Tags

NEW:
[Nexus] Show process counts.
[Web Apps] Specific upgrade version selectable.

FIXED:
[Drupal] Snapshot feature cannot export database with relocated docroot.
[PHP-FPM] enable --now implicitly reloads systemd. Perform analogous task over D-Bus.
[Web Apps] Apps with multiple subclasses lack base reconfigurable properties.

FIXED:
[Joomla] Bogus version check uses incorrect helper when installing with PHP 8.0.
[Laravel] v9+ incomplete installation.
[Logging] Uncaught exceptions or fatal() macros may remain unlogged.
[MySQL Manager] Commit #df88738c introduces additional name field.
[Opcenter] "artisan opcenter:plan --remove" cannot delete plan files.
[Web Apps] Changing username results in crash.

CHANGED:
[auth] Parented accounts return true in auth:is-demo().
[Bootstrapper] mysqlnd may be disabled by specifying php_native_mysql=False. Disabling mysqlnd will revert to libmysqlclient.
[Daphnie] Automatically wrap monotonic values.
[Migrations] Recursively look for mailbox type.
[SELinux] Set selinux=0 in kernel on disablement.
[UI] Enable strict sessions.
[upcp] Code and platform updates are now atomic. Releases will not update until all migrations on current release have completed successfully. Code will continue to update irrespective of migration status in edge mode.

REMOVED:
[Limits] Virtual memory/address space limit. Better memory restriction exists in cgroup memory controller. Imposing any such limit creates undesirable side-effect in V8 allocation, see nodejs/node #25933.
[PHP] Huge codepage support on new installs. Introduces marginal startup tax on multitenant environments, see php/php-src PR #10301

NEW:
[Opcenter] Native D-Bus communication. All systemd requests use D-Bus instead of systemctl.

FIXED:
[Dashboard] Invalid peak memory calculation.
[dns] Invalid assertion clones all subdomain records into target zone.
[file] Appliance Admin stat() access lost during refactor.

CHANGED:
[ModSecurity] Only ClamAV malware can may trigger 406 status. All other ModSecurity dispositions report 403.
[PHP] Update ionCube download location.

REMOVED:
[Git] 4 GB filesize restriction. Packfiles may grow beyond this resource limit resulting in undefined behavior.

SECURITY:
[file] Insufficient access control checks would permit accessing a file with 0xx4 permissions behind a directory with 0700 permissions. No directories within the virtual filesystem possess this permission pattern but improper use of root within a vfs could create files exhibiting this pattern.

NEW:
[DNS] Zone migration on provider change. Enable with [dns] => migrate.
[dns] zones()- report all zones for given authentication context.
[Drupal] 10.x support.
[email] convert_malbox()- convert between mdbox/sdbox/mbox/maildir formats. cPanel mailboxes are automatically converted upon import.
[Frontend] Use FPM instead of Apache SAPI. Improved stability, lower memory requirements.
[Internal] Process creation loggable by setting [core] => debug_proc when debug mode enabled.
[Internal] Volatile auth profiles, write-once, save-never variants of authentication contexts created through clone.
[Opcenter] IPv6 interface autodetection.
[php] pool_direct_read()- bypass HTTP routing, send request direct to PHP-FPM process.
[PHP] 8.2 support.
[PostgreSQL] pgsql.postgis-version scope. Enable/set PostGIS version on server.
[PostgreSQL] SSL support.
[Process] execve support. Commands passed as an array of parameters bypass /bin/sh subshell processing. ~50% performance improvement.
[Templates] Introduuce $user, $docroot, $hostname variables in docroot placeholder.
[Transfer] Synchronize multiPHP settings.
[UI] [demo] => admin_lock produces a read-only panel instance. Privileged execution still remains via cpcmd.
[upcp] Pass runtime values to Bootstrapper using --var=KEY=VAL. Replaces old "BSARGS=--extra-vars=x=y" format.

FIXED:
[Apache] IPv6 without IPv4 namebased hosting results in malformed Apache configuration.
[Bandwidth] Refresh daily site bandwidth usage.
[Bootstrapper] Mitogen persists an rpm lock in subshell resulting in read lock failure when mail.enabled scope is invoked.
[Bootstrapper] Extension build conflict in php/install-pecl-module if PHP package named "http".
[cgroup] "cpupin" setting persists after cleaning value.
[cgroup] peak memory usage resettable via [cgroup] => reset_peak.
[DNS Manager] Dismissing clone modal persists domain list.
[DNS Manager] Login domain displayed out of order.
[file] get_directory_contents() runs in exponential time.
[Filesystem] Device major integer wraparound.
[File Manager] Paths with plus interpreted as RFC 1866 space.
[Internal] Filesystem::interrogate() returns error when no open file handles exist.
[Internal] implement getgrgid(), getpwuid() within Role\Group, Role\User.
[Let's Encrypt] Replacing Let's Encrypt with non-LE certificate will attempt LE auto renewal.
[MySQL Manager] Max connections limited to 99.
[Network] Disabling IPv6 via net.ip6-enabled scope sets incorrect procfs value.
[Network] Take first routed IP address.
[Nextcloud] Canonicalize global subdomain.
[Nextcloud] Follow prescribed update policy, i.e. remove all files except config/ and data/ during update.
[Opcenter] Addon domains specified directly in aliases,aliases runtime are doubly-counted against license limit.
[Opcenter] Immediately update username/domain value if changed in EditDomain.
[PAM] Boundary metachar misuse.
[PHP-FPM] Adding cgroup controllers retains old cgroup controller list.
[PostgreSQL Manager] Max connections truncated to 99.
[Regex] Set PCRE_DOLLAR_ENDONLY flag on regexes used for validation purposes. Prevents CLI invocation that intentionally append a newline to value.
[Scripts] mapCheck tracks sites absent in other maps. Deletes database users in DB-VARIANT.usermap.
[Task Scheduler] MAILTO= idempotency violation.
[upcp] --reset updates Composer + runs pending migrations.
[upcp] Successive vars passed as BSARGS= environment variable ignored.
[Users] /bin/false + /sbin/nologin missing from CentOS 8.

