Tags

FIXED:
[Cloudflare] Modifying DNS record in proxy mode strips proxy behavior.

REMOVED:
[Packages] ImageMagick-perl 6.9.12.50 built against Perl 5.23 appstream.

FIXED:
[Nexus] "Hide in welcome email" displays password.
[PHP] PECL helper script executed as PHP script.

CHANGED:
[PHP] Recompile imagick extension to make use of new MagickWand API.

NEW:
[apnscpd] Report last fatal error in systemd status field.
[DNS] Changing IPv4, IPv6 pools through dns.ip4-proxy/dns.ip6-proxy performs a batch update on managed zones.
[Migration] --do=, --list-components= for staged reapplication from a backup. In most situations --no-create --no-scan --no-bootstrap should be included to prevent post-migration hooks from running once the components are processed. --do may be listed multiple times.
[MongoDB] 5.x support.
[redis] system_info()- send INFO command to ApisCP Redis instance.
[PHP] Add "php_enabled" Bootstrapper setting to control presence of PHP on node. Implied when has_dns_only is enabled.
[upcp] -m|--migration flag runs specified migrations. glob-style wildcards are supported. Results are not logged to migrations database. Intended primarily for development purposes to test migrations without specifying the full name.
[WordPress] AST walker constant retrieval.
[WordPress] debug reconfigurable, toggles debug mode.

FIXED:
[apnscpd] systemd culls control-group on direct process restart.
[Apps] application manifest "vars" key uninitialized in production.
[Argos] Disabling rspamd monitoring by mail feature.
[Bootstrapper] git:// protocol suspended on Github.
[CLI] % in service values, e.g. auth,tpasswd=, treated as variable placeholder.
[DNS] Promoting addon domain to primary domain removes zone.
[Filesystem] Declaring /sys/fs/cgroup -> /.socket/cgroup as slave mount loses propagation rights when /.socket mounted as slave. Corrects window between apnscp and cgconfig initialization in which PHP-FPM could startup failing on postexec cgclassify step.
[Let's Encrypt] Callback arguments violate strict typing when [letsencrypt] => auto_bootstrap enabled.
[Opcenter] Deleting a site lingers queued jobs in atd. Rewrite Util_Process_Schedule to optionally tag job IDs with site identifier. These jobs will be removed at account deletion.
[PHP-FPM] Delayed cgroup rbind into vfs results in failed PHP-FPM startup when cgroup,enabled=1 on busy sites.
[PostSRSd] Spaces in /etc/default/postsrsd treated as command.
[Preference] Context derivation on domain change.
[rampart] bans_since()- null dereference prior to initialization.
[Settings] Cancelling confirm dialog still processes removal.
[Subdomains] index.html missing in newly created subdomains.
[Task Scheduler] Setting MAILTO= without an active job.
[Whitelist] Cancelling confirm dialog still processes removal.
[WordPress] Missing .htacess results in corrupted SSO link.

CHANGED:
[Aliases] Restore previous behavior introduced in 3.2.31, a domain deleted yet not committed via aliases:synchronize-changes may be added. Perform additional check in pending configuration.
[apnscpd] Move \ListenerServiceCommon to \ListenerService\Daemon.
[auth] change_cpassword() permits locked indicator, !!. A locked account may not login but may change its password.
[Bootstrapper] software/argos role variable "state" accepts "disabled"/"enabled" in addition to false/true.
[Distro] Update AlmaLinux, Rocky Linux migration scripts.
[imagick] Bump extension to 3.7.0.
[Laravel] Cap Laravel 8 to non-PHP 8 setups.
[Migration] Drop unsupported IP stacks on target machine.
[MySQL] Relink /var/lib/mysql/mysql.sock as needed after installation.
[Node] Cleanup Node versions on upgrade. Change default behavior to not install system-wide Node. Controllable via node_system_install (bool) and node_prune_system_upgrades (bool).
[PHP-FPM] Increase 100ms retry on failed service to 750ms defensively against future misconfigured service dependency ordering.
[Regex] Permit punycoded email domains.
[rspamd] Rework remote Redis configuration (see rspamd.md).
[Screenshots] Purge saved screenshots when a domain/subdomain is added.
[Screenshots] User namespaces can be disabled entirely as mitigation for CVE-2022-0185 and general hardening. Disabling namespaces disables sandboxing in Chrome, which is designed to isolate tabs from malicious code exploiting a vulnerability. When disabled sandboxing must be disabled as well. [screenshots] => sandbox_fallback controls this behavior.
[UI] Reduce scope of external opener decorator to any rel="external" attribute.
[UI] Trim space from search input.
[WordPress] update_plugins()/update_themes()- Extend plugin/theme argument to accept $force (default: false) that bypasses skiplist rules. Available only when $plugins is formatted as a complex list.
[WordPress] Specifying hold:1 as an option during install preserves structure in event of failure.

