Tags

FIXED:
[Opcenter] .test TLDs infinitely created in low-memory mode for impossible screenshot inventory.

CHANGED:
[Cronus] Advance cron.tasks timer irrespective outcome.

NEW:
[MariaDB] 10.6 support.

FIXED:
[Cache] Prefix overwrite on nested calls among different cache implementations.
[CLI] "Session corruption" errors.
[Migration] strict typing check prevents unit inference during cPanel import.
[Migration] --drop-forwarded-catchall preempts [mail] => forwarded_catchall + [mail] => disabled_forwared settings.
[PHP-FPM] Changing apache,webuser lingers old PHP-FPM process pool.
[pyenv] update_pyenv_pythons job updates wrong branch resulting in static Python version list.
[Redis] Move memory check to housekeeping. Remedies Horizon endlessly restarting due to OOM conditions.

CHANGED:
[apnscpd] Flush error log on each cron iteration.
[Ephemeral] Accounts are always force-deleted now.
[Migration] Skip non-namespaced database users that do not match admin user.
[SQL] Backup API methods (add/edit/delete) prepend prefix as needed.
[Transfer] Report when no migration targets found.

NEW:
[ClamAV] Malware scans may be bypassed using an environment marker. See ModSecurity.md.
[DNS] Bulk record replacement. Arguments can take the form of a closure or bare Record object to replace individual parameters or record entirely. See PowerDNS.md and DNS.md docs.
[OS] AlmaLinux + Rocky Linux support. Convert using cpcmd scope:set system.distro alma or cpcmd scope:set system.distro rocky
[PowerDNS] SOA bulk updates.
[stats] release()- OS identification.

FIXED:
[apnscpd] foreground launch fails when launched without systemd.
[Laravel] database may not be available on rollback.
[Nexus] Deselecting boolean always defaults to true.
[Opcenter] Switching apache,webuser leaves resident prior user processes. Preserve non-system user.
[Process] preserve 0/1/2 file descriptors. POSIX guarantees these FDs exist, but not how it's rendered. Restore former flags after execution.
[Quota] Incorrect strict type comparison in amnesty mode.
[PHP-FPM] Ownership change doesn't restart pool.
[Webapps] Early gc_collect_cycles() call results in callback execution prior to metadata commit.
[Webapps] Reindexed numeric global subdomains.
[WordPress] y/n prompt re-enabling SSO defaults to N.

CHANGED:
[Auth] Forward authenticated() call to respective auth handler. Override authenticated() method for CLI auth module. All commands are implicitly authenticated. Possibly resolves session ghosting errors that occur when switching roles and \Auth::authenticated() attempts to resume the session created at invocation.
[Auth]  Unauthenticated AJAX requests return 403. 403 has confers the intended effect of halting further AJAX requests in the timeout loop.
[Filesystem] Add glibc-langpack-en for non-English installs.
[ClamAV]  Whitelist foxhole signatures that result in a high rate of false positives: JS_Zip_19, JS_Zip_21, JS_Zip_23, JS_Zip_24.
[DigitalOcean] Skip broken SOA record.
[dns] get_records_external()- graceful error if no viable resolvers could be used
[Majordomo] Flip default action to subscription management.
[Majordomo] Rewrite From: address on mailing list submission such that DKIM/DMARC policies are preserved. This requires majordomo 1.94.5-2 available in apnscp-updates repo.
[Opcenter] expose CLI configuration in validator option "runtime".
[PHP-FPM] Bypass PHP-FPM regeneration unless --reconfig is specified or service class changes.
[pman] run() uses "runuser" instead of su for faster invocation.
[Process] killUser() accepts second parameter, $gid, to further restrict process by gid.
[Rampart] blocking a connection sends a RST packet to force a connection hang-up.
[Scopes] trim cp.config strings.
[Setup Instructions] Add DKIM DNS record.
[Utility] strip 1 layer of quotes on type inference. Cleans up UI presentation in cp.config.
[Webapps] Fortification removed from Passenger-based apps.
[Webapps] .gitignore accepts per-app overrides.
[WordPress] duplicating a site now copies snapshot settings.

SECURITY:
[Util] pman_run() leaks descriptors to child processes. PHP provides no native way to flag a FD as FD_CLOEXEC, which flags a descriptor to close on exec() syscall. Use FFI to mark descriptors as close-on-exec in sudo invocation.

