diff --git a/.gitignore b/.gitignore
index 3b4f66b7..aeec055a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -12,7 +12,10 @@ pom.xml.versionsBackup
 /Bundle/target/
 /lib/
 /Server/src/logs/
+/Server/src/config/config.xml
 /Server/src/test/resources/config/
+/Server/s.bat
+/Server/src/bin/c.bat
 **/.DS_Store
 **/.settings
 **/*.class
diff --git a/Server/s.bat b/Server/s.bat
new file mode 100644
index 00000000..73cc28e7
--- /dev/null
+++ b/Server/s.bat
@@ -0,0 +1,2 @@
+cd target\dist\bin
+start-openas2.bat
diff --git a/Server/src/bin/c.bat b/Server/src/bin/c.bat
new file mode 100644
index 00000000..43e1e801
--- /dev/null
+++ b/Server/src/bin/c.bat
@@ -0,0 +1,2 @@
+cd ..\..
+mvn clean package -DskipTests
diff --git a/Server/src/config/config.xml b/Server/src/config/config.xml
deleted file mode 100644
index a242e8d6..00000000
--- a/Server/src/config/config.xml
+++ /dev/null
@@ -1,219 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<openas2>
-   <properties config.dir="%home%"
-               storageBaseDir="%home%/../data"
-               partnership_file="%home%/partnerships.xml"
-               log_date_format="yyyy-MM-dd HH:mm:ss.SSS"
-               sql_timestamp_format="yyyy-MM-dd HH:mm:ss.SSS"
-               as2_message_id_format="$date.yyyyMMddHHmmssZ$-$rand.123$-$msg.sender.as2_id$_$msg.receiver.as2_id$_$msg.attributes.filename$"
-               as2_receive_message_filename_fallback="$rand.shortUUID$"
-               as2_async_mdn_url="http://localhost:$properties.async_mdn_receiver_port$"
-               as2_keystore="%home%/as2_certs.p12"
-               as2_keystore_password="testas2"
-               as2_keystore.refresh_interval="300"
-               ssl_trust_keystore.enabled="false"
-               ssl_trust_keystore="%home%/ssl_trust_certs.p12"
-               ssl_trust_keystore_password="testas2"
-               ssl_trust_keystore.refresh_interval="300"
-               ssl_keystore="%home%/ssl_certs.jks"
-               ssl_keystore_password="testas2"
-               console.command.processor.enabled="false"
-               restapi.command.processor.enabled="false"
-               restapi.command.processor.baseuri="http://localhost:8080"
-               restapi.command.processor.userid="userID"
-               restapi.command.processor.password="pWd"
-               processor.resend_max_retries="5"
-               module.AS2SenderModule.enabled="true"
-               module.AS2SenderModule.readtimeout="60000"
-               module.MDNSenderModule.enabled="true"
-               module.DbTrackingModule.enabled="true"
-               module.MDNFileModule.enabled="true"
-               module.MDNFileModule.filename="$properties.storageBaseDir$/$mdn.msg.sender.as2_id$-$mdn.msg.receiver.as2_id$/mdn/$date.yyyy-MM-dd$/$mdn.msg.headers.message-id$"
-               module.MDNFileModule.tempdir="$properties.storageBaseDir$/temp"
-               module.MessageFileModule.enabled="true"
-               module.MessageFileModule.filename="$properties.storageBaseDir$/$msg.sender.as2_id$-$msg.receiver.as2_id$/inbox/$msg.headers.message-id$"
-               module.MessageFileModule.header="$properties.storageBaseDir$/$msg.sender.as2_id$-$msg.receiver.as2_id$/msgheaders/$date.yyyy-MM-dd$/$msg.headers.message-id$"
-               module.MessageFileModule.tempdir="$properties.storageBaseDir$/temp"
-               module.DirectoryResenderModule.enabled="true"
-               module.DirectoryResenderModule.resenddelay="60"
-               module.AS2ReceiverModule.http.enabled="true"
-               module.AS2ReceiverModule.http.port="10080"
-               module.AS2MDNReceiverModule.http.enabled="true"
-               module.AS2MDNReceiverModule.http.port="10081"
-               module.AS2ReceiverModule.https.enabled="false"
-               module.AS2ReceiverModule.https.port="10443"
-               module.AS2MDNReceiverModule.https.enabled="false"
