diff --git a/autotests/folding/systemd-unit.service.fold b/autotests/folding/systemd-unit.service.fold
index 7c80348cf4f221992488d783ea509257e3e85dca..acfa52d91a845d32455725daf8b74e888df4947c 100644
--- a/autotests/folding/systemd-unit.service.fold
+++ b/autotests/folding/systemd-unit.service.fold
@@ -85,6 +85,12 @@ USBFunctionDescriptors = /some/absolute/path
 USBFunctionStrings = /some/absolute/path
 OOMPolicy = stop
 
+## from systemd.exec
+ExecPaths = some/path some/other/path
+ExtensionImages = /source/path
+IPCNamespacePath = /some/absolute/path
+NoExecPaths = some/path some/other/path
+PrivateIPC = false
 ## from systemd.exec Paths
 WorkingDirectory = ~
 RootDirectory = /some/path
@@ -281,7 +287,7 @@ Delegate = bpf-firewall
 DisableControllers = cpu io
 ManagedOOMSwap = auto
 ManagedOOMMemoryPressure = kill
-ManagedOOMMemoryPressureLimitPercent = 50%
+ManagedOOMMemoryPressureLimit = 50%
 
 
 <endfold id='1'></endfold id='1'><beginfold id='1'>[Slice]</beginfold id='1'>
@@ -981,6 +987,7 @@ ConditionCapability = CAP_AUDIT_CONTROL
 ConditionCapability = CAP_AUDIT_READ
 ConditionCapability = CAP_AUDIT_WRITE
 ConditionCapability = CAP_BLOCK_SUSPEND
+ConditionCapability = CAP_CHECKPOINT_RESTORE
 ConditionCapability = CAP_CHOWN
 ConditionCapability = CAP_DAC_OVERRIDE
 ConditionCapability = CAP_DAC_READ_SEARCH
@@ -1125,6 +1132,8 @@ AssertControlGroupController = cpuacct
 AssertControlGroupController = devices
 AssertControlGroupController = io
 AssertControlGroupController = memory
+AssertControlGroupController = v1
+AssertControlGroupController = v2
 ## invalid values
 AssertControlGroupController = invalid
 AssertControlGroupController = bpf-firewall
@@ -1167,6 +1176,65 @@ CPUAffinity = numa 0 1 2
 CPUAffinity = 0 1 2 numa
 
 
+###### cpu feature
+<endfold id='1'></endfold id='1'><beginfold id='1'>[Unit]</beginfold id='1'>
+ConditionCPUFeature = abm
+ConditionCPUFeature = adx
+ConditionCPUFeature = aes
+ConditionCPUFeature = apic
+ConditionCPUFeature = avx
+ConditionCPUFeature = avx2
+ConditionCPUFeature = bmi1
+ConditionCPUFeature = bmi2
+ConditionCPUFeature = clflush
+ConditionCPUFeature = cmov
+ConditionCPUFeature = constant_tsc
+ConditionCPUFeature = cx16
+ConditionCPUFeature = cx8
+ConditionCPUFeature = de
+ConditionCPUFeature = f16c
+ConditionCPUFeature = fma3
+ConditionCPUFeature = fpu
+ConditionCPUFeature = fxsr
+ConditionCPUFeature = ht
+ConditionCPUFeature = lahf_lm
+ConditionCPUFeature = lm
+ConditionCPUFeature = mca
+ConditionCPUFeature = mce
+ConditionCPUFeature = mmx
+ConditionCPUFeature = monitor
+ConditionCPUFeature = movbe
+ConditionCPUFeature = msr
+ConditionCPUFeature = mtrr
+ConditionCPUFeature = osxsave
+ConditionCPUFeature = pae
+ConditionCPUFeature = pat
+ConditionCPUFeature = pclmul
+ConditionCPUFeature = pge
+ConditionCPUFeature = pni
+ConditionCPUFeature = popcnt
+ConditionCPUFeature = pse
+ConditionCPUFeature = pse36
+ConditionCPUFeature = rdrand
+ConditionCPUFeature = rdseed
+ConditionCPUFeature = rdtscp
+ConditionCPUFeature = sep
+ConditionCPUFeature = sha_ni
+ConditionCPUFeature = sse
+ConditionCPUFeature = sse2
+ConditionCPUFeature = sse4_1
+ConditionCPUFeature = sse4_2
+ConditionCPUFeature = ssse3
+ConditionCPUFeature = syscall
+ConditionCPUFeature = tsc
+ConditionCPUFeature = vme
+ConditionCPUFeature = xsave
+## invalid values
+ConditionCPUFeature = invalid
+# multiple values
+ConditionCPUFeature = tsc mmx
+
+
 ###### cpu index list
 <endfold id='1'></endfold id='1'><beginfold id='1'>[Service]</beginfold id='1'>
 NUMAMask = 0 1 2
@@ -1283,7 +1351,7 @@ ExecStart = /some/cmd %u arg $var1 inside${var2}word ${var3} $var4
 ExecStart = cmd1 %h arg1_1 $var1, cmd2 %u arg2_1 $var2_1\
   $var2_2
 # escapes (not exactly the same as detected by HlCStringChar)
-ExecStart = cmd \, \' \" \\ \a \b \f \n \r \s \t \v \x0A \012
+ExecStart = cmd \, \' \" \\ \a \b \f \n \r \s \t \v \x0A \012 \u1234 \U12abcdef
 # prefix
 ExecStart = @/some/cmd arg "@!+-:"
 ExecStart = -/some/cmd-1 -option arg
@@ -1320,6 +1388,7 @@ SuccessExitStatus = CONFIG
 SuccessExitStatus = CONFIGURATION_DIRECTORY
 SuccessExitStatus = CONFIRM
 SuccessExitStatus = CPUAFFINITY
+SuccessExitStatus = CREDENTIALS
 SuccessExitStatus = DATAERR
 SuccessExitStatus = EXCEPTION
 SuccessExitStatus = EXEC
@@ -1822,6 +1891,17 @@ ManagedOOMSwap = invalid
 ManagedOOMSwap = auto kill
 
 
+###### oom preference (out-of-memory killer preference)
+<endfold id='1'></endfold id='1'><beginfold id='1'>[Service]</beginfold id='1'>
+ManagedOOMPreference = avoid
+ManagedOOMPreference = none
+ManagedOOMPreference = omit
+## invalid values
+ManagedOOMPreference = invalid
+# multiple values
+ManagedOOMPreference = avoid none
+
+
 ###### oom policy (out-of-memory killer policy)
 <endfold id='1'></endfold id='1'><beginfold id='1'>[Service]</beginfold id='1'>
 OOMPolicy = continue
@@ -1966,6 +2046,7 @@ ConditionSecurity = ima
 ConditionSecurity = selinux
 ConditionSecurity = smack
 ConditionSecurity = tomoyo
+ConditionSecurity = tpm2
 ConditionSecurity = uefi-secureboot
 ## invalid values
 ConditionSecurity = invalid
@@ -2085,6 +2166,7 @@ StandardOutput = kmsg
 StandardOutput = kmsg+console
 StandardOutput = null
 StandardOutput = socket
+StandardOutput = truncate:/some/absolute/path
 StandardOutput = tty
 ## invalid values
 StandardOutput = invalid
diff --git a/autotests/html/systemd-unit.service.dark.html b/autotests/html/systemd-unit.service.dark.html
index 9af1f3ba1dad050a1eabbe8ddc7b95ee2e47d92f..f7d3965f6190ade92d1123859312b2a69f9ccad1 100644
--- a/autotests/html/systemd-unit.service.dark.html
+++ b/autotests/html/systemd-unit.service.dark.html
@@ -91,6 +91,12 @@
 <span style="color:#2980b9;">USBFunctionStrings</span> = /some/absolute/path
 <span style="color:#2980b9;">OOMPolicy</span> = <span style="color:#27aeae;font-weight:bold;">stop</span>
 
+<span style="color:#7a7c7d;">## from systemd.exec</span>
+<span style="color:#2980b9;">ExecPaths</span> = some/path some/other/path
+<span style="color:#2980b9;">ExtensionImages</span> = /source/path
+<span style="color:#2980b9;">IPCNamespacePath</span> = /some/absolute/path
+<span style="color:#2980b9;">NoExecPaths</span> = some/path some/other/path
+<span style="color:#2980b9;">PrivateIPC</span> = <span style="color:#27aeae;font-weight:bold;">false</span>
 <span style="color:#7a7c7d;">## from systemd.exec Paths</span>
 <span style="color:#2980b9;">WorkingDirectory</span> = <span style="color:#3daee9;">~</span>
 <span style="color:#2980b9;">RootDirectory</span> = /some/path
@@ -287,7 +293,7 @@
 <span style="color:#2980b9;">DisableControllers</span> = <span style="color:#27aeae;font-weight:bold;">cpu</span> <span style="color:#27aeae;font-weight:bold;">io</span>
 <span style="color:#2980b9;">ManagedOOMSwap</span> = <span style="color:#27aeae;font-weight:bold;">auto</span>
 <span style="color:#2980b9;">ManagedOOMMemoryPressure</span> = <span style="color:#27aeae;font-weight:bold;">kill</span>
-<span style="color:#2980b9;">ManagedOOMMemoryPressureLimitPercent</span> = <span style="color:#f67400;">50</span><span style="font-style:italic;">%</span>
+<span style="color:#2980b9;">ManagedOOMMemoryPressureLimit</span> = <span style="color:#f67400;">50</span><span style="font-style:italic;">%</span>
 