FIXED:
[Composer] composer/composer #9986 package naming.
[Let's Encrypt] DNS solver method attempted for server certificate.
[Setup] hostname check incorrectly reports to use SSL for addon domains.

CHANGED:
[cpcmd] -l/--list-commands accepts optional filter spec as with misc:list-commands().
[ssh] root pubkey-only authentication controllable via sshd_root_pubkey_only setting.
[Util] failed proc_open() on resource limit reports 254 exit code.
[Web Apps] send no-cache headers during Update Assurance checks.

FIXED:
[Auth] Resetting password generates internal server error.
[Login] Update email template references.
[MySQL] Orphaned databases cannot be removed despite listing in mysql:list-databases(). Add extra check if grant missing for respective database.

NEW:
[auth] reset_password()- generate a new random password for specified user or site administrator. UI equivalents available in Nexus and Manage Users.
[auth] Password change flushes Dovecot auth cache.
[Net] family()- IP address is of specified v4/v6 family or valid family, a single address or CIDR range.
[PHP] Add privatetmp setting to PHP policy and [httpd] => fpm_privatetmp in config.ini to control per-site/global usage of PrivateTmp= in systemd. Presently there is no means to specify a different TMPDIR location in systemd parlance. When disabled, defaults to siteXX/fst/tmp that in enforced by quota restrictions but loses the speed boost from tmpfs usage.
[site] kill_user()- terminate all processes belonging to named user.
[ssl] server_certificate()- fetch server's SSL certificate.

FIXED:
[Argos] Force ruamel.yaml.clib < 0.2.3 on CentOS 7.
[Bandwidth] Creeping/trampoline rollover periods. Any rollover outside 28 days can bypass a rollover period by 30 days or move up gradually thus skipping a month. Take the minimum between rollover day and days in month as that prescribed rollover.
[Cgroup] "Error: failed to parse the configuration rules" error when cgroup,enabled=0.
[Discourse] Various compatibility updates with Discourse 2.6+
[file] copy() skips dot files on recursive copy.
[FST] PostgreSQL relocation set "postgres" ownership on /.socket.
[Transfer] siteXX/fst => siteXX/shadow transformation in path calculation.
[Transfer] --no-suspend option ignored.
[Vultr] Workaround for "ANY" query type.
[Web Apps] Changing owner of Web App changes referent only. Change referrer as well for FollowSymLinkIfOwnerMatch compatibility.

CHANGED:
[ApisCP] HTTP configuration in httpd-custom.conf converted to protected block.
[common] Preferences return an empty set when authentication is disabled.
[Core] INCLUDE_PATH must be an absolute path. Path arithmetic may fail when relative locations are used.
[Database] Accept "1" for email parameter in database backups. Frontend modifications are disabled and now default to bool.
[DNS Manager] SOA records may be modified directly with supported backend, presently only PowerDNS.
[Let's Encrypt] Disable DNS challenge mechanism for server certificate.
[Migrations] Fail if database control user lacks password.
[Migrations] Import from non-standard /home locations.
[MySQL] Halve query cache size that can result in significant lock contention on boot on large servers.
[Packages] Explicitly pull in apr-util-bdb package.
[Perl] Add CPAN/CGI packages into FST.
[PHP] Bump imagick extension to 3.5.0.
[PHP-FPM] Gracefully handle gibberish cache response.
[Process] matchUser()- accepts UID argument.
[Rampart] Accept IPv6 CIDR ranges.
[Reseller] Allow parent_id value to change.
[Scopes] net.hostname, prefer system_hostname bootstrapper setting over system hostname for situations in which admin changes hostname through OS commands.
[Templates] Deprecate apnscp-template usage for mail. All generated mail uses resources/views/email/html/message.blade.php (or markdown/message.blade.php). Affects mail dispatched from transfersite.php, domain addition when [domains] => notify true, and account credential changes (password, username, domain).
[Transfer] Cover case where site creation on dest uses different nameservers + DNS template differs in CNAME/A usage.
[Transfer] --stage=N override affects addon domains.
[Transfer] Relay site creation errors as ApisCP error messages.
[UI] Trust self-signed server certificate during internal checks.
[webapp] Alias detect() to discover() following UI semantics.
[Web Apps] Expire UI cache on removal.
[Yum] Wait for synchronizer lock. Prior it was possible for Yum Synchronizer to run concurrently resulting in last run's termination.

