Tags

NEW:
[AddDomain] --notify passed to AddDomain will dispatch a welcome email upon provisioning.
[cgroup] volatile cgroup resources, specifically resources set by the "cgroup" service class, may be temporarily suspended.
[Composer] [webapps] => composer_volatile applies memory volatility during composer operations, specifically install, which can use a remarkable amount of memory solving.
[node] get_default()- get default interpreter for a given path.
[Scopes] apache.mutex Scope, quickly change synchronization mutex.

FIXED:
[firewalld] flush nft tables when backend chages. Switching firewalld backend from nft to iptables persists default drop-all policy that takes priority, blocking any permit rules.
[joomla] version check fires before update, reporting incorrect update status.
[Login] autofilled fields do not transition.
[mysql] permit IPv6 addresses.
[Preferences] various fixes that would result in preferences being overwritten or partially updated.
[Webapps] git fails on relocated documented root.

CHANGED:
[apnscpd] disable cron processing/job runner when [apnscpd] => cron_resolution is 0
[auth] changing password clears Dovecot authentication cache used by IMAP/POP3/SMTP.
[ghost] relax memory minimum to 768 MB.
[Metrics] trade storage for memory during metric compression. Reduce window over which compression runs.
[Nexus] add "Login As" option after account is created.
[Nexus] define "units" validator range.
[Sessions] automate corrupted session table recovery. MariaDB is designed to recover tables in the background upon detecting corruption; however, in 10.3 this is scantly seen. Add a startup check and automate recovery if apnscpsession.php is the last file in the backtrace.
[Webapps] git snapshot uses application root instead of docroot.
[Webapps] UI update triggers Update Assurance if configured.
[wordpress] explicitly set --version= flag if version specified to plugin/theme. Some plugins/themes are known to block WP CLI from correctly detecting remote version (see wp-cli/wp-cli issues #370, #1123).

REMOVED:
[dnf] dnf "best" package usage.
[OS] crashkernel support on installs with less than 2 GB.

SECURITY:
[common] preference cache uses built-in Redis serializer, which could allow an attacker to store a carefully crafted class instance as a preference value. No known attack vector exists presently, but if preferences had a vulnerability to store an arbitrary object or attacker had direct access to modify raw preference data, it would thus be feasible to leverage. Use a whitelist of acceptable objects to unserialize.

FIXED:
[build] check composer.lock timestamp on each update to ensure ./composer install is installed as needed during batch updates.
[Nextcloud] reapply read/write access to config.php depending on Fortification mode.
[Summary] report service limits.
[Web Apps] "Show Detected Apps" hides all apps.

CHANGED:
[Discourse] support 2.4.0+
[Firewalld] restart firewalld when switching FirewallBackend types. A full flush is required otherwise all network operations are blocked.
[Opcenter] sort services on edit hook.
[pgsql] incorrect field in add-user() parameterization.
[Postfix] always add missing headers. Broken mail clients, such as Windows Mail, do not set a Message-ID header resulting in quarantined mail.
[rspamd] disable RBL checks for ESMTPA transactions.
[Scopes] add scope change to history.
[Web Apps] separate into individual repositories. Native apps may be overridden by placing the corresponding app in config/custom/webapps/name, then running ./composer dump-autoload -o followed by systemctl restart apiscp.
[WordPress] use native mod_rewrite template. Resolves double-append cases when permalinks are updated in panel.

REMOVED:
[Preferences] hrtime() uses arbitrary origin and thus unsuitable for synchronization checks.

[composer] Force package update, resigning a tag on acomposer update does not update the composer packages when reapplying the tag. This will be addressed in v3.2.2
[firewalld] Switching from nftables to iptables requires a reboot to properly flush tables. A workaround for a rebootless change will be addressed in v3.2.2

3.2 release 🎉
 Web Apps facility rewrite, significant improvements to functionality.