 
 <span style="font-weight:bold;">[Slice]</span>
@@ -987,6 +993,7 @@ WantedBy = some.service some.socket
 <span style="color:#2980b9;">ConditionCapability</span> = <span style="color:#27aeae;font-weight:bold;">CAP_AUDIT_READ</span>
 <span style="color:#2980b9;">ConditionCapability</span> = <span style="color:#27aeae;font-weight:bold;">CAP_AUDIT_WRITE</span>
 <span style="color:#2980b9;">ConditionCapability</span> = <span style="color:#27aeae;font-weight:bold;">CAP_BLOCK_SUSPEND</span>
+<span style="color:#2980b9;">ConditionCapability</span> = <span style="color:#27aeae;font-weight:bold;">CAP_CHECKPOINT_RESTORE</span>
 <span style="color:#2980b9;">ConditionCapability</span> = <span style="color:#27aeae;font-weight:bold;">CAP_CHOWN</span>
 <span style="color:#2980b9;">ConditionCapability</span> = <span style="color:#27aeae;font-weight:bold;">CAP_DAC_OVERRIDE</span>
 <span style="color:#2980b9;">ConditionCapability</span> = <span style="color:#27aeae;font-weight:bold;">CAP_DAC_READ_SEARCH</span>
@@ -1131,6 +1138,8 @@ WantedBy = some.service some.socket
 <span style="color:#2980b9;">AssertControlGroupController</span> = <span style="color:#27aeae;font-weight:bold;">devices</span>
 <span style="color:#2980b9;">AssertControlGroupController</span> = <span style="color:#27aeae;font-weight:bold;">io</span>
 <span style="color:#2980b9;">AssertControlGroupController</span> = <span style="color:#27aeae;font-weight:bold;">memory</span>
+<span style="color:#2980b9;">AssertControlGroupController</span> = <span style="color:#27aeae;font-weight:bold;">v1</span>
+<span style="color:#2980b9;">AssertControlGroupController</span> = <span style="color:#27aeae;font-weight:bold;">v2</span>
 <span style="color:#7a7c7d;">## invalid values</span>
 <span style="color:#2980b9;">AssertControlGroupController</span> = invalid
 <span style="color:#2980b9;">AssertControlGroupController</span> = bpf-firewall
@@ -1173,6 +1182,65 @@ WantedBy = some.service some.socket
 <span style="color:#2980b9;">CPUAffinity</span> = <span style="color:#f67400;">0</span> <span style="color:#f67400;">1</span> <span style="color:#f67400;">2</span> numa
 
 
+<span style="color:#7a7c7d;">###### cpu feature</span>
+<span style="font-weight:bold;">[Unit]</span>
+<span style="color:#2980b9;">ConditionCPUFeature</span> = <span style="color:#27aeae;font-weight:bold;">abm</span>
+<span style="color:#2980b9;">ConditionCPUFeature</span> = <span style="color:#27aeae;font-weight:bold;">adx</span>
+<span style="color:#2980b9;">ConditionCPUFeature</span> = <span style="color:#27aeae;font-weight:bold;">aes</span>
+<span style="color:#2980b9;">ConditionCPUFeature</span> = <span style="color:#27aeae;font-weight:bold;">apic</span>
+<span style="color:#2980b9;">ConditionCPUFeature</span> = <span style="color:#27aeae;font-weight:bold;">avx</span>
+<span style="color:#2980b9;">ConditionCPUFeature</span> = <span style="color:#27aeae;font-weight:bold;">avx2</span>
+<span style="color:#2980b9;">ConditionCPUFeature</span> = <span style="color:#27aeae;font-weight:bold;">bmi1</span>
+<span style="color:#2980b9;">ConditionCPUFeature</span> = <span style="color:#27aeae;font-weight:bold;">bmi2</span>
+<span style="color:#2980b9;">ConditionCPUFeature</span> = <span style="color:#27aeae;font-weight:bold;">clflush</span>
+<span style="color:#2980b9;">ConditionCPUFeature</span> = <span style="color:#27aeae;font-weight:bold;">cmov</span>
+<span style="color:#2980b9;">ConditionCPUFeature</span> = <span style="color:#27aeae;font-weight:bold;">constant_tsc</span>
+<span style="color:#2980b9;">ConditionCPUFeature</span> = <span style="color:#27aeae;font-weight:bold;">cx16</span>
+<span style="color:#2980b9;">ConditionCPUFeature</span> = <span style="color:#27aeae;font-weight:bold;">cx8</span>
+<span style="color:#2980b9;">ConditionCPUFeature</span> = <span style="color:#27aeae;font-weight:bold;">de</span>
+<span style="color:#2980b9;">ConditionCPUFeature</span> = <span style="color:#27aeae;font-weight:bold;">f16c</span>
+<span style="color:#2980b9;">ConditionCPUFeature</span> = <span style="color:#27aeae;font-weight:bold;">fma3</span>
+<span style="color:#2980b9;">ConditionCPUFeature</span> = <span style="color:#27aeae;font-weight:bold;">fpu</span>
+<span style="color:#2980b9;">ConditionCPUFeature</span> = <span style="color:#27aeae;font-weight:bold;">fxsr</span>
+<span style="color:#2980b9;">ConditionCPUFeature</span> = <span style="color:#27aeae;font-weight:bold;">ht</span>
+<span style="color:#2980b9;">ConditionCPUFeature</span> = <span style="color:#27aeae;font-weight:bold;">lahf_lm</span>
+<span style="color:#2980b9;">ConditionCPUFeature</span> = <span style="color:#27aeae;font-weight:bold;">lm</span>
+<span style="color:#2980b9;">ConditionCPUFeature</span> = <span style="color:#27aeae;font-weight:bold;">mca</span>
+<span style="color:#2980b9;">ConditionCPUFeature</span> = <span style="color:#27aeae;font-weight:bold;">mce</span>
+<span style="color:#2980b9;">ConditionCPUFeature</span> = <span style="color:#27aeae;font-weight:bold;">mmx</span>
+<span style="color:#2980b9;">ConditionCPUFeature</span> = <span style="color:#27aeae;font-weight:bold;">monitor</span>
+<span style="color:#2980b9;">ConditionCPUFeature</span> = <span style="color:#27aeae;font-weight:bold;">movbe</span>
+<span style="color:#2980b9;">ConditionCPUFeature</span> = <span style="color:#27aeae;font-weight:bold;">msr</span>
+<span style="color:#2980b9;">ConditionCPUFeature</span> = <span style="color:#27aeae;font-weight:bold;">mtrr</span>
+<span style="color:#2980b9;">ConditionCPUFeature</span> = <span style="color:#27aeae;font-weight:bold;">osxsave</span>
+<span style="color:#2980b9;">ConditionCPUFeature</span> = <span style="color:#27aeae;font-weight:bold;">pae</span>
+<span style="color:#2980b9;">ConditionCPUFeature</span> = <span style="color:#27aeae;font-weight:bold;">pat</span>
+<span style="color:#2980b9;">ConditionCPUFeature</span> = <span style="color:#27aeae;font-weight:bold;">pclmul</span>
+<span style="color:#2980b9;">ConditionCPUFeature</span> = <span style="color:#27aeae;font-weight:bold;">pge</span>
+<span style="color:#2980b9;">ConditionCPUFeature</span> = <span style="color:#27aeae;font-weight:bold;">pni</span>
+<span style="color:#2980b9;">ConditionCPUFeature</span> = <span style="color:#27aeae;font-weight:bold;">popcnt</span>
+<span style="color:#2980b9;">ConditionCPUFeature</span> = <span style="color:#27aeae;font-weight:bold;">pse</span>
+<span style="color:#2980b9;">ConditionCPUFeature</span> = <span style="color:#27aeae;font-weight:bold;">pse36</span>
+<span style="color:#2980b9;">ConditionCPUFeature</span> = <span style="color:#27aeae;font-weight:bold;">rdrand</span>
+<span style="color:#2980b9;">ConditionCPUFeature</span> = <span style="color:#27aeae;font-weight:bold;">rdseed</span>
+<span style="color:#2980b9;">ConditionCPUFeature</span> = <span style="color:#27aeae;font-weight:bold;">rdtscp</span>
+<span style="color:#2980b9;">ConditionCPUFeature</span> = <span style="color:#27aeae;font-weight:bold;">sep</span>
+<span style="color:#2980b9;">ConditionCPUFeature</span> = <span style="color:#27aeae;font-weight:bold;">sha_ni</span>
+<span style="color:#2980b9;">ConditionCPUFeature</span> = <span style="color:#27aeae;font-weight:bold;">sse</span>
+<span style="color:#2980b9;">ConditionCPUFeature</span> = <span style="color:#27aeae;font-weight:bold;">sse2</span>
+<span style="color:#2980b9;">ConditionCPUFeature</span> = <span style="color:#27aeae;font-weight:bold;">sse4_1</span>
+<span style="color:#2980b9;">ConditionCPUFeature</span> = <span style="color:#27aeae;font-weight:bold;">sse4_2</span>
+<span style="color:#2980b9;">ConditionCPUFeature</span> = <span style="color:#27aeae;font-weight:bold;">ssse3</span>
+<span style="color:#2980b9;">ConditionCPUFeature</span> = <span style="color:#27aeae;font-weight:bold;">syscall</span>
+<span style="color:#2980b9;">ConditionCPUFeature</span> = <span style="color:#27aeae;font-weight:bold;">tsc</span>
+<span style="color:#2980b9;">ConditionCPUFeature</span> = <span style="color:#27aeae;font-weight:bold;">vme</span>
+<span style="color:#2980b9;">ConditionCPUFeature</span> = <span style="color:#27aeae;font-weight:bold;">xsave</span>
+<span style="color:#7a7c7d;">## invalid values</span>
+<span style="color:#2980b9;">ConditionCPUFeature</span> = invalid
+<span style="color:#7a7c7d;"># multiple values</span>
+<span style="color:#2980b9;">ConditionCPUFeature</span> = <span style="color:#27aeae;font-weight:bold;">tsc</span> mmx
+
+
 <span style="color:#7a7c7d;">###### cpu index list</span>
 <span style="font-weight:bold;">[Service]</span>
 <span style="color:#2980b9;">NUMAMask</span> = <span style="color:#f67400;">0</span> <span style="color:#f67400;">1</span> <span style="color:#f67400;">2</span>
@@ -1289,7 +1357,7 @@ WantedBy = some.service some.socket
 <span style="color:#2980b9;">ExecStart</span> = cmd1 <span style="color:#3daee9;">%h</span> arg1_1 <span style="color:#27aeae;">$var1</span>, cmd2 <span style="color:#3daee9;">%u</span> arg2_1 <span style="color:#27aeae;">$var2_1</span><span style="color:#fdbc4b;font-weight:bold;">\</span>
   <span style="color:#27aeae;">$var2_2</span>
 <span style="color:#7a7c7d;"># escapes (not exactly the same as detected by HlCStringChar)</span>
-<span style="color:#2980b9;">ExecStart</span> = cmd <span style="color:#3daee9;">\,</span> <span style="color:#3daee9;">\'</span> <span style="color:#3daee9;">\&quot;</span> <span style="color:#3daee9;">\\</span> <span style="color:#3daee9;">\a</span> <span style="color:#3daee9;">\b</span> <span style="color:#3daee9;">\f</span> <span style="color:#3daee9;">\n</span> <span style="color:#3daee9;">\r</span> <span style="color:#3daee9;">\s</span> <span style="color:#3daee9;">\t</span> <span style="color:#3daee9;">\v</span> <span style="color:#3daee9;">\x0A</span> <span style="color:#3daee9;">\012</span>
+<span style="color:#2980b9;">ExecStart</span> = cmd <span style="color:#3daee9;">\,</span> <span style="color:#3daee9;">\'</span> <span style="color:#3daee9;">\&quot;</span> <span style="color:#3daee9;">\\</span> <span style="color:#3daee9;">\a</span> <span style="color:#3daee9;">\b</span> <span style="color:#3daee9;">\f</span> <span style="color:#3daee9;">\n</span> <span style="color:#3daee9;">\r</span> <span style="color:#3daee9;">\s</span> <span style="color:#3daee9;">\t</span> <span style="color:#3daee9;">\v</span> <span style="color:#3daee9;">\x0A</span> <span style="color:#3daee9;">\012</span> <span style="color:#3daee9;">\u1234</span> <span style="color:#3daee9;">\U12abcdef</span>
 <span style="color:#7a7c7d;"># prefix</span>
 <span style="color:#2980b9;">ExecStart</span> = <span style="color:#da4453;">@</span>/some/cmd arg &quot;@!+-:&quot;
 <span style="color:#2980b9;">ExecStart</span> = <span style="color:#da4453;">-</span>/some/cmd-1 -option arg
@@ -1326,6 +1394,7 @@ WantedBy = some.service some.socket
 <span style="color:#2980b9;">SuccessExitStatus</span> = <span style="color:#27aeae;font-weight:bold;">CONFIGURATION_DIRECTORY</span>
 <span style="color:#2980b9;">SuccessExitStatus</span> = <span style="color:#27aeae;font-weight:bold;">CONFIRM</span>
 <span style="color:#2980b9;">SuccessExitStatus</span> = <span style="color:#27aeae;font-weight:bold;">CPUAFFINITY</span>
+<span style="color:#2980b9;">SuccessExitStatus</span> = <span style="color:#27aeae;font-weight:bold;">CREDENTIALS</span>
 <span style="color:#2980b9;">SuccessExitStatus</span> = <span style="color:#27aeae;font-weight:bold;">DATAERR</span>
 <span style="color:#2980b9;">SuccessExitStatus</span> = <span style="color:#27aeae;font-weight:bold;">EXCEPTION</span>
 <span style="color:#2980b9;">SuccessExitStatus</span> = <span style="color:#27aeae;font-weight:bold;">EXEC</span>
@@ -1828,6 +1897,17 @@ WantedBy = some.service some.socket
 <span style="color:#2980b9;">ManagedOOMSwap</span> = <span style="color:#27aeae;font-weight:bold;">auto</span> kill
 
