGetFramework(FrameworkIdentifiers.MonoMac, EmptyVersion);
         public static readonly NuGetFramework Net48 = new NuGetFramework(FrameworkIdentifiers.Net, new Version(4, 8, 0, 0));
+        public static readonly NuGetFramework Net481 = new NuGetFramework(FrameworkIdentifiers.Net, new Version(4, 8, 1, 0));
         public static readonly NuGetFramework Net50Windows = new NuGetFramework(FrameworkIdentifiers.NetCoreApp, Version5, "windows", EmptyVersion);
         public static readonly NuGetFramework Net60Android = new NuGetFramework(FrameworkIdentifiers.NetCoreApp, Version6, "android", EmptyVersion);
         public static readonly NuGetFramework Net60Ios = new NuGetFramework(FrameworkIdentifiers.NetCoreApp, Version6, "ios", EmptyVersion);
@@ -57,7 +58,7 @@ static SupportedFrameworks()
             {
                 MonoAndroid, MonoMac, MonoTouch,
                 Native,
-                Net11, Net2, Net35, Net4, Net403, Net45, Net451, Net452, Net46, Net461, Net462, Net463, Net47, Net471, Net472, Net48,
+                Net11, Net2, Net35, Net4, Net403, Net45, Net451, Net452, Net46, Net461, Net462, Net463, Net47, Net471, Net472, Net48, Net481,
                 Net50, Net50Windows,
                 Net60, Net60Android, Net60Ios, Net60MacCatalyst, Net60MacOs, Net60TvOs, Net60Windows,
                 Net70, Net70Android, Net70Ios, Net70MacCatalyst, Net70MacOs, Net70TvOs, Net70Windows,
diff --git a/src/NuGetGallery.Services/Authentication/AuthenticationService.cs b/src/NuGetGallery.Services/Authentication/AuthenticationService.cs
index 673bd85613..057b3190fa 100644
--- a/src/NuGetGallery.Services/Authentication/AuthenticationService.cs
+++ b/src/NuGetGallery.Services/Authentication/AuthenticationService.cs
@@ -473,6 +473,9 @@ public virtual async Task ReplaceCredential(User user, Credential credential)
         {
             await ReplaceCredentialInternal(user, credential);
             await Entities.SaveChangesAsync();
+
+            await Auditing.SaveAuditRecordAsync(new UserAuditRecord(
+                user, AuditedUserAction.AddCredential, credential));
         }
 
         public virtual async Task<Credential> ResetPasswordWithToken(string username, string token, string newPassword)
@@ -501,6 +504,10 @@ public virtual async Task<Credential> ResetPasswordWithToken(string username, st
                 user.FailedLoginCount = 0;
                 user.LastFailedLoginUtc = null;
                 await Entities.SaveChangesAsync();
+
+                await Auditing.SaveAuditRecordAsync(new UserAuditRecord(
+                    user, AuditedUserAction.AddCredential, cred));
+
                 return cred;
             }
 
@@ -590,6 +597,10 @@ public virtual async Task<bool> ChangePassword(User user, string oldPassword, st
 
             // Save changes
             await Entities.SaveChangesAsync();
+
+            await Auditing.SaveAuditRecordAsync(new UserAuditRecord(
+                user, AuditedUserAction.AddCredential, passwordCredential));
+
             return true;
         }
 
@@ -623,10 +634,10 @@ public virtual async Task AddCredential(User user, Credential credential)
                 throw new InvalidOperationException(ServicesStrings.OrganizationsCannotCreateCredentials);
             }
 
-            await Auditing.SaveAuditRecordAsync(new UserAuditRecord(user, AuditedUserAction.AddCredential, credential));
             user.Credentials.Add(credential);
             await Entities.SaveChangesAsync();
 
+            await Auditing.SaveAuditRecordAsync(new UserAuditRecord(user, AuditedUserAction.AddCredential, credential));
             _telemetryService.TrackNewCredentialCreated(user, credential);
         }
 
@@ -838,9 +849,6 @@ private async Task ReplaceCredentialInternal(User user, Credential credential)
             }
 
             user.Credentials.Add(credential);
-
-            await Auditing.SaveAuditRecordAsync(new UserAuditRecord(
-                user, AuditedUserAction.AddCredential, credential));
         }
 
         private static CredentialKind GetCredentialKind(string type)
@@ -1024,15 +1032,20 @@ private async Task MigrateCredentials(User user, List<Credential> creds, string
             await Auditing.SaveAuditRecordAsync(new UserAuditRecord(user, AuditedUserAction.RemoveCredential, toRemove));
 