REMOVED:
[Traceroute] AddHandler artifact.

NEW:
[Opcenter] Add [opcenter] => site_id_offset setting that sets site ID origin when creating new sites. Must remain below 32767.
[Opcenter] procfs abstraction library.
[Scopes] mongodb.enabled, enable MongoDB support.
[Scopes] net.ip6-enabled, perform reconfiguration when adding IPv6 support to server.

FIXED:
[mysql] Always escape underscores on database creation.
[MySQL Manager] Disabling database backups skips import.
[MySQL Manager] "write" permission is not checked when enabled.
[phpMyAdmin] dead SSL URL.
[phpPgAdmin] dead SSL URL.
[PostgreSQL Manager] Disabling database backups skips import.
[Redis] Base conversion float return breaks strict typing enforcement during Redis memory detection routine.
[Spam Filter] Delivery threshold, settings lost on adjustment.
[Yum] Missing package triggers for PostgreSQL v13.
[Web Apps] failed reconfiguration on install leaves behind .git/, .gitignore.

CHANGED:
[Argos] Check backend property before application. Previously, modifying a property on a new backend without updating the backend elicited crash.
[Anvil] Improve brute-force tracking. Add new tuneables, [anvil] => request_limit and request_limit_window that control how many requests may occur over a window in seconds. Only non-static requests are tracked. Change also covers cPanel brute-force attacks that have been noted across a variety of servers.
[Backend] Always run housekeeping/cron in debug mode. Original intention was for development, but private usage keeps this mode activated to the detriment of routine SSL renewals and miscellany.
[cron] Hide "No such file or directory" messages generated during web ownership updates.
[Ghost] Disambiguate next leg of upgrade process on major changes.
[rbenv] Update HEAD.
[Web Apps] Catch garbage HTTP statuses during Update Assurance initialization.
[WordPress] Streamline SSO installation/activation into single process.

SECURITY:
[Composer] CVE-2021-29472 command injection vulnerability.

NEW:
[admin] collect() now accepts domains for $site parameter.
[Bootstrapper] sshd_permit_root_login, fine tune always permitting or rejecting root login.
[cgroup] CPU pinning via cpupin service variable.
[cgroup] Freezer support, cgroup:freeze($anything). Freezing a site immediately suspends any userspace code for the affected site. Compare with suspending an account, which allows userspace code to complete but does not permit further logins or site interactivity.
[Dashboard] User Administrators may now unban selves when [rampart] => user_discovery=true (default=True).
[Nexus] Resource sorting.
[Settings] "external opener" feature now configurable under Account > Settings > Theme.
[Web Apps] Default update notification policy configurable via [webapps] => notify_update.

FIXED:
[Aliases] Removing a domain from aliases,aliasesd preserves the domain in the account's domainmap.
[apnscpd] Backend boundary writes result in hang.
[Argos] ruamel incompatibility on CentOS 7.
[Bootstrapper] Dormant IPv4/6 configuration.
[Datastream] Incomplete writes on transitional buffers that would result in a hang.
[email] Renaming an inbox for a non-numeric destination performs an incorrect default substitution.
[PageSpeed] TTFB response variable renamed.
[PHP] Creating a site without a dedicated webuser prevents switching to one later.
[rspamd] Dictionary key interpolation breaks resulting in literal templated key writes.
[Scopes] apache.system-directive strips surrounding whitespace.
[UI] invalid null coalescence check break comparison.
[Web Apps] Circular references restrict snapshot intake.
[Web Apps] Busted transient property check.
[Web Apps] Bogus index checks results in duplicate listings.
[Web Apps] Various transient property checks.

CHANGED:
[apnscp] Additional checks to confirm frontend responsiveness on restart via cp.restart.
[apnscp] Apply restart synchronously.
[apnscp.js] apnscp.highlight() supports live binding events.
[build] disable apnscp repos at dessication stage. Prevents false alarms during image checks from unreachable repos.
[Dovecot] 2.3 compatibility
[helpers] deferred() is now queue-based working off an SplStack-derived class, \Deferred.
[FTP] user_enabled() checks [ftp] => enabled.
[Metrics] TimescaleDB v2 compatibility.
[multiPHP] Prevent multiPHP builds that duplicate system_php_version.
[Network] my_ip()- cleanup output when multiple records are returned from NAT'd interface.
[Nexus] memory usage normalized to site configuration in Nexus.
[rampart] User Administrators may now query is_banned(). Corresponding Dashboard feature added.
[Storage Usage] include /tmp in storage list.
[Theme] @lang macro is now reserved.
[UI] Improve "Select"  verbiage.
[WordPress] Raise WP-CLI memory limit from 128 => 256 (constrained by cgroup usage) to allow large WooCommerce catalogs to update.
[WordPress] wp-content/cache/ fortified in max mode. Create directory automatically to facilitate usage