 
+<span style="color:#7a7c7d;">###### oom preference (out-of-memory killer preference)</span>
+<span style="font-weight:bold;">[Service]</span>
+<span style="color:#2980b9;">ManagedOOMPreference</span> = <span style="color:#27aeae;font-weight:bold;">avoid</span>
+<span style="color:#2980b9;">ManagedOOMPreference</span> = <span style="color:#27aeae;font-weight:bold;">none</span>
+<span style="color:#2980b9;">ManagedOOMPreference</span> = <span style="color:#27aeae;font-weight:bold;">omit</span>
+<span style="color:#7a7c7d;">## invalid values</span>
+<span style="color:#2980b9;">ManagedOOMPreference</span> = invalid
+<span style="color:#7a7c7d;"># multiple values</span>
+<span style="color:#2980b9;">ManagedOOMPreference</span> = <span style="color:#27aeae;font-weight:bold;">avoid</span> none
+
+
 <span style="color:#7a7c7d;">###### oom policy (out-of-memory killer policy)</span>
 <span style="font-weight:bold;">[Service]</span>
 <span style="color:#2980b9;">OOMPolicy</span> = <span style="color:#27aeae;font-weight:bold;">continue</span>
@@ -1972,6 +2052,7 @@ WantedBy = some.service some.socket
 <span style="color:#2980b9;">ConditionSecurity</span> = <span style="color:#27aeae;font-weight:bold;">selinux</span>
 <span style="color:#2980b9;">ConditionSecurity</span> = <span style="color:#27aeae;font-weight:bold;">smack</span>
 <span style="color:#2980b9;">ConditionSecurity</span> = <span style="color:#27aeae;font-weight:bold;">tomoyo</span>
+<span style="color:#2980b9;">ConditionSecurity</span> = <span style="color:#27aeae;font-weight:bold;">tpm2</span>
 <span style="color:#2980b9;">ConditionSecurity</span> = <span style="color:#27aeae;font-weight:bold;">uefi-secureboot</span>
 <span style="color:#7a7c7d;">## invalid values</span>
 <span style="color:#2980b9;">ConditionSecurity</span> = invalid
@@ -2091,6 +2172,7 @@ WantedBy = some.service some.socket
 <span style="color:#2980b9;">StandardOutput</span> = <span style="color:#27aeae;font-weight:bold;">kmsg+console</span>
 <span style="color:#2980b9;">StandardOutput</span> = <span style="color:#27aeae;font-weight:bold;">null</span>
 <span style="color:#2980b9;">StandardOutput</span> = <span style="color:#27aeae;font-weight:bold;">socket</span>
+<span style="color:#2980b9;">StandardOutput</span> = <span style="color:#27aeae;font-weight:bold;">truncate:</span>/some/absolute/path
 <span style="color:#2980b9;">StandardOutput</span> = <span style="color:#27aeae;font-weight:bold;">tty</span>
 <span style="color:#7a7c7d;">## invalid values</span>
 <span style="color:#2980b9;">StandardOutput</span> = invalid
diff --git a/autotests/html/systemd-unit.service.html b/autotests/html/systemd-unit.service.html
index 5e786690ecbd33de14c9f8b55368b9415d634cd7..6d2ea76e2fd6b4eaf8006865eac5161eca17e137 100644
--- a/autotests/html/systemd-unit.service.html
+++ b/autotests/html/systemd-unit.service.html
@@ -91,6 +91,12 @@
 <span style="color:#0057ae;">USBFunctionStrings</span> = /some/absolute/path
 <span style="color:#0057ae;">OOMPolicy</span> = <span style="color:#aa5500;">stop</span>
 
+<span style="color:#898887;">## from systemd.exec</span>
+<span style="color:#0057ae;">ExecPaths</span> = some/path some/other/path
+<span style="color:#0057ae;">ExtensionImages</span> = /source/path
+<span style="color:#0057ae;">IPCNamespacePath</span> = /some/absolute/path
+<span style="color:#0057ae;">NoExecPaths</span> = some/path some/other/path
+<span style="color:#0057ae;">PrivateIPC</span> = <span style="color:#aa5500;">false</span>
 <span style="color:#898887;">## from systemd.exec Paths</span>
 <span style="color:#0057ae;">WorkingDirectory</span> = <span style="color:#3daee9;">~</span>
 <span style="color:#0057ae;">RootDirectory</span> = /some/path
@@ -287,7 +293,7 @@
 <span style="color:#0057ae;">DisableControllers</span> = <span style="color:#aa5500;">cpu</span> <span style="color:#aa5500;">io</span>
 <span style="color:#0057ae;">ManagedOOMSwap</span> = <span style="color:#aa5500;">auto</span>
 <span style="color:#0057ae;">ManagedOOMMemoryPressure</span> = <span style="color:#aa5500;">kill</span>
-<span style="color:#0057ae;">ManagedOOMMemoryPressureLimitPercent</span> = <span style="color:#b08000;">50</span><span style="font-style:italic;">%</span>
+<span style="color:#0057ae;">ManagedOOMMemoryPressureLimit</span> = <span style="color:#b08000;">50</span><span style="font-style:italic;">%</span>
 
 
 <span style="font-weight:bold;">[Slice]</span>
@@ -987,6 +993,7 @@ WantedBy = some.service some.socket
 <span style="color:#0057ae;">ConditionCapability</span> = <span style="color:#aa5500;">CAP_AUDIT_READ</span>
 <span style="color:#0057ae;">ConditionCapability</span> = <span style="color:#aa5500;">CAP_AUDIT_WRITE</span>
 <span style="color:#0057ae;">ConditionCapability</span> = <span style="color:#aa5500;">CAP_BLOCK_SUSPEND</span>
+<span style="color:#0057ae;">ConditionCapability</span> = <span style="color:#aa5500;">CAP_CHECKPOINT_RESTORE</span>
 <span style="color:#0057ae;">ConditionCapability</span> = <span style="color:#aa5500;">CAP_CHOWN</span>
 <span style="color:#0057ae;">ConditionCapability</span> = <span style="color:#aa5500;">CAP_DAC_OVERRIDE</span>
 <span style="color:#0057ae;">ConditionCapability</span> = <span style="color:#aa5500;">CAP_DAC_READ_SEARCH</span>
@@ -1131,6 +1138,8 @@ WantedBy = some.service some.socket
 <span style="color:#0057ae;">AssertControlGroupController</span> = <span style="color:#aa5500;">devices</span>
 <span style="color:#0057ae;">AssertControlGroupController</span> = <span style="color:#aa5500;">io</span>
 <span style="color:#0057ae;">AssertControlGroupController</span> = <span style="color:#aa5500;">memory</span>
+<span style="color:#0057ae;">AssertControlGroupController</span> = <span style="color:#aa5500;">v1</span>
+<span style="color:#0057ae;">AssertControlGroupController</span> = <span style="color:#aa5500;">v2</span>
 <span style="color:#898887;">## invalid values</span>
 <span style="color:#0057ae;">AssertControlGroupController</span> = invalid
 <span style="color:#0057ae;">AssertControlGroupController</span> = bpf-firewall
@@ -1173,6 +1182,65 @@ WantedBy = some.service some.socket
 <span style="color:#0057ae;">CPUAffinity</span> = <span style="color:#b08000;">0</span> <span style="color:#b08000;">1</span> <span style="color:#b08000;">2</span> numa
 