             // Now add one if there are no credentials left
+            Credential newCred = null;
             if (creds.Count == 0)
             {
-                var newCred = _credentialBuilder.CreatePasswordCredential(password);
-                await Auditing.SaveAuditRecordAsync(new UserAuditRecord(user, AuditedUserAction.AddCredential, newCred));
+                newCred = _credentialBuilder.CreatePasswordCredential(password);
                 user.Credentials.Add(newCred);
             }
 
             // Save changes, if any
             await Entities.SaveChangesAsync();
+
+            if (newCred != null)
+            {
+                await Auditing.SaveAuditRecordAsync(new UserAuditRecord(user, AuditedUserAction.AddCredential, newCred));
+            }
         }
     }
 }
\ No newline at end of file
diff --git a/src/NuGetGallery.Services/Authentication/Providers/AzureActiveDirectoryV2/AzureActiveDirectoryV2Authenticator.cs b/src/NuGetGallery.Services/Authentication/Providers/AzureActiveDirectoryV2/AzureActiveDirectoryV2Authenticator.cs
index d63331ed2f..dc2a60613d 100644
--- a/src/NuGetGallery.Services/Authentication/Providers/AzureActiveDirectoryV2/AzureActiveDirectoryV2Authenticator.cs
+++ b/src/NuGetGallery.Services/Authentication/Providers/AzureActiveDirectoryV2/AzureActiveDirectoryV2Authenticator.cs
@@ -101,12 +101,13 @@ protected override void AttachToOwinApp(IGalleryConfigurationService config, IAp
                 RedirectUri = siteRoot + _callbackPath,
                 PostLogoutRedirectUri = siteRoot,
                 Scope = OpenIdConnectScope.OpenIdProfile + " email",
-                ResponseType = OpenIdConnectResponseType.CodeIdToken,
+                ResponseType = OpenIdConnectResponseType.IdToken,
                 TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters() { ValidateIssuer = false },
                 Notifications = new OpenIdConnectAuthenticationNotifications
                 {
                     AuthenticationFailed = AuthenticationFailed,
-                    RedirectToIdentityProvider = RedirectToIdentityProvider
+                    RedirectToIdentityProvider = RedirectToIdentityProvider,
+                    AuthorizationCodeReceived = AuthorizationCodeReceived,
                 }
             };
 
@@ -257,7 +258,7 @@ private Task RedirectToIdentityProvider(RedirectToIdentityProviderNotification<O
             // Set the redirect_uri token for the alternate domains of same gallery instance
             if (_alternateSiteRootList != null && _alternateSiteRootList.Contains(notification.Request.Uri.Host))
             {
-                notification.ProtocolMessage.RedirectUri = "https://" + notification.Request.Uri.Host + "/" + _callbackPath ;
+                notification.ProtocolMessage.RedirectUri = "https://" + notification.Request.Uri.Host + "/" + _callbackPath;
             }
 
             // We always want to show the options to select account when signing in and while changing account.
@@ -271,5 +272,13 @@ private AuthenticationProperties GetAuthenticationPropertiesFromProtocolMessage(
             var authenticationPropertiesEncodedString = message.State.Split('=');
             return options.StateDataFormat.Unprotect(authenticationPropertiesEncodedString[1]);
         }
+
+        private Task AuthorizationCodeReceived(AuthorizationCodeReceivedNotification context)
+        {
+            // Explicitly set the access_token to null. The access_token is used for authorized requests to AAD on
+            // behalf of the end user. We do not use this feature. We only use the id_token.
+            context.HandleCodeRedemption(accessToken: null, idToken: context.JwtSecurityToken.RawData);
+            return Task.CompletedTask;
+        }
     }
 }
\ No newline at end of file
diff --git a/src/NuGetGallery.Services/Authentication/Providers/AzureActiveDirectoryV2/AzureActiveDirectoryV2AuthenticatorConfiguration.cs b/src/NuGetGallery.Services/Authentication/Providers/AzureActiveDirectoryV2/AzureActiveDirectoryV2AuthenticatorConfiguration.cs
index 946219d5b8..f0a954f5d1 100644
--- a/src/NuGetGallery.Services/Authentication/Providers/AzureActiveDirectoryV2/AzureActiveDirectoryV2AuthenticatorConfiguration.cs
+++ b/src/NuGetGallery.Services/Authentication/Providers/AzureActiveDirectoryV2/AzureActiveDirectoryV2AuthenticatorConfiguration.cs
@@ -12,7 +12,6 @@ namespace NuGetGallery.Authentication.Providers.AzureActiveDirectoryV2
     public class AzureActiveDirectoryV2AuthenticatorConfiguration : AuthenticatorConfiguration
     {
         public string ClientId { get; set; }
-        public string ClientSecret { get; set; }
 
         public AzureActiveDirectoryV2AuthenticatorConfiguration()
         {
@@ -31,7 +30,7 @@ public override void ApplyToOwinSecurityOptions(AuthenticationOptions options)
                 // the auth flow.
                 openIdOptions.AuthenticationMode = AuthenticationMode.Passive;
 
