ApisCP v3.2.42 released


AVIF support added to PHP. Supervisor mode. Secure third-party key usage with Keyring. cgroup resource delegation a/k/a subtrees

[Anyversion] direct()- apply raw command against nvm, pyenv, rbenv, goenv wrappers.
[Cgroup] Delegative authority technology preview. Unlimited suballocatable resource groups enforced kernel space by cgroupv2. See Resource enforcement.md.
[Internal] Jobs may be executed with suppression filters.
[Keyring] Secure storage of platform hints. Accompanying module “keyring”. See Authentication.md.
[PHP] AVIF support on PHP 8.1+.
[Platform] Supervisory mode, set panel_headless=True + has_dns_only=True + webserver_type=null for a management-only variation. Works with DNS-only/testing licenses. Useful on hypervisors.
[Transfers] --all option performs transfer of all non-suspended sites on server.

[Anyversion] Reverse interpreter version to match least significant first otherwise “18” incorrectly matches 18.20 in [18.20,18.50] whereas wrapper pulls “18.50”.
[Bootstrapper] Incorrect substitution in memory-ranged crashkernel values.
[Cgroup] Files in /etc/cgconfig.d ignored on startup.
[Ghost] Specifying localhost.localdomain may result in incorrect grant evaluation on dual-stack networks.
[Net] Interface address scope, off-by-one in removal.
[Opcenter] DeleteDomain hooks ignored in API.
[Subdomains] Subdomains created within /var/subdomain generate inaccessible paths.
[Tuned] Active profile must be set through tuned-adm.

[Bootstrapper] Factor into consideration memory savings of disabling crashkernel when calculating memory threshold.
[Dashboard] Fetch load average as soon as possible before other requests are enqueued to reflect the normalized run-queue depth.
[Ghost] Remove older releases after successful update.
[Ghost] Switch to ghost-cli to apisnetworks/ghost-cli-lite, without systemd/Ubuntu mannerisms.
[MySQL] Perform quick, transactional database exports which no longer require table locks.
[PHP] Report identifier to syslog as php-fpm/siteXX-pool. Disambiguate startup errors in /var/log/messages plus facilitate identification of rogue syslog messages. Remove block on changing error_log setting, which has valid cases in WordPress when WP_DEBUG_LOG is true.
[Postfix] Downgrade SpamCop quality while row with Office365 continues, Massive spams from Microsoft - SpamCop Lounge - SpamCop Discussion.
[Postfix] postscreen DNS lists broken out to “postfix_dnsbl_sites”. Default behavior of performing DNSBL checks behind postscreen can be reverted to old behavior (< 2.8) by setting postfix_postscreen_dnsbl_bypass=true in Bootstrapper. Bypassing DNSBL checks in Postscreen moves the checks to the smtpd client, which may be skipped entirely based upon results in client_access. Note, this method is less efficient but allows for a recipient to subvert any DNSBL checks.
[PostgreSQL] Update timezone with system.timezone scope.
[PowerDNS] Tag SOA creation with ctime, site, and server for better tracking.
[Scopes] apache.system-directive supports array values, e.g. [‘BROTLI’:false,‘STRICT’:true].
[Syslog] Standardize idents as /<?-optional identifier>.
[System] CVE-2024-2961 hotfix. POC drops May 10.
[WordPress] Set FS_METHOD to “direct” on release fortification.

[Backend] Remove PHP-FPM dependency in theme acquisition.
[Packages] bind-utils, use dig instead of host.
[PHP-FPM] Administratively set values for opcache.restrict_api, mirrors default and session.save_path, /tmp is preferred for its ephemeral storage but justification for permanent restriction is insufficient.
[PHP-FPM] Explicit controller names may be picked up with cgclassify + cgrules.conf.
[tuned] Dynamic tuning.