 
+<span style="color:#898887;">###### cpu feature</span>
+<span style="font-weight:bold;">[Unit]</span>
+<span style="color:#0057ae;">ConditionCPUFeature</span> = <span style="color:#aa5500;">abm</span>
+<span style="color:#0057ae;">ConditionCPUFeature</span> = <span style="color:#aa5500;">adx</span>
+<span style="color:#0057ae;">ConditionCPUFeature</span> = <span style="color:#aa5500;">aes</span>
+<span style="color:#0057ae;">ConditionCPUFeature</span> = <span style="color:#aa5500;">apic</span>
+<span style="color:#0057ae;">ConditionCPUFeature</span> = <span style="color:#aa5500;">avx</span>
+<span style="color:#0057ae;">ConditionCPUFeature</span> = <span style="color:#aa5500;">avx2</span>
+<span style="color:#0057ae;">ConditionCPUFeature</span> = <span style="color:#aa5500;">bmi1</span>
+<span style="color:#0057ae;">ConditionCPUFeature</span> = <span style="color:#aa5500;">bmi2</span>
+<span style="color:#0057ae;">ConditionCPUFeature</span> = <span style="color:#aa5500;">clflush</span>
+<span style="color:#0057ae;">ConditionCPUFeature</span> = <span style="color:#aa5500;">cmov</span>
+<span style="color:#0057ae;">ConditionCPUFeature</span> = <span style="color:#aa5500;">constant_tsc</span>
+<span style="color:#0057ae;">ConditionCPUFeature</span> = <span style="color:#aa5500;">cx16</span>
+<span style="color:#0057ae;">ConditionCPUFeature</span> = <span style="color:#aa5500;">cx8</span>
+<span style="color:#0057ae;">ConditionCPUFeature</span> = <span style="color:#aa5500;">de</span>
+<span style="color:#0057ae;">ConditionCPUFeature</span> = <span style="color:#aa5500;">f16c</span>
+<span style="color:#0057ae;">ConditionCPUFeature</span> = <span style="color:#aa5500;">fma3</span>
+<span style="color:#0057ae;">ConditionCPUFeature</span> = <span style="color:#aa5500;">fpu</span>
+<span style="color:#0057ae;">ConditionCPUFeature</span> = <span style="color:#aa5500;">fxsr</span>
+<span style="color:#0057ae;">ConditionCPUFeature</span> = <span style="color:#aa5500;">ht</span>
+<span style="color:#0057ae;">ConditionCPUFeature</span> = <span style="color:#aa5500;">lahf_lm</span>
+<span style="color:#0057ae;">ConditionCPUFeature</span> = <span style="color:#aa5500;">lm</span>
+<span style="color:#0057ae;">ConditionCPUFeature</span> = <span style="color:#aa5500;">mca</span>
+<span style="color:#0057ae;">ConditionCPUFeature</span> = <span style="color:#aa5500;">mce</span>
+<span style="color:#0057ae;">ConditionCPUFeature</span> = <span style="color:#aa5500;">mmx</span>
+<span style="color:#0057ae;">ConditionCPUFeature</span> = <span style="color:#aa5500;">monitor</span>
+<span style="color:#0057ae;">ConditionCPUFeature</span> = <span style="color:#aa5500;">movbe</span>
+<span style="color:#0057ae;">ConditionCPUFeature</span> = <span style="color:#aa5500;">msr</span>
+<span style="color:#0057ae;">ConditionCPUFeature</span> = <span style="color:#aa5500;">mtrr</span>
+<span style="color:#0057ae;">ConditionCPUFeature</span> = <span style="color:#aa5500;">osxsave</span>
+<span style="color:#0057ae;">ConditionCPUFeature</span> = <span style="color:#aa5500;">pae</span>
+<span style="color:#0057ae;">ConditionCPUFeature</span> = <span style="color:#aa5500;">pat</span>
+<span style="color:#0057ae;">ConditionCPUFeature</span> = <span style="color:#aa5500;">pclmul</span>
+<span style="color:#0057ae;">ConditionCPUFeature</span> = <span style="color:#aa5500;">pge</span>
+<span style="color:#0057ae;">ConditionCPUFeature</span> = <span style="color:#aa5500;">pni</span>
+<span style="color:#0057ae;">ConditionCPUFeature</span> = <span style="color:#aa5500;">popcnt</span>
+<span style="color:#0057ae;">ConditionCPUFeature</span> = <span style="color:#aa5500;">pse</span>
+<span style="color:#0057ae;">ConditionCPUFeature</span> = <span style="color:#aa5500;">pse36</span>
+<span style="color:#0057ae;">ConditionCPUFeature</span> = <span style="color:#aa5500;">rdrand</span>
+<span style="color:#0057ae;">ConditionCPUFeature</span> = <span style="color:#aa5500;">rdseed</span>
+<span style="color:#0057ae;">ConditionCPUFeature</span> = <span style="color:#aa5500;">rdtscp</span>
+<span style="color:#0057ae;">ConditionCPUFeature</span> = <span style="color:#aa5500;">sep</span>
+<span style="color:#0057ae;">ConditionCPUFeature</span> = <span style="color:#aa5500;">sha_ni</span>
+<span style="color:#0057ae;">ConditionCPUFeature</span> = <span style="color:#aa5500;">sse</span>
+<span style="color:#0057ae;">ConditionCPUFeature</span> = <span style="color:#aa5500;">sse2</span>
+<span style="color:#0057ae;">ConditionCPUFeature</span> = <span style="color:#aa5500;">sse4_1</span>
+<span style="color:#0057ae;">ConditionCPUFeature</span> = <span style="color:#aa5500;">sse4_2</span>
+<span style="color:#0057ae;">ConditionCPUFeature</span> = <span style="color:#aa5500;">ssse3</span>
+<span style="color:#0057ae;">ConditionCPUFeature</span> = <span style="color:#aa5500;">syscall</span>
+<span style="color:#0057ae;">ConditionCPUFeature</span> = <span style="color:#aa5500;">tsc</span>
+<span style="color:#0057ae;">ConditionCPUFeature</span> = <span style="color:#aa5500;">vme</span>
+<span style="color:#0057ae;">ConditionCPUFeature</span> = <span style="color:#aa5500;">xsave</span>
+<span style="color:#898887;">## invalid values</span>
+<span style="color:#0057ae;">ConditionCPUFeature</span> = invalid
+<span style="color:#898887;"># multiple values</span>
+<span style="color:#0057ae;">ConditionCPUFeature</span> = <span style="color:#aa5500;">tsc</span> mmx
+
+
 <span style="color:#898887;">###### cpu index list</span>
 <span style="font-weight:bold;">[Service]</span>
 <span style="color:#0057ae;">NUMAMask</span> = <span style="color:#b08000;">0</span> <span style="color:#b08000;">1</span> <span style="color:#b08000;">2</span>
@@ -1289,7 +1357,7 @@ WantedBy = some.service some.socket
 <span style="color:#0057ae;">ExecStart</span> = cmd1 <span style="color:#3daee9;">%h</span> arg1_1 <span style="color:#0057ae;">$var1</span>, cmd2 <span style="color:#3daee9;">%u</span> arg2_1 <span style="color:#0057ae;">$var2_1</span><span style="font-weight:bold;">\</span>
   <span style="color:#0057ae;">$var2_2</span>
 <span style="color:#898887;"># escapes (not exactly the same as detected by HlCStringChar)</span>
-<span style="color:#0057ae;">ExecStart</span> = cmd <span style="color:#3daee9;">\,</span> <span style="color:#3daee9;">\'</span> <span style="color:#3daee9;">\&quot;</span> <span style="color:#3daee9;">\\</span> <span style="color:#3daee9;">\a</span> <span style="color:#3daee9;">\b</span> <span style="color:#3daee9;">\f</span> <span style="color:#3daee9;">\n</span> <span style="color:#3daee9;">\r</span> <span style="color:#3daee9;">\s</span> <span style="color:#3daee9;">\t</span> <span style="color:#3daee9;">\v</span> <span style="color:#3daee9;">\x0A</span> <span style="color:#3daee9;">\012</span>
+<span style="color:#0057ae;">ExecStart</span> = cmd <span style="color:#3daee9;">\,</span> <span style="color:#3daee9;">\'</span> <span style="color:#3daee9;">\&quot;</span> <span style="color:#3daee9;">\\</span> <span style="color:#3daee9;">\a</span> <span style="color:#3daee9;">\b</span> <span style="color:#3daee9;">\f</span> <span style="color:#3daee9;">\n</span> <span style="color:#3daee9;">\r</span> <span style="color:#3daee9;">\s</span> <span style="color:#3daee9;">\t</span> <span style="color:#3daee9;">\v</span> <span style="color:#3daee9;">\x0A</span> <span style="color:#3daee9;">\012</span> <span style="color:#3daee9;">\u1234</span> <span style="color:#3daee9;">\U12abcdef</span>
 <span style="color:#898887;"># prefix</span>
 <span style="color:#0057ae;">ExecStart</span> = <span style="color:#ff5500;">@</span>/some/cmd arg &quot;@!+-:&quot;
 <span style="color:#0057ae;">ExecStart</span> = <span style="color:#ff5500;">-</span>/some/cmd-1 -option arg
@@ -1326,6 +1394,7 @@ WantedBy = some.service some.socket
 <span style="color:#0057ae;">SuccessExitStatus</span> = <span style="color:#aa5500;">CONFIGURATION_DIRECTORY</span>
 <span style="color:#0057ae;">SuccessExitStatus</span> = <span style="color:#aa5500;">CONFIRM</span>
 <span style="color:#0057ae;">SuccessExitStatus</span> = <span style="color:#aa5500;">CPUAFFINITY</span>
+<span style="color:#0057ae;">SuccessExitStatus</span> = <span style="color:#aa5500;">CREDENTIALS</span>
 <span style="color:#0057ae;">SuccessExitStatus</span> = <span style="color:#aa5500;">DATAERR</span>
 <span style="color:#0057ae;">SuccessExitStatus</span> = <span style="color:#aa5500;">EXCEPTION</span>
 <span style="color:#0057ae;">SuccessExitStatus</span> = <span style="color:#aa5500;">EXEC</span>
@@ -1828,6 +1897,17 @@ WantedBy = some.service some.socket
 <span style="color:#0057ae;">ManagedOOMSwap</span> = <span style="color:#aa5500;">auto</span> kill
 
