[DAPHNIE] passive metrics collection when [telemetry] => enabled = 1
[apnscpd] resolve when waitpid() syscalls in housekeeping fail to collect exit code
[Bootstrapper] resolve conditions in which Mitogen cannot activate. FLARE prematurely checks for /etc/sysconfig/apnscp

[Logs] fix condition in which xfs-based mounts can trigger an Apache reload failure if a site goes over quota due to idiosyncrasies in how quota enforcement operates compared to ext4
[Scopes] cp.flare-check, cp.update-schedule
[UI] job runner status now available as admin
[scripts] htrebuild implies systemctl reload httpd
[Metrics] materialized views properly refresh
[Opcenter] fix condition where editing all attributes of a domain results in dropping the domain from mapping and subequently fails to regenerate session

[UI] Toolbox domain clones within Manage Mailboxes, Subdomains, and DNS Manager
[PHP] drop dentry/inode cache on PHP-FPM update
[Opcenter] invalidating metacache on certain service reconfigurations triggers session ghost
[UI] update styles
[SSL] AcmePHP supports GET-as-POST
[Opcenter] DeleteDomain, EditDomain support invoice grouping

[System] force-update mod_security package; optionally require module configuration

[Migrations] update cPanel shadow location
[Scopes] ftp.enabled toggles FTP on server
[Web Apps] restrict .git/

[Migration] --late-quota flag applies storage amnesty during migration (see Migrations.md)
[Settings] blank page on full name change
[Migration] transform symlink'd docroot to their platform equivalent
[auth] set_temp_password() now works as site administrator. First parameter becomes target user, e.g. cpcmd -d site1 auth:set-temp-password foobar 480 (assign random password to user foobar, valid for 480 seconds)
[Web Apps] early enrollment to snapshots

[Hooks] new! Copy bin/hooks to config/custom/hooks to get started
[Web Apps] version sort breaks next version upgrade
[apnscpd] fix "php_version insufficient privileges to call" error
[Impersonation] restore session on app that initiated impersonation

[admin] get_site_storage()- list storage for all domains
[user] getpwnam cache clobbers non-system user list

[Migrations] --apply-fortification=MODE applies Fortification profile to detected Web Apps
[cpcmd] cpcmd --help command:name invokes introspection
[mod_security] update baseline configuration, use Lua for filtering
[File Manager] add "Date Modified" column
[web] status() method reports mod_systemd on Apache 2.4.41-7+ releases

[Migrations] multiple improvements to cPanel imports
[Apps] new PHP Pool management
[Apps] application manifest accepts Yamlf ormat
[SSL] wait 5 seconds to confirm TXT record during DNS validations
[Rampart] flush() allows for emergency flushing of all or named jails. whitelist() assumes authenticated address when $ip omitted

[Metrics] preview release, cpcmd scope:set cp.config telemetry enabled 1
[API] misc:command-info()/misc:i() dumps introspection on a command, similar in usage to misc:list-commands()
[Nexus] multi-selection on domains, scope support to periodically purge suspended domains via opcenter.account-cleanup
[DNS] add_record_conditionally()- honor RFC 1912 § 2.4 CNAME rules
[Web Apps] search function
[Artisan] new make:scope command
[Databases] properly remap definers on views/triggers/events/procedures through "best-effort" target user or account admin
[Web Apps] Release Fortification mode now always available

[Bootstrapper] improvements to unsafe text handling in Ansible 2.9
[Core] DEBUG=1 environment variable enables debugging for the life of the request
[Postfix] disable deep protocol inspection tests, reduce bad SASL cache duration to 30 minutes
[Migrations] read "documentroot" metadata to determine addon/subdomain locations. Follow historic "shell" paths for user mail in cPanel backups.
[apnscpd] disable realpath cache
[rspamd] package dependency relocation
[wordpress] report database credentials in the presence of custom error handlers
[config] support vanity nameserver configuration in [dns] => vanity_ns
[dns] import_from_domain() clones DNS records from hosted domain
[dns] export()/import() visibility opened to admin

[Bootstrapper] Ansible 2.9 compatibility changes. IPv4, IPv6 detection checks routable interface for accessibility. Use Mitogen where available. MySQL password recovery now attempted as needed.
[upcp] switching from edge to major/minor resumes from last known branch deviation
[php] migrate_directives()- move PHP directives between ISAPI/FPM environments
[cgroups] resolve higher order devices (> 255 such as NVMe) generate exception

[Bootstrapper] Mitogen, Ansible 2.9 compatibility changes
[Bootstrapper] add abbreviated playbook for prebuilt images
[AJAX] disallow user function invocation outside webapp path
[DNS Manager] Toolbox feature now works with admin
[cpcmd] -l/--list-commands feature to display all commands for role
[Migrations] ensure html/ has public accessibility

[Bootstrapper] prefer EDGE builds on install to improve responsiveness in resolving installer issues. Switch back to preferred update policy after install
[Security] always ensure FST/etc/sudoers is broken from system version
[Bootstrapper] fix urllib3 warning

[MySQL] MDEV-20987 mitigation

[Helpers] DeleteDomain --since=timespec, --dry-run. "--since" removes suspended domains older than spec. "--dry-run" explains removal without processing.
[Build] clean.sh cleanup release for imaging (see https://hq.apnscp.com/accelerating-apnscp-install/)
[DNS] zones now use Blade template
[Layout] further subdivide master layout into partial themes. Allow overriding of layout per theme (see Customizing.md)
[Nexus] disabled services remain disabled on failure
[Summary] SSL state incorrectly reported as disabled
[DNS Manager] validate email service enabled prior to applying MX reset
[PowerDNS] update module
[Opcenter] domains may duplicate database prefix
[Logging] [core] => bug_report always appends From: header

[apnscpd] MySQL deadlock periodically sticks on "resuming syscall"
[Bootstrapper] PowerDNS selection as default DNS provider fails initial install

[Bootstrapper] propagate HOME= environment variable on resume
[Migrations] provision DNS on alias domains at account creation time
[Users] permit usernames that begin with a number followed by character

[Opcenter] catastrophic backtracking error during versioning with enormous commits
[upcp] always run migration unless explicitly declined
[misc] list-commands() accepts optional shell-style wildcard filter