NEW:
[cgroup] reset_peak_memory()- reset peak memory usage in memory controller.
[DNS] bulk DNS framework. Batch record updates with checks (see DNS.md in docs)
[FTP] SSL-only logins via vsftpd_ssl_only Bootstrapper setting. Controlled in vsftpd/configure role.
[Jobs] closure support.
[letsencrypt] use_mechanism(), mechanism() sets mechanism affinity for given hostnames (see SSL.md in docs)
[Mail] DKIM signing, key rolls with rspamd (see rspamd.md in docs)
[Mail] SPF, DMARC policies extracted to config.ini (see Mail.md in docs)
[Pagespeed] per-site caching via [httpd] => pagespeed_persite. Pagespeed will prefer offline cleanup via tmpfiles. May be controlled using pagespeed_offline_cleanup in apache/modpagespeed.
[PHP] PHP-FPM process manager governor types in policy (Http\Php)
[Setup] setup portal for new clients within Help category.
[UI] [frontend] => external_opener, force conversion of all external links to new tabs.
[upcp] -w wait for background Bootstrapper tasks to complete (see UPGRADING.md in docs)
FIXED:
[aliases] add_domain()- improper translation on descend/self metasequences (".."/".") could translate into a descend sequence. This is not exploitable given user/uid checks in add_domain_backend; however, is sufficient concern.
[ApisCP] clean web server PID file on boot. In rare situations, HTTP PID could match ApisCP HTTP PID thus inhibiting start.
[ApisCP] HTTP server cannot negotiate using EC key.
[Bootstrapper] Mitogen unavailable on Python 3.
[CLI] previously edited site may not be immediately replayed without modifying another site or failing.
[Datastream] connection interrupted by asynchronous SIGCHLD signal.
[Discourse] 2.5+ triggers virtual memory exhaustion bug in V8. (nodejs/node #25933)
[DNS] strip TXT record quotes from Cloudflare, Linode modules.
[EditDomain] empty domainmap.tch results in fatal error.
[Horde] unsupported EC encryption keys.
[License] issue verification fails if old license expired.
[Login] render fails if [misc] => sys_status down.
[Mail] switching from SpamAssassin to rspamd does not update [mail] => rspamd_present.
[Mail] disabling spam filter also disables rspamd when DKIM disabled.
[mail] email address rename on user rename busted logic.
[MySQL Manager] #2a42e72b elongated backup name to include h/m/s time. Update pattern to match this format.
[Opcenter] dns,proxy6addr parsed as array.
[Opcenter] storage amnesty may be granted multiple times.
[PostgreSQL] CLI usage requires password.
[Rampart] fail2ban/whitelist-self never fully implemented.
[Task Schedule] gid/uid applied as uid/gid to spool after removing a job. Minute always incorrect.
[UI] ticking "Administrator" box saves domain field.
[UI] interpolation of templated expressions within application.yml.
[upcp] platform migrations run against server inventory.
[upcp] APNSCP_UPDATE_POLICY="" defaults to edge.
[upcp] "minor" update policy cannot update past fractional release, e.g. 3.2.18.1 => 3.2.19
CHANGED:
[Apache] relink configuration if potential domain conflict detected in ordering. This change will not relink custom ordering (see Apache.md#troubleshooting in docs)
[ApisCP] sessions moved to PostgreSQL to remove dependency on MySQL. Eventually provides an opportunity to self-heal from a cyclic database crash when over quota.
[ApisCP] platform scrub, upcp moved to systemd timers. Schedule may be set using a systemd calendar type for apnscp_platform_scrub/apnscp_nightly_update respectively.
[Bootstrapper] network resiliency added on package removal in packages/install.
[cgroup] rename groups to systemd-compliant format, which involves simply suffixing the cgroup as ".slice".
[CLI] suggest similar API methods on invalid method invocation.
[DeleteDomain] --force ignores zone removal errors.
[Discourse] update installation to mirror current Docker practices.
[DNS] provision_zone() optionally performs record check upon request. Previous behavior unconditionally queried records before provisioning a zone; on an empty zone this is unnecessary overhead.
[FST] relocate gconv libraries, which ghost on glibc updates becoming difficult to fully release as a normal daemon dependency.
[Ghost] increase verbosity on installation failure.
[Let's Encrypt] report acquisition errors in UI.
[Mail] update webmail packages when mail support disabled.
[misc] notify of pending trial expiration.
[MySQL] apply [mysql] => concurrency_limit to newly-created accounts.
[Opcenter] uid/gid always saved in database now. Resolves missing quota statistics for users who have mail disabled or use a third-party provider on the account.
[phpMyAdmin] report incomplete SSL configuration.
[phpPgAdmin] report incomplete SSL configuration.
[PostgreSQL] PostGIS may be enabled from API now (pgsql:add-extension).
[PHP Pools] phpinfo() can be opened in a new tab.
[Preferences] write-access now implicitly set. Multidimensional writes are properly tracked no longer requiring an explicit sync() call after updating.
[Reseller] dependency cycle tracking in billing,parent_invoice.
[Syslog] suppress noisy syslog.
[Telemetry] database tuning values are now always MB.
[Transfer] use groupmap/usermap in rsync to bypass additional filesystem passes on uid/gid translation.
[UI] page vars supports nesting.
[UI] loading indicators, now as SVG.
[UI] deemphasize Argos/Scope naming.
[UI] enabling system.sshd-pubkey-only disables embedded terminal.
[upcp] database migrations now come before platform migrations.
[user] delete()- optional second parameter $force added. Bypasses subdomain/addon domain checks prior to removal. Downgrade DNS errors to warnings.
[user] usermod_driver()- user cache always purged before hooks ran. Third parameter to _edit_user() is original pwd.
[Vultr] update API to v2.
[Web Apps] custom webmail subdomains excluded from list.
REMOVED:
[FST] sudo package.
[PHP-FPM] manual cgroup binding on start. Amplifies thundering herd on boot, obsoleted by .slice cgroup rename.