MAY
08

EasyApache 4 May 8 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! This release contains a debuginfo package for ea-liblsapi, a fix for an Apache issue with symlink protection, and a number of PHP updates. Take a look at some highlights below, and then join us on SlackDiscord, or Reddit to talk about this update and much more.

ea-liblsapiEA-8330 – Build debuginfo package for ea-liblsapiea-apache2CPANEL-27056 – apache is serving up root owned files when symlink protection is enabledscl-php71scl-php71-metaEA-8431 – Update PHP71 from 7.1.28 to 7.1.29scl-php72scl-php72-metaEA-8427 – Update PHP72 from v7.2.17 to v7.2.18scl-php73scl-php73-metaEA-8428 – Update PHP73 from v7.3.4 to v7.3.5


This release includes a security patch that has been issued a fix for a CVE (Common Vulnerabilities and Exposures), the details of which are included below.

SUMMARY
cPanel, L.L.C. has updated RPMs for EasyApache 4 with PHP versions 7.1.29, 7.2.18, and 7.3.5. This release addresses vulnerabilities related to CVE-2019-11036 and another other vulnerability which has not yet been assigned a number. We strongly encourage all PHP 7.1 users to upgrade to version 7.1.29, all PHP 7.2 users to upgrade to version 7.2.18, all PHP 7.3 users to upgrade to version 7.3.5.

AFFECTED VERSIONS
All versions of PHP 7.1 through 7.1.28
All versions of PHP 7.2 through 7.2.17
All versions of PHP 7.3 through 7.3.4


SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

Continue reading
  64 Hits

Copyright

© Cpanel

64 Hits
MAY
01

cPanel, the Hosting Platform of Choice, Announces Its Newest Partnership With JetApps

cPanel®, the Hosting Platform of ChoiceTM, announces its newest partnership with JetApps, providing JetBackup to cPanel’s users.

Houston, Texas, May 1, 2019 (Newswire) -​​ cPanel is excited to announce a new partnership with JetApps. Starting immediately, users can buy a JetBackup license directly from cPanel.

JetBackup supplies hosting providers with a great deal of flexibility by allowing unlimited backup jobs, multiple schedules per job, and unlimited destinations. Creating and applying custom hooks to backup and restore functions gives companies the ability to meet the unique needs of their clients.

When asked about the importance of quality backups, Eric Ellis, Vice President of Customer Experience for cPanel, LLC said, “Throughout my technical career, I’ve always preached about how vital it is to make and test backups. Understanding how important this is when considering a backup technology partnership, JetBackup stood out as a dependable name in backup software making it an easy choice for cPanel. I’ll be using this robust software on my servers from now on.”

JetBackup’s self-service functionality allows cPanel end-users, hosting customers, to restore an account in seconds, removing the support burden with traditional cPanel & WHM backups. Some hosting providers have seen up to 70% fewer support tickets related to account backups and restores. When clients have speed and ease-of-use, it is a win-win for both cPanel partners and their clients. Users can also enable JetBackup’s GDPR compliance feature for their account backups. 

Continue reading
  72 Hits

Copyright

© Cpanel

72 Hits
MAY
01

cPanel & WHM Version 70 now EOL

cPanel & WHM Version 70 has reached End of Life and will no longer be supported by cPanel except when upgrading to a supported version. In accordance with our EOL policy (https://go.cpanel.net/longtermsupport), Version 70 will continue to function on servers where it is already installed. The last release of cPanel …
Original author: benny Vasquez
  63 Hits

Copyright

© Cpanel

63 Hits
APR
24

EasyApache 4 Apr 26 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! This update includes updates to LiteSpeed 7.3 on multiple versions of PHP, a fix for EA on RHEL and more! Please check out the changes and then join us on Slack, Discord, or Reddit to talk about this update …
Original author: Phil Hodges
  53 Hits

Copyright

© Cpanel

53 Hits
APR
22

Reminder: cPanel & WHM Version 76 now EOL

As of cPanel & WHM Version 78’s move to STABLE on April 8th, cPanel & WHM Version 76 has reached End of Life and will no longer be supported by cPanel except when upgrading to a supported version. In accordance with our EOL policy (https://go.cpanel.net/longtermsupport), 76 will continue functioning on …
Original author: benny Vasquez
  59 Hits

Copyright

© Cpanel

59 Hits
APR
18

EasyApache 4 Apr 18 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! With this release, we are introducing an experimental version of NGINX to cPanel & WHM. For a more in-depth breakdown, please review our related NGINX blog announcement. Also included are fixes for issues with ea-apache24-mod-pagespeed, ea-memcached, and libmemcached. Take a …
Original author: Phil Hodges
  54 Hits

Copyright

© Cpanel

54 Hits
APR
09

EasyApache 4 Apr 9 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4 which includes several PHP version updates. Take a look at the changes below, and then join us on Slack, Discord, or Reddit to talk about this update and much more. 2019-4-9 scl-php71 EA-8316: Update PHP to version 7.1.28, drop …
Original author: Phil Hodges
  58 Hits

Copyright

© Cpanel

58 Hits
APR
08

cPanel & WHM Version 78 now in STABLE!