NEW:
[Bootstrapper] BSARGS= environment variable for passing off --extra-vars=$BSARGS to ansible-playbook, e.g. `env BSARGS="--force=yes" upcp -sb`
[CLI] "serialize" output/input format added. Uses builtin PHP serialization to pass objects around unadulterated.
[Dashbord] add Argos glance.
[DNS] Katapult, Hetzner DNS providers. Katapult is an upcoming premium VPS, Hetzner provides free DNS service.
[dns] verify(), verified(), challenges() API calls for third-party DNS providers that require additional challenges.
[git] add_ignore(), list_ignored_files()manage ignored files for git repository.
[web] get_all_hostnames_from_path()given a docroot, find all hostnames that serve from this base location.
[webapp] general purpose Web App module. Don't know the web app installed under a document root, but want to update it? cpcmd -d mydomain.com webapp:update mydomain.com. All family methods are exposed through this module except install().
[webapp] get_reconfigurable()get a reconfigurable value either transient or fixture.
[Web Apps] learn, write, release are now callable from API. wordpress:fortify("mydomain.com","","learn", [10]);
[Web Apps] fortification_modes()list all Fortification modes available to an app.
[Web Apps] Nextcloud 1-click support.
[Web Apps] Manifests. Bolt on Fortification and database snapshot/rollback support to any document root on your account. Manifest Fortification may define additional modes in addition to an app's base modes.
[Web Apps] notification controls via Account > Settings.
[Web Apps] third-party support. See @apisnetworks/apiscp-webapp-demo for a sample application.
[WordPress] AST parser allows for tighter integration with wp-config.php. Changing Fortification to "write" mode for example rewrite FS_METHOD to 'direct' automatically. May be used in hooks as well (see WordPress.md).
[WordPress] Site duplication and rename support. Easily migrate a WP site from staging to production with one click!

FIXED:
[file] stat calls could report an invalid user if the user were removed and recreated with the same site ID/user ID combination.
[DeleteDomain] flush global error log prior to deletion. Epehemeral account generation may erroneously report failure if global state is error prior to deletion.
[Migrations] update IPv6 on migration
[Web Apps] corrupted sites during update will no longer terminate an update batch.

CHANGED:
[Core] bump PHP to 7.4.
[Datastream] support 2^22 PIDs, which allows for worker pinning when PID exceeds 65536.
[Let's Encrypt] disable wildcard SSL if null driver is used.
[Laravel] Update Laravel to 6/LTS, Horizon to 3.
[mysql, pgsql] clone() may now duplicate a database into an empty destination.
[mysql, pgsql] export() may now export a database onto an empty file.
[PHP] libsodium always enabled for PHP 7.2+.
[Postfix] CentOS 8/systemd sendmail compatibility. RestrictAddressFamilies requires AF_NETLINK support. Setting PrivateDevices or RestrictAddressFamilies, in addition to other directives, irrevocably enables NoNewPrivileges=yes, which prevents postdrop setgid helper from temporarily granting the invoking process "postdrop" membership. This requires either opening /var/spool/postfix/maildrop to world or using ACLs to grant apache user write/execute permissions to directory. Pursuing this route blocks future developments in multi-user pools as well as running pool same-user (cPanel compatibility mode), leaving supplementary group addition the only appropriate route.
[PostgreSQL] PostGIS install-time option via `pgsql_has_postgis`.
[PowerDNS] pdns server no longer explicitly enabled if using PowerDNS provider unless `powerdns_enabled` is set to true.
[Rampart] disabling FTP/mail services disables respective log monitoring profiles.
[UI] convert collapse to flyout menu. Minor UI tweaks.
[UI] "search" promoted into reusable component.
[Web Apps] report Fortification mode in meta gutter.

