diff --git a/.github/workflows/issue_opened.yml b/.github/workflows/issue_opened.yml
index 631bb483..b4436dca 100644
--- a/.github/workflows/issue_opened.yml
+++ b/.github/workflows/issue_opened.yml
@@ -5,6 +5,7 @@ on:
   issues:
     types: [opened]
 
+permissions: {}
 jobs:
   automation:
     runs-on: ubuntu-latest
@@ -15,7 +16,7 @@ jobs:
       # Only add to project board if issue is flagged as "needs triage" or has no labels
       # NOTE: By default we flag new issues as "needs triage" in our issue template
       if: (contains(github.event.issue.labels.*.name, 'needs triage') || join(github.event.issue.labels.*.name) == '')
-      uses: actions/add-to-project@v0.3.0
+      uses: actions/add-to-project@v0.5.0
       # Note, the authentication token below is an ORG level Secret. 
       # It must be created/recreated manually via a personal access token with admin:org, project, public_repo permissions
       # See: https://docs.github.com/en/actions/configuring-and-managing-workflows/authenticating-with-the-github_token#permissions-for-the-github_token
diff --git a/.github/workflows/label_merge_conflicts.yml b/.github/workflows/label_merge_conflicts.yml
new file mode 100644
index 00000000..4766b58f
--- /dev/null
+++ b/.github/workflows/label_merge_conflicts.yml
@@ -0,0 +1,39 @@
+# This workflow checks open PRs for merge conflicts and labels them when conflicts are found
+name: Check for merge conflicts
+
+# Run this for all pushes (i.e. merges) to 'main' or maintenance branches
+on:
+  push:
+    branches:
+      - main
+      - 'dspace-**'
+  # So that the `conflict_label_name` is removed if conflicts are resolved,
+  # we allow this to run for `pull_request_target` so that github secrets are available.
+  pull_request_target:
+    types: [ synchronize ]
+
+permissions: {}
+
+jobs:
+  triage:
+    # Ensure this job never runs on forked repos. It's only executed for 'DSpace/RestContract'
+    if: github.repository == 'dspace/restcontract'
+    runs-on: ubuntu-latest
+    permissions:
+      pull-requests: write
+    steps:
+      # See: https://github.com/prince-chrismc/label-merge-conflicts-action
+      - name: Auto-label PRs with merge conflicts
+        uses: prince-chrismc/label-merge-conflicts-action@v3
+        # Ignore any failures -- may occur (randomly?) for older, outdated PRs.
+        continue-on-error: true
+        # Add "merge conflict" label if a merge conflict is detected. Remove it when resolved.
+        # Note, the authentication token is created automatically
+        # See: https://docs.github.com/en/actions/configuring-and-managing-workflows/authenticating-with-the-github_token
+        with:
+          conflict_label_name: 'merge conflict'
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          conflict_comment: |
+            Hi @${author},
+            Conflicts have been detected against the base branch.
+            Please [resolve these conflicts](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/addressing-merge-conflicts/about-merge-conflicts) as soon as you can. Thanks!
\ No newline at end of file
diff --git a/.github/workflows/port_merged_pull_request.yml b/.github/workflows/port_merged_pull_request.yml
new file mode 100644
index 00000000..857f2275
--- /dev/null
+++ b/.github/workflows/port_merged_pull_request.yml
@@ -0,0 +1,46 @@
+# This workflow will attempt to port a merged pull request to
+# the branch specified in a "port to" label (if exists)
+name: Port merged Pull Request
+
+# Only run for merged PRs against the "main" or maintenance branches
+# We allow this to run for `pull_request_target` so that github secrets are available
+# (This is required when the PR comes from a forked repo)
+on:
+  pull_request_target:
+    types: [ closed ]
+    branches:
+      - main
+      - 'dspace-**'
+
+permissions:
+  contents: write      # so action can add comments
+  pull-requests: write # so action can create pull requests
+
+jobs:
+  port_pr:
+    runs-on: ubuntu-latest
+    # Don't run on closed *unmerged* pull requests
+    if: github.event.pull_request.merged
+    steps:
+      # Checkout code
+      - uses: actions/checkout@v4
+      # Port PR to other branch (ONLY if labeled with "port to")
+      # See https://github.com/korthout/backport-action
+      - name: Create backport pull requests
+        uses: korthout/backport-action@v2
+        with:
+          # Trigger based on a "port to [branch]" label on PR
+          # (This label must specify the branch name to port to)
+          label_pattern: '^port to ([^ ]+)$'
+          # Title to add to the (newly created) port PR
+          pull_title: '[Port ${target_branch}] ${pull_title}'
+          # Description to add to the (newly created) port PR
+          pull_description: 'Port of #${pull_number} by @${pull_author} to `${target_branch}`.'
+          # Copy all labels from original PR to (newly created) port PR
+          # NOTE: The labels matching 'label_pattern' are automatically excluded
+          copy_labels_pattern: '.*'
+          # Skip any merge commits in the ported PR. This means only non-merge commits are cherry-picked to the new PR
+          merge_commits: 'skip'
+          # Use a personal access token (PAT) to create PR as 'dspace-bot' user.
+          # A PAT is required in order for the new PR to trigger its own actions (for CI checks)
+          github_token: ${{ secrets.PR_PORT_TOKEN }}
\ No newline at end of file
diff --git a/.github/workflows/pull_request_opened.yml b/.github/workflows/pull_request_opened.yml
new file mode 100644
index 00000000..f16e81c9
--- /dev/null
+++ b/.github/workflows/pull_request_opened.yml
@@ -0,0 +1,24 @@
+# This workflow runs whenever a new pull request is created
+name: Pull Request opened
+
+# Only run for newly opened PRs against the "main" or maintenance branches
+# We allow this to run for `pull_request_target` so that github secrets are available
+# (This is required to assign a PR back to the creator when the PR comes from a forked repo)
+on:
+  pull_request_target:
+    types: [ opened ]
+    branches:
+      - main
+      - 'dspace-**'
+
+permissions:
+  pull-requests: write
+
+jobs:
+  automation:
+    runs-on: ubuntu-latest
+    steps:
+    # Assign the PR to whomever created it. This is useful for visualizing assignments on project boards
+    # See https://github.com/toshimaru/auto-author-assign
+    - name: Assign PR to creator
+      uses: toshimaru/auto-author-assign@v2.0.1
diff --git a/epersongroups.md b/epersongroups.md
index 351a939d..ed3e177b 100644
--- a/epersongroups.md
+++ b/epersongroups.md
@@ -327,14 +327,40 @@ Return codes:
 * 404 Not found - if the parent group doesn't exist
 * 422 Unprocessable Entity - if the child group doesn't exist or if the specified eperson doesn't exist
 