REMOVED:
[cgroup] Cleanup API requirement of passing afi instance on account import.
[Dispatcher] Handling of svg/css/js/png requests, ~25% speedup.
[file] Top-level pollution courtesy a naieve caching strategy.

FIXED:
[Filesystem] high level bytes stripped from devices.
[WordPress] enabling SSL at install immediately fires a URL rewrite hook that must be deferred until install.

CHANGED:
[FST] update libmaxminddb dig dependency on CentOS 8.
[PHP] clean extension directory when moving PHP version from system to multiPHP.
[Web Apps] "pending install" semantics are now consistent with UI.

SECURITY:
[DNS] zone permission checks missing in multiple add_record()/remove_record() implementations.

NEW:
[common] set-preference(), set a single preference value using dot notation.
[UI] Onboarding tours (see Customizing.md).

FIXED:
[DNS] provisioning fails on incomplete DKIM setup.
[Let's Encrypt] incorrect hostname variant appended if absent during requests and [letsencrypt] => alternative_form enabled.
[Login] "password" field position reverts after password entry.
[Metrics] TimescaleDB v2 loader conflicts with version detection.
[UI] Layout method (_layout()) called twice during page render.
[Web Apps] options serialized as object always return "true" for auto-update policy.

CHANGED:
[apnscpd] convert service type to sd_notify, which allows for cgroup controllers to be mounted within each account prior to virtualcron service.
[DNS] add double-throw safety switch, require setting dns,enabled=0 + dns,provider=null to remove a zone on edit.
[Reseller] rewrite subordinate <=> parent relationship. billing.parentmap now contains a 1:1 association of subordinates to parents instead of invoices to subordinate sites.
[Scopes] dns.ip4-pool, dns.ip6-pool- cap max namebased IPs to 64.
[Web Apps] always reapply reconfigurables during install if a Web App were previously located.

SECURITY:
[user] generate_quota_list() could be leveraged via symlink attack to overwrite an arbitrary system file within the account.

NEW:
[File Manager] block critical directories from browsing. Behavior may be adjusted via Account > Settings > App Settings.
[PostgreSQL] v13/TimescaleDB v2 support.

FIXED:
[DNS Manager] cloning a domain persists old entries for 1 page refresh.
[Horizon] deserialization errors in UI.
[License] replacing an expired license may result in a misleading panel status.
[phpMyAdmin] self-signed certificate error reporting.
[phpPgAdmin] self-signed certificate error reporting.
[rspamd] cleanup self-scan/low-memory mode. Prior implementation launched a Redis instance as well as improperly configured sqlite backends. Note sqlite is deprecated in rspamd 2.
[user] generate_quota_list()- accept PANEL_BRAND values with spaces.
[user] rename_user()- refers to old username in Manage Mailboxes.
[web] add_subdomain()- address condition in which a badly formed symlink could result in changing /home recursively to account admin on subdomain creation.
[Web Apps] a known parented docroot blocks display of children.

CHANGED:
[API] extend server_name column length to match cp-proxy.
[apnscp.js] wrap apnscp.cmd() in JSON.
[Dovecot] Archive folder may now be created on the fly by enabling dovecot_remote_archive in Bootstrapper.
[EditDomain] cancel storage amnesty reset if diskquota modified while under amnesty.
[Mail] pass null driver reload request to parent driver.
[Postfix] cleanup various inheritence parameters in main.cf.
[Scopes] dns.ip4-pool + dns.ip6-pool expand CIDR notation.
[Server Information] report "available" memory.
[Setup Instructions] prefer service value settings over domain name.
[Summary] ignore cumulative CPU usage when telemetry is disabled.
[UI] add second style link for links that open in-situ to disambiguate from links that open in new tab.
[UI] all assets for an app may be overridden individually, including application.yml, by creating the file within config/custom/apps.
[web] www.subdomain DNS record creation may be controlled via [dns] => subdomain_implicit_www
[Web Apps] add "Flush Cache" option.
[Web Apps] ad hoc (manifest-based) web apps honor database configuration if specified for snapshot/export support.
[Web Apps] hide app meta from unprovisioned site.