FIXED:
[Bootstrapper] force major update policy on resume before 3.2.0 is released.
[Email] "Mail" appended onto destination mailbox on rename.
[Lararia] disable Laravel's builtin exception handler for ApisCP. A slew of deprecation errors are introduced by the 7.3 to 7.4 migration fully rectified in 3.2.0.
[PHP] HOTFIX: CentOS 8/systemd sendmail compatibility. RestrictAddressFamilies requires AF_NETLINK support. Setting PrivateDevices or RestrictAddressFamilies, in addition to other directives, irrevocably enables NoNewPrivileges=yes, which prevents postdrop setgid helper from temporarily granting the invoking process "postdrop" membership. This requires either opening /var/spool/postfix/maildrop to world or using ACLs to grant apache user write/execute permissions to directory. Pursuing this route blocks future developments in multi-user pools as well as running pool same-user (cPanel compatibility mode), leaving supplementary group addition the only appropriate route. Long-term fix is to assign client certificates for each PHP-FPM user.

FIXED:
[Backups] "snapshot" in database causes infinite loop on purge
[Dashboard] Rampart unban throws post is not defined error
[email] modify_mailbox()- address change adssumes "root" user

SECURITY:
[MySQL] UMASK= unconventionally applied as an additive mask instead of subtractive. UMASK=0077 appends these permissions instead of stripping g-rwx,o-rwx to data files exposing potentially confidential data to secondary users within the account.

NEW:
[Web Apps] Update Assurance. Post-update hook that monitors for deviations in update page size and rolls back automatically if encountered. Parameter threshold may be configured via [webapps] => assurance_drift.
[letsencrypt] solve()- complete pending challenges from challenges(). See SSL.md for examples.
[Cronus] variable interval job scheduling.
[Ruby, Node] lazy-load support for nvm/rbenv helpers. Prior, having both present could impart a 1-2s lag on shell initialization. Add LAZY_LOAD_XXX=1 in .bashrc to control this behavior. See Ruby.md.
[argos] Dashboard integration, monitoring API.
[email] user_mailboxes()- get a list of mailboxes affiliated with the named user.
[git] head()- show repo HEAD commit.

FIXED:
[Opcenter] a failure in an edit chain causes subsequent domain edits to fail.
[Subdomains] editing a subdomain defaults ownership to first user.
[Error Reporter] broken session deserialization blocks backtrace reports.
[PostgreSQL] editing user via EditDomain applies the wrong password to .pgpass.
[Vacation Responder] always set vacation message, which when setting vacation for secondary user for first time did not populate the message resulting in spurious "File not found" errors.
[MySQL] privileged password cannot be discovered when seteuid, such as with job runner.
[Bootstrapper] dnf i18n idempotency checks.
[Kernel] rebuild grub2.cfg on kernel change.

CHANGED:
[Screenshots] batch runs in hourly intervals. Cleanup chromium work directories.
[Subdomains, Addon Domains] enqueue docroot changes.
[Spam Filter] renamed from SpamAssassin Configuration Wizard. Add support for deliver threshold.
[argos] disambiguate existing config* API methods to config_relay.
[Core] misc:debug-session hooks into request lifecycle earlier - immediately following session initialization.
[Web Apps] deduplicate several preflight checks into Webapps::parseInstallOptions().
[Vacation Responder] clarify "no duplicates" option. Show affected email addresses when enabling vacation mode.
[git] add()- ignore files that cannot be added due to permissions if no fileset specified.'
[License] -f/--force flag overrides panel's best effort not to replace a perfectly fine license.

SECURITY:
Move .php denial to accounts specifically configured without apache,jail=0. Prior, it would be possible to side-step authorization policy if the request URI were a .php resource with .php explicitly appended. All other related resources would continue to be blocked as normal. A corresponding httpd-2.4.43-3 package has been released in coordination.

NEW:
[Core] API callbacks. See Hooks.md.

