SECURITY: [common] preference cache uses built-in Redis serializer, which could allow an attacker to store a carefully crafted class instance as a preference value. No known attack vector exists presently, but if preferences had a vulnerability to store an arbitrary object or attacker had direct access to modify raw preference data, it would thus be feasible to leverage. Use a whitelist of acceptable objects to unserialize. FIXED: [build] check composer.lock timestamp on each update to ensure ./composer install is installed as needed during batch updates. [Nextcloud] reapply read/write access to config.php depending on Fortification mode. [Summary] report service limits. [Web Apps] "Show Detected Apps" hides all apps. CHANGED: [Discourse] support 2.4.0+ [Firewalld] restart firewalld when switching FirewallBackend types. A full flush is required otherwise all network operations are blocked. [Opcenter] sort services on edit hook. [pgsql] incorrect field in add-user() parameterization. [Postfix] always add missing headers. Broken mail clients, such as Windows Mail, do not set a Message-ID header resulting in quarantined mail. [rspamd] disable RBL checks for ESMTPA transactions. [Scopes] add scope change to history. [Web Apps] separate into individual repositories. Native apps may be overridden by placing the corresponding app in config/custom/webapps/name, then running ./composer dump-autoload -o followed by systemctl restart apiscp. [WordPress] use native mod_rewrite template. Resolves double-append cases when permalinks are updated in panel. REMOVED: [Preferences] hrtime() uses arbitrary origin and thus unsuitable for synchronization checks.