NEW: [auth] reset_password()- generate a new random password for specified user or site administrator. UI equivalents available in Nexus and Manage Users. [auth] Password change flushes Dovecot auth cache. [Net] family()- IP address is of specified v4/v6 family or valid family, a single address or CIDR range. [PHP] Add privatetmp setting to PHP policy and [httpd] => fpm_privatetmp in config.ini to control per-site/global usage of PrivateTmp= in systemd. Presently there is no means to specify a different TMPDIR location in systemd parlance. When disabled, defaults to siteXX/fst/tmp that in enforced by quota restrictions but loses the speed boost from tmpfs usage. [site] kill_user()- terminate all processes belonging to named user. [ssl] server_certificate()- fetch server's SSL certificate. FIXED: [Argos] Force ruamel.yaml.clib < 0.2.3 on CentOS 7. [Bandwidth] Creeping/trampoline rollover periods. Any rollover outside 28 days can bypass a rollover period by 30 days or move up gradually thus skipping a month. Take the minimum between rollover day and days in month as that prescribed rollover. [Cgroup] "Error: failed to parse the configuration rules" error when cgroup,enabled=0. [Discourse] Various compatibility updates with Discourse 2.6+ [file] copy() skips dot files on recursive copy. [FST] PostgreSQL relocation set "postgres" ownership on /.socket. [Transfer] siteXX/fst => siteXX/shadow transformation in path calculation. [Transfer] --no-suspend option ignored. [Vultr] Workaround for "ANY" query type. [Web Apps] Changing owner of Web App changes referent only. Change referrer as well for FollowSymLinkIfOwnerMatch compatibility. CHANGED: [ApisCP] HTTP configuration in httpd-custom.conf converted to protected block. [common] Preferences return an empty set when authentication is disabled. [Core] INCLUDE_PATH must be an absolute path. Path arithmetic may fail when relative locations are used. [Database] Accept "1" for email parameter in database backups. Frontend modifications are disabled and now default to bool. [DNS Manager] SOA records may be modified directly with supported backend, presently only PowerDNS. [Let's Encrypt] Disable DNS challenge mechanism for server certificate. [Migrations] Fail if database control user lacks password. [Migrations] Import from non-standard /home locations. [MySQL] Halve query cache size that can result in significant lock contention on boot on large servers. [Packages] Explicitly pull in apr-util-bdb package. [Perl] Add CPAN/CGI packages into FST. [PHP] Bump imagick extension to 3.5.0. [PHP-FPM] Gracefully handle gibberish cache response. [Process] matchUser()- accepts UID argument. [Rampart] Accept IPv6 CIDR ranges. [Reseller] Allow parent_id value to change. [Scopes] net.hostname, prefer system_hostname bootstrapper setting over system hostname for situations in which admin changes hostname through OS commands. [Templates] Deprecate apnscp-template usage for mail. All generated mail uses resources/views/email/html/message.blade.php (or markdown/message.blade.php). Affects mail dispatched from transfersite.php, domain addition when [domains] => notify true, and account credential changes (password, username, domain). [Transfer] Cover case where site creation on dest uses different nameservers + DNS template differs in CNAME/A usage. [Transfer] --stage=N override affects addon domains. [Transfer] Relay site creation errors as ApisCP error messages. [UI] Trust self-signed server certificate during internal checks. [webapp] Alias detect() to discover() following UI semantics. [Web Apps] Expire UI cache on removal. [Yum] Wait for synchronizer lock. Prior it was possible for Yum Synchronizer to run concurrently resulting in last run's termination. REMOVED: [Traceroute] AddHandler artifact.