We are happy to announce that cPanel, Inc. has released cPanel & WHM Version 78 to the STABLE tier! This version is our 2019 LTS (Long Term Support) version and will be supported until March of 2020. This move also brings an end to support for cPanel & WHM Version 76. Take a look at highlights on our release site, or check out the full release notes for v78. Then, join us on Slack, Discord, or Reddit to talk about all the exciting improvements.

Introducing Email Deliverability

Spam and spoofing cause problems for all email hosting providers. With this brand new interface, identifying and correcting problems with your domain’s SPF, DKIM, and PTR configuration is even easier. | Read More

Deliver backups to Backblaze B2

Version 78 brings the BackBlaze B2 destination to WHM’s Backup Configuration Interface allowing hosting providers to save their backups to Backblaze B2 Cloud Storage. | Read More

Continue reading
  63 Hits

Copyright

© Cpanel

63 Hits
APR
03

EasyApache 4 Apr 3 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! This release includes a version update for ea-apache24 to 2.4.39, resolution to an issue with the installation of ea-liblsapi, and a solution for the premature stoppage of /scripts/ea-tomcat85. Please review the release in its entirety, then join us on SlackDiscord, or Reddit to talk about this update and much more

2019-4-3

ea-apache2EA-8307: Update Apache to 2.4.39, drop 2.4.38ea-apache2-configEA-8305: Revert change in EA-8250ea-liblsapiEA-8300: Cannot reinstall ea-liblsapi because of conflicts with liblsapiea-tomcat85EA-8241: /scripts/ea-tomcat85 prematurely dies if fs.protected_symlinks_create is enabled

This release includes a security patch that has been issued a fix for a CVE (Common Vulnerabilities and Exposures), the details of which are included below.

SUMMARY
cPanel, L.L.C. has updated RPMs for EasyApache 4 with Apache version 2.4.39. This release addresses vulnerabilities related to CVE-2019-0197, CVE-2019-0196, CVE-2019-0211, CVE-2019-0217, CVE-2019-0215, and CVE-2019-0220. We strongly encourage all Apache users to upgrade to version 2.4.39.

AFFECTED VERSIONS

All versions of Apache through 2.4.38

Continue reading
  64 Hits

Copyright

© Cpanel

64 Hits
MAR
27

EasyApache 4 Mar 27 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on Slack, Discord, or Reddit to talk about this update and much more. 2019-3-27 mod_security2 EA-8292:  Patch mod_security for Issue 890 – ModSecurity corrupts the global pool’s cleanups linked list with …
Original author: Phil Hodges
  57 Hits

Copyright

© Cpanel

57 Hits
MAR
26

Support for Version 70 Extended to April 30th, 2019

Support for the current LTS (Long Term Support) version, cPanel & WHM Version 70, has been extended to April 30th, 2019. This extension is due to cPanel & WHM Version 78 not reaching the STABLE tier prior to the end of Version 70 support. Support is not extended for any …
Original author: benny Vasquez
  53 Hits

Copyright

© Cpanel

53 Hits
MAR
19

cPanel TSR-2019-0002 Full Disclosure

Yesterday cPanel released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. Below is the full disclosure of the changes included in that update.

Information on cPanel’s security ratings is available at https://go.cpanel.net/securitylevels.

If your deployed cPanel & WHM servers are configured to automatically update when new releases are available, then no action is required. Your systems will update automatically. If you have disabled automatic updates, then we strongly encourage you to update your cPanel & WHM installations at your earliest convenience.