-                // Make sure ClientId and ClientSecret is configured
+                // Make sure ClientId is configured
                 if (String.IsNullOrEmpty(ClientId))
                 {
                     throw new ConfigurationErrorsException(String.Format(
@@ -40,16 +39,7 @@ public override void ApplyToOwinSecurityOptions(AuthenticationOptions options)
                         "Auth.CommonAuth.ClientId"));
                 }
 
-                if (String.IsNullOrEmpty(ClientSecret))
-                {
-                    throw new ConfigurationErrorsException(String.Format(
-                        CultureInfo.CurrentCulture,
-                        ServicesStrings.MissingRequiredConfigurationValue,
-                        "Auth.CommonAuth.ClientSecret"));
-                }
-
                 openIdOptions.ClientId = ClientId;
-                openIdOptions.ClientSecret = ClientSecret;
                 openIdOptions.Authority = String.Format(CultureInfo.InvariantCulture, AzureActiveDirectoryV2Authenticator.Authority, AzureActiveDirectoryV2Authenticator.V2CommonTenant);
             }
         }
diff --git a/src/NuGetGallery.Services/ServicesStrings.resx b/src/NuGetGallery.Services/ServicesStrings.resx
index f53495f4ac..8024f55a73 100644
--- a/src/NuGetGallery.Services/ServicesStrings.resx
+++ b/src/NuGetGallery.Services/ServicesStrings.resx
@@ -1,4 +1,4 @@
-<?xml version="1.0" encoding="utf-8"?>
+<?xml version="1.0" encoding="utf-8"?>
 <root>
   <!-- 
     Microsoft ResX Schema 
@@ -897,7 +897,7 @@ If you would like to update the linked Microsoft account you can do so from the
 Policy violations: {0}</value>
   </data>
   <data name="SecurityPolicy_RequirePackagePrefixReserved" xml:space="preserve">
-    <value>You have not published a package with this prefix in the past. This means other users may be able to push packages starting with the same prefix. Contact account@nuget.org to reserve the prefix. Go to https://docs.microsoft.com/en-us/nuget/reference/id-prefix-reservation to learn more about Package ID prefix reservation.</value>
+    <value>You have not published a package with this prefix in the past. This means other users may be able to push packages starting with the same prefix. Contact account@nuget.org to reserve the prefix. Go to https://docs.microsoft.com/nuget/reference/id-prefix-reservation to learn more about Package ID prefix reservation.</value>
   </data>
   <data name="SecurityPolicy_CopyrightNotCompliant" xml:space="preserve">
     <value>The package metadata contains a non-compliant copyright element.</value>
diff --git a/src/NuGetGallery/App_Code/ViewHelpers.cshtml b/src/NuGetGallery/App_Code/ViewHelpers.cshtml
index 1a9486a8c0..e86bd2b4bf 100644
--- a/src/NuGetGallery/App_Code/ViewHelpers.cshtml
+++ b/src/NuGetGallery/App_Code/ViewHelpers.cshtml
@@ -120,7 +120,7 @@
                 <p class="error-action">Get me out of here! <a href="@url.Home()">Go home</a></p>
                 <p class="error-action">Wondering if NuGet is down? <a href="https://status.nuget.org/">Check our status</a></p>
                 <p class="error-action">Looking for a package? <a href="@url.PackageList()">Try searching</a></p>
-                <p class="error-action">Package you're looking for doesn't exist? <a href="https://docs.microsoft.com/en-us/nuget/quickstart/create-and-publish-a-package">Make one</a></p>
+                <p class="error-action">Package you're looking for doesn't exist? <a href="https://docs.microsoft.com/nuget/quickstart/create-and-publish-a-package">Make one</a></p>
                 <p class="error-action">Pretty sure we messed up? <a href="https://github.com/NuGet/NuGetGallery/issues">File a bug</a></p>
                 <p class="error-action">Can't get enough NuGet? <a href="https://twitter.com/nuget">Follow us</a></p>
             </div>
diff --git a/src/NuGetGallery/App_Data/Files/Content/Trusted-Image-Domains.json b/src/NuGetGallery/App_Data/Files/Content/Trusted-Image-Domains.json
index 5c21d323af..e6155e9c81 100644
--- a/src/NuGetGallery/App_Data/Files/Content/Trusted-Image-Domains.json
+++ b/src/NuGetGallery/App_Data/Files/Content/Trusted-Image-Domains.json
@@ -23,6 +23,7 @@
         "codefactor.io",
         "coveralls.io",
         "dev.azure.com",
+        "flat.badgen.net",
         "gitlab.com",
         "img.shields.io",
         "i.imgur.com",
diff --git a/src/NuGetGallery/Scripts/gallery/common.js b/src/NuGetGallery/Scripts/gallery/common.js
index 5b06f5620a..cfed8a112e 100644
--- a/src/NuGetGallery/Scripts/gallery/common.js
+++ b/src/NuGetGallery/Scripts/gallery/common.js
@@ -462,7 +462,7 @@
 
