diff --git a/Documentation/CHANGELOG.md b/Documentation/CHANGELOG.md
index 07f61b3..a4b1883 100644
--- a/Documentation/CHANGELOG.md
+++ b/Documentation/CHANGELOG.md
@@ -3,6 +3,18 @@
 # Changelog
 All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 
+## [4.11] - 2023-10-01
+
+### Added
+
+- Added the [Get-ADDBServiceAccount](PowerShell/Get-ADDBServiceAccount.md#get-addbserviceaccount) cmdlet for offline managed password derivation.
+- Implemented the [Unlock-ADDBAccount](PowerShell/Unlock-ADDBAccount.md#unlock-addbaccount) cmdlet that can perform offline account unlock.
+
+### Fixed
+
+- Fixed Kerberos PBKDF2 salt derivation for service accounts in the [ConvertTo-KerberosKey](PowerShell/ConvertTo-KerberosKey.md#convertto-kerberoskey) cmdlet and the corresponding 
+[KerberosKeyDerivation](../Src/DSInternals.Common/Cryptography/KerberosKeyDerivation.cs) class.
+
 ## [4.10] - 2023-09-16
 
 ### Added
@@ -471,7 +483,8 @@ This is a [Chocolatey](https://chocolatey.org/packages/dsinternals-psmodule)-onl
 ## 1.0 - 2015-01-20
 Initial release!
 