 
+<span style="color:#898887;">###### oom preference (out-of-memory killer preference)</span>
+<span style="font-weight:bold;">[Service]</span>
+<span style="color:#0057ae;">ManagedOOMPreference</span> = <span style="color:#aa5500;">avoid</span>
+<span style="color:#0057ae;">ManagedOOMPreference</span> = <span style="color:#aa5500;">none</span>
+<span style="color:#0057ae;">ManagedOOMPreference</span> = <span style="color:#aa5500;">omit</span>
+<span style="color:#898887;">## invalid values</span>
+<span style="color:#0057ae;">ManagedOOMPreference</span> = invalid
+<span style="color:#898887;"># multiple values</span>
+<span style="color:#0057ae;">ManagedOOMPreference</span> = <span style="color:#aa5500;">avoid</span> none
+
+
 <span style="color:#898887;">###### oom policy (out-of-memory killer policy)</span>
 <span style="font-weight:bold;">[Service]</span>
 <span style="color:#0057ae;">OOMPolicy</span> = <span style="color:#aa5500;">continue</span>
@@ -1972,6 +2052,7 @@ WantedBy = some.service some.socket
 <span style="color:#0057ae;">ConditionSecurity</span> = <span style="color:#aa5500;">selinux</span>
 <span style="color:#0057ae;">ConditionSecurity</span> = <span style="color:#aa5500;">smack</span>
 <span style="color:#0057ae;">ConditionSecurity</span> = <span style="color:#aa5500;">tomoyo</span>
+<span style="color:#0057ae;">ConditionSecurity</span> = <span style="color:#aa5500;">tpm2</span>
 <span style="color:#0057ae;">ConditionSecurity</span> = <span style="color:#aa5500;">uefi-secureboot</span>
 <span style="color:#898887;">## invalid values</span>
 <span style="color:#0057ae;">ConditionSecurity</span> = invalid
@@ -2091,6 +2172,7 @@ WantedBy = some.service some.socket
 <span style="color:#0057ae;">StandardOutput</span> = <span style="color:#aa5500;">kmsg+console</span>
 <span style="color:#0057ae;">StandardOutput</span> = <span style="color:#aa5500;">null</span>
 <span style="color:#0057ae;">StandardOutput</span> = <span style="color:#aa5500;">socket</span>
+<span style="color:#0057ae;">StandardOutput</span> = <span style="color:#aa5500;">truncate:</span>/some/absolute/path
 <span style="color:#0057ae;">StandardOutput</span> = <span style="color:#aa5500;">tty</span>
 <span style="color:#898887;">## invalid values</span>
 <span style="color:#0057ae;">StandardOutput</span> = invalid
diff --git a/autotests/input/systemd-unit.service b/autotests/input/systemd-unit.service
index 3b96e408d6d95311ed0e7614e9ce60f7481a9ea0..a8c01f54a11fcef8adbd369bcb966dd78e2d3607 100644
--- a/autotests/input/systemd-unit.service
+++ b/autotests/input/systemd-unit.service
@@ -85,6 +85,12 @@ USBFunctionDescriptors = /some/absolute/path
 USBFunctionStrings = /some/absolute/path
 OOMPolicy = stop
 
+## from systemd.exec
+ExecPaths = some/path some/other/path
+ExtensionImages = /source/path
+IPCNamespacePath = /some/absolute/path
+NoExecPaths = some/path some/other/path
+PrivateIPC = false
 ## from systemd.exec Paths
 WorkingDirectory = ~
 RootDirectory = /some/path
@@ -281,7 +287,7 @@ Delegate = bpf-firewall
 DisableControllers = cpu io
 ManagedOOMSwap = auto
 ManagedOOMMemoryPressure = kill
-ManagedOOMMemoryPressureLimitPercent = 50%
+ManagedOOMMemoryPressureLimit = 50%
 
 
 [Slice]
@@ -981,6 +987,7 @@ ConditionCapability = CAP_AUDIT_CONTROL
 ConditionCapability = CAP_AUDIT_READ
 ConditionCapability = CAP_AUDIT_WRITE
 ConditionCapability = CAP_BLOCK_SUSPEND
+ConditionCapability = CAP_CHECKPOINT_RESTORE
 ConditionCapability = CAP_CHOWN
 ConditionCapability = CAP_DAC_OVERRIDE
 ConditionCapability = CAP_DAC_READ_SEARCH
@@ -1125,6 +1132,8 @@ AssertControlGroupController = cpuacct
 AssertControlGroupController = devices
 AssertControlGroupController = io
 AssertControlGroupController = memory
+AssertControlGroupController = v1
+AssertControlGroupController = v2
 ## invalid values
 AssertControlGroupController = invalid
 AssertControlGroupController = bpf-firewall
@@ -1167,6 +1176,65 @@ CPUAffinity = numa 0 1 2
 CPUAffinity = 0 1 2 numa
 
 
+###### cpu feature
+[Unit]
+ConditionCPUFeature = abm
+ConditionCPUFeature = adx
+ConditionCPUFeature = aes
+ConditionCPUFeature = apic
+ConditionCPUFeature = avx
+ConditionCPUFeature = avx2
+ConditionCPUFeature = bmi1
+ConditionCPUFeature = bmi2
+ConditionCPUFeature = clflush
+ConditionCPUFeature = cmov
+ConditionCPUFeature = constant_tsc
+ConditionCPUFeature = cx16
+ConditionCPUFeature = cx8
+ConditionCPUFeature = de
+ConditionCPUFeature = f16c
+ConditionCPUFeature = fma3
+ConditionCPUFeature = fpu
+ConditionCPUFeature = fxsr
+ConditionCPUFeature = ht
+ConditionCPUFeature = lahf_lm
+ConditionCPUFeature = lm
+ConditionCPUFeature = mca
+ConditionCPUFeature = mce
+ConditionCPUFeature = mmx
+ConditionCPUFeature = monitor
+ConditionCPUFeature = movbe
+ConditionCPUFeature = msr
+ConditionCPUFeature = mtrr
+ConditionCPUFeature = osxsave
+ConditionCPUFeature = pae
+ConditionCPUFeature = pat
+ConditionCPUFeature = pclmul
+ConditionCPUFeature = pge
+ConditionCPUFeature = pni
+ConditionCPUFeature = popcnt
+ConditionCPUFeature = pse
+ConditionCPUFeature = pse36
+ConditionCPUFeature = rdrand
+ConditionCPUFeature = rdseed
+ConditionCPUFeature = rdtscp
+ConditionCPUFeature = sep
+ConditionCPUFeature = sha_ni
+ConditionCPUFeature = sse
+ConditionCPUFeature = sse2
+ConditionCPUFeature = sse4_1
+ConditionCPUFeature = sse4_2
+ConditionCPUFeature = ssse3
+ConditionCPUFeature = syscall
+ConditionCPUFeature = tsc
+ConditionCPUFeature = vme
+ConditionCPUFeature = xsave
+## invalid values
+ConditionCPUFeature = invalid
+# multiple values
+ConditionCPUFeature = tsc mmx
+
+
 ###### cpu index list
 [Service]
 NUMAMask = 0 1 2
@@ -1283,7 +1351,7 @@ ExecStart = /some/cmd %u arg $var1 inside${var2}word ${var3} $var4
 ExecStart = cmd1 %h arg1_1 $var1, cmd2 %u arg2_1 $var2_1\
   $var2_2
 # escapes (not exactly the same as detected by HlCStringChar)
-ExecStart = cmd \, \' \" \\ \a \b \f \n \r \s \t \v \x0A \012
+ExecStart = cmd \, \' \" \\ \a \b \f \n \r \s \t \v \x0A \012 \u1234 \U12abcdef
 # prefix
 ExecStart = @/some/cmd arg "@!+-:"
 ExecStart = -/some/cmd-1 -option arg
@@ -1320,6 +1388,7 @@ SuccessExitStatus = CONFIG
 SuccessExitStatus = CONFIGURATION_DIRECTORY
 SuccessExitStatus = CONFIRM
 SuccessExitStatus = CPUAFFINITY
+SuccessExitStatus = CREDENTIALS
 SuccessExitStatus = DATAERR
 SuccessExitStatus = EXCEPTION
 SuccessExitStatus = EXEC
@@ -1822,6 +1891,17 @@ ManagedOOMSwap = invalid
 ManagedOOMSwap = auto kill
 