-               module.AS2MDNReceiverModule.https.port="10444"
-               module.HealthCheckModule.enabled="false"
-               module.HealthCheckModule.protocol="http"
-               module.HealthCheckModule.address="localhost"
-               module.HealthCheckModule.port="10099"
-               module.HealthCheckModule.keystore="$properties.ssl_keystore$"
-               module.HealthCheckModule.keystore_password="$properties.ssl_keystore_password$"
-               async_mdn_receiver_port="$properties.module.AS2MDNReceiverModule.http.port$"
-               jakarta.mail.properties.file="%home%/java.mail.properties"
-               email.from="Open AS2 Server&lt;as2msgs@openas2.org&gt;"
-               email.to="your email address"
-               email.smtpserver="mail.openas2.org"
-               email.smtpport="25"
-               email.smtpauth="true"
-               email.smtpuser="mySmtpUserId"
-               email.smtppwd="mySmtpPwd"
-               email.subject="$exception.name$: $exception.message$"
-               email.bodytemplate="%home%/emailtemplate.txt"
-               msg_tracking.use_embedded_db="true"
-               msg_tracking.force_load_jdbc_driver="false"
-               msg_tracking.db_user="sa"
-               msg_tracking.db_pwd="OpenAS2"
-               msg_tracking.db_name="openas2"
-               msg_tracking.table_name="msg_metadata"
-               msg_tracking.db_directory="%home%/DB"
-               msg_tracking.jdbc_driver="org.h2.Driver"
-               msg_tracking.jdbc_connect_string="jdbc:h2:$component.db_directory$/$component.db_name$"
-               msg_tracking.sql_escape_character="'"
-               msg_tracking.tcp_server_start="true"
-               msg_tracking.tcp_server_port="9092"
-               msg_tracking.tcp_server_password="openas2"
-               reject_unsigned_messages="false"
-               pollerConfigBase.outboxdir="$properties.storageBaseDir$/outbox/$partnership.receiver.as2_id$"
-               pollerConfigBase.errordir="$properties.storageBaseDir$/outbox/error/$date.YYYY$-$date.MM$-$date.dd$/$partnership.receiver.as2_id$"
-               pollerConfigBase.interval="5"
-               pollerConfigBase.defaults="sender.as2_id=$partnership.sender.as2_id$, receiver.as2_id=$partnership.receiver.as2_id$"
-               pollerConfigBase.sendfilename="true"
-               pollerConfigBase.mimetype="application/EDI-X12"
-               pollerConfigBase.process_files_in_paralllel="false"
-               pollerConfigBase.max_parallel_files="20"
-               partnerships.polling.interval="120"
-               messages.enabled="false"
-               messages.polling.interval="120"
-             />
-   <certificates classname="org.openas2.cert.PKCS12CertificateFactory"
-                 identifier="as2_certs"
-                 filename="$properties.as2_keystore$"
-                 password="$properties.as2_keystore_password$"
-                 interval="$properties.as2_keystore.refresh_interval$"/>
-   <certificates enabled="$properties.ssl_trust_keystore.enabled$"
-                 classname="org.openas2.cert.PKCS12CertificateFactory"
-                 identifier="ssl_trust_certs"
-                 filename="$properties.ssl_trust_keystore$"
-                 password="$properties.ssl_trust_keystore_password$"
-                 interval="$properties.ssl_trust_keystore.refresh_interval$"/>
-   <commands classname="org.openas2.cmd.XMLCommandRegistry"
-             filename="%home%/commands.xml"/>
-   <commandProcessors>
-      <commandProcessor classname="org.openas2.cmd.processor.StreamCommandProcessor"
-                        enabled="$properties.console.command.processor.enabled$"/>
-      <commandProcessor classname="org.openas2.cmd.processor.RestCommandProcessor"
-                        enabled="$properties.restapi.command.processor.enabled$"