REMOVED:
[Mail] courier-authlib when mail feature disabled.
[Settings] Konami easter egg for non-Site Administrators.

REMOVED:
[haproxy] nbproc. No longer present in haproxy v2+. PostgreSQL repository may pull in haproxy v2 during update on Alma/Rocky/C8 machines. haproxy_worker_count moved to nbthread on v1.8+.

FIXED:
[Postfix] Spamhaus flags Cloudflare as public resolver. Postfix DNSBL codes work on first non-zero result rather than specificity. Expand non-error statuses to avoid flagging mail as spam.

NEW:
[apnscp.js] cmd() queueing.
[DNS] --all flag applies DNS changes to all sites on server via scripts/change_dns.php.
[Dovecot] dovecot_utf8_mailboxes, enable support for UTF-8 named mailboxes. Mailboxes containing ampersand do not require a following hyphen in UTF-8 mode. mUTF-7 is default mode.
[Opcenter] OOB file descriptor reporting in --fd=X.
[php] pool_owner: report pool owner for named pool.
[WordPress] Plugin updates.

FIXED:
[afi] Prefer session ID over authenticated context in singleton instantiation to avoid infinite recursion that occurs between authorization and the implicit account initilization. Likewise this was triggered in the opcenter/ test suite.
[ajax] Invalid invocations returned normal results.
[Apache] Rollback results in infinite loop on missing apache group.
[Auth] Revert changes introduced in 3c361e77 whereby preferences are not loaded until after login. Postponement forces tautology in IP 2FA.
[Backend] Potential race condition may occur when an asynchronous signal is received, e.g. SIGCHLD, during worker resumption resulting in selected worker being incorrectly terminated.
[Cache] All Redis cache types extend MProxy, which locks up a Redis connection for each profile scope as a static member. When the authentication context changes or spawning a new backend worker, the connection is refreshed. Garbage collection runs manually in backend to optimize usage patterns resulting in situations in which phpredis extension could write to an invalid descriptor. Check if gc is disabled then explicitly invokve a cycle to ensure fds are properly deinitialized.
[cpcmd] multi command mode reports last command following output changes.
[DNS] SRV records application.
[Dovecot] 2.3 no longer implicitly trusts 127.0.0.1 for plain-text authentication.
[File Manager] non-ASCII files result in garbled output. Refactor zip implemementation to ZipArchive.
[MySQL] Changing mysql,dbaseadmin leaves behind old admin.
[Opcenter] Deleting a site attempts SSL acquisition when [letsencrypt] => auto_bootstrap enabled.
[Opcenter] Domains attached directly via aliases,aliases report as non-existent. Change aliases:domain-exists() and web:list-domains, web:split-doc-root to report these direct additions as aliases to /var/www/html.
[Opcenter] Error() generated within validation routine reports incorrect module.
[Opcenter] Potential race condition in /proc/self/mount query.
[Opcenter] Rollback on addition before apache service proccesses results in recursive loop due to missing apache group.
[Opcenter] Expiring a site from within a contexted authentication may invalidate the global authentication session. An example occurs during rampart_get_jails() called by DAPHNIE using the global authentication context to query available jails after editing a site.
[SSL] Unlink certificate chain configuration when a newly imported certificate lacks a chain/intermediate.
[Synchronizer] Validate PID process name during lock check.
[upcp] Perform .git/ write check as update user.

