diff --git a/20-api-v2/container.md b/20-api-v2/container.md
index 013c05e..90ca666 100644
--- a/20-api-v2/container.md
+++ b/20-api-v2/container.md
@@ -55,6 +55,9 @@ returned here to make sure everything has been done as expected.
 response immediately. After a new block is issued in sidechain, request is
 verified by Inner Ring nodes. After one more block in sidechain, the container
 is added into smart contract storage.
+NOTE: a container deletion leads to the removal of every object in that
+container, regardless of any restrictions on the object removal (e.g. lock/locked
+object would be also removed).
 
 Statuses:
 - **OK** (0, SECTION_SUCCESS): \
@@ -275,8 +278,8 @@ values will be considered invalid.
 There are some "well-known" attributes affecting system behaviour:
 
 * __NEOFS__SUBNET \
-  String ID of a container's storage subnet. Any container can be attached to
-  one subnet only.
+  DEPRECATED. Was used for a string ID of a container's storage subnet.
+  Currently doesn't affect anything.
 * __NEOFS__NAME \
   String of a human-friendly container name registered as a domain in
   NNS contract.
diff --git a/20-api-v2/lock.md b/20-api-v2/lock.md
index 522a804..14d4dbc 100644
--- a/20-api-v2/lock.md
+++ b/20-api-v2/lock.md
@@ -9,6 +9,8 @@ Lock objects protects a list of objects from being deleted. The lifetime of a
 lock object is limited similar to regular objects in
 `__NEOFS__EXPIRATION_EPOCH` attribute. Lock object MUST have expiration epoch.
 It is impossible to delete a lock object via ObjectService.Delete RPC call.
+Deleting a container containing lock/locked objects results in their removal
+too, regardless of their expiration epochs.
 
 | Field | Type | Description |
 | ----- | ---- | ----------- |
diff --git a/20-api-v2/netmap.md b/20-api-v2/netmap.md
index 427a672..79f27fa 100644
--- a/20-api-v2/netmap.md
+++ b/20-api-v2/netmap.md
@@ -122,7 +122,47 @@ NeoFS network configuration
    
 ### Message NetworkConfig.Parameter
 
-Single configuration parameter
+Single configuration parameter. Key MUST be network-unique.
+
+System parameters:
+- **AuditFee** \
+  Fee paid by the storage group owner to the Inner Ring member.
+  Value: little-endian integer. Default: 0.
+- **BasicIncomeRate** \
+  Cost of storing one gigabyte of data for a period of one epoch. Paid by
+  container owner to container nodes.
+  Value: little-endian integer. Default: 0.
+- **ContainerAliasFee** \
+  Fee paid for named container's creation by the container owner.
+  Value: little-endian integer. Default: 0.
+- **ContainerFee** \
+  Fee paid for container creation by the container owner.
+  Value: little-endian integer. Default: 0.
+- **EigenTrustAlpha** \
+  Alpha parameter of EigenTrust algorithm used in the Reputation system.
+  Value: decimal floating-point number in UTF-8 string representation.
+  Default: 0.
+- **EigenTrustIterations** \
+  Number of EigenTrust algorithm iterations to pass in the Reputation system.
+  Value: little-endian integer. Default: 0.
+- **EpochDuration** \
+  NeoFS epoch duration measured in Sidechain blocks.
+  Value: little-endian integer. Default: 0.
+- **HomomorphicHashingDisabled** \
+  Flag of disabling the homomorphic hashing of objects' payload.
+  Value: true if any byte != 0. Default: false.
+- **InnerRingCandidateFee** \
+  Fee for entrance to the Inner Ring paid by the candidate.
+  Value: little-endian integer. Default: 0.
+- **MaintenanceModeAllowed** \
+  Flag allowing setting the MAINTENANCE state to storage nodes.
+  Value: true if any byte != 0. Default: false.
+- **MaxObjectSize** \
+  Maximum size of physically stored NeoFS object measured in bytes.
+  Value: little-endian integer. Default: 0.
+- **WithdrawFee** \
+  Fee paid for withdrawal of funds paid by the account owner.
+  Value: little-endian integer. Default: 0.
 