     nuget.setPopovers = function () {
         var popoverElement = $(this);
-        var popoverElementDom = popoverElement.get(0);
+        var popoverElementDom = this;
         var originalLabel = popoverElementDom.ariaLabel;
         var popoverHideTimeMS = 2000;
         var popoverFadeTimeMS = 200;
diff --git a/src/NuGetGallery/Services/UploadPackageMissingReadme.cs b/src/NuGetGallery/Services/UploadPackageMissingReadme.cs
index 906d1c0299..5e882d4cd9 100644
--- a/src/NuGetGallery/Services/UploadPackageMissingReadme.cs
+++ b/src/NuGetGallery/Services/UploadPackageMissingReadme.cs
@@ -1,7 +1,7 @@
 namespace NuGetGallery
 {
     /// <summary>
-    /// Represents a package ID reservation conflict
+    /// Represents package missing an embedded README.
     /// </summary>
     public class UploadPackageMissingReadme : IValidationMessage
     {
diff --git a/src/NuGetGallery/Strings.resx b/src/NuGetGallery/Strings.resx
index 4e4c4bdc0d..431115188d 100644
--- a/src/NuGetGallery/Strings.resx
+++ b/src/NuGetGallery/Strings.resx
@@ -1,4 +1,4 @@
-<?xml version="1.0" encoding="utf-8"?>
+<?xml version="1.0" encoding="utf-8"?>
 <root>
   <!-- 
     Microsoft ResX Schema 
@@ -515,10 +515,10 @@ For more information, please contact '{2}'.</value>
     <value>The ID prefix of this package has been reserved for one of the owners of this package by NuGet.org.</value>
   </data>
   <data name="UploadPackage_IdNamespaceConflict" xml:space="preserve">
-    <value>This package ID has been reserved. Please request access to upload to this reserved namespace from the owner of the reserved prefix, or re-upload the package with a different ID. Go to https://docs.microsoft.com/en-us/nuget/reference/id-prefix-reservation learn more about Package ID prefix reservation.</value>
+    <value>This package ID has been reserved. Please request access to upload to this reserved namespace from the owner of the reserved prefix, or re-upload the package with a different ID. Go to https://docs.microsoft.com/nuget/reference/id-prefix-reservation learn more about Package ID prefix reservation.</value>
   </data>
   <data name="UploadPackage_IdNamespaceConflictHtml" xml:space="preserve">
-    <value>This package ID has been reserved. Please request access to upload to this reserved namespace from the owner of the reserved prefix, or re-upload the package with a different ID. &lt;a href="https://docs.microsoft.com/en-us/nuget/reference/id-prefix-reservation"&gt;Learn more about Package ID prefix reservation&lt;/a&gt;.</value>
+    <value>This package ID has been reserved. Please request access to upload to this reserved namespace from the owner of the reserved prefix, or re-upload the package with a different ID. &lt;a href="https://docs.microsoft.com/nuget/reference/id-prefix-reservation"&gt;Learn more about Package ID prefix reservation&lt;/a&gt;.</value>
   </data>
   <data name="PreviewReadMe_ConversionFailed" xml:space="preserve">
     <value>Conversion of Markdown to HTML failed with '{0}'.</value>
@@ -539,10 +539,10 @@ For more information, please contact '{2}'.</value>
     <value>The Documentation URL must be a raw Markdown file hosted on GitHub.</value>
   </data>
   <data name="UploadPackage_MissingReadmeHtml" xml:space="preserve">
-    <value>&lt;strong&gt;Readme&lt;/strong&gt; missing.&lt;a href="https://learn.microsoft.com/en-us/nuget/create-packages/package-authoring-best-practices#readme"&gt; See how to include a readme file within the package&lt;/a&gt;, or add it as you upload.</value>
+    <value>&lt;strong&gt;Readme&lt;/strong&gt; missing.&lt;a href="https://learn.microsoft.com/nuget/create-packages/package-authoring-best-practices#readme"&gt; See how to include a readme file within the package&lt;/a&gt;, or add it as you upload.</value>
   </data>
   <data name="UploadPackage_MissingReadme" xml:space="preserve">
-    <value>Readme missing. Go to https://learn.microsoft.com/en-us/nuget/create-packages/package-authoring-best-practices#readme learn How to include a readme file within the package.</value>
+    <value>Readme missing. Go to https://learn.microsoft.com/nuget/create-packages/package-authoring-best-practices#readme learn How to include a readme file within the package.</value>
   </data>	
   <data name="ReservedNamespace_OwnerAdded" xml:space="preserve">
     <value>The user '{0}' is now an owner of the prefix '{1}'.</value>
@@ -909,7 +909,7 @@ If you would like to update the linked Microsoft account you can do so from the
 Policy violations: {0}</value>
   </data>
   <data name="SecurityPolicy_RequirePackagePrefixReserved" xml:space="preserve">
-    <value>You have not published a package with this prefix in the past. This means other users may be able to push packages starting with the same prefix. Contact account@nuget.org to reserve the prefix. Go to https://docs.microsoft.com/en-us/nuget/reference/id-prefix-reservation to learn more about Package ID prefix reservation.</value>
+    <value>You have not published a package with this prefix in the past. This means other users may be able to push packages starting with the same prefix. Contact account@nuget.org to reserve the prefix. Go to https://docs.microsoft.com/nuget/reference/id-prefix-reservation to learn more about Package ID prefix reservation.</value>
   </data>
   <data name="SecurityPolicy_CopyrightNotCompliant" xml:space="preserve">
     <value>The package metadata contains a non-compliant copyright element.</value>
diff --git a/src/NuGetGallery/Views/Packages/DisplayPackage.cshtml b/src/NuGetGallery/Views/Packages/DisplayPackage.cshtml
index dac0f62e2b..ae339925a9 100644
--- a/src/NuGetGallery/Views/Packages/DisplayPackage.cshtml
+++ b/src/NuGetGallery/Views/Packages/DisplayPackage.cshtml
@@ -110,7 +110,7 @@
                 CommandPrefix = "PM> ",
                 InstallPackageCommands = new [] { string.Format("NuGet\\Install-Package {0} -Version {1}", Model.Id, Model.Version) },
                 AlertLevel = AlertLevel.Info,
-                AlertMessage = "This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of <a href='https://docs.microsoft.com/en-us/nuget/reference/ps-reference/ps-ref-install-package'>Install-Package</a>."
+                AlertMessage = "This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of <a href='https://docs.microsoft.com/nuget/reference/ps-reference/ps-ref-install-package'>Install-Package</a>."
 