CHANGED:
[Anvil] Report API throttle and retry time in response headers.
[auth] reset_password() returns password. Previously delivered password OOB as status message.
[Backend] Memory management improvements. Restart cron when [cron] => memory_limit watermark reached.
[Bootstrapper] Bypass existent repo configuration unless forced.
[Bootstrapper] Flush filesystem cache post-install to reduce perceived memory usage of panel.
[Bootstrapper] Passing --var=force=yes rebuilds all PHP modules.
[Bootstrapper] System PHP compilation reassigned to role php/install. php/build-from-source handles low-level builds.
[file] copy() follows cp behavior: preserve deep symlinks, copy referent at surface.
[file] Reject paths greater than OS PATH_MAX.
[file] stat() always works on shadow layer. Composite access must be done through file_stat_backend().
[Ghost] Restore Ghost 5 installation rights. Block 5.21 <= ver < 5.24.
[misc] cp_version() reports debug mode.
[Nextcloud] Adhere to Nextcloud security checks in multiowner setup. Switch occ execution context to match config/config.php owner.
[Opcenter] Improve deletion logic on mismatched username.
[PHP] clean_php Bootstrapper var affects extension source preservation after build.
[PHP-FPM] Bump MAIN pool startup to 3m for O(n^k) cgroupv1 parsing when ProtectHome is set.
[PHP Pools] Cache introspection/phpinfo() bypasses overzealous .htaccess rules through direct FastCGI request.
[pman] Set reasonable upper limit for maximum process CPU time. A process should not exceed its runtime limit, receiving a kill signal if exceeded. Double sanity check by adding CPU throttle 2x runtime.
[Subdomains] "Browse" defaults to active directory.
[Tuned] Increase sleep duration. Configurable in system/tuned role.
[UI] Directory browser creates directories recursively.
[Web Apps] Emptying existing docroot calls app's uninstall method if present.
[Webmail] Apply "use external opener" behavior.
[WordPress] Filter third-party WP-CLI output.
[WordPress] Run database discover as docroot owner.
[WordPress] Trim whitespace from closing PHP tags in SSO URL.

REMOVED:
[Anvil] Phase out exponential blocking algorithm. Adequate delays are incporated into password_verify(), stalling a connction blocks PHP-FPM worker processes.
[Cloudflare] Partner portal.

NEW:
[mysql] resolve_site_from_database- given a database[/table] format, resolve to site.
[pgsql] resolve_site_from_database- given a database[/table] format, resolve to site.
[php] pool_version_from_path- resolve PHP pool version from path.

FIXED:
[argos] list_monitored requires backend elevation.
[Bootstrapper] Explicit version sorting on CentOS 8 kernel selects incorrect default kernel on multiple majors.
[Bootstrapper] Mitogen detection in CentOS 8.
[Digitalocean] Follow pagination results.
[Digitalocean] CAA record normalization.
[Dovecot] Corrupt mtab in vfs prevents quota reporting.
[Hetzner] Normalize long TXT records.
[Metrics] TimescaleDB v2 metrics deletion.
[Opcenter] Activating a site from plan edit yields ghosted session.

[Redis] TCP binding attempted in unixsocket-only mode.
[rspamd] "daemonize yes" breaks Redis v6, cf redis/redis#7217.
[SSL] Quota overage inhibits installation.
[UI] Timezone configuration always reports UTC.
[upcp] Existent ssh-agent process killed at end of update.
[Users] Malformed branch permits uppercase characters after initial 2 chars.
[Versioning] Non-seequential versioning.

CHANGED:
[Backend] Lambda functions introduce memory leak over backend lifetime. Enable opcache to optimize out potential memory leaks in recurrent evaluation.
[Bootstrapper] Add support zipped PECL modules.
[Bootstrapper] PECL module discovery will now follow redirects.
[email] set-webmail-location() setting null resets webmail to system default.
[Internal] Convert MySQL connectivity issues into mysqli_sql_exception, improve robustness of starting backend during downed MySQL event.
[Joomla] Bump Joomlatools to 2.0. Enhance support for 4.x.
[Linode] Reinstate CAA flags parameter.
[Nextcloud] Custom version label.
[node] install() reports installed version for flexible versioning, e.g. 3.5 will return 3.5.7.
[Opcenter] Force-close connection upon database deletion to ensure all references to database discarded. Race condition encountered during unit testing with PHP 7.4/MariaDB 10.5.
[PHP] Use account timezone.
[PHP] Utilize larger temporary swap on PHP8+ builds to satisfy compiler requirements.
[PowerDNS] dns.powerdns-version may be set to "true" to default to ApisCP default.
[Quota] Restrict accidentally triggering a change to diskquota,quota or diskquota,fquota fields that would result in immediate overage.
[ruby] get_available()- returns all versions. Previously only each respective MAJ.MIN release was listed.
[ruby] install() reports installed version for flexible versioning, e.g. 3.5 will return 3.5.7.
[Screenshots] Disable feature in headless mode.
[UI] Filter webmail redirect subdomains.

