SECURITY:
[sudo] CVE-2021-3156 mitigation. Privilege escalation via command line argument parsing. Remove this version from FST, which will provide adequate protection from user invocation until updated packages are available.

NEW:
[admin] create_from_meta()- generate a duplicate of the site from its metadata.
[Bandwidth Stats] add daily/monthly views when appropriate.
[MySQL] SSL server support.
[Web Apps] "empty directory" option before installation.
[WordPress] SSO plugin. Must be installed account-wide first via Web Apps before per-site activation.

FIXED:
[Auth] unauthenticated logins would redirect to /dashboard, then /login resulting in being doubly counted against anvil.
[cgroups] memory.limit_in_bytes unlimited previously encoded as NULL that becomes PHP_INT_MAX when multiplied that creates an overflow error in kernel. Update value to -1.
[DAPHNIE] illegal offset 'ranges'.
[Ghost] update login information for Ghost 2.x installs.
[File Manager] extract option ignored in Download & Extract feature.
[Manage Mailboxes] vacation responder cache misses.
[Modules] session logic mismatch error on CLI resumption. If session cannot resume automatically, import from database.
[Scopes] virus-scanner.signature-whitelist, correctly handle "UNOFFICIAL" signatures.
[Versioning] version comparison inherits first version's digits if missing.
[Web Apps] per-app overrides in config/custom/webapps/ could never take precedence.

CHANGED:
[argos] monitoring is reset on backend boot.
[dns] disable native TLSA lookups in PHP.
[dns] parented domains on provision will properly set DNS records on parent.
[EditDomain] improve EditDomain durability in mass edits, handle fatal() calls.
[file] set_acls()- allow UID usage.
[file] reimplement expose() algorithm to use ACLs. Changing ownership of a hardlink changes the original inode. This behavior was unintended and could result in loss of access to file after expose() as with PHP-FPM logs.
[File Manager] json files now editable.
[Jobs] squelch duplicate emails when admin and site admin are same address.
[Migrations] sessions no longer required. Add database checks after each platform migration to catch MySQL restarts.
[Nexus] cache services.
[Opcenter] reject potentially destructive changes such as lowering a quota below what's presently in use without --force flag.
[PHP Pools] relay phpinfo() errors to UI.
[PHP-FPM] either ExecStart= or ExecStop= is required for a simple service to be valid. ExecStart=/bin/true can lead to residual processes on a mass restart. Move the required Exec* to stop, which is less likely to yield subsequent tasks.
[Scopes] add "FORWARDED" property to determine whether a scope provides a purpose or merely forwards to another scope.
[Web Apps] add modal confirmation before invoking Recovery Mode.
[Web Apps] updates blocked by version locking will report this cause.
[Web Apps] additional docroot ghosting checks. Docroots that were relocated or orphaned are now masked.
This tag has no release notes.