Fixed:

1. Fixed incorrect "ALTER TABLE ... SET DEFAULT ..." behavior
2. Fixed server crash if config contains anonymous section
3. Fixed database restoring if the backup has external procedures with dependencies but the external engine is missing
4. Fixed O_DIRECT support. Now when O_DIRECT mode used reads made by 4K into buffer aligned to 4K
5. Fixed server crash on some combinations of authentication plugins
6. CREATE OR ALTER now creates metadata in security database
7. LDAP password could be unintentionally deleted after user activation
8. Fixed incorrect behavior while replication segments archiving
9. Fixed wrong value in LDAP attribute rdbAccessTime after failed multifactor authentication
10. Fixed server crash caused by "SIMILAR TO" clause
11. Fixed repldiff utility help

Changed:

1. ODS increased to 12.3 as an index has been created on the RDB$PAGES system table
2. While restoring from 2.6 missing feature warning "mandatory access" is printed only once

Improved:

1. Optimized monitoring tables access
2. Decreased SuperServer memory consumption
3. Increased cache performance on SuperServer including systems with NUMA architecture
4. Speedup temporary index operation
5. Name and PID of remote client passed through services and reflected in MON$ATTACHMENT

Added:

1. Optimization strategies OPTIMIZE FOR { FIRST | ALL } ROWS ported from 2.6
2. Stable cursors support
3. Multithreaded backup/restore
4. Multithreaded sweep
5. Trace now prints memory consumption by sorting
6. New LDAP user management functions
7. Added ability to get LDAP users with SEC$USERS table

fbjava updated to 1.1.14:

1. Fixed possible server crash on shutdown when unloading fbjava plugin

fbjava-lucene updated to 2.0.14:

1. Lucene updated to 7.7.3 to address IndexWriter initialization (https://issues.apache.org/jira/browse/LUCENE-8310)
2. Now FTS initialization script creates procedures and functions with "SQL SECURITY DEFINER"

Ported from Firebird:

1. Fix #6854 - Crash occurs when use SIMILAR TO and compare string with pattern that contains non-ascii character with suppressed exception handling (or "Invalid SIMILAR TO pattern" raises otherwise).
2. Fix #5534 - String truncation exception on UPPER/LOWER functions, UTF8 database and some multibyte characters.
3. Fix for #6817: -fetch_password passwordfile does not work with gfix
4. Fix for #6836 - fb_shutdown() does not wait for self completion in other thread
5. Fixed bug GH-6866 : Some orphan records left at RDB$SECURITY_CLASSES and RDB$USER_PRIVILEGES after DROP PROCEDURE\FUNCTION
6. Avoid calls to JRD_get_thread_data.
7. Remove pool reference and children lists in each node: Children lists will be created and destroyed on demand.
8. Better handling for the scratch pool and fixed CORE-5646: CORE-5646 - Parse error when compiling a statement causes memory leak until attachment is disconnected.
9. Revert to statically alloc the parser instance: Added a scope block to delete it before the scratch pool is destroyed in DsqlDmlRequest::dsqlPass.
10. Process nodes using the scratch pool as default pool: To make it work, change MAKE_parameter to allocate parameters in the message pool (statement pool).
11. Delete the scratch pool in the end of DML compilation
12. Remove kind field.
13. Remove dsqlCompatDialectVerb field and organize some members in AggNode for better alignment.
14. Backported PR168 and PR294
15. Backport fixes for memory leaks found by Jiří, see "Memory leak with external engine plugin" in fb-devel
16. Make sure Engine instance is not destroyed before SharedXXX objects, that uses pointer on Engine in own dtor's.
17. Backport one more fix against memory leak in UDR
18. Fixed #6889: no permision while ALTER USER SET TAGS
19. Fixed failure of test bugs.core_0927
20. One more postfix for #6220
21. Backported fix #6896: Client forcing server to encryption
22. Postfix for #6220 - thanks to Adriano
23. Aplly fix for #6220 - slow performance when executing SQL scripts as non-SYSDBA user (used for >2 years in IBP)
24. Fixed bug #6918 : Service detach is always traced