REMOVED:
[Subdomains] stack preselections.

FIXED:
[Metrics] specify timescale extension as v1 now pulls in v2 dependencies.
[MySQL] 10.5.8 -> 10.5.9 "ALL" permission loses value in bitmask.

CHANGED:
[cgroup] revert previous group naming (without ".slice"). systemd management resets cgroup parameters on each reload requiring explicit declaration of parameters via slice unit file.
[cgroup] delegate management to Dovecot/vsftpd/Passenger services.
[fail2ban] replace backend with pyinotify on CentOS 8/Stream.
[MySQL] increase max packet size to 50 MB. NextCloud upgrade compatibility.
[PHP] stat presence of php-fpm to weed out pending builds.
[PostgreSQL] improve durability of transient connection errors.
[Tasks] stagger upcp/platform scrubs to avoid concurrent runs on same machine.

REMOVED:
[Summary] apisnetworks.com references.

NEW:
[cgroup] reset_peak_memory()- reset peak memory usage in memory controller.
[DNS] bulk DNS framework. Batch record updates with checks (see DNS.md in docs)
[FTP] SSL-only logins via vsftpd_ssl_only Bootstrapper setting. Controlled in vsftpd/configure role.
[Jobs] closure support.
[letsencrypt] use_mechanism(), mechanism() sets mechanism affinity for given hostnames (see SSL.md in docs)
[Mail] DKIM signing, key rolls with rspamd (see rspamd.md in docs)
[Mail] SPF, DMARC policies extracted to config.ini (see Mail.md in docs)
[Pagespeed] per-site caching via [httpd] => pagespeed_persite. Pagespeed will prefer offline cleanup via tmpfiles. May be controlled using pagespeed_offline_cleanup in apache/modpagespeed.
[PHP] PHP-FPM process manager governor types in policy (Http\Php)
[Setup] setup portal for new clients within Help category.
[UI] [frontend] => external_opener, force conversion of all external links to new tabs.
[upcp] -w wait for background Bootstrapper tasks to complete (see UPGRADING.md in docs)

FIXED:
[aliases] add_domain()- improper translation on descend/self metasequences (".."/".") could translate into a descend sequence. This is not exploitable given user/uid checks in add_domain_backend; however, is sufficient concern.
[ApisCP] clean web server PID file on boot. In rare situations, HTTP PID could match ApisCP HTTP PID thus inhibiting start.
[ApisCP] HTTP server cannot negotiate using EC key.
[Bootstrapper] Mitogen unavailable on Python 3.
[CLI] previously edited site may not be immediately replayed without modifying another site or failing.
[Datastream] connection interrupted by asynchronous SIGCHLD signal.
[Discourse] 2.5+ triggers virtual memory exhaustion bug in V8. (nodejs/node #25933)
[DNS] strip TXT record quotes from Cloudflare, Linode modules.
[EditDomain] empty domainmap.tch results in fatal error.
[Horde] unsupported EC encryption keys.
[License] issue verification fails if old license expired.
[Login] render fails if [misc] => sys_status down.
[Mail] switching from SpamAssassin to rspamd does not update [mail] => rspamd_present.
[Mail] disabling spam filter also disables rspamd when DKIM disabled.
[mail] email address rename on user rename busted logic.
[MySQL Manager] #2a42e72b elongated backup name to include h/m/s time. Update pattern to match this format.
[Opcenter] dns,proxy6addr parsed as array.
[Opcenter] storage amnesty may be granted multiple times.
[PostgreSQL] CLI usage requires password.
[Rampart] fail2ban/whitelist-self never fully implemented.
[Task Schedule] gid/uid applied as uid/gid to spool after removing a job. Minute always incorrect.
[UI] ticking "Administrator" box saves domain field.
[UI] interpolation of templated expressions within application.yml.
[upcp] platform migrations run against server inventory.
[upcp] APNSCP_UPDATE_POLICY="" defaults to edge.
[upcp] "minor" update policy cannot update past fractional release, e.g. 3.2.18.1 => 3.2.19