REMOVED:
[Anvil] Expotential backoff algorithm. Original intention to thwart password timing attacks. password_verify() provides sufficient entropy during hash verification.
[Ghost] Block v5 until MySQL 8 requirement is resolved. Ref: https://forum.ghost.org/t/mariadb-support/33880

Note: moving to hotfix instead of retag to prevent temporary upcp failure on 3.2.33 downgrade.

FIXED:
[DNS] Bulk record update inherits default TTL value resulting in mismatch when required by API driver.
[file] symlink()- existing symlink reports referent than symlink as existent file.
[SSL Certificates] Incorporate missing mail subdomain hostnames.
[Subdomains] Duplicate subdomain remap results in confusing error message.

NEW:
[.htaccess Manager] Search applet.
[Argos] systemd-resolved monitoring.
[Auth] Add [auth] => server_key support for extended cp-proxy usage. See apisnetworks/cp-api repository.
[Cron]  [crond] => autostart controls automatic startup of crond process when crontab,enabled=1.
[dns] dns:flush()- empty authoritative cache if supported. Only PowerDNS is supported at this time.
[dns] dns:empty_zone()- delete all records in a zone. dns:reset()- call empty_zone() then provision zone with default records.
[DNS] dns.powerdns-version scope. Set PowerDNS daemon version on server.
[DNS] Dns\Record::add(). Similar to merge, except properties are only set if unset.
[Lararia] route/view dynamic namespaces. Path resolution determined at call-time, caching for the remainder of the request lifecycle. Additional dynamic namespaces @NAMESPACE-NAME(PARAMETER) may be registered against Lararia\Routing\NamespacedRouteCollection or Lararia\View\NamespacedViewFinder. Corresponding bindings are superceded by these classes.
[Laravel] Lumen subtype dection.
[Metrics] metrics.enabled scope. Toggles metrics support, including purge on disablement.
[php] php:pool-name()- get pool name from path.
[PHP] ionCube v12 support. Supports PHP 8.1. 8.0 is not included from vendor.
[PHP] SourceGuardian support. Activated when php_install_sourceguardian is true.
[Rampart] Speculative whitelisting. When an IP is unbanned, the address is temporarily added to ignorelist for [rampart] => speculative_whitelist seconds. See docs/FIREWALL.md
[UI] Relocate Web App compact display to shared view, master::shared.compact.
[UI] Sticky session tracking. When IP restrictions are enabled for a user, track the most recent login automatically adding the IP if detected. Requires enablement under Settings.
[UI] Content security reporting support. Configured in [frontend] => content_security_policy_report_only.
[upcp] Add -f/--force flag. Applies --extra-vars=force=yes to Bootstrapper invocation as well as upcp --reset prior to codebase updates.
[upcp] Add -v/-vv/-vvv flags. Controls verbosity of migrations and Bootstrapper usage.
[WordPress] Add "language" reconfigurable to set default WordPress language. May be hooked into wordpress:install() to override default language after setup.