 
+###### oom preference (out-of-memory killer preference)
+[Service]
+ManagedOOMPreference = avoid
+ManagedOOMPreference = none
+ManagedOOMPreference = omit
+## invalid values
+ManagedOOMPreference = invalid
+# multiple values
+ManagedOOMPreference = avoid none
+
+
 ###### oom policy (out-of-memory killer policy)
 [Service]
 OOMPolicy = continue
@@ -1966,6 +2046,7 @@ ConditionSecurity = ima
 ConditionSecurity = selinux
 ConditionSecurity = smack
 ConditionSecurity = tomoyo
+ConditionSecurity = tpm2
 ConditionSecurity = uefi-secureboot
 ## invalid values
 ConditionSecurity = invalid
@@ -2085,6 +2166,7 @@ StandardOutput = kmsg
 StandardOutput = kmsg+console
 StandardOutput = null
 StandardOutput = socket
+StandardOutput = truncate:/some/absolute/path
 StandardOutput = tty
 ## invalid values
 StandardOutput = invalid
diff --git a/autotests/reference/systemd-unit.service.ref b/autotests/reference/systemd-unit.service.ref
index 178c68aace2e752122e30e6253c85f1448a90f4c..5d22a8be37dc18cbe48f92164baa9b59bcd161ac 100644
--- a/autotests/reference/systemd-unit.service.ref
+++ b/autotests/reference/systemd-unit.service.ref
@@ -85,6 +85,12 @@
 <Option Name>USBFunctionStrings</Option Name><Normal> = /some/absolute/path</Normal><br/>
 <Option Name>OOMPolicy</Option Name><Normal> = </Normal><Constant>stop</Constant><br/>
 <Normal></Normal><br/>
+<Comment>## from systemd.exec</Comment><br/>
+<Option Name>ExecPaths</Option Name><Normal> = some/path some/other/path</Normal><br/>
+<Option Name>ExtensionImages</Option Name><Normal> = /source/path</Normal><br/>
+<Option Name>IPCNamespacePath</Option Name><Normal> = /some/absolute/path</Normal><br/>
+<Option Name>NoExecPaths</Option Name><Normal> = some/path some/other/path</Normal><br/>
+<Option Name>PrivateIPC</Option Name><Normal> = </Normal><Constant>false</Constant><br/>
 <Comment>## from systemd.exec Paths</Comment><br/>
 <Option Name>WorkingDirectory</Option Name><Normal> = </Normal><Specifier>~</Specifier><br/>
 <Option Name>RootDirectory</Option Name><Normal> = /some/path</Normal><br/>
@@ -281,7 +287,7 @@
 <Option Name>DisableControllers</Option Name><Normal> = </Normal><Constant>cpu</Constant><Normal> </Normal><Constant>io</Constant><br/>
 <Option Name>ManagedOOMSwap</Option Name><Normal> = </Normal><Constant>auto</Constant><br/>
 <Option Name>ManagedOOMMemoryPressure</Option Name><Normal> = </Normal><Constant>kill</Constant><br/>
-<Option Name>ManagedOOMMemoryPressureLimitPercent</Option Name><Normal> = </Normal><Number>50</Number><Measurement Unit>%</Measurement Unit><br/>
+<Option Name>ManagedOOMMemoryPressureLimit</Option Name><Normal> = </Normal><Number>50</Number><Measurement Unit>%</Measurement Unit><br/>
 <Normal></Normal><br/>
 <Normal></Normal><br/>
 <Section Header>[Slice]</Section Header><br/>
@@ -981,6 +987,7 @@
 <Option Name>ConditionCapability</Option Name><Normal> = </Normal><Constant>CAP_AUDIT_READ</Constant><br/>
 <Option Name>ConditionCapability</Option Name><Normal> = </Normal><Constant>CAP_AUDIT_WRITE</Constant><br/>
 <Option Name>ConditionCapability</Option Name><Normal> = </Normal><Constant>CAP_BLOCK_SUSPEND</Constant><br/>
+<Option Name>ConditionCapability</Option Name><Normal> = </Normal><Constant>CAP_CHECKPOINT_RESTORE</Constant><br/>
 <Option Name>ConditionCapability</Option Name><Normal> = </Normal><Constant>CAP_CHOWN</Constant><br/>
 <Option Name>ConditionCapability</Option Name><Normal> = </Normal><Constant>CAP_DAC_OVERRIDE</Constant><br/>
 <Option Name>ConditionCapability</Option Name><Normal> = </Normal><Constant>CAP_DAC_READ_SEARCH</Constant><br/>
@@ -1125,6 +1132,8 @@
 <Option Name>AssertControlGroupController</Option Name><Normal> = </Normal><Constant>devices</Constant><br/>
 <Option Name>AssertControlGroupController</Option Name><Normal> = </Normal><Constant>io</Constant><br/>
 <Option Name>AssertControlGroupController</Option Name><Normal> = </Normal><Constant>memory</Constant><br/>
+<Option Name>AssertControlGroupController</Option Name><Normal> = </Normal><Constant>v1</Constant><br/>
+<Option Name>AssertControlGroupController</Option Name><Normal> = </Normal><Constant>v2</Constant><br/>
 <Comment>## invalid values</Comment><br/>
 <Option Name>AssertControlGroupController</Option Name><Normal> = invalid</Normal><br/>
 <Option Name>AssertControlGroupController</Option Name><Normal> = bpf-firewall</Normal><br/>
@@ -1167,6 +1176,65 @@
 <Option Name>CPUAffinity</Option Name><Normal> = </Normal><Number>0</Number><Normal> </Normal><Number>1</Number><Normal> </Normal><Number>2</Number><Normal> numa</Normal><br/>
 <Normal></Normal><br/>
 <Normal></Normal><br/>
+<Comment>###### cpu feature</Comment><br/>
+<Section Header>[Unit]</Section Header><br/>
+<Option Name>ConditionCPUFeature</Option Name><Normal> = </Normal><Constant>abm</Constant><br/>
+<Option Name>ConditionCPUFeature</Option Name><Normal> = </Normal><Constant>adx</Constant><br/>
+<Option Name>ConditionCPUFeature</Option Name><Normal> = </Normal><Constant>aes</Constant><br/>
+<Option Name>ConditionCPUFeature</Option Name><Normal> = </Normal><Constant>apic</Constant><br/>
+<Option Name>ConditionCPUFeature</Option Name><Normal> = </Normal><Constant>avx</Constant><br/>
+<Option Name>ConditionCPUFeature</Option Name><Normal> = </Normal><Constant>avx2</Constant><br/>
+<Option Name>ConditionCPUFeature</Option Name><Normal> = </Normal><Constant>bmi1</Constant><br/>
+<Option Name>ConditionCPUFeature</Option Name><Normal> = </Normal><Constant>bmi2</Constant><br/>
+<Option Name>ConditionCPUFeature</Option Name><Normal> = </Normal><Constant>clflush</Constant><br/>
+<Option Name>ConditionCPUFeature</Option Name><Normal> = </Normal><Constant>cmov</Constant><br/>
+<Option Name>ConditionCPUFeature</Option Name><Normal> = </Normal><Constant>constant_tsc</Constant><br/>
+<Option Name>ConditionCPUFeature</Option Name><Normal> = </Normal><Constant>cx16</Constant><br/>
+<Option Name>ConditionCPUFeature</Option Name><Normal> = </Normal><Constant>cx8</Constant><br/>
+<Option Name>ConditionCPUFeature</Option Name><Normal> = </Normal><Constant>de</Constant><br/>
+<Option Name>ConditionCPUFeature</Option Name><Normal> = </Normal><Constant>f16c</Constant><br/>
+<Option Name>ConditionCPUFeature</Option Name><Normal> = </Normal><Constant>fma3</Constant><br/>
+<Option Name>ConditionCPUFeature</Option Name><Normal> = </Normal><Constant>fpu</Constant><br/>
+<Option Name>ConditionCPUFeature</Option Name><Normal> = </Normal><Constant>fxsr</Constant><br/>
+<Option Name>ConditionCPUFeature</Option Name><Normal> = </Normal><Constant>ht</Constant><br/>
+<Option Name>ConditionCPUFeature</Option Name><Normal> = </Normal><Constant>lahf_lm</Constant><br/>
+<Option Name>ConditionCPUFeature</Option Name><Normal> = </Normal><Constant>lm</Constant><br/>
+<Option Name>ConditionCPUFeature</Option Name><Normal> = </Normal><Constant>mca</Constant><br/>
+<Option Name>ConditionCPUFeature</Option Name><Normal> = </Normal><Constant>mce</Constant><br/>
+<Option Name>ConditionCPUFeature</Option Name><Normal> = </Normal><Constant>mmx</Constant><br/>
+<Option Name>ConditionCPUFeature</Option Name><Normal> = </Normal><Constant>monitor</Constant><br/>
+<Option Name>ConditionCPUFeature</Option Name><Normal> = </Normal><Constant>movbe</Constant><br/>
+<Option Name>ConditionCPUFeature</Option Name><Normal> = </Normal><Constant>msr</Constant><br/>
+<Option Name>ConditionCPUFeature</Option Name><Normal> = </Normal><Constant>mtrr</Constant><br/>
+<Option Name>ConditionCPUFeature</Option Name><Normal> = </Normal><Constant>osxsave</Constant><br/>
+<Option Name>ConditionCPUFeature</Option Name><Normal> = </Normal><Constant>pae</Constant><br/>
+<Option Name>ConditionCPUFeature</Option Name><Normal> = </Normal><Constant>pat</Constant><br/>
+<Option Name>ConditionCPUFeature</Option Name><Normal> = </Normal><Constant>pclmul</Constant><br/>
+<Option Name>ConditionCPUFeature</Option Name><Normal> = </Normal><Constant>pge</Constant><br/>
+<Option Name>ConditionCPUFeature</Option Name><Normal> = </Normal><Constant>pni</Constant><br/>
+<Option Name>ConditionCPUFeature</Option Name><Normal> = </Normal><Constant>popcnt</Constant><br/>
+<Option Name>ConditionCPUFeature</Option Name><Normal> = </Normal><Constant>pse</Constant><br/>
+<Option Name>ConditionCPUFeature</Option Name><Normal> = </Normal><Constant>pse36</Constant><br/>
+<Option Name>ConditionCPUFeature</Option Name><Normal> = </Normal><Constant>rdrand</Constant><br/>
+<Option Name>ConditionCPUFeature</Option Name><Normal> = </Normal><Constant>rdseed</Constant><br/>
+<Option Name>ConditionCPUFeature</Option Name><Normal> = </Normal><Constant>rdtscp</Constant><br/>
+<Option Name>ConditionCPUFeature</Option Name><Normal> = </Normal><Constant>sep</Constant><br/>
+<Option Name>ConditionCPUFeature</Option Name><Normal> = </Normal><Constant>sha_ni</Constant><br/>
+<Option Name>ConditionCPUFeature</Option Name><Normal> = </Normal><Constant>sse</Constant><br/>
+<Option Name>ConditionCPUFeature</Option Name><Normal> = </Normal><Constant>sse2</Constant><br/>
+<Option Name>ConditionCPUFeature</Option Name><Normal> = </Normal><Constant>sse4_1</Constant><br/>
+<Option Name>ConditionCPUFeature</Option Name><Normal> = </Normal><Constant>sse4_2</Constant><br/>
+<Option Name>ConditionCPUFeature</Option Name><Normal> = </Normal><Constant>ssse3</Constant><br/>
+<Option Name>ConditionCPUFeature</Option Name><Normal> = </Normal><Constant>syscall</Constant><br/>
+<Option Name>ConditionCPUFeature</Option Name><Normal> = </Normal><Constant>tsc</Constant><br/>
+<Option Name>ConditionCPUFeature</Option Name><Normal> = </Normal><Constant>vme</Constant><br/>
+<Option Name>ConditionCPUFeature</Option Name><Normal> = </Normal><Constant>xsave</Constant><br/>
