NEW: [admin] get_site_id_from_admin()- efficient lookup to determine which site has specified siteinfo,admin_user value. [Backups] backup_dbs.php helper now accepts --keep, --force flags to retain existing database backups and skip backup schedule. [DNS] show apex NS records. Must be enabled via Account > Settings > App Settings > DNS Manager. [PHP] PHP-FPM version selection now available under PHP Pools. [PHP] expose recent log in PHP Pools. [PHP] policy maps. Set a variety of PHP-FPM values administratively. See PHP-FPM.md. [UI] Add [frontend] configuration, https_only restricts access to HTTPS endpoints. content_security_policy= sets a default CSP. Sample CSP supplied in config.ini. FIXED: [apnscpd] exporting LC_ALL to backend breaks float formatting, such as in multiPHP. Limit numeric localization to authentication context. [Bootstrapper] CentOS Stream workaround for #1853736, "systemctl show" emits "Invalid argument" in property trailer. [DNS] always encapsulate TXT records in quotes. [EditDomain] exceptions lose stack. [EditDomain] delayed journaling causes a flood of logging messages at shutdown. [misc] command_info() an incomplete docblock creates a null dereferencing exception. [upcp] Composer timestamp check ineffective. [Web Apps] use app pretty name in presentation. Always show primary domain name. CHANGED: [Auth] add domainmap.tch size validation on boot. [Backups] backup_dbs.php may be manually triggered. Set manual_database_backups=true in Bootstrapper, then run apnscp/crons role. [Bootstrapper] allow MySQL overrides via mysql_custom_config. [DNS] changing providers performs zone provision. [DNS] honor [dns] => default_ttl value for new records. [EditDomain] allow null/None values in plan definitions to update on --reset. Previously any None value is skipped such as apache,subnum. [Network] bypass hairpin check if IP address exists on interface. [PHP] relocate Remi to /.socket/php/multiphp. [PostgreSQL] use named socket to connect instead of 127.0.0.1 for connectivity. Designed for interoperability when PrivateNetworking=yes in cp-proxy configuration. [PowerDNS] listen on 127.0.0.1 on CentOS 8+/PowerDNS 4.3+ builds. Previously changed from 0.0.0.0 to accommodate systemd-resolved. On basic setups; however, with a local nameserver configuration, 127.0.0.1 cannot return an authoritative response. [Rampart] an "ignorelist" delegated whitelisting target has been added, which applies all firewall rules but ignores brute-force blocks for these IPs. Previously the target was "whitelist" which absolutely permits access before other rules. "ignorelist" rules only affect whitelisting done by Site Administrators. rampart:whitelist by Appliance Administrator still places the IP address in "whitelist". Policy may be changed by setting [rampart] => delegation_set. [Scripts] mapCheck rebuild TokyoCabinet database before performing reverse sweep. REMOVED: [dns] remove_zone() no longer accessible directy by Site Administrator. [dns] authoritative-only flag causes hang in multiple DNS providers. Rely on setting recursion=0 to validate successful provisioning. [PowerDNS] PowerDNS 4.3/CentOS 8 limitation. MySQL backend driver RPM no longer depends on MySQL 8.