* The --purge switch of systemd-tmpfiles (which was added in v256) has
      been reworked: it will now only apply to tmpfiles.d/ lines marked
      with the new "$" flag. This is an incompatible change, and means any
      tmpfiles.d/ files which shall be used together with --purge need to
      be updated accordingly. This change has been made to make it harder
      to accidentally delete too many files when using --purge incorrectly.

    * The systemd-creds 'cat' verb now expects base64-encoded encrypted
      credentials as input, for consistency with the 'decrypt' verb and the
      LoadCredentialEncrypted= service setting. Previously it could only
      read raw, unencoded binary data.

    * Support for automatic flushing of the nscd user/group database caches
      has been dropped.

    * The FileDescriptorName= setting for socket units is now honored by
      Accept=yes sockets too, where it was previously silently ignored and
      "connection" was used unconditionally.

    * systemd-logind now always obeys block inhibitor locks, where previously
      it ignored locks taken by the caller or when the caller was root. A
      privileged caller can always close the other sessions, remove the
      inhibitor locks, or use --force or --check-inhibitors=no to ignore the
      inhibitors. This change thus doesn't affect security, since everything
      that was possible before at a given privilege level is still possible,
      but it should make the inhibitor logic easier to use and understand,
      and also help avoiding accidental reboots and shutdowns. New 'block-weak'
      inhibitor modes were added, if taken they will make the inhibitor lock
      work as in the previous versions. Inhibitor locks can also be taken by
      remote users (subject to polkit policy).

    * systemd-nspawn will now mount the unified cgroup hierarchy into a
      container if no systemd installation is found in a container's root
      filesystem. $SYSTEMD_NSPAWN_UNIFIED_HIERARCHY=0 can be used to override
      this behavior.

    * /dev/disk/by-id/nvme-* block device symlinks without an NVMe
      namespace identifier are now fixed to namespace 1 of the device. If
      no namespace 1 exists for a device no such symlink is
      created. Previously, these symlinks would point to an unspecified
      namespace, and thus not be strictly stable references to
      multi-namespace NVMe devices. These un-namespaced symlinks are mostly
      obsolete, users and applications should always use the ones with
      encoded namespace information instead. This change should not affect
      too many systems, because most NVMe devices only know a namespace 1
      by default.

    * Support for cgroup v1 ('legacy' and 'hybrid' hierarchies) is now
      considered obsolete and systemd by default will ignore configuration
      that enables them. To forcibly reenable cgroup v1 support,
      SYSTEMD_CGROUP_ENABLE_LEGACY_FORCE=1 must additionally be set on the
      kernel command line.

    * The D-Bus method org.freedesktop.systemd1.StartAuxiliaryScope() is
      deprecated because accounting data and such cannot be reasonably
      migrated between cgroups. It is likely to be fully removed in a
      future release (reach out if you have use cases).

    * The recommended kernel baseline version has been bumped to v5.4
      (released in 2019). Expect limited testing on older kernel versions,
      where "old-kernel" taint flag would also be set. Support for them
      will be phased out in a future release in 2025, i.e. we expect to bump
      the minimum baseline to v5.4 then too.

    * The complete removal of support for cgroup v1 ('legacy' and 'hybrid'
      hierarchies) is scheduled for v258.

    * Support for System V service scripts is deprecated and will be
      removed in v258. Please make sure to update your software
      *now* to include a native systemd unit file instead of a legacy
      System V script to retain compatibility with future systemd releases.

    * To work around limitations of X11's keyboard handling systemd's
      keyboard mapping hardware database (hwdb.d/60-keyboard.hwdb) so far
      mapped the microphone mute and touchpad on/off/toggle keys to the
      function keys F20, F21, F22, F23 instead of their correct key codes.
      This key code mangling will be removed in the next systemd release.
      To maintain compatibility with X11 applications that rely on the old
      function key code mappings, this mangling has now been moved to the
      relevant X11 keyboard driver modules. In order to ensure these keys
      continue to work, update to xf86-input-evdev >= 2.11.0 and
      xf86-input-libinput >= 1.5.0 before updating to systemd >= 258.