-[Unreleased]: https://github.com/MichaelGrafnetter/DSInternals/compare/v4.10...HEAD
+[Unreleased]: https://github.com/MichaelGrafnetter/DSInternals/compare/v4.11...HEAD
+[4.11]: https://github.com/MichaelGrafnetter/DSInternals/compare/v4.10...v4.11
 [4.10]: https://github.com/MichaelGrafnetter/DSInternals/compare/v4.9...v4.10
 [4.9]: https://github.com/MichaelGrafnetter/DSInternals/compare/v4.8...v4.9
 [4.8]: https://github.com/MichaelGrafnetter/DSInternals/compare/v4.7...v4.8
diff --git a/Src/DSInternals.Common/DSInternals.Common.nuspec b/Src/DSInternals.Common/DSInternals.Common.nuspec
index 7be96bd..cb1e076 100644
--- a/Src/DSInternals.Common/DSInternals.Common.nuspec
+++ b/Src/DSInternals.Common/DSInternals.Common.nuspec
@@ -14,7 +14,8 @@
     <description>This package is shared between all other DSInternals packages. Its main features are Azure AD Graph API and ADSI clients for for retrieval of cryptographic material. It contains implementations of common hash functions used by Windows, including NT hash, LM hash and OrgId hash. It also contains methods for SysKey/BootKey retrieval.</description>
     <summary>This package is shared between all other DSInternals packages.</summary>
     <releaseNotes>
-      - Updated dependencies.
+- Implemented managed password calculation.
+- Fixed Kerberos PBKDF2 salt derivation for service accounts.
     </releaseNotes>
     <copyright>Copyright (c) 2015-2023 Michael Grafnetter. All rights reserved.</copyright>
     <tags>ActiveDirectory Security AD AAD Identity Active Directory</tags>
diff --git a/Src/DSInternals.Common/Data/Principals/DSAccount.cs b/Src/DSInternals.Common/Data/Principals/DSAccount.cs
index 2bd379b..64d261e 100644
--- a/Src/DSInternals.Common/Data/Principals/DSAccount.cs
+++ b/Src/DSInternals.Common/Data/Principals/DSAccount.cs
@@ -271,7 +271,6 @@
         /// <summary>
         /// List of principal names used for mutual authentication with an instance of a service.
         /// </summary>
-
         public string[] ServicePrincipalName
         {
             get;
diff --git a/Src/DSInternals.Common/Properties/AssemblyInfo.cs b/Src/DSInternals.Common/Properties/AssemblyInfo.cs
index d4df7ba..ad285e8 100644
--- a/Src/DSInternals.Common/Properties/AssemblyInfo.cs
+++ b/Src/DSInternals.Common/Properties/AssemblyInfo.cs
@@ -5,8 +5,8 @@ using System.Runtime.InteropServices;
 // set of attributes. Change these attribute values to modify the information
 // associated with an assembly.
 [assembly: AssemblyTitle("DSInternals Common Library")]
-[assembly: AssemblyVersion("4.8")]
-[assembly: AssemblyFileVersion("4.8")]
+[assembly: AssemblyVersion("4.11")]
+[assembly: AssemblyFileVersion("4.11")]
 [assembly: AssemblyDescription("")]
 [assembly: AssemblyConfiguration("")]
 [assembly: AssemblyCompany("")]
diff --git a/Src/DSInternals.DataStore/DSInternals.DataStore.nuspec b/Src/DSInternals.DataStore/DSInternals.DataStore.nuspec
index 0e1866d..ce3f725 100644
--- a/Src/DSInternals.DataStore/DSInternals.DataStore.nuspec
+++ b/Src/DSInternals.DataStore/DSInternals.DataStore.nuspec
@@ -14,8 +14,8 @@
     <description>DSInternals DataStore is an advanced framework for offline ntds.dit file manipulation. It can be used to extract password hashes from Active Directory backups or to modify the sIDHistory and primaryGroupId attributes.</description>
     <summary>DSInternals DataStore is an advanced framework for offline ntds.dit file manipulation.</summary>
     <releaseNotes>
-- Fixed a rare security descriptor parsing issue.
-- Parallel reading of multiple databases is now supported.
+- Added the capability to retrieve information about group managed service accounts (gMSAs) from database files and to calculate their current passwords.
+- Implemented the offline account unlock feature.
     </releaseNotes>
     <copyright>Copyright (c) 2015-2023 Michael Grafnetter. All rights reserved.</copyright>
     <tags>ActiveDirectory Security NTDS AD Identity Active Directory</tags>
diff --git a/Src/DSInternals.DataStore/Properties/AssemblyInfo.cs b/Src/DSInternals.DataStore/Properties/AssemblyInfo.cs
index f5250b5..851c01a 100644
--- a/Src/DSInternals.DataStore/Properties/AssemblyInfo.cs
+++ b/Src/DSInternals.DataStore/Properties/AssemblyInfo.cs
@@ -5,8 +5,8 @@ using System.Runtime.InteropServices;
 // set of attributes. Change these attribute values to modify the information
 // associated with an assembly.
 [assembly: AssemblyTitle("DSInternals DataStore Library")]
-[assembly: AssemblyVersion("4.10")]
-[assembly: AssemblyFileVersion("4.10")]
+[assembly: AssemblyVersion("4.11")]
+[assembly: AssemblyFileVersion("4.11")]
 [assembly: AssemblyDescription("")]
 [assembly: AssemblyConfiguration("")]
 [assembly: AssemblyCompany("")]
diff --git a/Src/DSInternals.PowerShell/Chocolatey/dsinternals-psmodule.nuspec b/Src/DSInternals.PowerShell/Chocolatey/dsinternals-psmodule.nuspec
index a78d19e..76288bb 100644
--- a/Src/DSInternals.PowerShell/Chocolatey/dsinternals-psmodule.nuspec
+++ b/Src/DSInternals.PowerShell/Chocolatey/dsinternals-psmodule.nuspec
@@ -3,7 +3,7 @@
 <package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd">
   <metadata>
     <id>DSInternals-PSModule</id>
-    <version>4.10</version>
+    <version>4.11</version>
     <packageSourceUrl>https://github.com/MichaelGrafnetter/DSInternals/tree/master/Src/DSInternals.PowerShell/Chocolatey</packageSourceUrl>
     <owners>MichaelGrafnetter</owners>
     <title>DSInternals PowerShell Module</title>
@@ -18,9 +18,9 @@
     <bugTrackerUrl>https://github.com/MichaelGrafnetter/DSInternals/issues</bugTrackerUrl>
     <tags>admin dsinternals powershell activedirectory ad security ntds passwords dpapi lsa sam audit</tags>
     <summary>The DSInternals PowerShell Module exposes several internal features of Active Directory. These include offline ntds.dit file manipulation, password auditing, DC recovery from IFM backups and password hash calculation.</summary>
-    <description>The DSInternals PowerShell Module has these main features:
-
-* [Azure Active Directory FIDO2 key auditing](../Documentation/PowerShell/Get-AzureADUserEx.md#get-azureaduserex) and retrieval of system information about all user-registered key credentials.
+    <description>
+The DSInternals PowerShell Module has these main features:
+* [Azure Active Directory FIDO2 key auditing](https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Get-AzureADUserEx.md#get-azureaduserex) and retrieval of system information about all user-registered key credentials.
 * [Active Directory password auditing](https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Test-PasswordQuality.md) that discovers accounts sharing the same passwords or having passwords in a public database like [HaveIBeenPwned](https://haveibeenpwned.com) or in a custom dictionary.
 * [Bare-metal recovery of domain controllers](https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/New-ADDBRestoreFromMediaScript.md) from just IFM backups (ntds.dit + SYSVOL).
 * Offline ntds.dit file manipulation, including [hash dumping](https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Get-ADDBAccount.md), [password resets](https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Set-ADDBAccountPassword.md), [group membership changes](https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Set-ADDBPrimaryGroup.md), [SID History injection](https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Add-ADDBSidHistory.md) and [enabling](https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Enable-ADDBAccount.md)/[disabling](https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Disable-ADDBAccount.md) accounts.
@@ -37,10 +37,9 @@
 ## Disclaimer
 Features exposed through these tools are not supported by Microsoft. Improper use might cause irreversible damage to domain controllers or negatively impact domain security.</description>
     <releaseNotes>
-* The Test-PasswordQuality cmdlet now checks if a user's password is equal to their SamAccountName attribute.
-* Added support for the ARM64 platform (tested on Windows Dev Kit 2023 / Project Volterra).
-* Fixed a rare security descriptor parsing issue.
-* Parallel reading of multiple databases is now supported.
+* Added the Get-ADDBServiceAccount cmdlet for offline managed password derivation.
+* Implemented the Unlock-ADDBAccount cmdlet that can perform offline account unlock.
+* Fixed Kerberos PBKDF2 salt derivation for service accounts in the ConvertTo-KerberosKey cmdlet.
     </releaseNotes>
     <dependencies>
       <!-- Windows Management Framework 3+. For OS prior to Windows 8 and Windows Server 2012. -->
diff --git a/Src/DSInternals.PowerShell/DSInternals.psd1 b/Src/DSInternals.PowerShell/DSInternals.psd1
index d382dee..817521f 100644
--- a/Src/DSInternals.PowerShell/DSInternals.psd1
+++ b/Src/DSInternals.PowerShell/DSInternals.psd1
@@ -8,7 +8,7 @@
 RootModule = 'DSInternals.Bootstrap.psm1'
 
