Changelog summary: Security fixes (CVE-2025-69217, CVE-2026-27624,
CVE-2026-40613), performance improvements (recvmmsg, lock-free atomics),
memory safety fixes, and DDoS handling improvements.
Risk: CAUTION (4.7.0 has breaking changes for deprecated config options)
Breaking changes: 4.7.0 removed keep-address-family,
response-origin-only-with-rfc5780, inverted no-stun-backward-compatibility.
None of these are in our config — no impact.
DB backup: no (not DB-backed)
Config changes applied: none (no-tlsv1, no-tlsv1_1, no-cli now unnecessary
but still accepted — no removal needed)
Flagged for manual review: none
Co-Authored-By: Service Upgrade Agent <noreply@viktorbarzin.me>
287d5eb28d