 | Field | Type | Description |
 | ----- | ---- | ----------- |
@@ -183,12 +223,8 @@ explicitly set:
   point delimiter for decimal part. In the Network Map it will be saved as
   64-bit unsigned integer representing number of minimal token fractions.
 * __NEOFS__SUBNET_%s \
-  `True` or `False`. Defines if the node is included in the `%s` subnetwork
-  or not. `%s` must be an existing subnetwork's ID (non-negative integer number).
-  A node can be included in more than one subnetwork and, therefore, can contain
-  more than one subnet attribute. A missing attribute is equivalent to the
-  presence of the attribute with `False` value (except default zero subnetwork
-  (with `%s` == 0) for which missing attribute means inclusion in that network).
+  DEPRECATED. Defined if the node is included in the `%s` subnetwork
+  or not. Currently ignored.
 * UN-LOCODE \
   Node's geographic location in
   [UN/LOCODE](https://www.unece.org/cefact/codesfortrade/codes_index.html)
@@ -220,6 +256,24 @@ explicitly set:
   Node's continent name according to the [Seven-Continent model]
   (https://en.wikipedia.org/wiki/Continent#Number). Calculated
   automatically from `UN-LOCODE` attribute.
+* ExternalAddr
+  Node's preferred way for communications with external clients.
+  Clients SHOULD use these addresses if possible.
+  Must contain a comma-separated list of multi-addresses.
+* Version
+  Node implementation's version in a free string form.
+* VerifiedNodesDomain
+  Confirmation of admission to a group of storage nodes.
+  The value is the domain name registered in the NeoFS NNS. If attribute
+  is specified, the storage node requesting entry into the NeoFS network
+  map with this attribute must be included in the access list located on
+  the specified domain. The access list is represented by a set of TXT
+  records: Neo addresses resolved from public keys. To be admitted to the
+  network, Neo address of the node's public key declared in 'public_key'
+  field must be present in domain records. Otherwise, registration will be
+  denied.
+  Value must be a valid NeoFS NNS domain name. Note that if this attribute
+  is absent, this check is not carried out.
 
 For detailed description of each well-known attribute please see the
 corresponding section in NeoFS Technical Specification.
@@ -242,7 +296,7 @@ storage policy definition languages.
 | container_backup_factor | uint32 | Container backup factor controls how deep NeoFS will search for nodes alternatives to include into container's nodes subset |
 | selectors | Selector | Set of Selectors to form the container's nodes subset |
 | filters | Filter | List of named filters to reference in selectors |
-| subnet_id | SubnetID | Subnetwork ID to select nodes from. Zero subnet (default) represents all of the nodes which didn't explicitly opt out of membership. |
+| subnet_id | SubnetID | DEPRECATED. Was used for subnetwork ID to select nodes from, currently ignored. |
    
 ### Message Replica
 
@@ -289,6 +343,7 @@ Represents the enumeration of various states of the NeoFS node.
 | 0 | UNSPECIFIED | Unknown state |
 | 1 | ONLINE | Active state in the network |
 | 2 | OFFLINE | Network unavailable state |
+| 3 | MAINTENANCE | Maintenance state |
 
 ### Emun Operation
 
diff --git a/20-api-v2/object.md b/20-api-v2/object.md
index 7da7371..f827dd2 100644
--- a/20-api-v2/object.md
+++ b/20-api-v2/object.md
@@ -32,16 +32,16 @@ Statuses:
 - **OK** (0, SECTION_SUCCESS): \
   object has been successfully read;
 - Common failures (SECTION_FAILURE_COMMON);
-- **CONTAINER_NOT_FOUND** (3072, SECTION_CONTAINER): \
-  object container not found;
 - **ACCESS_DENIED** (2048, SECTION_OBJECT): \
   read access to the object is denied;
 - **OBJECT_NOT_FOUND** (2049, SECTION_OBJECT): \
   object not found in container;
-- **TOKEN_EXPIRED** (4097, SECTION_SESSION): \
-  provided session token has expired;
 - **OBJECT_ALREADY_REMOVED** (2052, SECTION_OBJECT): \
-  the requested object has been marked as deleted.
+  the requested object has been marked as deleted;
+- **CONTAINER_NOT_FOUND** (3072, SECTION_CONTAINER): \
+  object container not found;
+- **TOKEN_EXPIRED** (4097, SECTION_SESSION): \
+  provided session token has expired.
 
