SECURITY: [sudo] CVE-2021-3156 mitigation. Privilege escalation via command line argument parsing. Remove this version from FST, which will provide adequate protection from user invocation until updated packages are available. NEW: [admin] create_from_meta()- generate a duplicate of the site from its metadata. [Bandwidth Stats] add daily/monthly views when appropriate. [MySQL] SSL server support. [Web Apps] "empty directory" option before installation. [WordPress] SSO plugin. Must be installed account-wide first via Web Apps before per-site activation. FIXED: [Auth] unauthenticated logins would redirect to /dashboard, then /login resulting in being doubly counted against anvil. [cgroups] memory.limit_in_bytes unlimited previously encoded as NULL that becomes PHP_INT_MAX when multiplied that creates an overflow error in kernel. Update value to -1. [DAPHNIE] illegal offset 'ranges'. [Ghost] update login information for Ghost 2.x installs. [File Manager] extract option ignored in Download & Extract feature. [Manage Mailboxes] vacation responder cache misses. [Modules] session logic mismatch error on CLI resumption. If session cannot resume automatically, import from database. [Scopes] virus-scanner.signature-whitelist, correctly handle "UNOFFICIAL" signatures. [Versioning] version comparison inherits first version's digits if missing. [Web Apps] per-app overrides in config/custom/webapps/ could never take precedence. CHANGED: [argos] monitoring is reset on backend boot. [dns] disable native TLSA lookups in PHP. [dns] parented domains on provision will properly set DNS records on parent. [EditDomain] improve EditDomain durability in mass edits, handle fatal() calls. [file] set_acls()- allow UID usage. [file] reimplement expose() algorithm to use ACLs. Changing ownership of a hardlink changes the original inode. This behavior was unintended and could result in loss of access to file after expose() as with PHP-FPM logs. [File Manager] json files now editable. [Jobs] squelch duplicate emails when admin and site admin are same address. [Migrations] sessions no longer required. Add database checks after each platform migration to catch MySQL restarts. [Nexus] cache services. [Opcenter] reject potentially destructive changes such as lowering a quota below what's presently in use without --force flag. [PHP Pools] relay phpinfo() errors to UI. [PHP-FPM] either ExecStart= or ExecStop= is required for a simple service to be valid. ExecStart=/bin/true can lead to residual processes on a mass restart. Move the required Exec* to stop, which is less likely to yield subsequent tasks. [Scopes] add "FORWARDED" property to determine whether a scope provides a purpose or merely forwards to another scope. [Web Apps] add modal confirmation before invoking Recovery Mode. [Web Apps] updates blocked by version locking will report this cause. [Web Apps] additional docroot ghosting checks. Docroots that were relocated or orphaned are now masked.