* New: Vulnerability Detection is in Beta - [Read more](https://really-simple-ssl.com/vulnerability-detection/)
* Fix: prefix replacement in wp-config too broad, causing issues if wp_ is used other then in the prefix.
* Fix: Update prefix site_id in user roles when changing the database prefix, to preserve capabilities for users in subsites
* Improvement: add support for BLOB and Filesystem
* Improvement: disable CSP reporting mode paused status when switching to disabled or enforced
* Improvement: Use ABSPATH constant instead of path when writing path to debug.log
* Improvement: Pause CSP reporting after 20 requests, to lower server load
* Fix: script-src-elem in Content Security Policy not including source URL
* Improvement: CSP policy for back and front-end separate
* Improvement: also allow non-recommended X-XSS options
* Improvement: frame ancestors allow other values than 'none'