-                        baseuri="$properties.restapi.command.processor.baseuri$"
-                        ssl_protocol="TLS"
-                        ssl_keystore="$properties.ssl_keystore$"
-                        ssl_keystore_password="$properties.ssl_keystore_password$"
-                        userid="$properties.restapi.command.processor.userid$" 
-                        password="$properties.restapi.command.processor.password$" />
-   </commandProcessors>
-   <processor classname="org.openas2.processor.DefaultProcessor"
-              pendingMDN="$properties.storageBaseDir$/pendingMDN3"
-              pendingMDNinfo="$properties.storageBaseDir$/pendinginfoMDN3"
-              resend_max_retries="$properties.processor.resend_max_retries$">
-      <module enabled="$properties.module.AS2SenderModule.enabled$"
-              classname="org.openas2.processor.sender.AS2SenderModule"
-              readtimeout="$properties.module.AS2SenderModule.readtimeout$" />
-      <module enabled="$properties.module.MDNSenderModule.enabled$"
-              classname="org.openas2.processor.sender.MDNSenderModule"/>
-      <!-- This directory polling module will parse the filename to get a sender, receiver and name of file to send to partner.
-		     For instance, a file named MyComapny_OID-PartnerB_OID-OrderID-745634.edi would be sent from MyCompany to PartnerB.
-		     The name of the file sent to the partner will be "OrderID-745634.edi" -->
-      <!--
-      <module classname="org.openas2.processor.receiver.AS2DirectoryPollingModule"
-              outboxdir="$properties.storageBaseDir$/toAny"
-              errordir="$properties.storageBaseDir$/toAny/error"
-              interval="5"
-              delimiters="-"
-              mergeextratokens="true"
-              sendfilename="true"
-              format="sender.as2_id, receiver.as2_id, attributes.filename"
-              mimetype="application/EDI-X12"/>
-      -->
-      <module enabled="$properties.module.DbTrackingModule.enabled$"
-              classname="org.openas2.processor.msgtracking.DbTrackingModule"
-              use_embedded_db="$properties.msg_tracking.use_embedded_db$"
-              force_load_jdbc_driver="$properties.msg_tracking.force_load_jdbc_driver$"
-              db_user="$properties.msg_tracking.db_user$"
-              db_pwd="$properties.msg_tracking.db_pwd$"
-              db_name="$properties.msg_tracking.db_name$"
-              table_name="$properties.msg_tracking.table_name$"
-              db_directory="$properties.msg_tracking.db_directory$"
-              jdbc_driver="$properties.msg_tracking.jdbc_driver$"
-              jdbc_connect_string="$properties.msg_tracking.jdbc_connect_string$"
-              sql_escape_character="$properties.msg_tracking.sql_escape_character$"
-              tcp_server_start="$properties.msg_tracking.tcp_server_start$"
-              tcp_server_port="$properties.msg_tracking.tcp_server_port$"
-              tcp_server_password="$properties.msg_tracking.tcp_server_password$"/>
-      <module enabled="$properties.module.MDNFileModule.enabled$"
-              classname="org.openas2.processor.storage.MDNFileModule"
-              filename="$properties.module.MDNFileModule.filename$"
-              protocol="as2"
-              tempdir="$properties.module.MDNFileModule.tempdir$"/>
-      <module enabled="$properties.module.MessageFileModule.enabled$"
-              classname="org.openas2.processor.storage.MessageFileModule"
-              filename="$properties.module.MessageFileModule.filename$"
-              header="$properties.module.MessageFileModule.header$"
-              protocol="as2"
-              tempdir="$properties.module.MessageFileModule.tempdir$"/>
-      <module enabled="$properties.module.AS2ReceiverModule.http.enabled$"
-              classname="org.openas2.processor.receiver.AS2ReceiverModule"
-              port="$properties.module.AS2ReceiverModule.http.port$"