 # Version number of this module.
-ModuleVersion = '4.10'
+ModuleVersion = '4.11'
 
 # Supported PSEditions
 # CompatiblePSEditions = 'Desktop'
@@ -143,10 +143,9 @@ PrivateData = @{
 
         # ReleaseNotes of this module
         ReleaseNotes = @"
-- The Test-PasswordQuality cmdlet now checks if a user's password is equal to their SamAccountName attribute.
-- Added support for the ARM64 platform (tested on Windows Dev Kit 2023 / Project Volterra).
-- Fixed a rare security descriptor parsing issue.
-- Parallel reading of multiple databases is now supported.
+- Added the Get-ADDBServiceAccount cmdlet for offline managed password derivation.
+- Implemented the Unlock-ADDBAccount cmdlet that can perform offline account unlock.
+- Fixed Kerberos PBKDF2 salt derivation for service accounts in the ConvertTo-KerberosKey cmdlet.
 "@
     } # End of PSData hashtable
 
diff --git a/Src/DSInternals.PowerShell/Properties/AssemblyInfo.cs b/Src/DSInternals.PowerShell/Properties/AssemblyInfo.cs
index dc71652..9e9327d 100644
--- a/Src/DSInternals.PowerShell/Properties/AssemblyInfo.cs
+++ b/Src/DSInternals.PowerShell/Properties/AssemblyInfo.cs
@@ -5,8 +5,8 @@ using System.Runtime.InteropServices;
 // set of attributes. Change these attribute values to modify the information
 // associated with an assembly.
 [assembly: AssemblyTitle("DSInternals PowerShell Commands")]
-[assembly: AssemblyVersion("4.10")]
-[assembly: AssemblyFileVersion("4.10")]
+[assembly: AssemblyVersion("4.11")]
+[assembly: AssemblyFileVersion("4.11")]
 [assembly: AssemblyDescription("")]
 [assembly: AssemblyConfiguration("")]
 [assembly: AssemblyCompany("")]