              
 
@@ -85,6 +85,8 @@ Statuses:
 - **OK** (0, SECTION_SUCCESS): \
   object has been successfully saved in the container;
 - Common failures (SECTION_FAILURE_COMMON);
+- **ACCESS_DENIED** (2048, SECTION_OBJECT): \
+  write access to the container is denied;
 - **LOCKED** (2050, SECTION_OBJECT): \
   placement of an object of type TOMBSTONE that includes at least one locked
   object is prohibited;
@@ -93,8 +95,6 @@ Statuses:
   type other than REGULAR is prohibited;
 - **CONTAINER_NOT_FOUND** (3072, SECTION_CONTAINER): \
   object storage container not found;
-- **ACCESS_DENIED** (2048, SECTION_OBJECT): \
-  write access to the container is denied;
 - **TOKEN_NOT_FOUND** (4096, SECTION_SESSION): \
   (for trusted object preparation) session private key does not exist or has
 been deleted;
@@ -137,12 +137,12 @@ Statuses:
 - **OK** (0, SECTION_SUCCESS): \
   object has been successfully marked to be removed from the container;
 - Common failures (SECTION_FAILURE_COMMON);
+- **ACCESS_DENIED** (2048, SECTION_OBJECT): \
+  delete access to the object is denied;
 - **LOCKED** (2050, SECTION_OBJECT): \
   deleting a locked object is prohibited;
 - **CONTAINER_NOT_FOUND** (3072, SECTION_CONTAINER): \
   object container not found;
-- **ACCESS_DENIED** (2048, SECTION_OBJECT): \
-  delete access to the object is denied;
 - **TOKEN_EXPIRED** (4097, SECTION_SESSION): \
   provided session token has expired.
 
@@ -182,16 +182,16 @@ Statuses:
 - **OK** (0, SECTION_SUCCESS): \
   object header has been successfully read;
 - Common failures (SECTION_FAILURE_COMMON);
-- **CONTAINER_NOT_FOUND** (3072, SECTION_CONTAINER): \
-  object container not found;
 - **ACCESS_DENIED** (2048, SECTION_OBJECT): \
   access to operation HEAD of the object is denied;
 - **OBJECT_NOT_FOUND** (2049, SECTION_OBJECT): \
   object not found in container;
-- **TOKEN_EXPIRED** (4097, SECTION_SESSION): \
-  provided session token has expired;
 - **OBJECT_ALREADY_REMOVED** (2052, SECTION_OBJECT): \
-  the requested object has been marked as deleted.
+  the requested object has been marked as deleted;
+- **CONTAINER_NOT_FOUND** (3072, SECTION_CONTAINER): \
+  object container not found;
+- **TOKEN_EXPIRED** (4097, SECTION_SESSION): \
+  provided session token has expired.
 
                   
 
@@ -233,10 +233,10 @@ Statuses:
 - **OK** (0, SECTION_SUCCESS): \
   objects have been successfully selected;
 - Common failures (SECTION_FAILURE_COMMON);
-- **CONTAINER_NOT_FOUND** (3072, SECTION_CONTAINER): \
-  search container not found;
 - **ACCESS_DENIED** (2048, SECTION_OBJECT): \
   access to operation SEARCH of the object is denied;
+- **CONTAINER_NOT_FOUND** (3072, SECTION_CONTAINER): \
+  search container not found;
 - **TOKEN_EXPIRED** (4097, SECTION_SESSION): \
   provided session token has expired.
 
@@ -282,18 +282,18 @@ Statuses:
 - **OK** (0, SECTION_SUCCESS): \
   data range of the object payload has been successfully read;
 - Common failures (SECTION_FAILURE_COMMON);
-- **CONTAINER_NOT_FOUND** (3072, SECTION_CONTAINER): \
-  object container not found;
 - **ACCESS_DENIED** (2048, SECTION_OBJECT): \
   access to operation RANGE of the object is denied;
 - **OBJECT_NOT_FOUND** (2049, SECTION_OBJECT): \
   object not found in container;
-- **TOKEN_EXPIRED** (4097, SECTION_SESSION): \
-  provided session token has expired;
 - **OBJECT_ALREADY_REMOVED** (2052, SECTION_OBJECT): \
   the requested object has been marked as deleted.
 - **OUT_OF_RANGE** (2053, SECTION_OBJECT): \
-  the requested range is out of bounds.
+  the requested range is out of bounds;
+- **CONTAINER_NOT_FOUND** (3072, SECTION_CONTAINER): \
+  object container not found;
+- **TOKEN_EXPIRED** (4097, SECTION_SESSION): \
+  provided session token has expired.
 