FIXED:
[Aliases] Calling aliases:add-domain() after removing a domain before aliases:synchronize-changes() blocks on bad assertion (related #e4959bb3).
[Bootstrapper] Workaround for Ansible filtering localized "No packages match".
[Cloudflare] Origin marker usage mandatory.
[Cloudflare] Soft-deletion compatibility. Zones deleted are now retained within Cloudflare's system for an extended duration. Zones recreated during this time are subject to dns:reset().
[Cron] Starting virtualcron in at least one persistent environment resulted in invalid "failed" state.
[Database Backups] Pipeline non-zero exit treats corrupted database backup as success.
[DNS] Bulk updates fail on subsequent matches in same zone.
[Domains] Addon domain creation in user home blocks o+x applicatin when PHP-FPM enabled.
[Email] Mailbox restoration during provider change from null to builtin improperly tried to restore mailbox backup.
[File Manager] ASCII encoding preferred over UTF-8 when UTF-8 best candidate.
[Internal] Expired afi instance sends invalid ghosted session.
[Internal] Difficulty arises during deserialization when the context isn't known at object instantiation; an ephemeral function broker is created to replace the session. Function broker's ID is replaced with this ID while the global auth context is preserved causing a mismatch in Preferences sanity check.
[Mail] Expose additional environment variables to maildrop: $SENDER, $EXTENSION, $RECIPIENT, $NEXTHOP, $SENDER. See docs/admin/LDA.md
[Mail] maildrop unconditionally queries authlib per compile-time settings. Introduce new flag, -x, to bypass authlib lookup when mail_enabled=0.
[Metrics] Wrap monotonic values exceeding 2^31-1.
[MySQL] Tables with non-alphanumeric characters fails rename.
[Nextcloud] config_is_read_only enforced in occ usage. Implement direct parser to lock/unlock before occ invocation.
[Node] Ignore exit code 3 in software/nvm role when no Node versions installed on system.
[NSS] CentOS Stream introduces new directive usage.
[PHP] Permissions block enumerating multiPHP versions from UI.
[PowerDNS] Canonicalize SOA RNAME. Required in 4.6+.
[PostgreSQL Manager] Database prefix lists mysql,dbaseprefix.
[Proxy] mod_remoteip presence in cp-proxy documentation replaces remote address IP with X-Forwarded-For when remote address matches proxy address. Various checks always assume X-Forwarded-For is valid but can be poisoned if supplied in addition to mod_remoteip usage. Check loaded modules to determine whether X-Forwarded-For is a safe header when [core] => http_trusted_forward is set.
[Scopes] Observe explicit quotes in cp.config.
[Scopes] mail.enabled must trigger software/haproxy to update monitoring.
[Setup Instructions] FTP login references ftp,ftpserver.
[SpamAssassin] sa-compile idempotency check in mail/spamassasin.
[SSL Certificates] Primary domain deauthorized from handling mail deselects all mail-related subdomains from other domains.
[SSL Certificates] Mail domains omitted from SSL selection when primary domain is delisted from Mail Routing.
[Subdomains]  "user ownership" setting has no effect on document root.
[Traceroute] Use positional arguments in traceroute address to ensure appropriate escaping as reported by cmg.
[UI] Security key usage in Terminal, rspamd may expire before it is rolled over. Bad logic checks makes retrieval from master httpd process impossible in /proc/PID/environ.
[Webapps] CLI installation ignores app-specific reconfigurables.
[WordPress] Renaming a site to a directory whose source name contained part of the target directory incorrectly detected as nested.

CHANGED:
[ApisCP] Change default mutex from posixsem to pthread. On posixsem, semaphore ownership is not recovered in a thread in the process holding the mutex segfaults resulting in a hang. With pthread, C7+ implements pthread_mutexattr_setrobust_np(). If the thread dies it passes onto the next owner with EOWNERDEAD.
[ApisCP] Reduce RSS usage by moving OPCache to file-cache.
[Backend] TSTP/CONT signals are forwarded to job runner service from apnscpd process.
[Backend] Unlink apnscp.sock on shutdown, avoid conflict with hydration.
[Bootstrapper] Apply migrations occuring after image marked for hydration.
[Bootstrapper] Removing packages from filesystem template triggers fsmount reload.
[cgroups] Allow group to write its pids to tasks, including Dovecot mail processes. Once a group is bound it can only migrate to a new group. Permissions on other groups prevent migration locking a PID to a controller taskset.
[CLI] rmspam purges matching pattern in maildrop queue.
[Composer] Prefer reading version from composer.lock.
[Composer] Use PHP wrapper assigned for path if multiPHP present.
[Config] Blacklist directives in config.ini support partial matching such as foo* or !foo*.
[DAPHNIE] Deleting time-ordered data deletes underlying chunks.
[Database Backups] Attempt automatic repair of corrupted databases.
[Discourse] Switch Ruby versions on demand if available during upgrade.
[DNS] gethostbyname_t(), gethostbyaddr_t() report failing nameserver. Both API functions follow timeout defined in [dns] => lookup_timeout.
[DNS] Implement get_server_from_domain(), get_all_domains(), get_parent_domain(), domain_hosted(), domain_on_account() in multi-server setups.
[Hooks] Multiple hooks may be registered to an API call.
[Hooks] Fill omitted arguments on callback.
[Let's Encrypt] Trigger SSL bootstrap only on domain addition. Previously deletions were included.
[Manage Users] Apply username input validation on entry.
[Map] Harden map symlink checks.
[Miscellaneous] Update AlmaLinux, Rocky Linux conversion scripts.
[MySQL] Process condition in which MySQL database rename destination is to empty directory.
[node] installed()- value return changed from boolean to null|string, value that matches version filter if found.
[Opcenter] Report pid when global lock held.
[Opcenter] Resolve multiple typing errors when changing plans from one deleted directly in the filesystem. artisan opcenter:plan --delete should be used for sanity checks prior to deletion. Fallback to system default, then apply hard reset (--reset) against new plan.
[php] version() reports PHP-FPM pool version instead of system version.
[PHP] Extensions downloads from pecl.php.net observe transient network outages.
[PHP] Ignore Remi presence when php_enabled is set to false. Implied when has_dns_only enabled.
[PHP Pools] Catch connection errors on cache inspection.
[PowerDNS] Downgrade duplicate record to warning. PowerDNS utilizes both negative and positive query caches with different TTL values (60/20 default). Querying for a record, adding, then querying again responds with NXDOMAIN resulting in potential duplicate operation. In future these lookups should be made directly against the master - whether hidden or exposed.
[PowerDNS] Reduce client instantiations.
[Rampart] Prevent direct management of named ipset or iptables lists in [rampart] => blacklist.
[Rampart] Reimplement entry parser as line parser. Approximate 50% speedup in entry processing.
[ruby] installed()- value return changed from boolean to null|string, value that matches version filter if found.
[Scopes] Changing timezone resarts rsyslog/systemd-journald, see fail2ban/fail2ban#1986.
[Scopes] dns.ip4-proxy and dns.ip6-proxy may now be set "null" to clear value.
[Subdomains] Link subdomain into all_subdomains/ inside respective useer home.
[upcp] ANSIBLE_STDOUT_CALLBACK may be overwritten from environment.
[vsftpd] Define tcp_wrappers depending upon CentOS release. Clears potential in-place upgrade from 7 -> 8 in which tcpwrapper support is disabled.
[Webapps] API improvements. WebappUtilities::getAuthContextFromDocroot() creates a new context based on document root ownership. DatabaseGenerator::connect() creates PDO connection using sourced credentials from webapp::db_config(). Separate PhpWrapper/ComposerWrapper utility classes.
[WordPress] Toggle WP_AUTO_UPDATE_CORE when same-user and panel autoupdates disabled or unprivileged and autoupdates enables.