-              errordir="$properties.storageBaseDir$/inbox/error"
-              errorformat="sender.as2_id, receiver.as2_id, headers.message-id"/>
-      <module enabled="$properties.module.AS2ReceiverModule.https.enabled$"
-              classname="org.openas2.processor.receiver.AS2ReceiverModule"
-              port="$properties.module.AS2ReceiverModule.https.port$"
-              protocol="https"
-              ssl_protocol="TLS"
-              ssl_keystore="$properties.ssl_keystore$"
-              ssl_keystore_password="$properties.ssl_keystore_password$"
-              errordir="$properties.storageBaseDir$/inbox/error"
-              errorformat="sender.as2_id, receiver.as2_id, headers.message-id"/>
-      <module enabled="$properties.module.AS2MDNReceiverModule.http.enabled$"
-              classname="org.openas2.processor.receiver.AS2MDNReceiverModule"
-              port="$properties.async_mdn_receiver_port$"/>
-      <module enabled="$properties.module.AS2MDNReceiverModule.https.enabled$"
-              classname="org.openas2.processor.receiver.AS2MDNReceiverModule"
-              port="$properties.module.AS2MDNReceiverModule.https.port$"
-              protocol="https"
-              ssl_protocol="TLS"
-              ssl_keystore="$properties.ssl_keystore$"
-              ssl_keystore_password="$properties.ssl_keystore_password$"/>
-      <module enabled="$properties.module.DirectoryResenderModule.enabled$"
-              classname="org.openas2.processor.resender.DirectoryResenderModule"
-              resenddir="$properties.storageBaseDir$/resend"
-              errordir="$properties.storageBaseDir$/resend/error"
-              resenddelay="$properties.module.DirectoryResenderModule.resenddelay$"/>
-      <module enabled="$properties.module.HealthCheckModule.enabled$"
-              classname="org.openas2.processor.receiver.HealthCheckModule"
-              protocol="$properties.module.HealthCheckModule.protocol"
-              address="$properties.module.HealthCheckModule.address$"
-              port="$properties.module.HealthCheckModule.port$"
-              ssl_keystore="$properties.ssl_keystore$"
-              ssl_keystore_password="$properties.ssl_keystore_password$"/>
-   </processor>
-   <!-- The pollerConfigBase provides the base config for the partnership directory pollers. It must be placed at the top of the file -->
-   <pollerConfigBase classname="org.openas2.processor.receiver.AS2DirectoryPollingModule"
-           outboxdir="$properties.pollerConfigBase.outboxdir$"
-           errordir="$properties.pollerConfigBase.errordir$"
-           interval="$properties.pollerConfigBase.interval$"
-           defaults="$properties.pollerConfigBase.defaults$"
-           sendfilename="$properties.pollerConfigBase.sendfilename$"
-           mimetype="$properties.pollerConfigBase.mimetype$"
-           process_files_in_paralllel="$properties.pollerConfigBase.process_files_in_paralllel$"
-           max_parallel_files="$properties.pollerConfigBase.max_parallel_files$"/>
-   <partnerships classname="org.openas2.partner.XMLPartnershipFactory"
-                 filename="$properties.partnership_file$"
-                 interval="$properties.partnerships.polling.interval$"/>
-
-   <messages enabled="$properties.messages.enabled$"
-             classname="org.openas2.message.XMLMessageFactory"
-             filename="%home%/messages.xml"
-             interval="$properties.messages.polling.interval$"/>
-</openas2>
diff --git a/Server/src/main/java/org/openas2/cmd/processor/restapi/ApiResource.java b/Server/src/main/java/org/openas2/cmd/processor/restapi/ApiResource.java
index a5bf91a2..5ed1de48 100644
--- a/Server/src/main/java/org/openas2/cmd/processor/restapi/ApiResource.java
+++ b/Server/src/main/java/org/openas2/cmd/processor/restapi/ApiResource.java
@@ -5,30 +5,22 @@
  */
 package org.openas2.cmd.processor.restapi;
 