FIXED:
[Database] appldb incorrectly owned by "root", which during image packaging via clean.sh, prevented root from being dropped.
[SSL Certificates] domain sorting.
[Yum] package solving kicks out nightly package updates from added third-party deps with PostgreSQL.
[apnscpFunctionInterceptor] session context inherited from global context.
[Opcenter] propagate bandwidth changes when unit changes independent of threshold.
[HTTP] IPv6 fixes during self-referential reachability checks.
[rspamd] MX checks. Firewall rules do not inspect supplementary groups until iptables 1.8.4.
[.htaccess Manager] various maladies.
[Chromedriver] certain call pathways could persist chromedriver binary longer than necessary.
[dns] nested parented domains.
[Drupal] various installation blockers

CHANGED:
[system/limits] PAM-imposed limits configurable via limit_<NAME>_<TYPE> where name is the resource imposition and type hard or soft.
[PHP Pools] PHP5.6 compatibility during PHP-FPM interrogation.
[Let's Encrypt] report pruned SSL hostnames to account holder during issuance.
[Let's Encrypt] transient requests may be debugged from command-line using env DEBUG=1.
[Screenshots] interface extracted into general-purpose template in master::partials.shared.wa-screenshot.
[discourse] report debugging information directly when invoked from command-line with env DEBUG=1.

REMOVED:
[FST] go packages obviated by goenv

NEW:
[Bootstrapper] "has_dns_only" build option installs a lightweight ApisCP for use with DNS-only.
[Dashboard] show ban reason, corresponding API command rampart:get-reason().
[DNS] $hostname available in DNS templates as a composition of $subdomain + $zone.
[DNS Manager] show DNS zone information in Toolbox.
[Mail] MXRoute provider (see docs.apiscp.com/admin/mail/Mxroute/).
[Process] unshare support. Namespace resources (files, PIDs, UIDs, network) prior to running a process.
[Scopes] cp.screenshots - enable screenshot support; cp.whitelist-login - always permit CP login (see SECURITY.md for Anvil).
[stats] vmstat()- report virtual memory statistics.
[UI] rspamd app now available for admins.
[Web Apps] learning mode duration.
[Web Apps] screenshot support. Enabled automatically if has_low_memory wasn't set at install time. May be manually enabled using the cp.screenshots Scope. web:inventory-capture() performs an en masse screenshot acquitisition.

FIXED:
[Dev] prune unreachable methods during intellisense stub generation.
[file] recursive chown repeatedly calls fsmount for each directory chown'd
[Import] accept mailman list names with underscores.
[PHP] PHP-FPM cache inspection could leave behind its inspection script in certain conditions.
[PHP] webp support for PHP 7.4.
[Process] argument decomposition incorrectly handles nested quotes.
[Opcenter] "True"/"False" parsed as literals.
[Scopes] cp.config automatic postback ignores numeric input types.
[Virtualhosting] binding additional IPs before nm readies drops the active interface from nm's control. Relocate virtualhosting.service until after network-online.target to ensure nm has completed upstream acquisition. ISO/IEC 9899:2011 workaround for last IP in multihomed environment.

CHANGED:
[admin] admin:collect() now supports invoice selection. Works with both primary and subordinate accounts (billing,invoice/billing,parent_invoice).
[billing] implement billing:get-package-type().
[Bootstrapper] improved CentOS 8+ support.
[build] Always drop privileges using git. If root privileges are required for git hooks, set "apnscp_build_helper" in Bootstrapper with a custom build script. set-repo-user.sh in build/ may be used to update remote credentials to the effective username if previously supplied credentials assumed "root".
[cgroup] get-usage() CPU cumulative usage refers to 24 hours, previously 240 hours. Add cumsystem, cumuser that refer to cumulative usage since uptime. system/user fields refer to same value over 24 hour window.
[DNS] get-records() accepts "null" as subdomain to list all records.
[Firewall] change 25/TCP restriction from "postfix" gid to more generic, "mail" gid. Allows rspamd to perform MX checks as well.
[Import] detect corrupted HOME paths from backup source.
[MySQL] database renames apply correct DDL statements.
[MySQL Manager] display database size charged on disk.
[PHP] imagick enabled by default. Simplify multiPHP extension builds + configuration (see PHP-FPM.md).
[PHP] detach pool .service binding from php-fpm such that pools have two-way binding to named .socket and propagated action through group or "php-fpm" master service. Requires `EditDomain --reconfig --all` to appyl retroactively.
[PHP] Relocate composer referent to /usr/share/pear/composer.phar, inline with wp-cli and other PHP utilities.
[Postfix] simplify SMTPS/ESMTP mode settings (see SMTP.md). Always encrypt smarthost transmission set via mail.smart-host. Prior to, encryption was opportunistic.
[Process] suid/sgid options no longer wrap the command in /bin/sh. "Fork" process types may accept open/close callbacks.
[watch] lockdown()- support web user ("apache") as a target user after learning mode completes.
[Web Apps] perform validity check before updating web apps. Prevents potential loop on updating a ghosted web app.
[wordpress] purge WP-CLI cache periodically. Recovery mode resets theme to twentyXXX.