          
 
@@ -341,14 +341,14 @@ Statuses:
 - **OK** (0, SECTION_SUCCESS): \
   data range of the object payload has been successfully hashed;
 - Common failures (SECTION_FAILURE_COMMON);
-- **CONTAINER_NOT_FOUND** (3072, SECTION_CONTAINER): \
-  object container not found;
 - **ACCESS_DENIED** (2048, SECTION_OBJECT): \
   access to operation RANGEHASH of the object is denied;
 - **OBJECT_NOT_FOUND** (2049, SECTION_OBJECT): \
   object not found in container;
 - **OUT_OF_RANGE** (2053, SECTION_OBJECT): \
-  the requested range is out of bounds.
+  the requested range is out of bounds;
+- **CONTAINER_NOT_FOUND** (3072, SECTION_CONTAINER): \
+  object container not found;
 - **TOKEN_EXPIRED** (4097, SECTION_SESSION): \
   provided session token has expired.
 
@@ -415,7 +415,7 @@ are not set, they will be calculated by a peer node.
      
 ### Message Range
 
-Object payload range.Ranges of zero length SHOULD be considered as invalid.
+Object payload range. Ranges of zero length SHOULD be considered as invalid.
 
 | Field | Type | Description |
 | ----- | ---- | ----------- |
@@ -515,8 +515,6 @@ will be considered invalid.
 There are some "well-known" attributes starting with `__NEOFS__` prefix
 that affect system behaviour:
 
-* __NEOFS__UPLOAD_ID \
-  Marks smaller parts of a split bigger object
 * __NEOFS__EXPIRATION_EPOCH \
   Tells GC to delete object after that epoch
 * __NEOFS__TICK_EPOCH \
diff --git a/20-api-v2/refs.md b/20-api-v2/refs.md
index 73b47b7..453bb33 100644
--- a/20-api-v2/refs.md
+++ b/20-api-v2/refs.md
@@ -124,6 +124,8 @@ String representation of a value is base-10 integer.
 
 JSON representation is an object containing a single `value` number field.
 
+DEPRECATED. Kept for compatibility only.
+
 | Field | Type | Description |
 | ----- | ---- | ----------- |
 | value | fixed32 | 4-byte integer subnetwork identifier. |
diff --git a/20-api-v2/session.md b/20-api-v2/session.md
index 3126032..72e438f 100644
--- a/20-api-v2/session.md
+++ b/20-api-v2/session.md
@@ -57,7 +57,16 @@ Context information for Session Tokens related to ObjectService requests
 | Field | Type | Description |
 | ----- | ---- | ----------- |
 | verb | Verb | Type of request for which the token is issued |
-| address | Address | Related Object address |
+| target | Target | Object session target. MUST be correctly formed and set. If `objects` field is not empty, then the session applies only to these elements, otherwise, to all objects from the specified container. |
+   
+### Message ObjectSessionContext.Target
+
+Carries objects involved in the object session.
+
+| Field | Type | Description |
+| ----- | ---- | ----------- |
+| container | ContainerID | Indicates which container the session is spread to. Field MUST be set and correct. |
+| objects | ObjectID | Indicates which objects the session is spread to. Objects are expected to be stored in the NeoFS container referenced by `container` field. Each element MUST have correct format. |
    
 ### Message RequestMetaHeader
 
diff --git a/20-api-v2/status.md b/20-api-v2/status.md
index 47c1a5a..08e391f 100644
--- a/20-api-v2/status.md
+++ b/20-api-v2/status.md
@@ -60,6 +60,7 @@ Section of failed statuses independent of the operation.
 | 0 | INTERNAL | [**1024**] Internal server error, default failure. Not detailed. If the server cannot match failed outcome to the code, it should use this code. |
 | 1 | WRONG_MAGIC_NUMBER | [**1025**] Wrong magic of the NeoFS network. Details: - [**0**] Magic number of the served NeoFS network (big-endian 64-bit unsigned integer). |
 | 2 | SIGNATURE_VERIFICATION_FAIL | [**1026**] Signature verification failure. |
+| 3 | NODE_UNDER_MAINTENANCE | [**1027**] Node is under maintenance. |
 
 ### Emun Container
 
diff --git a/20-api-v2/subnet.md b/20-api-v2/subnet.md
index 07af5fa..84c75bf 100644
--- a/20-api-v2/subnet.md
+++ b/20-api-v2/subnet.md
@@ -7,6 +7,8 @@
 
 NeoFS subnetwork description
 
+DEPRECATED. Ignored and kept for compatibility only.
+
 | Field | Type | Description |
 | ----- | ---- | ----------- |
 | id | SubnetID | Unique subnet identifier. Missing ID is equivalent to zero (default subnetwork) ID. |