• feature: On failing to remount a fuse filesystem, give warning instead of
  erroring out (#5240 #5242)
• feature: Update syscall tables and seccomp groups (#5188)
• feature: improve force-nonewprivs security guarantees (#5217 #5271)
• feature: add support for restricting the creation of Linux namespaces
  (--restrict-namespaces, --restrict-namespaces=), implemented as a seccomp
  filter for both 64 and 32 bit architectures (#4939 #5259)
• feature: add support for custom AppArmor profiles (--apparmor=) (#5274
  #5316 #5317 #5475)
• feature: add support for ICMP in nettrace
• feature: add --dnstrace, --icmptrace, and --snitrace commands
• feature: Add basic gtksourceview language-spec (file type detection/syntax
  highlighting for profiles) (#5502)
• feature: add restrict-namespaces to (almost) all applicable profiles (#5440
  #5537)
• feature: add support for netlock in profile files
• modif: removed --cgroup= command (#5190 #5200)
• modif: set --shell=none as the default (#5190)
• modif: removed --shell= command (#5190 #5196 #5209)
• modif: disabled firetunnel by default in configure.ac (#5190)
• modif: disabled chroot by default in /etc/firejail/firejail.config (#5190)
• modif: disabled private-lib by default in /etc/firejail/firejail.config
  (#5190 #5216)
• modif: disabled tracelog by default in /etc/firejail/firejail.config
  (#5190)
• modif: removed grsecurity support
• modif: stop hiding blacklisted files in /etc by default and add a new
  etc-hide-blacklisted option to firejail.config that enables the previous
  behavior (disabled by default) (#5010 #5230 #5591 #5595)
• bugfix: Flood of seccomp audit log entries (#5207)
• bugfix: --netlock does not work (Error: no valid sandbox) (#5312)
• build: deduplicate configure-time vars into new config files (#5140 #5284)
• build: fix file mode of shell scripts (644 -> 755) (#5206)
• build: reduce autoconf input files from 32 to 2 (#5219)
• build: add dist build directory to .gitignore (#5248)
• build: add autoconf auto-generation comment to input files (#5251)
• build: Add files make uninstall forgot to remove (#5283)
• build: add and use TARNAME instead of NAME for paths (#5310)
• build: only install ids.config when --enable-ids is set (#5356 #5357)
• build: Remove deprecated syntax and modernize shell test scripts (#5370)
• build: Fix musl warnings (#5421 #5431)
• build: sort.py improvements (#5429)
• build: deduplicate makefiles (#5478)
• build: fix formatting and misc in configure (#5488)
• build: actually set LDFLAGS/LIBS & stop overriding CFLAGS/LDFLAGS (#5504)
• build: make shell commands more portable in firejail.vim (#5577)
• ci: bump ubuntu to 22.04 and use newer compilers / analyzers (#5275)
• ci: ignore git-related paths and the project license (#5249)
• ci: Harden GitHub Actions (StepSecurity) (#5439)
• ci: sort and ignore more paths (#5481)
• ci: whitelist needed endpoints and block access to sudo (#5485)
• docs: fix typos (#5189 #5349)
• docs: mention risk of SUID binaries and also firejail-users(5) (#5288
  #5290)
• docs: set vim filetype on man pages for syntax highlighting (#5296)
• docs: note that blacklist/whitelist follow symlinks (#5344)
• docs: Add IRC channel info to README.md (#5361)
• docs: man: Note that some commands can be disabled in firejail.config
  (#5366)
• docs: Add gist note to bug_report.md (#5398)
• docs: clarify that --appimage should appear before --profile (#5402 #5451)
• docs: add more Firefox examples to the firejail-local AppArmor profile
  (#5493)
• docs: Fix broken Restrict-DBus wiki link on profile.template (#5554)
• docs: Remove invalid --profile-path from --help (#5585 #5586)
• new profiles: gdu, makedeb, gtk-lbry-viewer, lbry-viewer, tuir, chafa,
• new profiles: godot3, cinelerra-gg, tesseract, avidemux3_qt5,
• new profiles: avidemux3_cli, avidemux3_jobs_qt5, ssmtp, chatterino,
• new profiles: linuxqq, qq, electron-hardened.inc.profile,