    * Support for the SystemdOptions EFI variable is deprecated.
      'bootctl systemd-efi-options' will emit a warning when used. It seems
      that this feature is little-used and it is better to use alternative
      approaches like credentials and confexts. The plan is to drop support
      altogether at a later point, but this might be revisited based on
      user feedback.

    * systemd-run's switch --expand-environment= which currently is disabled
      by default when combined with --scope, will be changed in a future
      release to be enabled by default.

    * systemd's JSON API is now available as public interface of
      libsystemd, under the name "sd-json". The purpose of the library is
      to allow structures to be conveniently created in C code and
      serialized to JSON, and for JSON to be conveniently deserialized into
      in-memory structures, using callbacks to handle specific
      keys. Various data types like integers, floats, booleans, strings,
      UUIDs, base64-encoded and hex-encoded binary data, and arrays are
      supported natively. The library has been part of systemd for a while
      as internal component, and is now made publicly available. One major
      user of sd-json is sd-varlink (see below). Note that the
      documentation of sd-json is very much incomplete for now, but the
      systemd codebase provides plenty real-life code examples.

    * systemd's Varlink IPC API is now available as part of libsystemd,
      under the name "sd-varlink". This library is a C implementation of
      the Varlink IPC system (https://varlink.org/) that has been adopted
      by systemd for various interfaces. It relies on the sd-json JSON
      component, see above. Note that the documentation of sd-varlink is
      very much incomplete for now, but the systemd codebase provides
      plenty real-life code examples.

    * sd-bus gained a new call sd_bus_pending_method_calls() which returns
      the number of currently open asynchronous method calls initiated on
      this connection towards peers.

    * sd-device gained a new call sd_device_monitor_is_running() that
      returns whether the specified monitor object is already running. It
      also gained sd_device_monitor_get_fd(),
      sd_device_monitor_get_events(), sd_device_monitor_get_timeout() and
      sd_device_monitor_receive() to permit sd-device to run on top of a
      foreign event loop implementation. It also gained
      sd_device_get_driver_subsystem() which returns the subsystem of
      driver objects. The new sd_device_get_device_id() call returns a
      short string identifying the device record.

    * The environment variable $REMOTE_ADDR is now set when using
      per-connection socket activation for AF_UNIX stream sockets. It
      contains the AF_UNIX peer address of the connection. (Previously the
      environment variable was only set for IP sockets.)

    * Multipath TCP (MPTCP) is now supported as a socket protocol for
      .socket units.

    * A new /etc/fstab option x-systemd.wants= creates "Wants="
      dependencies.  (This is similar to the previously available
      x-systemd.requires=.)

    * The initialization of the system clock during boot and updates has
      been simplified: both PID 1 or systemd-timesyncd will pick the latest
      minimum time as indicated by the compiled-in epoch,
      /usr/lib/clock-epoch, and /var/lib/systemd/timesync/clock. See
      systemd(1) for an detailed updated description.

    * The kernel's Ctrl-Alt-Delete handling is re-enabled during late
      shutdown, so that the user may use it to initiate a reboot if the
      system freezes otherwise.

    * The new value "identity" for the unit setting PrivateUsers= may be
      used to request a user namespace with an identity mapping for the
      first 65536 UIDs/GIDs.  This is analogous to the systemd-nspawn's
      --private-users=identity.

    * The new value "disconnected" for the unit setting PrivateTmp= may be
      used to specify that a separate tmpfs instance should be used for
      /tmp/ and /var/tmp/ for the unit.

    * The server manager (and various other tools too) use pidfds in more
      places to refer to processes.

    * A build option -D link-executor-shared=false can be used to build
      the systemd-executor binary...