CHANGED:
[Bootstrapper] Enhance grub.cfg rootflags= matching to reflect last listed directive.
[Bootstrapper]
[Dev] clean.sh interactively prompts for features when preparing an image. Installed Mitogen version is preferred.
[Dovecot] Update ciphers. Disable cipher downgrade by client.
[letsencrypt]  renew(), append()- prune orphaned domains from certificate bundle.
[node] make_default()- accept non-specific versions, e.g. v12 or "12".
[personality] scan()- unparseable .htaccess file shall return false, not NULL.
[PHP] Create PHP runtime configuration directory as needed.
[Postfix] Smart-host via mail.smart-host no longer requires password.
[Quotas] Convert XFS features in filesystem/make-mounts role to list. Features may be overridden with "xfs_quota_features".
[rspamd] Update rspamd DMARC, reputation configuration. Older installs may contain literal templated key expressions that cannot parse from limitations in Jinja. These may report spurious "unknown backend" warnings. Likewise reporting is now a configuration section in 3.0+.
[Scopes] net.ip4 flush namebased_ip_addrs on update.
[Scopes] net.ip6 flush namebased_ip6_addrs on update.
[Session] Expire cached afi instances on session invalidation.
[Setup Instructions] Graceful downgrade for unprivileged users.
[SSL] Enabling [letsencrypt] => auto_bootstrap
[UI] Resume quota caching.
[UI] Secure Access Key checks refresh key TTL in Redis. Key rolling moved to a separate cron task.
[vfs] Add wget cyrpto-policies dependency.
[WordPress] PHP 8.1 compatibility (see wp-cli/wp-cli#5586).
[WordPress] Add "hold=" option to withhold failed installation.
[Yum] Downgrade reinstalling existing package into vfs as warning
[Yum] apnscp/initialize-dependencies accepts additional include_dependencies= var to denote implicit package installation.

INTERNAL:
[Filesystem] Rename FILESYSTEMTEMPLATE references in release annotations to "vfs": virtual filesystem. "fst" will continue to refer to /home/virtual/FILESYSTEMTEMPLATE components. "vfs" refers to composite filesystem after all layers merged up.

SECURITY:
[OS] CVE 2021-4034 hotfix, polkit/pkexec vulnerability on C8.

FIXED:
[Migrations] assert protobuf-c, json-c, fstrm packages available before applying October migration.

CHANGED:
[Bootstrapper] Package scripts may pass "yum_transaction_hook" variable to inform Bootstrapper if scripts are running from within Yum transaction. Resolves a potential deadlock if an included tag calls yum during transaction.
[PHP] Automate recovery if apache,webuser system user is missing from /etc/password.
[UI] "Use External Opener" feature always appends to URLs that match ^http.

FIXED:
[afi] Anonymous module initialization pulls in global authentication context instead of scoped context.
[UI] Absolute URL matching for proxied layouts.

CHANGED:
[afi] Lazy-load account metadata. Direct access to "conf" property is now via getAccount() method.
[Cache] Enable compression using zstd.
[Cache] OOM check may also throw RedisException.
[Mail] Dovecot 2.3 support.
[multiPHP] Remove /etc/phpXX.d from filesystem upon removal of multiPHP version.
[Opcenter] --force always calls depopulate() on disabled services.
[Opcenter] Permit 253-character domains, the maximum permitted label length.
[UI] Disable crawling.
[VirtualCron] 2 minute timeout on service start.

NEW:
[Backend] Suspend/resume of Cronus.
[Daphnie] TimescaleDB v2 support. Compression changes reduces storage requirements by ~57%. Site deletion now possible without decompressing metrics.
[Ghost] v4 compatibility.
[Opcenter] metrics service class. "enabled" controls API usage as well as metrics logging. Disabled for epehemeral accounts.
[Process] environment()- parse a process' environment variables. all()- list all processes optionally matching a closure.
[telemetry] histograms. Create data constructs over even intervals for arbitrary windows with metrics.