REMOVED:
[dns] check-zone() authoritative_ns requirement. Intended for use internally with BIND. Still used for PTR checks in IpCommon\ip_allocated() for now.

NEW:
[Core] CentOS/RHEL 8 support.
[PHP] track sending scripts via mail.add_x_header=1.
[rampart] get_reason(): show ban reason for IP.

FIXED:
[Bootstrapper] aggressive substitution rule removes vendor-specific kernel parameters on XFS servers.
[DNS Manager] Remove branding from DNS Manager (issue #32)
[Dovecot] indexing cannot connect to indexer service due to visibility.
[PHP] libphpX.so never stripped from httpd.conf.
[Web Apps] email option always overrode with common:get_email() value.
[WordPress] skiplist does not trigger per-asset updates.

CHANGED:
[dns] add_record_conditionally()- A and AAAA records honor CNAME presence.
[Net] improve remote IP detection resiliency.
[Postfix] reduce message size to 100 MB.

NEW:
[Bootstrapper] kernel_automated_reboot controls unassisted reboots after kernel upgrade.
[Opcenter] Internal/reserved IPv4/IPv6 address sensibility checks for CloudFlare, Delegated Whitelist.
[pgsql] change_owner(), get_owner()- manage database ownership in PostgreSQL.
[telemetry] telemetry is now enabled by default. See Metrics.md.
[WordPress] "Manage Packages" feature now available in Web Apps. Functions as a backdoor to disable plugins/themes in an inconsistent state, as well as manage update settings. skip_asset(), unskip_asset(), asset_summary() API methods added to facilitate.

FIXED:
[Bootstrapper] various idempotency fixes. UEFI support.
[DataStream] multi-mode reports failed commands.
[Logrotate] btmp never rotated out on weekly basis due to unmatchable regex.
[MySQL] 10.4 mysql.user field fixes.
[Net] hairpin check defaults to gateway address if not previously configured as with a namebased hosting.
[Opcenter] ssh,port_index does not initialize when ssh,enabled is flipped on during an edit.
[WordPress] numerous fixes to updating third-party/commercial plugins.

CHANGED:
[DNS] Parented zones now use the parent zone instead of creating a separate zone. A parented zone is one in which the parent and child reside on the same account. If a child is created as a new domain, then a separate zone will be created or in the case of CloudFlare, fail.
[Migrations] remediation improvements, ".boxtrapper" handling, detect previously relocated subpaths.
[upcp] drop privileges on git usage.
[Web Apps] Joomla!, Laravel, Drupal, Ghost, and WordPress produce additional debugging information when debug mode is enabled (see DEBUGGING.md).

REMOVED:
[aliases] change_domain() no longer requires the domain to not be listed in aliases,aliases.
[PHP] Remove mod_php from non-low-memory servers.