+<Comment>## invalid values</Comment><br/>
+<Option Name>ConditionCPUFeature</Option Name><Normal> = invalid</Normal><br/>
+<Comment># multiple values</Comment><br/>
+<Option Name>ConditionCPUFeature</Option Name><Normal> = </Normal><Constant>tsc</Constant><Normal> mmx</Normal><br/>
+<Normal></Normal><br/>
+<Normal></Normal><br/>
 <Comment>###### cpu index list</Comment><br/>
 <Section Header>[Service]</Section Header><br/>
 <Option Name>NUMAMask</Option Name><Normal> = </Normal><Number>0</Number><Normal> </Normal><Number>1</Number><Normal> </Normal><Number>2</Number><br/>
@@ -1283,7 +1351,7 @@
 <Option Name>ExecStart</Option Name><Normal> = cmd1 </Normal><Specifier>%h</Specifier><Normal> arg1_1 </Normal><Environment Variable>$var1</Environment Variable><Normal>, cmd2 </Normal><Specifier>%u</Specifier><Normal> arg2_1 </Normal><Environment Variable>$var2_1</Environment Variable><Continuation>\</Continuation><br/>
 <Normal>  </Normal><Environment Variable>$var2_2</Environment Variable><br/>
 <Comment># escapes (not exactly the same as detected by HlCStringChar)</Comment><br/>
-<Option Name>ExecStart</Option Name><Normal> = cmd </Normal><Escape>\,</Escape><Normal> </Normal><Escape>\'</Escape><Normal> </Normal><Escape>\"</Escape><Normal> </Normal><Escape>\\</Escape><Normal> </Normal><Escape>\a</Escape><Normal> </Normal><Escape>\b</Escape><Normal> </Normal><Escape>\f</Escape><Normal> </Normal><Escape>\n</Escape><Normal> </Normal><Escape>\r</Escape><Normal> </Normal><Escape>\s</Escape><Normal> </Normal><Escape>\t</Escape><Normal> </Normal><Escape>\v</Escape><Normal> </Normal><Escape>\x0A</Escape><Normal> </Normal><Escape>\012</Escape><br/>
+<Option Name>ExecStart</Option Name><Normal> = cmd </Normal><Escape>\,</Escape><Normal> </Normal><Escape>\'</Escape><Normal> </Normal><Escape>\"</Escape><Normal> </Normal><Escape>\\</Escape><Normal> </Normal><Escape>\a</Escape><Normal> </Normal><Escape>\b</Escape><Normal> </Normal><Escape>\f</Escape><Normal> </Normal><Escape>\n</Escape><Normal> </Normal><Escape>\r</Escape><Normal> </Normal><Escape>\s</Escape><Normal> </Normal><Escape>\t</Escape><Normal> </Normal><Escape>\v</Escape><Normal> </Normal><Escape>\x0A</Escape><Normal> </Normal><Escape>\012</Escape><Normal> </Normal><Escape>\u1234</Escape><Normal> </Normal><Escape>\U12abcdef</Escape><br/>
 <Comment># prefix</Comment><br/>
 <Option Name>ExecStart</Option Name><Normal> = </Normal><Prefix>@</Prefix><Normal>/some/cmd arg "@!+-:"</Normal><br/>
 <Option Name>ExecStart</Option Name><Normal> = </Normal><Prefix>-</Prefix><Normal>/some/cmd-1 -option arg</Normal><br/>
@@ -1320,6 +1388,7 @@
 <Option Name>SuccessExitStatus</Option Name><Normal> = </Normal><Constant>CONFIGURATION_DIRECTORY</Constant><br/>
 <Option Name>SuccessExitStatus</Option Name><Normal> = </Normal><Constant>CONFIRM</Constant><br/>
 <Option Name>SuccessExitStatus</Option Name><Normal> = </Normal><Constant>CPUAFFINITY</Constant><br/>
+<Option Name>SuccessExitStatus</Option Name><Normal> = </Normal><Constant>CREDENTIALS</Constant><br/>
 <Option Name>SuccessExitStatus</Option Name><Normal> = </Normal><Constant>DATAERR</Constant><br/>
 <Option Name>SuccessExitStatus</Option Name><Normal> = </Normal><Constant>EXCEPTION</Constant><br/>
 <Option Name>SuccessExitStatus</Option Name><Normal> = </Normal><Constant>EXEC</Constant><br/>
@@ -1822,6 +1891,17 @@
 <Option Name>ManagedOOMSwap</Option Name><Normal> = </Normal><Constant>auto</Constant><Normal> kill</Normal><br/>
 <Normal></Normal><br/>
 <Normal></Normal><br/>
+<Comment>###### oom preference (out-of-memory killer preference)</Comment><br/>
+<Section Header>[Service]</Section Header><br/>
+<Option Name>ManagedOOMPreference</Option Name><Normal> = </Normal><Constant>avoid</Constant><br/>
+<Option Name>ManagedOOMPreference</Option Name><Normal> = </Normal><Constant>none</Constant><br/>
+<Option Name>ManagedOOMPreference</Option Name><Normal> = </Normal><Constant>omit</Constant><br/>
+<Comment>## invalid values</Comment><br/>
+<Option Name>ManagedOOMPreference</Option Name><Normal> = invalid</Normal><br/>
+<Comment># multiple values</Comment><br/>
+<Option Name>ManagedOOMPreference</Option Name><Normal> = </Normal><Constant>avoid</Constant><Normal> none</Normal><br/>
+<Normal></Normal><br/>
+<Normal></Normal><br/>
 <Comment>###### oom policy (out-of-memory killer policy)</Comment><br/>
 <Section Header>[Service]</Section Header><br/>
 <Option Name>OOMPolicy</Option Name><Normal> = </Normal><Constant>continue</Constant><br/>
@@ -1966,6 +2046,7 @@
 <Option Name>ConditionSecurity</Option Name><Normal> = </Normal><Constant>selinux</Constant><br/>
 <Option Name>ConditionSecurity</Option Name><Normal> = </Normal><Constant>smack</Constant><br/>
 <Option Name>ConditionSecurity</Option Name><Normal> = </Normal><Constant>tomoyo</Constant><br/>
+<Option Name>ConditionSecurity</Option Name><Normal> = </Normal><Constant>tpm2</Constant><br/>
 <Option Name>ConditionSecurity</Option Name><Normal> = </Normal><Constant>uefi-secureboot</Constant><br/>
 <Comment>## invalid values</Comment><br/>
 <Option Name>ConditionSecurity</Option Name><Normal> = invalid</Normal><br/>
@@ -2085,6 +2166,7 @@
 <Option Name>StandardOutput</Option Name><Normal> = </Normal><Constant>kmsg+console</Constant><br/>
 <Option Name>StandardOutput</Option Name><Normal> = </Normal><Constant>null</Constant><br/>
 <Option Name>StandardOutput</Option Name><Normal> = </Normal><Constant>socket</Constant><br/>
+<Option Name>StandardOutput</Option Name><Normal> = </Normal><Constant>truncate:</Constant><Normal>/some/absolute/path</Normal><br/>
 <Option Name>StandardOutput</Option Name><Normal> = </Normal><Constant>tty</Constant><br/>
 <Comment>## invalid values</Comment><br/>
 <Option Name>StandardOutput</Option Name><Normal> = invalid</Normal><br/>
diff --git a/data/syntax/systemd-unit.xml b/data/syntax/systemd-unit.xml
index 1bf5173c079729f4341fe88ead6803397dcdd800..ed9dd20a0a9166866dbbd7484788481b5f22f89a 100644
--- a/data/syntax/systemd-unit.xml
+++ b/data/syntax/systemd-unit.xml
@@ -1,9 +1,10 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<!-- Created for systemd version 247. -->
+<!-- Created for systemd version 248. -->
 <!DOCTYPE language SYSTEM "language.dtd" [
 <!ENTITY alp "A-Za-z">
 <!ENTITY aln "&alp;0-9">
 <!ENTITY end "(?:\s+|$)">
+<!ENTITY hex "0-9A-Fa-f">
 <!ENTITY specifier "&#x0025;[&#x0025;BCEGHIJLNPSTUVWabfghijlmnopstuvw]">
 <!ENTITY name "(?:[-\w]|&specifier;)+@?(?:[-.\w]|\\x[0-9a-f]{2}|&specifier;)*">
 <!ENTITY extension "automount|device|mount|path|service|slice|socket|swap|target|timer">
@@ -20,7 +21,7 @@
 <!ENTITY tsp_unit "&tsp_year;|&tsp_month;|&tsp_week;|&tsp_day;|&tsp_hour;|&tsp_sec;|&tsp_msec;|&tsp_usec;|&tsp_min;">
 <!ENTITY tsp "\d+(?:\.\d+)?\h*(?=(&tsp_unit;)?)">
 ]>
-<language author="Andreas Gratzer" extensions="*.automount;*.device;*.mount;*.path;*.service;*.slice;*.socket;*.swap;*.target;*.timer" kateversion="5.0" license="MIT" mimetype="text/x-systemd-unit" name="systemd unit" section="Configuration" version="5">
+<language author="Andreas Gratzer" extensions="*.automount;*.device;*.mount;*.path;*.service;*.slice;*.socket;*.swap;*.target;*.timer" kateversion="5.0" license="MIT" mimetype="text/x-systemd-unit" name="systemd unit" section="Configuration" version="6">
   <highlighting>
     <list name="boolean">
       <!-- 0, 1, t, f, y, n are also valid, but handled using AnyChar. -->
@@ -171,6 +172,7 @@
       <item>CAP_DAC_READ_SEARCH</item>
       <item>CAP_DAC_OVERRIDE</item>
       <item>CAP_CHOWN</item>
+      <item>CAP_CHECKPOINT_RESTORE</item>
       <item>CAP_BPF</item>
       <item>CAP_BLOCK_SUSPEND</item>
       <item>CAP_AUDIT_WRITE</item>
@@ -195,6 +197,8 @@
       <item>blkio</item>
     </list>
     <list name="controller cg">
+      <item>v2</item>
+      <item>v1</item>
       <item>pids</item>
       <item>memory</item>
       <item>io</item>
@@ -203,6 +207,59 @@
       <item>cpu</item>
       <item>blkio</item>
     </list>
+    <list name="cpu feature">
+      <item>xsave</item>
+      <item>vme</item>
+      <item>tsc</item>
+      <item>syscall</item>
+      <item>ssse3</item>
+      <item>sse4_2</item>
+      <item>sse4_1</item>
+      <item>sse2</item>
+      <item>sse</item>
+      <item>sha_ni</item>
+      <item>sep</item>
+      <item>rdtscp</item>
+      <item>rdseed</item>
+      <item>rdrand</item>
+      <item>pse36</item>
+      <item>pse</item>
+      <item>popcnt</item>
+      <item>pni</item>
+      <item>pge</item>
+      <item>pclmul</item>
+      <item>pat</item>
+      <item>pae</item>
+      <item>osxsave</item>
+      <item>mtrr</item>
+      <item>msr</item>
+      <item>movbe</item>
+      <item>monitor</item>
+      <item>mmx</item>
+      <item>mce</item>
+      <item>mca</item>
+      <item>lm</item>
+      <item>lahf_lm</item>
+      <item>ht</item>
+      <item>fxsr</item>
+      <item>fpu</item>
+      <item>fma3</item>
+      <item>f16c</item>
+      <item>de</item>
+      <item>cx8</item>
+      <item>cx16</item>
+      <item>constant_tsc</item>
+      <item>cmov</item>
+      <item>clflush</item>
+      <item>bmi2</item>
+      <item>bmi1</item>
+      <item>avx2</item>
+      <item>avx</item>
+      <item>apic</item>
+      <item>aes</item>
+      <item>adx</item>
+      <item>abm</item>
+    </list>
     <list name="cpu scheduling policy">
       <item>rr</item>
       <item>other</item>
@@ -398,6 +455,7 @@
       <item>EXEC</item>
       <item>EXCEPTION</item>
       <item>DATAERR</item>
+      <item>CREDENTIALS</item>
       <item>CPUAFFINITY</item>
       <item>CONFIRM</item>
       <item>CONFIGURATION_DIRECTORY</item>
@@ -575,6 +633,11 @@
       <item>kill</item>
       <item>continue</item>
     </list>
+    <list name="oom preference">