REMOVED:
[ClamAV] freshclam cronjob superseded by clamav-update systemd timer.
[Cloudflare] Host app. Officially abandoned by Cloudflare.
[Lararia] jenssegers/blade package replaced with in-house implementation.
[Filesystem Template] sudo remained accessible in virtual environments provisioned between Feburary 7 and July 14.

FIXED:
[Mail] courier-authlib relinks systemd script.

ApisCP benchmark

See https://github.com/apisnetworks/apnscp-bootstrapper#benchmarking-providers

NEW:
[crontab] stop(), start(), restart() wrapper methods for toggle_status().
[crontab] match_job()- return jobs whose command matches regex pattern.
[Filesystem] whiteout/opaque layer utility class.
[scope] diff()- report changes in a given Bootstrapper role. Example: diff("clamav/setup") reports all configuration changes that override variables in clamav/setup.
[telemetry] collect()- trigger statistics collection.
[telemetry] interval()- report data over evenly spaced intervals.
[upcp] List available roles using -l flag.
[user] resolve_uid() method translates UID to a site/user tuple.
[webapp] get_meta()/set_meta()- interact with Web App metadata.
[webapp] refresh_apps()- expunge cached webapp facts, used when developing Web Apps without restarting ApisCP.
[webapp] removeJobs() internal helper removes existent tasks within a given document root.
[wordpress] cli()- free-form WP-CLI access.

FIXED:
[Argos] Weak "requests" dependency pulls down incompatible package on CentOS 7.
[Backend] double-fork race condition.
[Bootstrapper] Idempotency violation in mail/spamassassin.
[CLI] non-CLI input format destructures array.
[CLI] Numeric flag argument raises strict type error.
[Composer] CVE-2022-24828 Composer Command Injection hotfix.
[Filesystem] 0:0 valid device.
[letsencrypt] Calling append() to non-existent certificate fails.
[Nexus] Plans outside system charset are silently ignored.
[Opcenter] Early termination suppresses other regitered callbacks.
[Opcenter] DTSS activation orphans dbaseadmin, dbaseprefix values on account deletion. Apply AlwaysRun attribute to dbaseprefix. Change intention of AlwaysRun to always run even during deletion if service class "enabled" is false.
[Opcenter] Prefixing "www." to a domain fails post-creation callbacks.
[Opcenter] *.end event processing in Activate/SuspendDomain.
[PHP] Reconfiguring PHP-FPM logging if logs,enabled=0 chmod's vfs root to 640.
[PHP] SourceGuardian support. Set php_install_sourceguardian to "true" in cp.bootstrapper Scope, run upcp after.
[Route53] Records created as weighted, closes issue #48.
[Route53] Long records require label split.
[rspamd] IPv6 MX records report MX_INVALID.
[upcp] Hotfixes revert edge-major policy.
[Users] Changing username could result in crash during notification.
[Users] Usernames that begin with a number yet contain a valid character mask.

CHANGED:
[Backend] Squelch spurious same-mount warning early in installation.
[Bootstrapper] Workaround on platforms in which /etc/selinux/config is marked with immutable attribute.
[cgroup] Move to cgconfig.d/ usage. cgconfig is a oneshot task on boot that has a tendency to become unwieldy with parsing larger configurations. Each cgroup configuration is named after the site for easier management.
[Cgroup] Cleanup internal API usage. Group name no longer required where Controller object is used.
[Discourse] Add support for 2.8+.
[DNS] Exporting corrupt/invalid zone fails gracefully.
[Filesystem] Spam retention in ~/Mail/.Spam adjustable in software/tmpfiles.
[Ghost] Support 4.5+.
[Internal] Merge config/custom Composer dependencies into autoloader.
[Laravel] Use pool version in determining installation requirements.
[Metrics] Delete data older than 1 year, apply aggressive compression policy for metrics older than 2 days.
[Opcenter] Block reducing bandwidth threshold that will result in immediate account suspension.
[Opcenter] Rename Procfs helper class to Sysctl.
[PHP] Disabling Apache service terminates PHP-FPM processes.
[PostgreSQL] postgresql.conf values may be overridden in Bootstrapper as "pgsql_custom_config".
[rampart] temp() may be used by admin.
[Scopes] Suggest alternative scopes on invalid reference.
[Subdomain] Removing a subdomain whose data directory is incorrectly located in /var/subdomain will remove the directory now.
[Task Scheduler] Downgrade duplicate job to warning.
[Task Scheduler] Task Scheduler (crontab) may operate independently from SSH when [ssh] => crontab_link is set to false. Doing so still allows a cron process to open a shell for a user to login to the account. This is intended as a simpler approach to creating a custom plan named nossh as referenced in Plans.md#complex-plan-usage.
[upcp] Improve permission healing.
[Watchdog] Delay on boot via watchdog_boot_delay Bootstrapper setting. Intended for heavy startups that spike load momentarily.
[web] rename_subdomain() implicitly coerces local format to global.