-## Search
-**GET /api/eperson/groups/search/byMetadata?query=<:name>**
+## Search Methods
 
-This supports a basic search in the metadata.
+### byMetadata
+**GET /api/eperson/groups/search/byMetadata?query=<:string>**
+
+This supports a basic search across all Groups via their metadata.
+It will search in:
+* UUID (exact match)
+* group name
+
+It returns the list of GroupRest instances, if any, matching the user query
+
+Return codes:
+* 200 OK - if the operation succeed
+* 400 Bad Request - if the 'query' parameter is missing or invalid
+* 401 Unauthorized - if you are not authenticated
+* 403 Forbidden - if you are not logged in with sufficient permissions. Only system administrators or Community/Collection administrators can use this endpoint.
+
+### isNotMemberOf
+**GET /api/eperson/groups/search/isNotMemberOf?group=<:uuid>&query=<:string>**
+
+This supports a basic search across all Groups which are not already a member (subgroup) of the provided Group (in the 'group' parameter). Therefore it searches across Groups _not already listed_ on the `/api/eperson/groups/<:uuid>/subgroups` endpoint for the provided group.
 It will search in:
 * UUID (exact match)
 * group name
 
+It returns the list of GroupRest instances, if any, matching the user query
+
+Return codes:
+* 200 OK - if the operation succeed
+* 400 Bad Request - if the 'group' or 'query' parameter is missing or invalid
+* 401 Unauthorized - if you are not authenticated
+* 403 Forbidden - if you are not logged in with sufficient permissions. Only system administrators or Community/Collection administrators can use this endpoint.
+
 ## Related DSpace Object of group
 **GET /api/eperson/groups/<:uuid>/object** (READ-ONLY)
 
diff --git a/epersons.md b/epersons.md
index 63509e25..cb8f938a 100644
--- a/epersons.md
+++ b/epersons.md
@@ -60,8 +60,8 @@
 }
 ```
 
-### Search methods
-#### byEmail
+## Search methods
+### byEmail
 **/api/eperson/epersons/search/byEmail?email=<:string>**
 
 The supported parameters are:
@@ -75,10 +75,10 @@ Return codes:
 * 401 Unauthorized - if you are not authenticated
 * 403 Forbidden - if you are not logged in with sufficient permissions. Only system administrators and users with READ rights on the target EPerson can use the endpoint
 
-#### byMetadata
-**GET /api/eperson/epersons/search/byMetadata?query=<:name>**
+### byMetadata
+**GET /api/eperson/epersons/search/byMetadata?query=<:string>**
 
-This supports a basic search in the metadata.
+This supports a basic search across all EPerson accounts via their metadata.
 It will search in:
 * UUID (exact match)
 * first name
@@ -89,9 +89,27 @@ It returns the list of EPersonRest instances, if any, matching the user query
 
 Return codes:
 * 200 OK - if the operation succeed
-* 400 Bad Request - if the email parameter is missing or invalid
+* 400 Bad Request - if the 'query' parameter is missing or invalid
 * 401 Unauthorized - if you are not authenticated
-* 403 Forbidden - if you are not logged in with sufficient permissions. Only system administrators and users with READ rights on the target EPerson can use the endpoint
+* 403 Forbidden - if you are not logged in with sufficient permissions. Only system administrators or Community/Collection administrators can use this endpoint.
+
+### isNotMemberOf
+**GET /api/eperson/epersons/search/isNotMemberOf?group=<:uuid>&query=<:string>**
+
+This supports a basic search across all EPersons which are not already a member of the provided Group (in the 'group' parameter). Therefore it searches EPersons _not already listed_ on the `/api/eperson/groups/<:uuid>/epersons` endpoint for the provided group.
+It will search in:
+* UUID (exact match)
+* first name
+* last name
+* email address
+
+It returns the list of EPersonRest instances, if any, matching the user query
+
+Return codes:
+* 200 OK - if the operation succeed
+* 400 Bad Request - if the 'group' or 'query' parameter is missing or invalid
+* 401 Unauthorized - if you are not authenticated
+* 403 Forbidden - if you are not logged in with sufficient permissions. Only system administrators or Community/Collection administrators can use this endpoint.
 
 ## Patch operations