[admin] collect() can filter on "active" field (true/false) to select accounts that are active or suspended.
[Any-version] account admin may now update shims.
[Argos] validate relay password.
[Bootstrapper] ~2 minute performance bump by refactoring mail/configure-postfix role.
[Bootstrapper] tolerate really weird kernel configurations.
[Bootstrapper] various idempotency fixes.
[ClamAV] remove packages on disablement.
[Cloudflare] proxy only permitted records. Improve error message reporting during CF outage.
[Dovecot] block learning in stressed environments.
[file] reset_path()- when user is empty string, it defaults to current user. "null" still bypasses reset.
[FST] remove rm -rf sudo helper. Conflicts with moving essential services, such as PHP-FPM, to /.socket. May be enabled via [ssh] => sudo_support.
[helpers.sh] su VIRTUSER accepts all normal arguments.
[Letsencrypt] loquacious nameservers may stuff a TXT record beyond what is necessary during ACME challenge resulting in a pause up to the timeout interval.
[Letsencrypt] retry IP check for slow DNS servers.
[Mail] remove "postfix" user when mail is disabled on an account effectively disabling sendmail usage.
[Migrations] Fix condition in which SSL certificates do not activate without second EditDomain post-migration.
[Migrations] limit remediation suggestion to 32 characters per system limitation.
[Migrations] server-to-server migrations, domain suspension may be postponed with --no-suspend flag.
[Monit] scramble default password.
[MySQL] users may contain a period in their username.
[Nexus] IPv6 addresses with numeric leading hextet are incorrectly parsed as an array index.
[Opcenter] add sanity checks to prefix presence before discarding MySQL/PostgreSQL databases.
[Opcenter] correct condition in which promoting an alias to primary domain without explicitly removing the domain from aliases,aliases causes duplicate key on address rename.
[PHP] migrating from non-jail to jail also migrates directives from .htaccess. Controlled via [httpd] => fpm_migration.
[phpMyAdmin, phpPgAdmin] correct condition in which SSO fails if behind CloudFlare.
[phpMyAdmin, phpPgAdmin] updating a password may now optionally reset the password to the specified value.
[Postfix] /etc/postfix/master.d allows for per-site overrides (see Customizing.md).
[Rampart] malware jail, integrates into mod_security/ClamAV filtering.
[Rampart] non-essential logs are tailed on startup thus improving startup time.
[Storage Tracker] correct rendering as Picasso painting.
[Task Scheduler] MAILTO supported.
[Telemetry] range() accepts a negative $begin to look behind n seconds.
[Telemetry] fix condition in which compressed metrics block deletion of a site.
[UI] filters support ESC/ENTER hotkeys.
[UI] update default placeholder.
[WordPress] db_config()- workaround for segfaults if the output buffer fills during database inquiry.
[WordPress] enable debug mode in WP-CLI when ApisCP debugging enabled.
[WordPress] fix condition in lower versions with patch are preferred to those without.

[Bootstrapper] correct condition that would cause Mitogen to fail an assertion check

[Scopes] mysql.remote-access, pgsql.remote-access, ftp.insecure-ssl scopes added
[Telemetry] JIT metric support, Rampart logging
[Opcenter] improve quota fetch throughput, partition enumeration on large (> 500) installs
[PHP] add webp support
[PHP] prevent loading pool for opcache statistics if ActiveState is deactivated
[phpMyAdmin] 4.9+ SSO fixes
[Error Reporter] all unhandled exceptions set exit code 255
[DNS] zone validation wait threshold now configurable via [dns] => validation_wait
[cgroups] add "io" service limit, a 24-hour combined storage bandwidth limit
[Apache] VirtualHost prioritization (see Apache.md)
[admin] get_usage() reports cgroup data. Cache behavior controlled via [cgroup] => prefetch_ttl, usage controlled by show_usage option

[SECURITY] restrict wheel su to MINUID, 1000 on RHEL7+. Restricted daemons expose sockets into virtual filesystem that would allow primary account user, also in wheel, to masquerade as these services potentially injecting arbitrary commands into its socket
[Scopes] GUI now available
[Nexus] display storage, bandwidth utilization. Optional inode utilization support (configure in Account > Settings)
[File Manager] use fixed-width font in editor
[Opcenter] promoting an addon domain to primary is now atomic. Prior to, doing so first required dropping the domain and thus deleting email addresses associated with the addon domain before it could be promoted to primary.
[Auth] Clients that successfully reset their password via login portal and when [auth] => update_restrictions_on_reset is set, if IP login restrictions are present the IP address that successfully resets password will be added to the IP restriction list.
[Dovecot] hibernation now enabled by default. Each IMAP mailbox spawns a separate process, approximately 5-10 MB per. Hibernation freezes these per-mailbox listeners into a single process and thaws into a new process when activity is received on the inbox.
[Migrations] permit numeric email addresses when conflict strategy is "namespaced"
[admin] API command get_usage($type, array $sites) allows usage retrieval for storage or bandwidth of all or a subset of sites