REMOVED:
[Bootstrapper] Account creation role on DNS-only builds.
[PowerDNS] Web server feature disabled by default.
[UI] Nexus on DNS-only installs.

FIXED:
[Cloudflare] Modifying DNS record in proxy mode strips proxy behavior.

REMOVED:
[Packages] ImageMagick-perl 6.9.12.50 built against Perl 5.23 appstream.

FIXED:
[Nexus] "Hide in welcome email" displays password.
[PHP] PECL helper script executed as PHP script.

CHANGED:
[PHP] Recompile imagick extension to make use of new MagickWand API.

NEW:
[apnscpd] Report last fatal error in systemd status field.
[DNS] Changing IPv4, IPv6 pools through dns.ip4-proxy/dns.ip6-proxy performs a batch update on managed zones.
[Migration] --do=, --list-components= for staged reapplication from a backup. In most situations --no-create --no-scan --no-bootstrap should be included to prevent post-migration hooks from running once the components are processed. --do may be listed multiple times.
[MongoDB] 5.x support.
[redis] system_info()- send INFO command to ApisCP Redis instance.
[PHP] Add "php_enabled" Bootstrapper setting to control presence of PHP on node. Implied when has_dns_only is enabled.
[upcp] -m|--migration flag runs specified migrations. glob-style wildcards are supported. Results are not logged to migrations database. Intended primarily for development purposes to test migrations without specifying the full name.
[WordPress] AST walker constant retrieval.
[WordPress] debug reconfigurable, toggles debug mode.

FIXED:
[apnscpd] systemd culls control-group on direct process restart.
[Apps] application manifest "vars" key uninitialized in production.
[Argos] Disabling rspamd monitoring by mail feature.
[Bootstrapper] git:// protocol suspended on Github.
[CLI] % in service values, e.g. auth,tpasswd=, treated as variable placeholder.
[DNS] Promoting addon domain to primary domain removes zone.
[Filesystem] Declaring /sys/fs/cgroup -> /.socket/cgroup as slave mount loses propagation rights when /.socket mounted as slave. Corrects window between apnscp and cgconfig initialization in which PHP-FPM could startup failing on postexec cgclassify step.
[Let's Encrypt] Callback arguments violate strict typing when [letsencrypt] => auto_bootstrap enabled.
[Opcenter] Deleting a site lingers queued jobs in atd. Rewrite Util_Process_Schedule to optionally tag job IDs with site identifier. These jobs will be removed at account deletion.
[PHP-FPM] Delayed cgroup rbind into vfs results in failed PHP-FPM startup when cgroup,enabled=1 on busy sites.
[PostSRSd] Spaces in /etc/default/postsrsd treated as command.
[Preference] Context derivation on domain change.
[rampart] bans_since()- null dereference prior to initialization.
[Settings] Cancelling confirm dialog still processes removal.
[Subdomains] index.html missing in newly created subdomains.
[Task Scheduler] Setting MAILTO= without an active job.
[Whitelist] Cancelling confirm dialog still processes removal.
[WordPress] Missing .htacess results in corrupted SSO link.

CHANGED:
[Aliases] Restore previous behavior introduced in 3.2.31, a domain deleted yet not committed via aliases:synchronize-changes may be added. Perform additional check in pending configuration.
[apnscpd] Move \ListenerServiceCommon to \ListenerService\Daemon.
[auth] change_cpassword() permits locked indicator, !!. A locked account may not login but may change its password.
[Bootstrapper] software/argos role variable "state" accepts "disabled"/"enabled" in addition to false/true.
[Distro] Update AlmaLinux, Rocky Linux migration scripts.
[imagick] Bump extension to 3.7.0.
[Laravel] Cap Laravel 8 to non-PHP 8 setups.
[Migration] Drop unsupported IP stacks on target machine.
[MySQL] Relink /var/lib/mysql/mysql.sock as needed after installation.
[Node] Cleanup Node versions on upgrade. Change default behavior to not install system-wide Node. Controllable via node_system_install (bool) and node_prune_system_upgrades (bool).
[PHP-FPM] Increase 100ms retry on failed service to 750ms defensively against future misconfigured service dependency ordering.
[Regex] Permit punycoded email domains.
[rspamd] Rework remote Redis configuration (see rspamd.md).
[Screenshots] Purge saved screenshots when a domain/subdomain is added.
[Screenshots] User namespaces can be disabled entirely as mitigation for CVE-2022-0185 and general hardening. Disabling namespaces disables sandboxing in Chrome, which is designed to isolate tabs from malicious code exploiting a vulnerability. When disabled sandboxing must be disabled as well. [screenshots] => sandbox_fallback controls this behavior.
[UI] Reduce scope of external opener decorator to any rel="external" attribute.
[UI] Trim space from search input.
[WordPress] update_plugins()/update_themes()- Extend plugin/theme argument to accept $force (default: false) that bypasses skiplist rules. Available only when $plugins is formatted as a complex list.
[WordPress] Specifying hold:1 as an option during install preserves structure in event of failure.

