SECURITY: Move .php denial to accounts specifically configured without apache,jail=0. Prior, it would be possible to side-step authorization policy if the request URI were a .php resource with .php explicitly appended. All other related resources would continue to be blocked as normal. A corresponding httpd-2.4.43-3 package has been released in coordination. NEW: [Core] API callbacks. See Hooks.md. FIXED: [Database] appldb incorrectly owned by "root", which during image packaging via clean.sh, prevented root from being dropped. [SSL Certificates] domain sorting. [Yum] package solving kicks out nightly package updates from added third-party deps with PostgreSQL. [apnscpFunctionInterceptor] session context inherited from global context. [Opcenter] propagate bandwidth changes when unit changes independent of threshold. [HTTP] IPv6 fixes during self-referential reachability checks. [rspamd] MX checks. Firewall rules do not inspect supplementary groups until iptables 1.8.4. [.htaccess Manager] various maladies. [Chromedriver] certain call pathways could persist chromedriver binary longer than necessary. [dns] nested parented domains. [Drupal] various installation blockers CHANGED: [system/limits] PAM-imposed limits configurable via limit_<NAME>_<TYPE> where name is the resource imposition and type hard or soft. [PHP Pools] PHP5.6 compatibility during PHP-FPM interrogation. [Let's Encrypt] report pruned SSL hostnames to account holder during issuance. [Let's Encrypt] transient requests may be debugged from command-line using env DEBUG=1. [Screenshots] interface extracted into general-purpose template in master::partials.shared.wa-screenshot. [discourse] report debugging information directly when invoked from command-line with env DEBUG=1. REMOVED: [FST] go packages obviated by goenv