CHANGED:
[Apache] relink configuration if potential domain conflict detected in ordering. This change will not relink custom ordering (see Apache.md#troubleshooting in docs)
[ApisCP] sessions moved to PostgreSQL to remove dependency on MySQL. Eventually provides an opportunity to self-heal from a cyclic database crash when over quota.
[ApisCP] platform scrub, upcp moved to systemd timers. Schedule may be set using a systemd calendar type for apnscp_platform_scrub/apnscp_nightly_update respectively.
[Bootstrapper] network resiliency added on package removal in packages/install.
[cgroup]  rename groups to systemd-compliant format, which involves simply suffixing the cgroup as ".slice".
[CLI] suggest similar API methods on invalid method invocation.
[DeleteDomain] --force ignores zone removal errors.
[Discourse] update installation to mirror current Docker practices.
[DNS] provision_zone() optionally performs record check upon request. Previous behavior unconditionally queried records before provisioning a zone; on an empty zone this is unnecessary overhead.
[FST] relocate gconv libraries, which ghost on glibc updates becoming difficult to fully release as a normal daemon dependency.
[Ghost] increase verbosity on installation failure.
[Let's Encrypt] report acquisition errors in UI.
[Mail] update webmail packages when mail support disabled.
[misc] notify of pending trial expiration.
[MySQL] apply [mysql] => concurrency_limit to newly-created accounts.
[Opcenter] uid/gid always saved in database now. Resolves missing quota statistics for users who have mail disabled or use a third-party provider on the account.
[phpMyAdmin] report incomplete SSL configuration.
[phpPgAdmin] report incomplete SSL configuration.
[PostgreSQL] PostGIS may be enabled from API now (pgsql:add-extension).
[PHP Pools] phpinfo() can be opened in a new tab.
[Preferences] write-access now implicitly set. Multidimensional writes are properly tracked no longer requiring an explicit sync() call after updating.
[Reseller] dependency cycle tracking in billing,parent_invoice.
[Syslog] suppress noisy syslog.
[Telemetry] database tuning values are now always MB.
[Transfer] use groupmap/usermap in rsync to bypass additional filesystem passes on uid/gid translation.
[UI] page vars supports nesting.
[UI] loading indicators, now as SVG.
[UI] deemphasize Argos/Scope naming.
[UI] enabling system.sshd-pubkey-only disables embedded terminal.
[upcp] database migrations now come before platform migrations.
[user] delete()- optional second parameter $force added. Bypasses subdomain/addon domain checks prior to removal. Downgrade DNS errors to warnings.
[user] usermod_driver()- user cache always purged before hooks ran. Third parameter to _edit_user() is original pwd.
[Vultr] update API to v2.
[Web Apps] custom webmail subdomains excluded from list.

REMOVED:
[FST] sudo package.
[PHP-FPM] manual cgroup binding on start. Amplifies thundering herd on boot, obsoleted by .slice cgroup rename.

SECURITY:
[sudo] CVE-2021-3156 mitigation. Privilege escalation via command line argument parsing. Remove this version from FST, which will provide adequate protection from user invocation until updated packages are available.

NEW:
[admin] create_from_meta()- generate a duplicate of the site from its metadata.
[Bandwidth Stats] add daily/monthly views when appropriate.
[MySQL] SSL server support.
[Web Apps] "empty directory" option before installation.
[WordPress] SSO plugin. Must be installed account-wide first via Web Apps before per-site activation.

FIXED:
[Auth] unauthenticated logins would redirect to /dashboard, then /login resulting in being doubly counted against anvil.
[cgroups] memory.limit_in_bytes unlimited previously encoded as NULL that becomes PHP_INT_MAX when multiplied that creates an overflow error in kernel. Update value to -1.
[DAPHNIE] illegal offset 'ranges'.
[Ghost] update login information for Ghost 2.x installs.
[File Manager] extract option ignored in Download & Extract feature.
[Manage Mailboxes] vacation responder cache misses.
[Modules] session logic mismatch error on CLI resumption. If session cannot resume automatically, import from database.
[Scopes] virus-scanner.signature-whitelist, correctly handle "UNOFFICIAL" signatures.
[Versioning] version comparison inherits first version's digits if missing.
[Web Apps] per-app overrides in config/custom/webapps/ could never take precedence.

