NEW:
[cgroup] cpuset support. Allocate a site to a specific CPU or set of CPUs. Controlled via cgroup,cpupin service attribute.
[cgroup] freezer support. Suspend any CPU processing for site. Corresponding API call cgroup:freeze likewise to unfreeze call cgroup:thaw.
[DNS] SVCB RR support in Cloudflare. SMIMEA RR support in PowerDNS.
[Joomla] 4.x support.
[PostgreSQL] v14 support.
[Setup Instructions] FTP configuration profiles.
[UI] Declare entry application besides "dashboard" application. See Customizing.md for further information.
[upcp] -l/--list shows available tags to run in conjunction with upcp -b.
[User Defaults] %u and ~ expression in FTP jail path default. %u expands to USERNAME, ~ expands to /home/%u.

FIXED:
[cpcmd] Specifying a filter to -l/--list-commands is silently ignored.
[Databases] Deleting a custom database without prefix namespace does not discard backup task on site deletion. Revise lookup algorithm to update database to prefix + database composite, failing if that delete query cannot be resolved.
[DNS Manager] Reset DNS to defaults skips local subdomain entries.
[email] add_virtual_transport()- add UUID check before provisioning MX records. Corrects condition in which server-to-server migration using same nameservers duplicates MX records prior to migration complete.
[file] chown() forces remount in process where direct write occurs to fully release file handle thus updating stat metadata. Resolves ghosting issues with custom FTP jail directory.
[Joomla] Take head on multiple branch updates such as 3.x and 4.x update pathways.
[Let's Encrypt] RFC 6125 rule matching. A wildcard matches a label but does not match additional labels. Secondary subdomains will not be filtered by a wildcard subdomain.
[Logs] --reconfig overwrites /etc/logrotate.conf. Abstain from regenerating this file unless missing.
[Migration] Web App metadata lost on transfer.
[Opcenter] Performing a shallow import of an authentication context breaks getServiceValue() usage. Merge old into cur to preserve behavior when SiteConfiguration is instantiated during Opcenter task (edit, delete, add domain).
[PHP-FPM] Dependency ordering loop on PHP-FPM sockets occurs in default assignment of basic.target. CentOS 8 negotiates sysinit.target to pull in .socket services. Dependency assignment makes .service subordinate to .socket, but permits restarting of socket activation by .service directly. On boot with a basic.target assignment, sockets.target is implicitly included in all .socket services that must run before basic.target resulting in a cyclic graph.
[Process] "sgid" option looks for named user instead of group.
[Scopes] Disabling PHP build from UI sends incorrect command to backend.
[Scopes] list() shows original index numbers.
[UI] Cleanup ephemeral accounts after theme inventory. Cleanup dangling .test domains from platform.
[UI] Duplicate gauge id attributes.
[User Defaults] Defaults not reflected immediately following postback.
[User Defaults] Ternary precedence inhibits checked attributes on disk quota.
[Web Apps] Crash in Chromium 94.0.4606.61 on C8. A full stderr buffer that is closed at runtime results in crash leaving screenshots in a persistent pending state.

CHANGED:
[Bandwidth] Squelch invalid domains during tabulation.
[Bootstrapper] Cap Mitogen version to ^0.2.
[Core] Library update.
[DNS] Bulk update helpers add()/remove() follow replace() behavior in which a record is only skipped if the closure returns boolean false.
[DNS] Use API error message on invalid Cloudflare key.
[DNS Manager] Permit restoring naked zones.
[Dovecot] mail_max_userip_connections extracted to Bootstrapper setting.
[file] Optimize chown() performance, filesystem caches are only updated once on recursive chown.
[file] Optimize filesystem flush, use syscalls directly instead of calling helper script.
[Joomla] Upgrade Joomlatools to 1.6.0.
[License] Clarify mismatched gateway reason.
[License] license.php helper includes validation status.
[MySQL] "Big selects" now toggleable in Bootstrapper (mysql/install role). Enabling big selects implies max_join_size=2^64. Setting max_join_size implies sql_big_selects=0.
[Network] Emergency patch when no nameservers are detected in /etc/resolv.conf such as can occur if NetworkManager goes rogue.
[Network] Disable DNSSEC for PTR records (in-addr.arpa zones). PTR has a very limited incentive to poison. Certain published zones of legitimate mail are unsigned resulting in FCrDNS failure during lookup by Postfix. This value may be reverted to previous configuration by overwriting Bootstrapper var "negative_trust_anchor_template" in common/update-config.
[Opcenter] Bypass admin_user rollback on no-op.
[Opcenter] Ephemeral accounts are now prefixed "apiscp-int-" to disambiguate origin.
[Opcenter] Permit setting siteinfo,plan=None. When set to None a site no longer has plan affinity
[PHP-FPM] Add check to determine if system is capable of PHP-FPM when apache,jail=1.
[PHP-FPM] Defer daemonization to systemd thus making it behave similar to Remi implementation.
[PHP-FPM] sockets.target no longer default target for php-fpm-MAIN.service. Implied part of php-fpm.service.
[Setup Instructions] Add IMAP path prefix.

REMOVED:
[DNS] DNSKEY RR support on Cloudflare.
[Migration] Skip ownership update on migration. uidmap/gidmap flags handle this during rsync.