             },
 
@@ -126,7 +126,7 @@
                     : string.Format("<PackageReference Include=\"{0}\" Version=\"{1}\" />", Model.Id, Model.Version) },
                 AlertLevel = AlertLevel.Info,
                 AlertMessage = string.Format("For projects that support <a href=\"{0}\">PackageReference</a>, copy this XML node into the project file to reference the package.",
-                                             "https://docs.microsoft.com/en-us/nuget/consume-packages/package-references-in-project-files"),
+                                             "https://docs.microsoft.com/nuget/consume-packages/package-references-in-project-files"),
                 CopyLabel = "Copy the PackageReference XML node",
             },
 
@@ -274,7 +274,7 @@
                                     @ViewHelpers.ImageFallback(Url.Absolute("~/Content/gallery/img/reserved-indicator-25x25.png"))
                                     data-content="@Strings.ReservedNamespace_ReservedIndicatorTooltip" tabindex="0"
                                     alt="@Strings.ReservedNamespace_ReservedIndicatorTooltip"/>
-                            <a href="https://docs.microsoft.com/en-us/nuget/nuget-org/id-prefix-reservation" class="prefix-reserve-label">
+                            <a href="https://docs.microsoft.com/nuget/nuget-org/id-prefix-reservation" class="prefix-reserve-label">
                                 Prefix Reserved
                             </a>
                         </span>
diff --git a/src/NuGetGallery/Views/Packages/ReportAbuse.cshtml b/src/NuGetGallery/Views/Packages/ReportAbuse.cshtml
index fa137f9103..372544d789 100644
--- a/src/NuGetGallery/Views/Packages/ReportAbuse.cshtml
+++ b/src/NuGetGallery/Views/Packages/ReportAbuse.cshtml
@@ -85,7 +85,7 @@
                     </div>
                     <div class="reason-error-revenge-porn" tabindex="0">
                         <p>
-                            Please report this safety violation through the <a href="https://www.microsoft.com/en-us/concern/revengeporn" title="revenge porn portal">official portal</a>.
+                            Please report this safety violation through the <a href="https://www.microsoft.com/concern/revengeporn" title="revenge porn portal">official portal</a>.
                         </p>
                     </div>
                     <div id="report-abuse-form">
diff --git a/src/NuGetGallery/Views/Packages/UploadPackage.cshtml b/src/NuGetGallery/Views/Packages/UploadPackage.cshtml
index 4c2395b661..1f35c535bf 100644
--- a/src/NuGetGallery/Views/Packages/UploadPackage.cshtml
+++ b/src/NuGetGallery/Views/Packages/UploadPackage.cshtml
@@ -20,9 +20,9 @@
             @if (Model.IsUserLocked)
             {
                 @ViewHelpers.AlertDanger(
-                    @<text>
-                        @ServicesStrings.UserAccountIsLocked
-                    </text>)
+                                @<text>
+                                    @ServicesStrings.UserAccountIsLocked
+                                </text>)
             }
             else
             {
@@ -33,6 +33,10 @@
                         <a href="https://docs.microsoft.com/nuget/create-packages/package-authoring-best-practices" alt="Best Practices" aria-label="Read here about publishing packages">Best Practices</a> page.
                     </p>
                 </div>
+
+                <div id="validation-failure-container" class="hidden">
+                </div>
+
                 <div id="upload-package-container">
                     <h2>
                         <a href="#" role="button" data-toggle="collapse" data-target="#upload-package-form"
@@ -61,9 +65,6 @@
                         <div id="upload-progress-bar-container" class="progress hidden">
                             <div id="upload-progress-bar" class="progress-bar active" role="progressbar" aria-valuemin="0" aria-valuemax="100"></div>
                         </div>
-
-                        <div id="validation-failure-container" class="hidden">
-                        </div>
                     </div>
                 </div>
 