CHANGED:
[argos] monitoring is reset on backend boot.
[dns] disable native TLSA lookups in PHP.
[dns] parented domains on provision will properly set DNS records on parent.
[EditDomain] improve EditDomain durability in mass edits, handle fatal() calls.
[file] set_acls()- allow UID usage.
[file] reimplement expose() algorithm to use ACLs. Changing ownership of a hardlink changes the original inode. This behavior was unintended and could result in loss of access to file after expose() as with PHP-FPM logs.
[File Manager] json files now editable.
[Jobs] squelch duplicate emails when admin and site admin are same address.
[Migrations] sessions no longer required. Add database checks after each platform migration to catch MySQL restarts.
[Nexus] cache services.
[Opcenter] reject potentially destructive changes such as lowering a quota below what's presently in use without --force flag.
[PHP Pools] relay phpinfo() errors to UI.
[PHP-FPM] either ExecStart= or ExecStop= is required for a simple service to be valid. ExecStart=/bin/true can lead to residual processes on a mass restart. Move the required Exec* to stop, which is less likely to yield subsequent tasks.
[Scopes] add "FORWARDED" property to determine whether a scope provides a purpose or merely forwards to another scope.
[Web Apps] add modal confirmation before invoking Recovery Mode.
[Web Apps] updates blocked by version locking will report this cause.
[Web Apps] additional docroot ghosting checks. Docroots that were relocated or orphaned are now masked.

NEW:
[file] temp()- generate a temporary file.
[PHP Pools] phpinfo() section.
[UI] clear(), exists() helper methods in menu to empty/check entries in menu templates (see Customizing.md).

FIXED:
[DNS] removing similar records dumps record cache.
[Filesystem] disable project quotas if XFS features cannot support concurrent group + project quotas.
[misc] notify-installed() always uses IP address.
[Opcenter] deletion blocked by missing "apache" user.
[Opcenter] double-parsing "null" is converted to null literal for provider default.

CHANGED:
[Ansible] apply 2.9.16 hotfix for C7 platforms.
[apnscp.js] preserve hash keys for future compatibility with named argument invocation.
[DNS] bypass uneditable NS apex records.
[FST] relocate p11-kit into siteinfo for imagick dependency.
[Let's Encrypt] admin can toggle between EC/RSA server certificate.
[UI] check for plan-specific menus.

NEW:
[admin] get_site_id_from_admin()- efficient lookup to determine which site has specified siteinfo,admin_user value.
[Backups] backup_dbs.php helper now accepts --keep, --force flags to retain existing database backups and skip backup schedule.
[DNS] show apex NS records. Must be enabled via Account > Settings > App Settings > DNS Manager.
[PHP] PHP-FPM version selection now available under PHP Pools.
[PHP] expose recent log in PHP Pools.
[PHP] policy maps. Set a variety of PHP-FPM values administratively. See PHP-FPM.md.
[UI] Add [frontend] configuration, https_only restricts access to HTTPS endpoints. content_security_policy= sets a default CSP. Sample CSP supplied in config.ini.

FIXED:
[apnscpd] exporting LC_ALL to backend breaks float formatting, such as in multiPHP. Limit numeric localization to authentication context.
[Bootstrapper] CentOS Stream workaround for #1853736, "systemctl show" emits "Invalid argument" in property trailer.
[DNS] always encapsulate TXT records in quotes.
[EditDomain] exceptions lose stack.
[EditDomain] delayed journaling causes a flood of logging messages at shutdown.
[misc] command_info() an incomplete docblock creates a null dereferencing exception.
[upcp] Composer timestamp check ineffective.
[Web Apps] use app pretty name in presentation. Always show primary domain name.