+import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.fasterxml.jackson.databind.SerializationFeature;
+import jakarta.ws.rs.*;
 import org.openas2.cert.AliasedCertificateFactory;
 import org.openas2.cert.CertificateFactory;
 import org.openas2.cmd.CommandResult;
 import org.openas2.cmd.processor.RestCommandProcessor;
+import org.openas2.Session;
+import org.openas2.util.Properties;
 
 import jakarta.annotation.security.RolesAllowed;
-import jakarta.ws.rs.Consumes;
 
-import jakarta.ws.rs.DefaultValue;
 
-
-import jakarta.ws.rs.GET;
-import jakarta.ws.rs.Path;
-import jakarta.ws.rs.Produces;
 import jakarta.ws.rs.core.MediaType;
-import jakarta.ws.rs.POST;
-import jakarta.ws.rs.PUT;
-import jakarta.ws.rs.DELETE;
-import jakarta.ws.rs.HEAD;
-
 
-import jakarta.ws.rs.PathParam;
 
 import jakarta.ws.rs.core.Context;
 
@@ -37,15 +29,26 @@
 import jakarta.ws.rs.core.Response;
 import jakarta.ws.rs.core.UriInfo;
 import java.io.ByteArrayInputStream;
+import java.io.File;
+import java.io.StringWriter;
 import java.security.cert.Certificate;
 import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.Base64;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.List;
+import java.util.*;
+
 import org.slf4j.LoggerFactory;
+import org.w3c.dom.Document;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.transform.Transformer;
+import javax.xml.transform.TransformerFactory;
+import javax.xml.transform.dom.DOMSource;
+import javax.xml.transform.stream.StreamResult;
+import javax.xml.xpath.XPathConstants;
+import javax.xml.xpath.XPathExpression;
+import javax.xml.xpath.XPathFactory;
 
 /**
  * @author javier
@@ -73,9 +76,9 @@ public static void setProcessor(RestCommandProcessor aProcessor) {
     @Context
     Request request;
     private final ObjectMapper mapper;
-    
+
     public ApiResource() {
-                
+
         mapper = new ObjectMapper();
         // enable pretty printing
         mapper.enable(SerializationFeature.INDENT_OUTPUT);
@@ -220,6 +223,75 @@ public Response headCommand(@PathParam("param") String command) {
         return Response.status(200).build();
     }
 
+    @GET
+    @RolesAllowed({"ADMIN"})
+    @Path("/getPropertyList")
+    @Produces(MediaType.APPLICATION_JSON)
+    public Response getPropertyList() {
+        Map<String, String> result = new HashMap<>();
+        result = (Map<String,String>) Properties.getProperties();
+
+        ObjectMapper om = new ObjectMapper();
+        try {
+            String js = om.writeValueAsString(result);
+            return Response.ok(js, MediaType.APPLICATION_JSON).build();
+        } catch (JsonProcessingException e) {
+             return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity("error").type(MediaType.APPLICATION_JSON).build();
+        }
+    }
+
+    @GET
+    @RolesAllowed({"ADMIN"})
+    @Path("/getXml")
+    @Produces(MediaType.APPLICATION_XML)
+    public Response getXml(@QueryParam("filename") String filename, @QueryParam("xpath") String xpathExpression) {
+        Session session = getProcessor().getSession();
+        String filePath = session.getBaseDirectory() + '\\' + filename;
+        try {
+            NodeList nodeList = getNodes(filePath, xpathExpression);
+            DocumentBuilder db = DocumentBuilderFactory.newInstance().newDocumentBuilder();
+            Document resultDocument = db.newDocument();
+            for (int i = 0; i < nodeList.getLength(); i++) {
+                Node importedNode = resultDocument.importNode(nodeList.item(i), true);
+                resultDocument.appendChild(importedNode);
+            }
+            StringWriter stringWriter = new StringWriter();    // Convert the XML document to a string
+            TransformerFactory transformerFactory = TransformerFactory.newInstance();
+            Transformer transformer = transformerFactory.newTransformer();
+            transformer.transform(new DOMSource(resultDocument), new StreamResult(stringWriter));
+            String xmlContent = stringWriter.toString();
+            return Response.ok(xmlContent, MediaType.APPLICATION_XML).build();
+        } catch (Exception exception) {
+            return Response.serverError().entity("error").type(MediaType.APPLICATION_JSON).build();
+        }
+    }
+    private NodeList getNodes(String xmlFileName, String xpathExpression) {
+        NodeList nodeList = null;
+        try {
+            DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
+
+            // === XXE Protection ===
+            dbf.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
+            dbf.setFeature("http://xml.org/sax/features/external-general-entities", false);
+            dbf.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
+            dbf.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);
+            dbf.setXIncludeAware(false);
+            dbf.setExpandEntityReferences(false);
+
+            DocumentBuilder db = dbf.newDocumentBuilder();
+            File file = new File(xmlFileName);
+            Document document = db.parse(file);
+
+            XPathExpression xPathExpr = XPathFactory.newInstance().newXPath().compile(xpathExpression);
+            nodeList = (NodeList) xPathExpr.evaluate(document, XPathConstants.NODESET);
+
+        } catch (Exception ex) {
+            LoggerFactory.getLogger(ApiResource.class.getName()).error("Error parsing XML file: " + xmlFileName, ex);
+            // return null on error
+        }
+        return nodeList;
+    }
+
     private CommandResult importCertificateByStream(String itemId, MultivaluedMap<String, String> formParams) throws Exception {
         try {
             List<String> params = new ArrayList<String>();