REMOVED:
[Mail] courier-authlib when mail feature disabled.
[Settings] Konami easter egg for non-Site Administrators.

REMOVED:
[haproxy] nbproc. No longer present in haproxy v2+. PostgreSQL repository may pull in haproxy v2 during update on Alma/Rocky/C8 machines. haproxy_worker_count moved to nbthread on v1.8+.

FIXED:
[Postfix] Spamhaus flags Cloudflare as public resolver. Postfix DNSBL codes work on first non-zero result rather than specificity. Expand non-error statuses to avoid flagging mail as spam.

NEW:
[apnscp.js] cmd() queueing.
[DNS] --all flag applies DNS changes to all sites on server via scripts/change_dns.php.
[Dovecot] dovecot_utf8_mailboxes, enable support for UTF-8 named mailboxes. Mailboxes containing ampersand do not require a following hyphen in UTF-8 mode. mUTF-7 is default mode.
[Opcenter] OOB file descriptor reporting in --fd=X.
[php] pool_owner: report pool owner for named pool.
[WordPress] Plugin updates.

FIXED:
[afi] Prefer session ID over authenticated context in singleton instantiation to avoid infinite recursion that occurs between authorization and the implicit account initilization. Likewise this was triggered in the opcenter/ test suite.
[ajax] Invalid invocations returned normal results.
[Apache] Rollback results in infinite loop on missing apache group.
[Auth] Revert changes introduced in 3c361e77 whereby preferences are not loaded until after login. Postponement forces tautology in IP 2FA.
[Backend] Potential race condition may occur when an asynchronous signal is received, e.g. SIGCHLD, during worker resumption resulting in selected worker being incorrectly terminated.
[Cache] All Redis cache types extend MProxy, which locks up a Redis connection for each profile scope as a static member. When the authentication context changes or spawning a new backend worker, the connection is refreshed. Garbage collection runs manually in backend to optimize usage patterns resulting in situations in which phpredis extension could write to an invalid descriptor. Check if gc is disabled then explicitly invokve a cycle to ensure fds are properly deinitialized.
[cpcmd] multi command mode reports last command following output changes.
[DNS] SRV records application.
[Dovecot] 2.3 no longer implicitly trusts 127.0.0.1 for plain-text authentication.
[File Manager] non-ASCII files result in garbled output. Refactor zip implemementation to ZipArchive.
[MySQL] Changing mysql,dbaseadmin leaves behind old admin.
[Opcenter] Deleting a site attempts SSL acquisition when [letsencrypt] => auto_bootstrap enabled.
[Opcenter] Domains attached directly via aliases,aliases report as non-existent. Change aliases:domain-exists() and web:list-domains, web:split-doc-root to report these direct additions as aliases to /var/www/html.
[Opcenter] Error() generated within validation routine reports incorrect module.
[Opcenter] Potential race condition in /proc/self/mount query.
[Opcenter] Rollback on addition before apache service proccesses results in recursive loop due to missing apache group.
[Opcenter] Expiring a site from within a contexted authentication may invalidate the global authentication session. An example occurs during rampart_get_jails() called by DAPHNIE using the global authentication context to query available jails after editing a site.
[SSL] Unlink certificate chain configuration when a newly imported certificate lacks a chain/intermediate.
[Synchronizer] Validate PID process name during lock check.
[upcp] Perform .git/ write check as update user.

CHANGED:
[Bootstrapper] Enhance grub.cfg rootflags= matching to reflect last listed directive.
[Bootstrapper]
[Dev] clean.sh interactively prompts for features when preparing an image. Installed Mitogen version is preferred.
[Dovecot] Update ciphers. Disable cipher downgrade by client.
[letsencrypt]  renew(), append()- prune orphaned domains from certificate bundle.
[node] make_default()- accept non-specific versions, e.g. v12 or "12".
[personality] scan()- unparseable .htaccess file shall return false, not NULL.
[PHP] Create PHP runtime configuration directory as needed.
[Postfix] Smart-host via mail.smart-host no longer requires password.
[Quotas] Convert XFS features in filesystem/make-mounts role to list. Features may be overridden with "xfs_quota_features".
[rspamd] Update rspamd DMARC, reputation configuration. Older installs may contain literal templated key expressions that cannot parse from limitations in Jinja. These may report spurious "unknown backend" warnings. Likewise reporting is now a configuration section in 3.0+.
[Scopes] net.ip4 flush namebased_ip_addrs on update.
[Scopes] net.ip6 flush namebased_ip6_addrs on update.
[Session] Expire cached afi instances on session invalidation.
[Setup Instructions] Graceful downgrade for unprivileged users.
[SSL] Enabling [letsencrypt] => auto_bootstrap
[UI] Resume quota caching.
[UI] Secure Access Key checks refresh key TTL in Redis. Key rolling moved to a separate cron task.
[vfs] Add wget cyrpto-policies dependency.
[WordPress] PHP 8.1 compatibility (see wp-cli/wp-cli#5586).
[WordPress] Add "hold=" option to withhold failed installation.
[Yum] Downgrade reinstalling existing package into vfs as warning
[Yum] apnscp/initialize-dependencies accepts additional include_dependencies= var to denote implicit package installation.