FIXED:
[Bootstrapper] Account creation assertion fails on low-memory servers.
[Change Information] Reactivating a suspended model presents change option without corresponding input.
[Database] Removing a database without a corresponding backup task generates an error.
[File Manager] Fragment ("#") usage in filename breaks various features.
[Opcenter] A single fatal() in a DeleteDomain batch aborts chain.
[Opcenter] apache,jail must always be enabled on non-FPM servers.
[Opcenter] Re-enabling pgsql or mysql service blocks on duplicate dbaseadmin check.
[PHP-FPM] Deleting a domain attempts to update PHP-FPM log ownership.
[pman] get_processes() returns empty process list if empty controller previously populated.
[rspamd] Disabling rspamd support persists Argos monitoring profile.
[UI] Processes overview reports no active processes when freezer cgroup enabled.
[UI] Route invocation with implicit Page binding creates a new app instance without parsing metadata. Reuse the fully instantiated object during parameter resolution
[UI] Secure Access Key rotation determined by cron TTL instead of Redis TTL.

CHANGED:
[Auth] API method "whitelisted" changed to "trusted" to indicate role in forwarded address verification.
[Auth] Honor [auth] => min_pw_length in password checks.
[Bootstrapper] Purge RPM cache after install.
[Cloudflare] Bump API timeout to 10 seconds.
[Daphnie] Raise shared locks as needed by TimescaleDB during intense operations. Lock count is approximately 2 * chunk count.
[Daphnie] Restrict logging via metrics,enabled service parameter.
[Discourse] Propagate nvm PATH shimming to rake subprocess.
[FTP] Force vsftpd restart on glibc update. vsftpd may hold onto old copies of glibc that conflict with PAM.
[HTML Kit] absolute_url() generates a URL matching the browser environment. Move old code into separate function, canonical_url(), which will always return a URL formed with the server name.
[misc] list_commands() matches modules, e.g. cpcmd -lmisc. Previous usage required an explicit wildcard.
[Network] Negative trust anchors on ip6.arpa PTR lookups.
[Process] Add GID matching in addition to group name.
[Scripts] mapCheck.php inspects orphaned database entries. Yield appldb.siteinfo records to filesystem metadata on mismatch.
[telemetry] metrics() now available to Site Administrator.
[UI] phpMyAdmin, phpPgAdmin follow "Use external opener" option.
[Web Apps] Tolerate corrupted fortify metadata. Older sites migrated may have unusable options set. When reapplying Fortification profile from metadata the value is improperly interpreted as "" instead of its intended mode.

REMOVED:
[Daphnie] Boundary alignment detection.

FIXED:
[Apnscp] Cover edge case if redis.conf maxmemory directive below used_memory. Such a situation could occur if regenerating redis.conf from template that has already increased its memory limit.
[Cgroup] freezer, cpuset controllers always applied to cgrules.conf.
[Cloudflare] Parameterized records send without attributes.
[Crontab] virtualcron.service fails to initialize on race condition with apnscp.service. To avoid polluting mount table, cgroup controllers are bind mounted based on platform requirements. cgroupv2 uses a single hierarchy which obviates this requirement; however platform is still on v1. Add workaround by restarting virtualcron service after cgroup controllers are mounted into FST.
[Migrations] proxyaddr/proxy6addr retained on target server.
[Migrations] Overrides referencing an array are logged as "Array".
[UI] Static resource key that protects third-party apps forgotten after extended duration without panel restart (> 4 days).

CHANGED:
[Cgroup] Use rbind for controller mount into shared r/w path (/.socket) when unified hierarchy detected.
[dns] export() will polyfill NS records from dns:get-hosting-nameservers when absent in export.
[Drupal] Minimum installable version is now 7.33
[Drupal] Query drupal/drupal Github repository for versioning.
[Migrations] Clone DNS when migrating site to new server with disjoint nameservers. Prior behavior lost all prior records on new server.
[PowerDNS] Fallback on RPM schema if playbook-supplied schema is absent.
[Web Apps] Support version pagination on Github. Match MAJOR.MINOR versioning.
[WordPress] SSO no longer requires dispatcher presence.