CHANGED:
[Auth] add domainmap.tch size validation on boot.
[Backups] backup_dbs.php may be manually triggered. Set manual_database_backups=true in Bootstrapper, then run apnscp/crons role.
[Bootstrapper] allow MySQL overrides via mysql_custom_config.
[DNS] changing providers performs zone provision.
[DNS] honor [dns] => default_ttl value for new records.
[EditDomain] allow null/None values in plan definitions to update on --reset. Previously any None value is skipped such as apache,subnum.
[Network] bypass hairpin check if IP address exists on interface.
[PHP] relocate Remi to /.socket/php/multiphp.
[PostgreSQL] use named socket to connect instead of 127.0.0.1 for connectivity. Designed for interoperability when PrivateNetworking=yes in cp-proxy configuration.
[PowerDNS] listen on 127.0.0.1 on CentOS 8+/PowerDNS 4.3+ builds. Previously changed from 0.0.0.0 to accommodate systemd-resolved. On basic setups; however, with a local nameserver configuration, 127.0.0.1 cannot return an authoritative response.
[Rampart] an "ignorelist" delegated whitelisting target has been added, which applies all firewall rules but ignores brute-force blocks for these IPs. Previously the target was "whitelist" which absolutely permits access before other rules. "ignorelist" rules only affect whitelisting done by Site Administrators. rampart:whitelist by Appliance Administrator still places the IP address in "whitelist". Policy may be changed by setting [rampart] => delegation_set.
[Scripts] mapCheck rebuild TokyoCabinet database before performing reverse sweep.

REMOVED:
[dns] remove_zone() no longer accessible directy by Site Administrator.
[dns] authoritative-only flag causes hang in multiple DNS providers. Rely on setting recursion=0 to validate successful provisioning.
[PowerDNS] PowerDNS 4.3/CentOS 8 limitation. MySQL backend driver RPM no longer depends on MySQL 8.

NEW:
[Scopes] mail.rspamd-piggyback, set rspamd in piggyback mode.

FIXED:
[Ansible] #72985 hotfix.
[Login] invalid admin username causes white screen.
[PHP] FPM service group missing from php-fpm service wants.
[PHP] 8.0 version setting parsed as "8" in UI.
[Powerdns] TXT concatenation changes introduced in 3.2.17 resulted in an off-by-one error for TXT records.
[Scopes] renamed scopes, such as apache.php-version => php.version do not load view overrides when accessed from prior name.

NEW:
[Bootstrapper] add has_proxy_only build type, provisions a server to act as a cp-proxy relay. See Panel proxy.md for further information.

FIXED:
[Backups] database backups may never terminate when the number of snapshots exceeds the number of preserved backups.
[Bootstrapper] Node, PHP tarballs accounted under admin1.
[Bootstrapper] sofware/passenger role from an interactive terminal in which Rake is installed suspends tty to background.
[CentOS] version detection incorrect on 8+ paltforms resulting in invalid comparisons.
[DNS] moving providers no longer automatically provisions DNS on the new provider.
[Ghost] mail cannot deliver due to firewall restrictions on "direct" mail transport.

CHANGED:
[Auth] redirection DNS check now optional via [auth] => server_validity. Useful in cp-proxy installs with internal hostnames.
[Auth] log attempts and Anvil blocks now logged to /var/log/secure.
[Bootstrapper] always use local connection in panel
[ClamAV] FreshClam usage dependent upon server mode.
[Digitalocean] honor 30s minimum DNS TTL.
[DNS] record names may be optionally split on 255 octet boundaries now.
[File Manager] cleanup incomplete extractions.
[mail] disable mailbox management for third-party mail providers.

FIXED:
[Opcenter] mail/dns provider list merged in Nexus
[PHP-FPM] unlink stray php-fpm Wants= target from earlier efforts

NEW:
[Opcenter] registration of custom DNS, mail providers. See DNS.md.

FIXED:
[Bootstrapper] duplicate notifications generated for jobs.
[Ghost] Fails to start on fresh install from missing interpreter.
[Opcenter] apache,subnum off-by-one error.
[PHP] move socket after PHP-FPM pool operation. During stop/start operations in Bootstrapper a rare race condition (<0.5%) was observed in which one or more pools may after the socket has been restarted thus inhibiting socket activation.
[systemd] verify systemd-resolved enabled in local presets. Images provisioned with systemd-resolved enabled will lose this setting whenever systemd package updates per rules in /usr/lib/systemd/system-preset/90-default.preset.
[upcp] always cleanup SSH agent directory.

CHANGED:
[Bootstrapper] SCL may be controlled individually via has_scl setting.
[ClamAV] disable freshclam in client-only mode.
[Network] enable bidirectional explicit congestion notification. This has been the default in iOS 11+ and network infrastructure sufficiently new since introduction 20 years ago.
[Opcenter] aliases,max=0 disables end-user addon domain management while retaining administrative alias usage.
[PHP] reset failed state on pool restart.
[Scopes] cp.nightly-update- permit systemd.time(7)-style updates