diff --git a/src/NuGetGallery/Views/Pages/Home.cshtml b/src/NuGetGallery/Views/Pages/Home.cshtml
index efa6fd430b..5fbe619824 100644
--- a/src/NuGetGallery/Views/Pages/Home.cshtml
+++ b/src/NuGetGallery/Views/Pages/Home.cshtml
@@ -84,7 +84,7 @@ else if (AskUserToEnable2FA)
         </div>
         <div class="row row-gap">
             <div class="col-sm-4">
-                <a href="https://docs.microsoft.com/en-us/nuget/quickstart/use-a-package"
+                <a href="https://docs.microsoft.com/nuget/quickstart/use-a-package"
                    title="Learn about how to use NuGet packages">
                     <img width="225" height="225" alt="Learn to use packages"
                          src="~/Content/gallery/img/orange-circle.svg"
@@ -108,7 +108,7 @@ else if (AskUserToEnable2FA)
                 </p>
             </div>
             <div class="col-sm-4">
-                <a href="https://docs.microsoft.com/en-us/nuget/quickstart/create-and-publish-a-package"
+                <a href="https://docs.microsoft.com/nuget/quickstart/create-and-publish-a-package"
                    title="Learn how to create a NuGet package">
                     <img width="225" height="225" alt="Learn to create packages"
                          src="~/Content/gallery/img/blue-circle.svg"
diff --git a/src/NuGetGallery/Views/Shared/Gallery/Footer.cshtml b/src/NuGetGallery/Views/Shared/Gallery/Footer.cshtml
index bb98c53a59..da6b84cad6 100644
--- a/src/NuGetGallery/Views/Shared/Gallery/Footer.cshtml
+++ b/src/NuGetGallery/Views/Shared/Gallery/Footer.cshtml
@@ -15,7 +15,7 @@
             </div>
             <div class="col-sm-4">
                 <span class="footer-heading">
-                    <a aria-label="Frequently Asked Questions" href="https://docs.microsoft.com/en-us/nuget/policies/nuget-faq">
+                    <a aria-label="Frequently Asked Questions" href="https://docs.microsoft.com/nuget/policies/nuget-faq">
                         <abbr title="Frequently Asked Questions">FAQ</abbr>
                     </a>
                 </span>
diff --git a/src/NuGetGallery/Views/Shared/Gallery/Header.cshtml b/src/NuGetGallery/Views/Shared/Gallery/Header.cshtml
index 2c08caa7cf..e8630ee021 100644
--- a/src/NuGetGallery/Views/Shared/Gallery/Header.cshtml
+++ b/src/NuGetGallery/Views/Shared/Gallery/Header.cshtml
@@ -86,7 +86,7 @@
                         {
                             @DisplayNavigationItem("Admin", Url.Admin())
                         }
-                        @DisplayNavigationItem("Documentation", "https://docs.microsoft.com/en-us/nuget/")
+                        @DisplayNavigationItem("Documentation", "https://docs.microsoft.com/nuget/")
                         @DisplayNavigationItem("Downloads", Url.Downloads())
                         @DisplayNavigationItem("Blog", "https://blog.nuget.org/")
                     </ul>
diff --git a/src/NuGetGallery/Views/Shared/_AccountCertificates.cshtml b/src/NuGetGallery/Views/Shared/_AccountCertificates.cshtml
index fb219f3ed3..d2211058a5 100644
--- a/src/NuGetGallery/Views/Shared/_AccountCertificates.cshtml
+++ b/src/NuGetGallery/Views/Shared/_AccountCertificates.cshtml
@@ -71,7 +71,7 @@
             