NEW:
[cgroup] cpuset support. Allocate a site to a specific CPU or set of CPUs. Controlled via cgroup,cpupin service attribute.
[cgroup] freezer support. Suspend any CPU processing for site. Corresponding API call cgroup:freeze likewise to unfreeze call cgroup:thaw.
[DNS] SVCB RR support in Cloudflare. SMIMEA RR support in PowerDNS.
[Joomla] 4.x support.
[PostgreSQL] v14 support.
[Setup Instructions] FTP configuration profiles.
[UI] Declare entry application besides "dashboard" application. See Customizing.md for further information.
[upcp] -l/--list shows available tags to run in conjunction with upcp -b.
[User Defaults] %u and ~ expression in FTP jail path default. %u expands to USERNAME, ~ expands to /home/%u.

FIXED:
[cpcmd] Specifying a filter to -l/--list-commands is silently ignored.
[Databases] Deleting a custom database without prefix namespace does not discard backup task on site deletion. Revise lookup algorithm to update database to prefix + database composite, failing if that delete query cannot be resolved.
[DNS Manager] Reset DNS to defaults skips local subdomain entries.
[email] add_virtual_transport()- add UUID check before provisioning MX records. Corrects condition in which server-to-server migration using same nameservers duplicates MX records prior to migration complete.
[file] chown() forces remount in process where direct write occurs to fully release file handle thus updating stat metadata. Resolves ghosting issues with custom FTP jail directory.
[Joomla] Take head on multiple branch updates such as 3.x and 4.x update pathways.
[Let's Encrypt] RFC 6125 rule matching. A wildcard matches a label but does not match additional labels. Secondary subdomains will not be filtered by a wildcard subdomain.
[Logs] --reconfig overwrites /etc/logrotate.conf. Abstain from regenerating this file unless missing.
[Migration] Web App metadata lost on transfer.
[Opcenter] Performing a shallow import of an authentication context breaks getServiceValue() usage. Merge old into cur to preserve behavior when SiteConfiguration is instantiated during Opcenter task (edit, delete, add domain).
[PHP-FPM] Dependency ordering loop on PHP-FPM sockets occurs in default assignment of basic.target. CentOS 8 negotiates sysinit.target to pull in .socket services. Dependency assignment makes .service subordinate to .socket, but permits restarting of socket activation by .service directly. On boot with a basic.target assignment, sockets.target is implicitly included in all .socket services that must run before basic.target resulting in a cyclic graph.
[Process] "sgid" option looks for named user instead of group.
[Scopes] Disabling PHP build from UI sends incorrect command to backend.
[Scopes] list() shows original index numbers.
[UI] Cleanup ephemeral accounts after theme inventory. Cleanup dangling .test domains from platform.
[UI] Duplicate gauge id attributes.
[User Defaults] Defaults not reflected immediately following postback.
[User Defaults] Ternary precedence inhibits checked attributes on disk quota.
[Web Apps] Crash in Chromium 94.0.4606.61 on C8. A full stderr buffer that is closed at runtime results in crash leaving screenshots in a persistent pending state.