[Layout] search widget
[Scopes] mail.insecure-ssl helper, revert TLSv1.0/TLSv1.1 support. apache.buffered-logs, control buffering of log files. scopes:list() now accepts filter. l() and i() aliased to list()/info()
[Opcenter] siteinfo,domain and aliases,aliases are now an atomic operation. Prior to switching values in Nexus the primary domain would get dropped during a swap resulting in an inconsistent state. Mail transports are now preserved as well.
[Letsencrypt] DNS validation wait period may now be tuned via [letsencrypt] => dns_validation_wait. renew() exposed to admin to renew server certificate.
[SSO] Parent to subordinate SSO fails due to routing changes
[Subdomains] folder browser on subdomain change

[FLARE] Downgrade Monit 5.26 => 5.25 amid PostgreSQL false positives.
[WordPress] set custom rewrite structure on new installs.
[telemetry] new module. Provides information on a variety of monitored attributes. Must be enabled via "cpcmd scope:set cp.config telemetry enabled"

[upcp] Correct condition in which a dirty tree on non-edge update policies would result in an infinite update loop
[Error] Unhandled frontend exceptions now expose the stack when panel is in debug mode
[Dashboard] Integrate Rampart widget into Admin panel
[Template] Laravel Route integration
[MySQL] connections operate natively in utf8mb4
[Scopes] apache.insecure-ssl added. Enable support for insecure TLS v1.0/v1.1 usage.
[Site Optimizer] Pagespeed integration. Optimize a variety of rendering problem areas on websites.
[Migrations] cPanel improvements: deduplicate mailboxes, extract PostgreSQL backups, relocating a document root clobbers itself if source and dest are the same as with subdomains.
[DAPHNIE] MySQL, PHP statistics collection. CPU usage now reported in centisecs.
[cgroup] Implement delta counting for CPU controllers. get_usage("cpu") now reports accurate 24 hour usage.
[rampart] bans_since() API call. Returns ban tally between bracketed time. get_jail_entries() now accepts explicit "null" to return all entries in all tracked jails.
[pgsql] import() supports reading backups from compressed pg_restore invocations
[Cloudflare] Module update, zone deletion. Improve API token validation.

[Let's Encrypt] rewrite solver logic to try best available solver (HTTP, DNS) depending upon inference
[DAPHNIE] Metric compression, optional elision of repeated data via [telemetry] tuneable. PostgreSQL uses a modest cap on optimization. Tuning may be controlled via [telemetry] => memory_consumption
[Let's Encrypt] append() now prevents repeated requests for the same certificate set
[Bootstrapper] delay job notice until Bootstrapper has exited. Prevent false reports when panel restarts in a task
[ClamAV] update package naming as of 0.101.5

[UI] Update "apnscp" theme. Convert DNS zone into combobox. Update layout to native feel.
[SSL] Catch rate-limiting errors during Let's Encrypt challenge.
[aliases] Fix condition in which detaching an addon domain produces a duplicate effect once configuration is synchronized.
[Scripts] mapCheck performs orphan domain check.
[Scopes] apache.evasive may now set "enabled" flag.
[PHP] Remove sysvsem module from PHP-FPM. A variety of race conditions have been encountered without common origin. Running `cpcmd scope:set cp.bootstrapper php_build_flags ""` restores the old build behavior.
[Opcenter] applying a plan type via siteinfo,plans= sets the system default in account metadata