* New: change login url
* Fix: Exclude deprecated x-content-security-policy from header detection
* Improvement: Update to functional components Rest API for free core
* Improvement: Disable Content Security Policy if the maximum header size has been reached
Fix: follow redirects in third party header detection.
* Improvement: add support for BLOB and Filesystem
* Improvement: disable CSP reporting mode paused status when switching to disabled or enforced
* Improvement: CSP policy for back and front-end separate
* Improvement: also allow non-recommended X-XSS options
* Improvement: frame ancestors allow other values than 'none'
Fix: Debug.log setting not saving on first save action
* Fix: isset check on $_SERVER['HTTPS'] to support environments where this key is missing
* Improvement: add headers_sent() check for situations where the headers already have been sent, possibly due to an error earlier in the system.
* Improvement: Update CSP reporting URI on permalink structure change
Run upgrade only once
Prepare for 6.0 release with upgrade notice, disabling auto updates for 6.0, and code preparation to prevent conflicts between major versions