             <div class="row" data-bind="ifnot: $data && $data.hasCertificates && $data.hasCertificates()">
                 <div class="col-xs-12 clearfix">
-                    All your packages need to be signed by one of the registered certificates.  <a href="https://docs.microsoft.com/en-us/nuget/reference/signed-packages-reference">Learn more about package signing.</a>
+                    All your packages need to be signed by one of the registered certificates.  <a href="https://docs.microsoft.com/nuget/reference/signed-packages-reference">Learn more about package signing.</a>
                     <br /> <br />
                 </div>
             </div>
diff --git a/src/NuGetGallery/Views/Users/ApiKeys.cshtml b/src/NuGetGallery/Views/Users/ApiKeys.cshtml
index 99f0a5f9c5..21c8d611dc 100644
--- a/src/NuGetGallery/Views/Users/ApiKeys.cshtml
+++ b/src/NuGetGallery/Views/Users/ApiKeys.cshtml
@@ -32,7 +32,7 @@
                     <br />
                     <p>
                         <strong>Note:</strong> To push packages to nuget.org you must use <a href="https://www.nuget.org/downloads">nuget.exe v4.1.0 or above</a>,
-                        which implements the required <a href="https://docs.microsoft.com/en-us/nuget/api/nuget-protocols">NuGet protocols</a>.
+                        which implements the required <a href="https://docs.microsoft.com/nuget/api/nuget-protocols">NuGet protocols</a>.
                     </p>
                 </p>
 
diff --git a/src/NuGetGallery/Views/Users/Packages.cshtml b/src/NuGetGallery/Views/Users/Packages.cshtml
index b2c94bd56e..4ed133aedb 100644
--- a/src/NuGetGallery/Views/Users/Packages.cshtml
+++ b/src/NuGetGallery/Views/Users/Packages.cshtml
@@ -179,9 +179,11 @@
                     {
                         var title = "This version has at least one known vulnerability. Click on the package name for details.";
                         <td class="package-icon-cell">
-                            <span class="package-warning-icon" aria-label="@title" data-content="@title" data-bind="visible: IsVulnerable" tabindex="0">
+                            <!-- ko if: IsVulnerable -->
+                            <span class="package-warning-icon" aria-label="@title" data-content="@title" tabindex="0">
                                 <i class="ms-Icon ms-Icon--Warning package-icon"></i>
                             </span>
+                            <!-- /ko -->
                         </td>
                     }
                         <td class="text-right align-middle package-controls">
diff --git a/src/NuGetGallery/Web.config b/src/NuGetGallery/Web.config
index c622639fb5..db6bd8ee50 100644
--- a/src/NuGetGallery/Web.config
+++ b/src/NuGetGallery/Web.config
@@ -101,7 +101,6 @@
     <add key="Auth.MicrosoftAccount.ClientSecret" value=""/>
     <add key="Auth.AzureActiveDirectoryV2.Enabled" value="false"/>
     <add key="Auth.AzureActiveDirectoryV2.ClientId" value=""/>
-    <add key="Auth.AzureActiveDirectoryV2.ClientSecret" value=""/>
     <add key="Auth.AzureActiveDirectory.Enabled" value="false"/>
     <add key="Auth.AzureActiveDirectory.ClientId" value=""/>
     <add key="Auth.AzureActiveDirectory.Authority" value=""/>
diff --git a/tests/NuGetGallery.Facts/Authentication/AuthenticationServiceFacts.cs b/tests/NuGetGallery.Facts/Authentication/AuthenticationServiceFacts.cs
index 0817d1a5a4..bce12636d9 100644
--- a/tests/NuGetGallery.Facts/Authentication/AuthenticationServiceFacts.cs
+++ b/tests/NuGetGallery.Facts/Authentication/AuthenticationServiceFacts.cs
@@ -15,6 +15,8 @@
 using NuGetGallery.Auditing;
 using NuGetGallery.Authentication.Providers;
 using NuGetGallery.Authentication.Providers.MicrosoftAccount;
+using NuGetGallery.Configuration;
+using NuGetGallery.Diagnostics;
 using NuGetGallery.Framework;
 using NuGetGallery.Infrastructure.Authentication;
 using Xunit;
@@ -2071,6 +2073,51 @@ public async Task WritesAuditRecordForTheNewCredential()
                     ar.AffectedCredential[0].Type == cred.Type &&
                     ar.AffectedCredential[0].Identity == cred.Identity));
             }
+
+            [Fact]
+            public async Task WritesAuditRecordAfterDbCommit()
+            {
+                // Arrange
+                var entitiesContext = new Mock<IEntitiesContext>();
+                var auditingService = new Mock<IAuditingService>();
+                var credentialBuilder = new CredentialBuilder();
+
+                var authService = new AuthenticationService(
+                    entitiesContext.Object,
+                    Get<IAppConfiguration>(),
+                    Get<IDiagnosticsService>(),
+                    auditingService.Object,
+                    Enumerable.Empty<Authenticator>(),
+                    credentialBuilder,
+                    Get<ICredentialValidator>(),
+                    Get<IDateTimeProvider>(),
+                    Get<ITelemetryService>(),
+                    Get<IContentObjectService>(),
+                    Get<IFeatureFlagService>());
+                var operations = new List<string>();
+
+                var fakes = Get<Fakes>();
+                var user = fakes.CreateUser("test", credentialBuilder.CreatePasswordCredential(Fakes.Password));
+                var cred = credentialBuilder.CreateExternalCredential("flarg", "glarb", "blarb");
+                Mock
+                    .Get(authService.Auditing)
+                    .Setup(x => x.SaveAuditRecordAsync(It.IsAny<AuditRecord>()))
+                    .Returns(Task.CompletedTask)
+                    .Callback(() => operations.Add(nameof(IAuditingService.SaveAuditRecordAsync)));
+                Mock
+                    .Get(authService.Entities)
+                    .Setup(x => x.SaveChangesAsync())
+                    .ReturnsAsync(() => 0)
+                    .Callback(() => operations.Add(nameof(IEntitiesContext.SaveChangesAsync)));
+
+                // Act
+                await authService.AddCredential(user, cred);
+
+                // Assert
+                Assert.Equal(
+                    new List<string> { nameof(IEntitiesContext.SaveChangesAsync), nameof(IAuditingService.SaveAuditRecordAsync) },
+                    operations);
+            }
         }
 
