+CHANGES WITH 243 in spe:
+
+ * Previously, filters defined with SystemCallFilter= would have the
+ effect that an calling an offending system call would terminate the
+ calling thread. This behaviour never made much sense, since killing
+ individual threads of unexpecting processes is likely to create more
+ problems than it solves. With this release the default action changed
+ from killing the thread to killing the whole process. For this to
+ work correctly both a kernel version (>= 4.14) and a libseccomp
+ version (>= 2.4.0) supporting this new seccomp action is required. If
+ an older kernel or libseccomp is used the old behaviour continues to
+ be used. This change does not affect any services that have no system
+ call filters defined, or that use SystemCallErrorNumber= (and thus
+ see EPERM or another error instead of being killed when calling an
+ offending system call). Note that systemd documentation always
+ claimed that the whole process is killed. With this change behaviour
+ is thus adjusted to match the documentation.
+
+ * The "kernel.pid_max" sysctl is now bumped to 4194304 by default,
+ i.e. the full 22bit range the kernel allows, up from the old 16bit
+ range. This should improve security and robustness a bit, as PID
+ collisions are made less likely (though certainly still
+ possible). There are rumours this might create compatibility
+ problems, though at this moment no practical ones are known to
+ us. Downstream distributions are hence advised to undo this change in
+ their builds if they are concerned about maximum compatibility, but
+ for everybody else we recommend leaving the value bumped. Besides
+ improving security and robustness this should also simplify things as
+ the maximum number of allowed concurrent tasks was previously bounded
+ by both "kernel.pid_max" and "kernel.threads-max" and now only a
+ single knob is left ("kernel.threads-max"). There have been concerns
+ that usability is affected by this change because larger PID numbers
+ are harder to type, but we believe the change from 5 digit PIDs to 7
+ digit PIDs is not too hampering for usability.
+
+ * MemoryLow and MemoryMin gained hierarchy-aware counterparts,
+ DefaultMemoryLow and DefaultMemoryMin, which can be used to
+ hierarchically set default memory protection values for a particular
+ subtree of the unit hierarchy.
+
+ * Memory protection directives can now take a value of zero, allowing
+ explicit opting out of a default value propagated by an ancestor.
+
+ * systemd now defaults to the "unified" cgroup hierarchy setup during
+ build-time, i.e. -Ddefault-hierarchy=unified is now the build-time
+ default. Previously, -Ddefault-hierarchy=hybrid was the default. This
+ change reflects the fact that cgroupsv2 support has matured
+ substantially in both systemd and in the kernel, and is clearly the
+ way forward. Downstream production distributions might want to
+ continue to use -Ddefault-hierarchy=hybrid (or even =legacy) for
+ their builds as unfortunately the popular container managers have not
+ caught up with the kernel API changes.
+
+ * Man pages are not built by default anymore (html pages were already
+ disabled by default), to make development builds quicker. When
+ building systemd for a full installation with documentation, meson
+ should be called -Dman=true and/or -Dhtml=true as appropriate. The
+ default was changed based on the assumption that quick one-off or
+ repeated development builds are much more common than full optimized
+ builds for installation, and people need to pass various other
+ options to when doing "proper" builds anyway, so the gain from making
+ development builds quicker is bigger than the one time disruption for
+ packagers.
+
+ Two scripts are created in the *build* directory to generate and
+ preview man and html pages on demand, e.g.:
+
+ build/man/man systemctl
+ build/man/html systemd.index
+
+ * The D-Bus "wire format" for CPUAffinity attribute is changed on
+ big-endian machines. Before, bytes were written and read in native
+ machine order as exposed by the native libc __cpu_mask interface.
+ Now, little-endian order is always used (CPUs 0–7 are described by
+ bits 0–7 in byte 0, CPUs 8–15 are described by byte 1, and so on).
+ This change fixes D-Bus calls that cross endianness boundary.
+
+ The presentation format used for CPUAffinity by systemctl show and
+ systemd-analyze dump is changed to present CPU indices instead of the
+ raw __cpu_mask bitmask. For example, CPUAffinity=0-1 would be shown
+ as CPUAffinity=03000000000000000000000000000… (on little-endian) or
+ CPUAffinity=00000000000000300000000000000… (on 64-bit big-endian),
+ and is now shown as CPUAffinity=0-1, matching the input format. The
+ maximum integer that will be printed in new format is 8191 (four
+ digits), while the old format always used a very long number (with
+ the length varying by architecture), so they can be unambiguously
+ distinguished.
+
+ * /usr/sbin/halt.local is no longer supported. Implementation in
+ distributions was inconsistent and it seems this functionality was
+ very rarely used.
+
+ To replace this functionality, users should:
+ - either define a new unit and make it a dependency of final.target
+ (systemctl add-wants final.target my-halt-local.service)
+ - or move the shutdown script to /usr/lib/systemd/system-shutdown/
+ and ensure that it accepts "halt", "poweroff", "reboot", and
+ "kexec" as an argument, see the description in systemd-shutdown(8).
+
+ * When a [Match] section in .link or .network file is empty (contains
+ no match patterns), a warning will be emitted. Please add any "match
+ all" pattern instead, e.g. OriginalName=* or Name=* in case all
+ interfaces should really be matched.
+
+ …
+