Improvements and fixes:

1. Backported #7468: Add switch to control in guardian timeout before killing firebird server process
2. Postfix for #7465: Restore success illegally reported when gbak was unable to activate all indices;syntax
3. Fixed #7465: Restore success illegally reported when gbak was unable to activate all indices
4. Fix RS-95971: Always fix orphan pages
5. Fixed #7467: simple sql crashes firebird: select cast(rdb$db_key as integer) from rdb$database
6. Remove UDF from installers RS-96232
7. Add arm64 build
8. Disable gfix warnings for some cases of flags inconsistency which currently may happen during normal operation of the server (see RS-92275)
9. Do not mark the last 7 pages of an extent as secondary because it doesn't improve the performance of updates since the original precedence relationship between the pointer page and the secondary data page was restored (see RS-92275)
10. Postfix for #7446: never attempt to delete savepoints belonging to a different transaction
11. Minimalist fix for #95371: account our own attachment's changes inside dbb_stats before reporting the global stats to the user
12. Attempt to fix bug #7428 : Problem with editing procedures being in use.
13. Backported fix for #7446: Attempt to use data in destroyed transaction pool
14. Allow use bundled editline with bundled ncurses (configure --with-builtin-ncurses) RS-92735
15. See RS-87996: postfix certificate logon via multifactor and certificate as ldap user with policy, when LDAPUserCertificate parameter not set
16. Drop /tmp/firebird after installation and create during systemd unit startup. RS-94794
17. Fix resetting and accidental key damaging/deleting (#7415) (#7423)
18. Update zlib to 1.2.13, see #7437
19. Do not reset buffer flags in CCH_shutdown when it's called from ERR_bugcheck_msg because otherwise a precedence relationship can be ruined for other threads that may still be active (see RS-92275)
20. Fix bug when uncommitted records may become visible after the database sweep (see RS-92275)
21. Fixed (fingers crossed) 'no current record' error during refetch after sort if transaction ID is beyond the 2^32 bounds
22. Add downgrade support (RS-87092)
23. Fix overwriting data with "optimize for" RS-82213
24. Minimal fix for #7436: Backup error for wide table: provide understandable message on error
25. Fix possible SUBSTRING()'s crash with UTF-8 encoding (#7434) (#7435)
26. See RS-92433: fix regex pattern's end calculation
27. Fix RS-70126: Log errors when new user password violates policy restrictions
28. Don't add ldap user to security on alter with DefaultUserManagers (RS-91213)
29. See RS-86719: Execute server startup flags before config validation to be able to return some info about server even if config contains errors.
30. Fix RS-92512: Server with multifactor authentication hangs when gbak service disconnects after backup
31. Postfix for #7418: Reliability of plugin manager; better error handling during plugin registration, removed limit on length of registration name
32. See RS-92832: remove redundant checks for parameters containing list of plugin names
33. "RESET USER" also sets PLG$LAST_ONLINE to CURRENT_TIMESTAMP to allow connections from idle users
34. Implemented #7418: Reliability of plugin manager
35. Drop default sysdba password from installer RS-89415
36. Dispose of replication transaction on commit/rollback. See RS-69574
37. Ability to specify replication plugin name. See RS-69574
38. Postfix after RS-90502: Correct use of the refactored WideString class. It should fix broken multifactor authentication.
39. RS-90502: Increase the maximum length of the LDAP_ATTR result to 4096.
40. Fix RS-90502: Ability to read multiple values of LDAP attribute. Only the first value was read before.
41. Fixed #4729: Grant and Revoke update (field)
42. Fixed #7402: Server crashes on startup error
43. Fixed #7406: Regression - trusted role does not work with version 3.0.10
44. See RS-91562: change error message if user not found in security db and ldap is not accessible.
45. Add a new 'L' flag for logical replication, which will compare certain system tables, also fix a bug with the comparison SQL_ARRAY type. Changed the message output when detecting differences between tables.
46. See RS-60027: Fix crash when replicated internal requests
47. Attempt to fix RS-91329: Turn on checkout in PIO_write to make it possible to deliver AST while writing to the file
48. See RS-87996: bind to Ldap and check user's policy attribute existence even if we are logging in via trusted certificate
49. Postfix for #7147: Problems with use of big timeout (or no timeout at all) in trace service; avoid most of annoying messages in firebird.log caused by original fix
50. Fixed #7393: Access violation after double fault in attachDatabase().
51. Backport forgotten fix for no privilege check (RS-50891)
52. Fixed #7370: Segfault under OOM conditions
53. Fixed #7366: setEngineReleaseDelay uses wrong type for the local variable maxLinger
54. Fixed #7365: Client side aliases do not work in databases.conf
55. Fix issue when the count of temporary blobs was not decremented for file blobs which caused "Too many temporary blobs" error (see RS-88869)
56. See RS-71900: In case of incremental restore, close all backup files as usual except of stdin
57. Do not delete temp.rpb_record inside the loop because it can be reused (see RS-84455)
58. Use the most recent format for records in SortedStream::mapData to fix crashes (see RS-84455)
59. Postfix for RS-88073: Get the actual modification time of databases.conf instead of the access time
60. Fix RS-87197: Don't raise an error if modifying a non-DBMS LDAP password fails due to an object class violation.
61. Fix RS-87644: Log the change of database backup state to 'merge'
62. Fixed possible crash when server-side authentication creates an empty plugin list
63. This should fix bug #7314 : Multitreaded activating indices restarts server process