SEC-477

Summary
Unsafe file operations as root in SSL certificate storage.
Security Rating
cPanel has assigned this vulnerability a CVSSv3 score of 5.6 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
Description
The Cpanel::SSL::Objects::Certificate::File module creates a cache file when opening and reading an SSL certificate file. The Cpanel::SSLStorage module uses this to perform operations on SSL certificates stored in the user’s home directory as root. Because of this, it was possible for an attacker to overwrite and/or read root-owned files.
Credits
This issue was discovered by the cPanel Security Team.
Solution
This issue is resolved in the following builds:78.0.1876.0.2170.0.67

Continue reading
  56 Hits

Copyright

© Cpanel

56 Hits
MAR
19

cPanel integrates industry-leading web hosting security solution ImunifyAV into cPanel & WHM.

Texas – March 2019 cPanel is excited to announce that it will be integrating ImunifyAV into all cPanel & WHM servers in the coming months. By integrating ImunifyAV, part of the Imunify Security product set from industry partner CloudLinux, cPanel will provide all customers with one of the most effective malware detection solutions in the industry. All cPanel & WHM users will benefit from automatic scans of their sites and servers to check whether they have been infected with hidden malware. If ImunifyAV discovers infections, cPanel customers can choose to clean the infection themselves with provided instructions, or automatically clean the infections with a simple upgrade to ImunifyAV+. Hosting providers can also elect to move to Imunify360, the only multi-layer proactive defense suite for web hosting, directly from their WHMÒ interface.

 “We are very intentional with decisions to pre-install 3rd party products into our software, and we knew we could only have one security scanner. After working extensively with the Imunify Security development team and reviewing test results, we decided it was a tool we wanted to provide to all cPanel customers,” said Nick Koston, cPanel’s CEO. “The detection rates and product performance are superior to anything else we have seen.”

cPanel and Imunify Security. “The CloudLinux and Imunify Security team are long-term friends of cPanel. In 2018 we started to offer Imunify360 as a featured security product”, Nick continued. “As we collaborated with them on the ImunifyAV integration we became convinced it was the right decision for our community.”

 “We couldn’t be more thrilled to build on our strategic partnership with cPanel,” said Jim Jackson, President and Chief Revenue Officer at CloudLinux. “Having partnered successfully with cPanel for years on the CloudLinux OS and KernelCare, we knew we could do something special with them in the security arena as we were rapidly growing the Imunify Security product set. We view the integration of ImunifyAV into cPanel & WHM, and the availability of all Imunify products directly through their industry-leading panel, as the ultimate testament of our work together to protect our joint user community from all forms of malicious attacks.”

The product team will be working to build this integration for cPanel & WHM Version 82, which will be released in the third quarter of 2019. To be notified of this and other product updates, sign up for the cPanel Mailing List.

Continue reading
  55 Hits

Copyright

© Cpanel

55 Hits
MAR
18

TSR-2019-0002 Announcement

cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.

cPanel has rated these updates as having CVSSv3 scores ranging from 2.5 to 7.8.

Information on cPanel’s security ratings is available at https://go.cpanel.net/securitylevels.

If your deployed cPanel & WHM servers are configured to automatically update when new releases are available, then no action is required. Your systems will update automatically. If you have disabled automatic updates, then we strongly encourage you to update your cPanel & WHM installations at your earliest convenience.

RELEASES

Continue reading
  56 Hits

Copyright

© Cpanel

56 Hits
MAR
13

EasyApache 4 Mar 13 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! This update includes a number of security updates for PHP versions 7.1.27, 7.2.16, and 7.3.3, as well as OpenSSL version 1.0.2r, and the addition of PassengerNodejs to passenger_apps.default. We are also adding ea-nodejs10 in preparation for work that will be released in cPanel & WHM Version 80. Please take a look at the release below, and then join us on SlackDiscord, or Reddit to talk about this update and much more.

2019-3-13

ea-apache2EA-8279: Remove noreplace from old EA3 config file in ea-apache24.spec ea-opensslEA-8265: Update OpenSSL to version 1.0.2r, drop 1.0.2q (with fix for CVE-2019-1559)scl-php71scl-php71-metaEA-8267: Update PHP 7.1 to version 7.1.27, drop 7.1.26scl-php72scl-php72-metaEA-8271: Update PHP 7.2 to version 7.2.16, drop 7.2.15scl-php73scl-php73-metaEA-8275: Update PHP 7.3 to version 7.3.3, drop 7.3.2scl-ruby24-passengerEA-8238: Add PassengerNodejs to passenger_apps.defaultea-nodejs10EA-8125: Move ea-nodejs10 into production

This release also includes security patches that have been issued for CVEs (Common Vulnerabilities and Exposures), the details of which are included below.