         public class TheDescribeCredentialMethod : TestContainer
diff --git a/tests/NuGetGallery.Facts/Services/PackageMetadataValidationServiceFacts.cs b/tests/NuGetGallery.Facts/Services/PackageMetadataValidationServiceFacts.cs
index 85b2f208e0..24599eb16e 100644
--- a/tests/NuGetGallery.Facts/Services/PackageMetadataValidationServiceFacts.cs
+++ b/tests/NuGetGallery.Facts/Services/PackageMetadataValidationServiceFacts.cs
@@ -1500,8 +1500,8 @@ public async Task WarnsAboutPackagesWithoutReadmeWhenDisplayUploadWarningV2Enabl
                 Assert.Null(result.Message);
                 var warning = Assert.Single(result.Warnings);
                 Assert.IsType<UploadPackageMissingReadme>(warning);
-                Assert.StartsWith("Readme missing. Go to https://learn.microsoft.com/en-us/nuget/create-packages/package-authoring-best-practices#readme learn How to include a readme file within the package.", warning.PlainTextMessage);
-                Assert.StartsWith("<strong>Readme</strong> missing.<a href=\"https://learn.microsoft.com/en-us/nuget/create-packages/package-authoring-best-practices#readme\"> See how to include a readme file within the package</a>, or add it as you upload.", warning.RawHtmlMessage);
+                Assert.StartsWith("Readme missing. Go to https://learn.microsoft.com/nuget/create-packages/package-authoring-best-practices#readme learn How to include a readme file within the package.", warning.PlainTextMessage);
+                Assert.StartsWith("<strong>Readme</strong> missing.<a href=\"https://learn.microsoft.com/nuget/create-packages/package-authoring-best-practices#readme\"> See how to include a readme file within the package</a>, or add it as you upload.", warning.RawHtmlMessage);
             }
 
             [Fact]
@@ -1527,8 +1527,8 @@ public async Task WarnsAboutPackagesWithoutWhenEmbeddedReadmeNotEnabledAndDispla
                 Assert.Null(result.Message);
                 var warning = Assert.Single(result.Warnings);
                 Assert.IsType<UploadPackageMissingReadme>(warning);
-                Assert.StartsWith("Readme missing. Go to https://learn.microsoft.com/en-us/nuget/create-packages/package-authoring-best-practices#readme learn How to include a readme file within the package.", warning.PlainTextMessage);
-                Assert.StartsWith("<strong>Readme</strong> missing.<a href=\"https://learn.microsoft.com/en-us/nuget/create-packages/package-authoring-best-practices#readme\"> See how to include a readme file within the package</a>, or add it as you upload.", warning.RawHtmlMessage);
+                Assert.StartsWith("Readme missing. Go to https://learn.microsoft.com/nuget/create-packages/package-authoring-best-practices#readme learn How to include a readme file within the package.", warning.PlainTextMessage);
+                Assert.StartsWith("<strong>Readme</strong> missing.<a href=\"https://learn.microsoft.com/nuget/create-packages/package-authoring-best-practices#readme\"> See how to include a readme file within the package</a>, or add it as you upload.", warning.RawHtmlMessage);
             }
 
             private async Task<PackageValidationResult> ValidatePackageWithReadme(string readmePath, byte[] readmeFileData)