64. Backported fix for #7298: Info result parsing
65. Backport parallel workers implementation from FB5 to fix races and crashes during sweep (see RS-86799)
66. Do not print errno in error messages in cases when a file descriptor is invalid and I/O functions were not called before (see RS-84347)
67. Fix NULL pointer dereference when a relation is dropped concurrently (see RS-84097)
68. Attempt to fix hanging transaction locks after various exceptions or BUGCHECK (see RS-84347)
69. Put the error message into firebird.log before BUGCHECK actions because there is always a risk of crashing (see RS-84347)
70. Don't close temporary files in PageManager::closeAll because they should already be closed by PageManager::releaseTempPageSpace (see RS-84347)
71. Lock page spaces in PageManager::closeAll because this function can be called concurrently when BUGCHECK is encountered (see RS-84347)
72. Print a function name in error messages in cases when a file descriptor is invalid (like it's done in PIO_header) for better diagnostics (see RS-84347)
73. Print correct error message for crypto exceptions (RS-87299)
74. Fix for #7299: gfix hangs on disconnect when transactions traceactive
75. Fixed #6941: Dummy (always true) conditions may change the join order
76. Fixed #7296: During shutdown op_disconnect may be sent to invalid handle
77. Fixed #7295: Unexpected message 'Error reading data from the connection' when fbtracemgr is closed using ctrl-C
78. Fixed #7299: gfix hangs on disconnect when transactions trace active
79. Add error code 1 return from gfix if config validation found errors in config
80. Trace failed attach attempts RS-52749
81. Improvement RS-86068: New built-in function BLOB_APPEND backported from 4.0
82. Postfix for RS-44527: Allow spaces in LDAP_XYZ configuration parameters
83. Improvement #7259 : Remove TcpLoopbackFastPath and use of SIO_LOOPBACK_FAST_PATH
84. Fix RS-85492: Log warnings about missing LDAP attributes only if "TraceAuthentication" parameter is enabled
85. This should fix bug #7271 : Sporadic crash on 3.0.10.33106
86. Fix RS-84819: Empty user name when searching LDAP groups if there is no primary group
87. Do not allow the AST thread to release EX lock on a relation while it's in the deleting state (#7252)
88. Check for an error when opening "/dev/urandom". Otherwise wrong error is returned e.g. if the open file limit is reached.
89. Fix #7237 - Starting operator become unstable on indexed varchar fields.
90. Fix RS-84571: Extracting metadata using ISQL can cause crash because of unhandled exception.
91. See RS-44527: Introduced configuration validation argument to gfix and autovalidation feature to rdbserver
92. Fix races between Thread::start and Service::run.
93. See RS-75522: add grant policy feature to ldap users
94. See RS-72035: Rise LockHashSlots default config value
95. Fixed issues with shutdown thread, reported by Ilya Eremin privately
96. See RS-77088: gather DEFAULT roles granted to PUBLIC user along with roles granted to user directly
97. See RS-75048: add BugcheckAbort config parameter check to system_call_failed exception to make it create dump not only on debug build
98. See RS-60479: add password setting in ldap for 'create user' statement used with Srp, Multifactor, Legacy_Auth plugin
99. See RS-71900: do not close stdin before read from it
100. See RS-73363: increase regexp_substr() input string max size
101. See RS-75391: fix single minus symbol interpretation in regex character sets
102. See RS-70492: exclude ^ symbol from special symbols if it used in regexp_substr without M mode
103. See RS-70356: make regex engine to search in empty string something at least once
104. See RS-70289: fix symbol range pattern generation
105. RS-69360: introduce properly working backtracking to 'similar to' matcher
106. RS-70267: introduce group substring start restore
107. RS-46421: introduce lazy quantifier mode
108. RS-70290: remove redundant condition in regex pattern parser which deny repeats of groups containing possibly zero length substring
109. Print warning after revoking a missing option (RS-68485)
110. Add BlobTempSpace - new config option (RS-65761)
111. Fix for RS-74062: Wrong value "User name in DPB" in mon$auth_method
112. Allow threads which are running purge_attachment() to start new transactions during DB shutdown because it's needed for ON DISCONNECT triggers
113. Autonomous transactions which are used inside ON DISCONNECT triggers are allowed as well.
114. Execute ON DISCONNECT triggers in the following cases: 1. During database shutdown (gfix -shut full -force 0). 2. An attachment is deleted from MON$ATTACHMENTS by another attachment. See RS-44282.
115. Flush only pages from a temporary page space which is being released (see RS-75696)
116. Backported fix for #6947: Query to mon$ tables does not return data when the encryption/decryption thread is running

FBJava updated to 1.2.2:

1. Increasing maximum number of document characters to analyze with marker highlighter. RS-82772
2. Throw an exception if reindexing is already running. RS-82772
3. Use the length of message bytes to allocate memory for error message. An error message may have a different encoding than UTF-8, and message length returned by java.lang.String#length may be different from the actual memory size. RS-82772
4. Use HTML Encoder to escape text for HTML output. RS-82772
5. Add ability to index in parallel. Multiple threads can start indexing in parallel. If any thread tries to index an index that is already being processed, a warning is printed to logger and second processing is skipped. RS-82772
6. Increasing maximum number of document characters to analyze with marker highlighter. RS-82772
7. Throw an exception if reindexing is already running. RS-82772
8. Use HTML Encoder to escape text for HTML output. RS-82772
9. Close blob after reading contents. RS-84807
10. Upgrade tika parsers to 2.4.1 and lucene libraries to 8.11.2. RS-82772