INTERNAL:
[Filesystem] Rename FILESYSTEMTEMPLATE references in release annotations to "vfs": virtual filesystem. "fst" will continue to refer to /home/virtual/FILESYSTEMTEMPLATE components. "vfs" refers to composite filesystem after all layers merged up.

SECURITY:
[OS] CVE 2021-4034 hotfix, polkit/pkexec vulnerability on C8.

FIXED:
[Migrations] assert protobuf-c, json-c, fstrm packages available before applying October migration.

CHANGED:
[Bootstrapper] Package scripts may pass "yum_transaction_hook" variable to inform Bootstrapper if scripts are running from within Yum transaction. Resolves a potential deadlock if an included tag calls yum during transaction.
[PHP] Automate recovery if apache,webuser system user is missing from /etc/password.
[UI] "Use External Opener" feature always appends to URLs that match ^http.

FIXED:
[afi] Anonymous module initialization pulls in global authentication context instead of scoped context.
[UI] Absolute URL matching for proxied layouts.

CHANGED:
[afi] Lazy-load account metadata. Direct access to "conf" property is now via getAccount() method.
[Cache] Enable compression using zstd.
[Cache] OOM check may also throw RedisException.
[Mail] Dovecot 2.3 support.
[multiPHP] Remove /etc/phpXX.d from filesystem upon removal of multiPHP version.
[Opcenter] --force always calls depopulate() on disabled services.
[Opcenter] Permit 253-character domains, the maximum permitted label length.
[UI] Disable crawling.
[VirtualCron] 2 minute timeout on service start.

NEW:
[Backend] Suspend/resume of Cronus.
[Daphnie] TimescaleDB v2 support. Compression changes reduces storage requirements by ~57%. Site deletion now possible without decompressing metrics.
[Ghost] v4 compatibility.
[Opcenter] metrics service class. "enabled" controls API usage as well as metrics logging. Disabled for epehemeral accounts.
[Process] environment()- parse a process' environment variables. all()- list all processes optionally matching a closure.
[telemetry] histograms. Create data constructs over even intervals for arbitrary windows with metrics.

FIXED:
[Bootstrapper] Account creation assertion fails on low-memory servers.
[Change Information] Reactivating a suspended model presents change option without corresponding input.
[Database] Removing a database without a corresponding backup task generates an error.
[File Manager] Fragment ("#") usage in filename breaks various features.
[Opcenter] A single fatal() in a DeleteDomain batch aborts chain.
[Opcenter] apache,jail must always be enabled on non-FPM servers.
[Opcenter] Re-enabling pgsql or mysql service blocks on duplicate dbaseadmin check.
[PHP-FPM] Deleting a domain attempts to update PHP-FPM log ownership.
[pman] get_processes() returns empty process list if empty controller previously populated.
[rspamd] Disabling rspamd support persists Argos monitoring profile.
[UI] Processes overview reports no active processes when freezer cgroup enabled.
[UI] Route invocation with implicit Page binding creates a new app instance without parsing metadata. Reuse the fully instantiated object during parameter resolution
[UI] Secure Access Key rotation determined by cron TTL instead of Redis TTL.

CHANGED:
[Auth] API method "whitelisted" changed to "trusted" to indicate role in forwarded address verification.
[Auth] Honor [auth] => min_pw_length in password checks.
[Bootstrapper] Purge RPM cache after install.
[Cloudflare] Bump API timeout to 10 seconds.
[Daphnie] Raise shared locks as needed by TimescaleDB during intense operations. Lock count is approximately 2 * chunk count.
[Daphnie] Restrict logging via metrics,enabled service parameter.
[Discourse] Propagate nvm PATH shimming to rake subprocess.
[FTP] Force vsftpd restart on glibc update. vsftpd may hold onto old copies of glibc that conflict with PAM.
[HTML Kit] absolute_url() generates a URL matching the browser environment. Move old code into separate function, canonical_url(), which will always return a URL formed with the server name.
[misc] list_commands() matches modules, e.g. cpcmd -lmisc. Previous usage required an explicit wildcard.
[Network] Negative trust anchors on ip6.arpa PTR lookups.
[Process] Add GID matching in addition to group name.
[Scripts] mapCheck.php inspects orphaned database entries. Yield appldb.siteinfo records to filesystem metadata on mismatch.
[telemetry] metrics() now available to Site Administrator.
[UI] phpMyAdmin, phpPgAdmin follow "Use external opener" option.
[Web Apps] Tolerate corrupted fortify metadata. Older sites migrated may have unusable options set. When reapplying Fortification profile from metadata the value is improperly interpreted as "" instead of its intended mode.

REMOVED:
[Daphnie] Boundary alignment detection.