SECURITY: [file] Insufficient access control checks would permit accessing a file with 0xx4 permissions behind a directory with 0700 permissions. No directories within the virtual filesystem possess this permission pattern but improper use of root within a vfs could create files exhibiting this pattern. NEW: [DNS] Zone migration on provider change. Enable with [dns] => migrate. [dns] zones()- report all zones for given authentication context. [Drupal] 10.x support. [email] convert_malbox()- convert between mdbox/sdbox/mbox/maildir formats. cPanel mailboxes are automatically converted upon import. [Frontend] Use FPM instead of Apache SAPI. Improved stability, lower memory requirements. [Internal] Process creation loggable by setting [core] => debug_proc when debug mode enabled. [Internal] Volatile auth profiles, write-once, save-never variants of authentication contexts created through clone. [Opcenter] IPv6 interface autodetection. [php] pool_direct_read()- bypass HTTP routing, send request direct to PHP-FPM process. [PHP] 8.2 support. [PostgreSQL] pgsql.postgis-version scope. Enable/set PostGIS version on server. [PostgreSQL] SSL support. [Process] execve support. Commands passed as an array of parameters bypass /bin/sh subshell processing. ~50% performance improvement. [Templates] Introduuce $user, $docroot, $hostname variables in docroot placeholder. [Transfer] Synchronize multiPHP settings. [UI] [demo] => admin_lock produces a read-only panel instance. Privileged execution still remains via cpcmd. [upcp] Pass runtime values to Bootstrapper using --var=KEY=VAL. Replaces old "BSARGS=--extra-vars=x=y" format. FIXED: [Apache] IPv6 without IPv4 namebased hosting results in malformed Apache configuration. [Bandwidth] Refresh daily site bandwidth usage. [Bootstrapper] Mitogen persists an rpm lock in subshell resulting in read lock failure when mail.enabled scope is invoked. [Bootstrapper] Extension build conflict in php/install-pecl-module if PHP package named "http". [cgroup] "cpupin" setting persists after cleaning value. [cgroup] peak memory usage resettable via [cgroup] => reset_peak. [DNS Manager] Dismissing clone modal persists domain list. [DNS Manager] Login domain displayed out of order. [file] get_directory_contents() runs in exponential time. [Filesystem] Device major integer wraparound. [File Manager] Paths with plus interpreted as RFC 1866 space. [Internal] Filesystem::interrogate() returns error when no open file handles exist. [Internal] implement getgrgid(), getpwuid() within Role\Group, Role\User. [Let's Encrypt] Replacing Let's Encrypt with non-LE certificate will attempt LE auto renewal. [MySQL Manager] Max connections limited to 99. [Network] Disabling IPv6 via net.ip6-enabled scope sets incorrect procfs value. [Network] Take first routed IP address. [Nextcloud] Canonicalize global subdomain. [Nextcloud] Follow prescribed update policy, i.e. remove all files except config/ and data/ during update. [Opcenter] Addon domains specified directly in aliases,aliases runtime are doubly-counted against license limit. [Opcenter] Immediately update username/domain value if changed in EditDomain. [PAM] Boundary metachar misuse. [PHP-FPM] Adding cgroup controllers retains old cgroup controller list. [PostgreSQL Manager] Max connections truncated to 99. [Regex] Set PCRE_DOLLAR_ENDONLY flag on regexes used for validation purposes. Prevents CLI invocation that intentionally append a newline to value. [Scripts] mapCheck tracks sites absent in other maps. Deletes database users in DB-VARIANT.usermap. [Task Scheduler] MAILTO= idempotency violation. [upcp] --reset updates Composer + runs pending migrations. [upcp] Successive vars passed as BSARGS= environment variable ignored. [Users] /bin/false + /sbin/nologin missing from CentOS 8. CHANGED: [Anvil] Report API throttle and retry time in response headers. [auth] reset_password() returns password. Previously delivered password OOB as status message. [Backend] Memory management improvements. Restart cron when [cron] => memory_limit watermark reached. [Bootstrapper] Bypass existent repo configuration unless forced. [Bootstrapper] Flush filesystem cache post-install to reduce perceived memory usage of panel. [Bootstrapper] Passing --var=force=yes rebuilds all PHP modules. [Bootstrapper] System PHP compilation reassigned to role php/install. php/build-from-source handles low-level builds. [file] copy() follows cp behavior: preserve deep symlinks, copy referent at surface. [file] Reject paths greater than OS PATH_MAX. [file] stat() always works on shadow layer. Composite access must be done through file_stat_backend(). [Ghost] Restore Ghost 5 installation rights. Block 5.21 <= ver < 5.24. [misc] cp_version() reports debug mode. [Nextcloud] Adhere to Nextcloud security checks in multiowner setup. Switch occ execution context to match config/config.php owner. [Opcenter] Improve deletion logic on mismatched username. [PHP] clean_php Bootstrapper var affects extension source preservation after build. [PHP-FPM] Bump MAIN pool startup to 3m for O(n^k) cgroupv1 parsing when ProtectHome is set. [PHP Pools] Cache introspection/phpinfo() bypasses overzealous .htaccess rules through direct FastCGI request. [pman] Set reasonable upper limit for maximum process CPU time. A process should not exceed its runtime limit, receiving a kill signal if exceeded. Double sanity check by adding CPU throttle 2x runtime. [Subdomains] "Browse" defaults to active directory. [Tuned] Increase sleep duration. Configurable in system/tuned role. [UI] Directory browser creates directories recursively. [Web Apps] Emptying existing docroot calls app's uninstall method if present. [Webmail] Apply "use external opener" behavior. [WordPress] Filter third-party WP-CLI output. [WordPress] Run database discover as docroot owner. [WordPress] Trim whitespace from closing PHP tags in SSO URL. REMOVED: [Anvil] Phase out exponential blocking algorithm. Adequate delays are incporated into password_verify(), stalling a connction blocks PHP-FPM worker processes. [Cloudflare] Partner portal.