SUMMARY
cPanel, L.L.C. has updated RPMs for EasyApache 4 with PHP versions 7.1.27, 7.2.16, and 7.3.3 and OpenSSL version 1.0.2r. This release addresses vulnerabilities related to CVE-2019-9637, CVE-2019-9641, CVE-2019-9640, CVE-2019-9638, CVE-2019-9639, CVE-2019-1559, and several other vulnerabilities which have not yet been assigned a number. We strongly encourage all PHP 7.1 users to upgrade to version 7.1.27, all PHP 7.2 users to upgrade to version 7.2.16, all PHP 7.3 users to upgrade to version 7.3.3 and all OpenSSL 1.0.2 users to upgrade to version 1.0.2r.

AFFECTED VERSIONS
All versions of PHP 7.1 through 7.1.26
All versions of PHP 7.2 through 7.2.15
All versions of PHP 7.3 through 7.3.2
All versions of OpenSSL 1.0.2 through 1.0.2q

Continue reading
  54 Hits

Copyright

© Cpanel

54 Hits
MAR
07

EasyApache 4 Mar 7 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! We are happy to announce that PHP 7.3 is now available. Take a look at some highlights below, and then join us on Slack, Discord, or Reddit to talk about this update and much more. 2019-3-7 scl-php73-meta EA-8254: Prepare …
Original author: Phil Hodges
  52 Hits

Copyright

© Cpanel

52 Hits
MAR
05

cPanel Joins DigitalOcean Marketplace

Texas – March 2019 cPanel, the Hosting Platform of Choice, is excited to be part of a brand new platform to connect developers with the applications they need: DigitalOcean Marketplace. Launched today, this is the first partner-led offering by DigitalOcean, making it easier for companies like cPanel to deliver their solutions to developers on demand.

Marketplace presents DigitalOcean customers with a focused ecosystem of partner-built 1-Click Apps — pre-configured software and infrastructure stacks running on DigitalOcean. By listing cPanel & WHM solution on Marketplace, we make it even easier for DigitalOcean to provide its community of 3.5 million developers with the services, components, and tools necessary for modern app development.

“DigitalOcean’s highly-performant Developer Cloud, coupled with the power of cPanel & WHM’s automation will help administrators, and developers host the applications their customers want more efficiently than ever before,” said Eric Ellis, cPanel’s Vice President of Customer Experience. “This historic partnership is also a huge step forward for the thousands of developers who work with cPanel & WHM and already use DigitalOcean. We’ve enjoyed using DigitalOcean over the years to benchmark our installers, and can’t wait for our customers to take advantage of it. DigitalOcean’s commitment to the developer community and open source software make them an excellent choice for any cPanel customer.”

First released in 1997, cPanel & WHM is the leading web hosting automation software globally. Its ever-growing user base prefers the familiar, feature-full, and simple interface. Coupled with the ease of DigitalOcean 1-Click Apps, this removes the biggest hurdles in managing a server. The 1-Click Apps on Marketplace makes it simple to build your server with cPanel & WHM installed already, allowing users to get straight to work building and maintaining an online presence.

While highly technical features like its robust APIs and EasyApache make managing infrastructure simple, features like the Website Builder and WordPress Manager make it easy to for even technical novices to build and manage stunning websites. This Linux-based software allows you to take control of your website files, databases, web directories, and email accounts as well as set up domains in one single interface. Even website owners can handle this software without fuss.

Continue reading
  62 Hits

Copyright

© Cpanel

62 Hits
FEB
28

cPanel & WHM Version 70 EOL in 1 Month

The current LTS (Long Term Support) version, cPanel & WHM version 70, will reach End of Life in one month at the end of March 2019. At that time, Version 70 will no longer be supported by cPanel except when upgrading to a supported version. We recommend that all customers …
Original author: benny Vasquez
  61 Hits

Copyright

© Cpanel

61 Hits
FEB
20

EasyApache 4 Feb 20 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look below, and then join us on Slack, Discord, or Reddit to talk about this update and much more. cPanel, L.L.C. has updated 3 RPMs for EasyApache 4. 2019-2-20 apr EA-8225: Update APR to 1.6.5, drop 1.6.3 …
Original author: Phil Hodges
  52 Hits

Copyright

© Cpanel

52 Hits
FEB
20

cPanel & WHM Version 78 now in RELEASE!

We are happy to announce that cPanel, Inc. has released cPanel & WHM Version 78 to the RELEASE tier! This version is our 2019 LTS (Long Term Support) version and will be supported until March of 2020. Take a look at highlights on our release site, or check out the full …
Original author: benny Vasquez
  57 Hits

Copyright

© Cpanel

57 Hits
Advertisement