CHANGED:
[Bandwidth] Squelch invalid domains during tabulation.
[Bootstrapper] Cap Mitogen version to ^0.2.
[Core] Library update.
[DNS] Bulk update helpers add()/remove() follow replace() behavior in which a record is only skipped if the closure returns boolean false.
[DNS] Use API error message on invalid Cloudflare key.
[DNS Manager] Permit restoring naked zones.
[Dovecot] mail_max_userip_connections extracted to Bootstrapper setting.
[file] Optimize chown() performance, filesystem caches are only updated once on recursive chown.
[file] Optimize filesystem flush, use syscalls directly instead of calling helper script.
[Joomla] Upgrade Joomlatools to 1.6.0.
[License] Clarify mismatched gateway reason.
[License] license.php helper includes validation status.
[MySQL] "Big selects" now toggleable in Bootstrapper (mysql/install role). Enabling big selects implies max_join_size=2^64. Setting max_join_size implies sql_big_selects=0.
[Network] Emergency patch when no nameservers are detected in /etc/resolv.conf such as can occur if NetworkManager goes rogue.
[Network] Disable DNSSEC for PTR records (in-addr.arpa zones). PTR has a very limited incentive to poison. Certain published zones of legitimate mail are unsigned resulting in FCrDNS failure during lookup by Postfix. This value may be reverted to previous configuration by overwriting Bootstrapper var "negative_trust_anchor_template" in common/update-config.
[Opcenter] Bypass admin_user rollback on no-op.
[Opcenter] Ephemeral accounts are now prefixed "apiscp-int-" to disambiguate origin.
[Opcenter] Permit setting siteinfo,plan=None. When set to None a site no longer has plan affinity
[PHP-FPM] Add check to determine if system is capable of PHP-FPM when apache,jail=1.
[PHP-FPM] Defer daemonization to systemd thus making it behave similar to Remi implementation.
[PHP-FPM] sockets.target no longer default target for php-fpm-MAIN.service. Implied part of php-fpm.service.
[Setup Instructions] Add IMAP path prefix.

REMOVED:
[DNS] DNSKEY RR support on Cloudflare.
[Migration] Skip ownership update on migration. uidmap/gidmap flags handle this during rsync.

FIXED:
[Apache] force htrebuild for Apache 2.4.50 release. Add missing strace packages for C8.

FIXED:
[Opcenter] .test TLDs infinitely created in low-memory mode for impossible screenshot inventory.

CHANGED:
[Cronus] Advance cron.tasks timer irrespective outcome.

NEW:
[MariaDB] 10.6 support.

FIXED:
[Cache] Prefix overwrite on nested calls among different cache implementations.
[CLI] "Session corruption" errors.
[Migration] strict typing check prevents unit inference during cPanel import.
[Migration] --drop-forwarded-catchall preempts [mail] => forwarded_catchall + [mail] => disabled_forwared settings.
[PHP-FPM] Changing apache,webuser lingers old PHP-FPM process pool.
[pyenv] update_pyenv_pythons job updates wrong branch resulting in static Python version list.
[Redis] Move memory check to housekeeping. Remedies Horizon endlessly restarting due to OOM conditions.

CHANGED:
[apnscpd] Flush error log on each cron iteration.
[Ephemeral] Accounts are always force-deleted now.
[Migration] Skip non-namespaced database users that do not match admin user.
[SQL] Backup API methods (add/edit/delete) prepend prefix as needed.
[Transfer] Report when no migration targets found.

NEW:
[ClamAV] Malware scans may be bypassed using an environment marker. See ModSecurity.md.
[DNS] Bulk record replacement. Arguments can take the form of a closure or bare Record object to replace individual parameters or record entirely. See PowerDNS.md and DNS.md docs.
[OS] AlmaLinux + Rocky Linux support. Convert using cpcmd scope:set system.distro alma or cpcmd scope:set system.distro rocky
[PowerDNS] SOA bulk updates.
[stats] release()- OS identification.

FIXED:
[apnscpd] foreground launch fails when launched without systemd.
[Laravel] database may not be available on rollback.
[Nexus] Deselecting boolean always defaults to true.
[Opcenter] Switching apache,webuser leaves resident prior user processes. Preserve non-system user.
[Process] preserve 0/1/2 file descriptors. POSIX guarantees these FDs exist, but not how it's rendered. Restore former flags after execution.
[Quota] Incorrect strict type comparison in amnesty mode.
[PHP-FPM] Ownership change doesn't restart pool.
[Webapps] Early gc_collect_cycles() call results in callback execution prior to metadata commit.
[Webapps] Reindexed numeric global subdomains.
[WordPress] y/n prompt re-enabling SSO defaults to N.