+      <item>omit</item>
+      <item>none</item>
+      <item>avoid</item>
+    </list>
     <list name="personality">
       <item>x86-64</item>
       <item>x86</item>
@@ -619,6 +682,7 @@
     </list>
     <list name="security">
       <item>uefi-secureboot</item>
+      <item>tpm2</item>
       <item>tomoyo</item>
       <item>smack</item>
       <item>selinux</item>
@@ -785,6 +849,8 @@
       <!-- Only options of type "text". Others are handled separately. -->
       <item>CacheDirectory</item>
       <item>ConfigurationDirectory</item>
+      <item>ExtensionImages</item>
+      <item>IPCNamespacePath</item>
       <item>InaccessiblePaths</item>
       <item>LoadCredential</item>
       <item>LogNamespace</item>
@@ -872,7 +938,6 @@
     </list>
     <list name="options unit">
       <!-- Only options of type "text". Others are handled separately. -->
-      <item>AssertEnvironment</item>
       <item>Description</item>
       <item>Documentation</item>
       <item>JobTimeoutRebootArgument</item>
@@ -1073,6 +1138,9 @@
         <WordDetect String="numa" attribute="Constant" context="#pop"/>
         <Int lookAhead="true" context="#pop!cpu index list"/>
       </context>
+      <context name="cpu feature" attribute="Normal" lineEndContext="#pop">
+        <keyword String="cpu feature" attribute="Constant" context="#pop"/>
+      </context>
       <context name="cpu index list" attribute="Normal" lineEndContext="#pop">
         <RegExpr String="\b\d+(?:\s*-\s*\d+)?\b" attribute="Number"/>
         <IncludeRules context="list"/>
@@ -1104,9 +1172,8 @@
       <context name="exec command" attribute="Normal" lineEndContext="#pop">
         <DetectChar char="," context="#pop!exec prefix"/>
         <!-- Escapes (not exactly the same as detected by HlCStringChar). -->
-        <RegExpr String="\\(?:['&quot;,\\abfnrstv]|x[\da-fA-F]{2}|[0-7]{3})" attribute="Escape"/>
-        <!-- Environment variable as a separate word. -->
-        <!-- Environment variable optionally within word. -->
+        <RegExpr String="\\(?:['&quot;,\\abfnrstv]|[0-7]{3}|u[&hex;]{4}|U[&hex;]{8}|x[&hex;]{2})" attribute="Escape"/>
+        <!-- Environment variable as a separate word. | Environment variable within word. -->
         <RegExpr String="(?&lt;=\h)\$\w+(?=\h|,|\\|$)|\${\w+}" attribute="Environment Variable"/>
         <IncludeRules context="text"/>
       </context>
@@ -1246,6 +1313,9 @@
       <context name="oom behavior" attribute="Normal" lineEndContext="#pop">
         <keyword String="oom behavior" attribute="Constant" context="#pop"/>
       </context>
+      <context name="oom preference" attribute="Normal" lineEndContext="#pop">
+        <keyword String="oom preference" attribute="Constant" context="#pop"/>
+      </context>
       <context name="oom policy" attribute="Normal" lineEndContext="#pop">
         <keyword String="oom policy" attribute="Constant" context="#pop"/>
       </context>
@@ -1321,7 +1391,7 @@
         <keyword String="standard input" attribute="Constant" context="#pop"/>
       </context>
       <context name="standard output" attribute="Normal" lineEndContext="#pop">
-        <RegExpr String="append:(?=/\S)" attribute="Constant" context="#pop"/>
+        <RegExpr String="(?:append|truncate):(?=/\S)" attribute="Constant" context="#pop"/>
         <IncludeRules context="standard io"/>
         <keyword String="standard output" attribute="Constant" context="#pop"/>
       </context>
@@ -1435,6 +1505,7 @@
         <WordDetect String="DynamicUser" firstNonSpace="true" attribute="Option Name" context="boolean"/>
         <WordDetect String="Environment" firstNonSpace="true" attribute="Option Name" context="variable assignment"/>
         <WordDetect String="EnvironmentFile" firstNonSpace="true" attribute="Option Name" context="- text"/>
+        <WordDetect String="ExecPaths" firstNonSpace="true" attribute="Option Name" context="-+/path list"/>
         <WordDetect String="Group" firstNonSpace="true" attribute="Option Name" context="group user"/>
         <WordDetect String="IOSchedulingClass" firstNonSpace="true" attribute="Option Name" context="io scheduling class"/>
         <WordDetect String="IOSchedulingPriority" firstNonSpace="true" attribute="Option Name" context="io scheduling priority"/>
@@ -1468,10 +1539,12 @@
         <WordDetect String="NUMAMask" firstNonSpace="true" attribute="Option Name" context="numa mask"/>
         <WordDetect String="NUMAPolicy" firstNonSpace="true" attribute="Option Name" context="numa policy"/>
         <WordDetect String="Nice" firstNonSpace="true" attribute="Option Name" context="nice level"/>
+        <WordDetect String="NoExecPaths" firstNonSpace="true" attribute="Option Name" context="-+/path list"/>
         <WordDetect String="NoNewPrivileges" firstNonSpace="true" attribute="Option Name" context="boolean"/>
         <WordDetect String="OOMScoreAdjust" firstNonSpace="true" attribute="Option Name" context="oom score adjust"/>
         <WordDetect String="Personality" firstNonSpace="true" attribute="Option Name" context="personality"/>
         <WordDetect String="PrivateDevices" firstNonSpace="true" attribute="Option Name" context="boolean"/>
+        <WordDetect String="PrivateIPC" firstNonSpace="true" attribute="Option Name" context="boolean"/>
         <WordDetect String="PrivateMounts" firstNonSpace="true" attribute="Option Name" context="boolean"/>
         <WordDetect String="PrivateNetwork" firstNonSpace="true" attribute="Option Name" context="boolean"/>
         <WordDetect String="PrivateTmp" firstNonSpace="true" attribute="Option Name" context="boolean"/>
@@ -1574,7 +1647,8 @@
         <WordDetect String="IPAddressAllow" firstNonSpace="true" attribute="Option Name" context="ip address list"/>
         <WordDetect String="IPAddressDeny" firstNonSpace="true" attribute="Option Name" context="ip address list"/>
         <WordDetect String="ManagedOOMMemoryPressure" firstNonSpace="true" attribute="Option Name" context="oom behavior"/>
-        <WordDetect String="ManagedOOMMemoryPressureLimitPercent" firstNonSpace="true" attribute="Option Name" context="percent"/>
+        <WordDetect String="ManagedOOMMemoryPressureLimit" firstNonSpace="true" attribute="Option Name" context="percent"/>
+        <WordDetect String="ManagedOOMPreference" firstNonSpace="true" attribute="Option Name" context="oom preference"/>
         <WordDetect String="ManagedOOMSwap" firstNonSpace="true" attribute="Option Name" context="oom behavior"/>
         <WordDetect String="MemoryAccounting" firstNonSpace="true" attribute="Option Name" context="boolean"/>
         <WordDetect String="MemoryHigh" firstNonSpace="true" attribute="Option Name" context="cardinal %KMGT infinity"/>
@@ -1696,9 +1770,11 @@
         <WordDetect String="AllowIsolate" firstNonSpace="true" attribute="Option Name" context="boolean"/>
         <WordDetect String="AssertACPower" firstNonSpace="true" attribute="Option Name" context="AC boolean"/>
         <WordDetect String="AssertArchitecture" firstNonSpace="true" attribute="Option Name" context="AC architecture"/>
+        <WordDetect String="AssertCPUs" firstNonSpace="true" attribute="Option Name" context="AC cardinal"/>
         <WordDetect String="AssertCapability" firstNonSpace="true" attribute="Option Name" context="AC capability"/>
         <WordDetect String="AssertControlGroupController" firstNonSpace="true" attribute="Option Name" context="AC controller cg"/>
         <WordDetect String="AssertDirectoryNotEmpty" firstNonSpace="true" attribute="Option Name" context="AC text"/>
+        <WordDetect String="AssertEnvironment" firstNonSpace="true" attribute="Option Name" context="AC text"/>
         <WordDetect String="AssertFileIsExecutable" firstNonSpace="true" attribute="Option Name" context="AC text"/>
         <WordDetect String="AssertFileNotEmpty" firstNonSpace="true" attribute="Option Name" context="AC text"/>
         <WordDetect String="AssertFirstBoot" firstNonSpace="true" attribute="Option Name" context="AC boolean"/>
@@ -1706,6 +1782,7 @@
         <WordDetect String="AssertHost" firstNonSpace="true" attribute="Option Name" context="AC text *"/>
         <WordDetect String="AssertKernelCommandLine" firstNonSpace="true" attribute="Option Name" context="AC text"/>
         <WordDetect String="AssertKernelVersion" firstNonSpace="true" attribute="Option Name" context="AC text *"/>
+        <WordDetect String="AssertMemory" firstNonSpace="true" attribute="Option Name" context="AC cardinal"/>
         <WordDetect String="AssertNeedsUpdate" firstNonSpace="true" attribute="Option Name" context="AC text"/>
         <WordDetect String="AssertPathExists" firstNonSpace="true" attribute="Option Name" context="AC text"/>
         <WordDetect String="AssertPathExistsGlob" firstNonSpace="true" attribute="Option Name" context="AC text glob"/>
@@ -1722,6 +1799,7 @@
         <WordDetect String="CollectMode" firstNonSpace="true" attribute="Option Name" context="collect mode"/>
         <WordDetect String="ConditionACPower" firstNonSpace="true" attribute="Option Name" context="AC boolean"/>
         <WordDetect String="ConditionArchitecture" firstNonSpace="true" attribute="Option Name" context="AC architecture"/>
+        <WordDetect String="ConditionCPUFeature" firstNonSpace="true" attribute="Option Name" context="cpu feature"/>
         <WordDetect String="ConditionCPUs" firstNonSpace="true" attribute="Option Name" context="AC cardinal"/>
         <WordDetect String="ConditionCapability" firstNonSpace="true" attribute="Option Name" context="AC capability"/>
         <WordDetect String="ConditionControlGroupController" firstNonSpace="true" attribute="Option Name" context="AC controller cg"/>