CHANGED:
[Auth] Forward authenticated() call to respective auth handler. Override authenticated() method for CLI auth module. All commands are implicitly authenticated. Possibly resolves session ghosting errors that occur when switching roles and \Auth::authenticated() attempts to resume the session created at invocation.
[Auth]  Unauthenticated AJAX requests return 403. 403 has confers the intended effect of halting further AJAX requests in the timeout loop.
[Filesystem] Add glibc-langpack-en for non-English installs.
[ClamAV]  Whitelist foxhole signatures that result in a high rate of false positives: JS_Zip_19, JS_Zip_21, JS_Zip_23, JS_Zip_24.
[DigitalOcean] Skip broken SOA record.
[dns] get_records_external()- graceful error if no viable resolvers could be used
[Majordomo] Flip default action to subscription management.
[Majordomo] Rewrite From: address on mailing list submission such that DKIM/DMARC policies are preserved. This requires majordomo 1.94.5-2 available in apnscp-updates repo.
[Opcenter] expose CLI configuration in validator option "runtime".
[PHP-FPM] Bypass PHP-FPM regeneration unless --reconfig is specified or service class changes.
[pman] run() uses "runuser" instead of su for faster invocation.
[Process] killUser() accepts second parameter, $gid, to further restrict process by gid.
[Rampart] blocking a connection sends a RST packet to force a connection hang-up.
[Scopes] trim cp.config strings.
[Setup Instructions] Add DKIM DNS record.
[Utility] strip 1 layer of quotes on type inference. Cleans up UI presentation in cp.config.
[Webapps] Fortification removed from Passenger-based apps.
[Webapps] .gitignore accepts per-app overrides.
[WordPress] duplicating a site now copies snapshot settings.

SECURITY:
[Util] pman_run() leaks descriptors to child processes. PHP provides no native way to flag a FD as FD_CLOEXEC, which flags a descriptor to close on exec() syscall. Use FFI to mark descriptors as close-on-exec in sudo invocation.

FIXED:
[Composer] composer/composer #9986 package naming.
[Let's Encrypt] DNS solver method attempted for server certificate.
[Setup] hostname check incorrectly reports to use SSL for addon domains.

CHANGED:
[cpcmd] -l/--list-commands accepts optional filter spec as with misc:list-commands().
[ssh] root pubkey-only authentication controllable via sshd_root_pubkey_only setting.
[Util] failed proc_open() on resource limit reports 254 exit code.
[Web Apps] send no-cache headers during Update Assurance checks.

FIXED:
[Auth] Resetting password generates internal server error.
[Login] Update email template references.
[MySQL] Orphaned databases cannot be removed despite listing in mysql:list-databases(). Add extra check if grant missing for respective database.

NEW:
[auth] reset_password()- generate a new random password for specified user or site administrator. UI equivalents available in Nexus and Manage Users.
[auth] Password change flushes Dovecot auth cache.
[Net] family()- IP address is of specified v4/v6 family or valid family, a single address or CIDR range.
[PHP] Add privatetmp setting to PHP policy and [httpd] => fpm_privatetmp in config.ini to control per-site/global usage of PrivateTmp= in systemd. Presently there is no means to specify a different TMPDIR location in systemd parlance. When disabled, defaults to siteXX/fst/tmp that in enforced by quota restrictions but loses the speed boost from tmpfs usage.
[site] kill_user()- terminate all processes belonging to named user.
[ssl] server_certificate()- fetch server's SSL certificate.

FIXED:
[Argos] Force ruamel.yaml.clib < 0.2.3 on CentOS 7.
[Bandwidth] Creeping/trampoline rollover periods. Any rollover outside 28 days can bypass a rollover period by 30 days or move up gradually thus skipping a month. Take the minimum between rollover day and days in month as that prescribed rollover.
[Cgroup] "Error: failed to parse the configuration rules" error when cgroup,enabled=0.
[Discourse] Various compatibility updates with Discourse 2.6+
[file] copy() skips dot files on recursive copy.
[FST] PostgreSQL relocation set "postgres" ownership on /.socket.
[Transfer] siteXX/fst => siteXX/shadow transformation in path calculation.
[Transfer] --no-suspend option ignored.
[Vultr] Workaround for "ANY" query type.
[Web Apps] Changing owner of Web App changes referent only. Change referrer as well for FollowSymLinkIfOwnerMatch compatibility.

CHANGED:
[ApisCP] HTTP configuration in httpd-custom.conf converted to protected block.
[common] Preferences return an empty set when authentication is disabled.
[Core] INCLUDE_PATH must be an absolute path. Path arithmetic may fail when relative locations are used.
[Database] Accept "1" for email parameter in database backups. Frontend modifications are disabled and now default to bool.
[DNS Manager] SOA records may be modified directly with supported backend, presently only PowerDNS.
[Let's Encrypt] Disable DNS challenge mechanism for server certificate.
[Migrations] Fail if database control user lacks password.
[Migrations] Import from non-standard /home locations.
[MySQL] Halve query cache size that can result in significant lock contention on boot on large servers.
[Packages] Explicitly pull in apr-util-bdb package.
[Perl] Add CPAN/CGI packages into FST.
[PHP] Bump imagick extension to 3.5.0.
[PHP-FPM] Gracefully handle gibberish cache response.
[Process] matchUser()- accepts UID argument.
[Rampart] Accept IPv6 CIDR ranges.
[Reseller] Allow parent_id value to change.
[Scopes] net.hostname, prefer system_hostname bootstrapper setting over system hostname for situations in which admin changes hostname through OS commands.
[Templates] Deprecate apnscp-template usage for mail. All generated mail uses resources/views/email/html/message.blade.php (or markdown/message.blade.php). Affects mail dispatched from transfersite.php, domain addition when [domains] => notify true, and account credential changes (password, username, domain).
[Transfer] Cover case where site creation on dest uses different nameservers + DNS template differs in CNAME/A usage.
[Transfer] --stage=N override affects addon domains.
[Transfer] Relay site creation errors as ApisCP error messages.
[UI] Trust self-signed server certificate during internal checks.
[webapp] Alias detect() to discover() following UI semantics.
[Web Apps] Expire UI cache on removal.
[Yum] Wait for synchronizer lock. Prior it was possible for Yum Synchronizer to run concurrently resulting in last run's termination.

REMOVED:
[Traceroute] AddHandler artifact.

NEW:
[Opcenter] Add [opcenter] => site_id_offset setting that sets site ID origin when creating new sites. Must remain below 32767.
[Opcenter] procfs abstraction library.
[Scopes] mongodb.enabled, enable MongoDB support.
[Scopes] net.ip6-enabled, perform reconfiguration when adding IPv6 support to server.

FIXED:
[mysql] Always escape underscores on database creation.
[MySQL Manager] Disabling database backups skips import.
[MySQL Manager] "write" permission is not checked when enabled.
[phpMyAdmin] dead SSL URL.
[phpPgAdmin] dead SSL URL.
[PostgreSQL Manager] Disabling database backups skips import.
[Redis] Base conversion float return breaks strict typing enforcement during Redis memory detection routine.
[Spam Filter] Delivery threshold, settings lost on adjustment.
[Yum] Missing package triggers for PostgreSQL v13.
[Web Apps] failed reconfiguration on install leaves behind .git/, .gitignore.

CHANGED:
[Argos] Check backend property before application. Previously, modifying a property on a new backend without updating the backend elicited crash.
[Anvil] Improve brute-force tracking. Add new tuneables, [anvil] => request_limit and request_limit_window that control how many requests may occur over a window in seconds. Only non-static requests are tracked. Change also covers cPanel brute-force attacks that have been noted across a variety of servers.
[Backend] Always run housekeeping/cron in debug mode. Original intention was for development, but private usage keeps this mode activated to the detriment of routine SSL renewals and miscellany.
[cron] Hide "No such file or directory" messages generated during web ownership updates.
[Ghost] Disambiguate next leg of upgrade process on major changes.
[rbenv] Update HEAD.
[Web Apps] Catch garbage HTTP statuses during Update Assurance initialization.
[WordPress] Streamline SSO installation/activation into single process.