OCT
13

EasyApache 4 October 13 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on the cPanel Community Forums, Discord, or Reddit to talk about this update and much more. If you have additional questions, feel free to reach out on …

The post EasyApache 4 October 13 Release first appeared on cPanel Newsroom.
Original author: Tabby Worthington
  26 Hits

Copyright

© Cpanel

26 Hits
OCT
07

EasyApache 4 October 7 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on the cPanel Community Forums, Discord, or Reddit to talk about this update and much more. If you have additional questions, feel free to reach out on one of our social channels.

2021-10-7

ea-apache2
EA-10179: Update ea-apache2 to 2.4.51, drop 2.4.50 (with fix for CVE-2021-42013).

This release includes a security patch that has been issued a fix for a CVE (Common Vulnerabilities and Exposures), the details of which are included below.

SUMMARY
cPanel, L.L.C. has updated packages for EasyApache 4 with Apache 2.4.51. This release addresses vulnerabilities related to CVE-2021-42013. We strongly encourage all Apache users to upgrade to version 2.4.51.

AFFECTED VERSIONS
All versions of Apache through 2.4.50

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

Continue reading
  36 Hits

Copyright

© Cpanel

36 Hits
OCT
06

EasyApache 4 October 6 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on the cPanel Community Forums, Discord, or Reddit to talk about this update and much more. If you have additional questions, feel free to reach out on one of our social channels.

2021-10-6

scl-sourceguardian
EA-10163: Update scl-sourceguardian to 12.1.2, drop 12.1.
ea-ruby27-passenger
EA-10161: Update ea-ruby27-passenger to 6.0.11, drop 6.0.10.
ea-nghttp2
EA-10159: Update ea-nghttp2 to 1.45.1, drop 1.44.0.
ea-apache2
EA-10157: Update ea-apache2 to 2.4.50, drop 2.4.49 (with fixes for CVE-2021-41773 and CVE-2021-41524).ZC-9300: Ensure only one package owns http2.conf.

This release includes a security patch that has been issued a fix for a CVE (Common Vulnerabilities and Exposures), the details of which are included below.

SUMMARY
cPanel, L.L.C. has updated packages for EasyApache 4 with Apache 2.4.50. This release addresses vulnerabilities related to CVE-2021-41773 and CVE-2021-41524. We strongly encourage all Apache users to upgrade to version 2.4.50.

AFFECTED VERSIONS
All versions of Apache through 2.4.49

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

Continue reading
  26 Hits

Copyright

© Cpanel

26 Hits
SEP
29

EasyApache 4 September 29 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on the cPanel Community Forums, Discord, or Reddit to talk about this update and much more. If you have additional questions, feel free to reach out on one of our social channels.

2021-9-29

ea-php74
EA-10136: Update ea-php74 to 7.4.24, drop 7.4.23 (with fix for CVE-2021-21706).
ea-php74-meta
EA-10136: Update ea-php74 to 7.4.24, drop 7.4.23 (with fix for CVE-2021-21706).
ea-php80
EA-10130: Update ea-php80 to 8.0.11, drop 8.0.10 (with fix for CVE-2021-21706).
ea-php80-meta
EA-10130: Update ea-php80 to 8.0.11, drop 8.0.10 (with fix for CVE-2021-21706).
scl-php73
EA-10132: Update scl-php73 to 7.3.31, drop 7.3.30 (with fix for CVE-2021-21706).
scl-php73-meta
EA-10132: Update scl-php73 to 7.3.31, drop 7.3.30 (with fix for CVE-2021-21706).
ea-nginx
ZC-9317: Stop using deprecated (and unused) module.
ea-apache2-config
ZC-9253: Install nobody hook via ea-cpanel-tools so it’s available for pre-txn profile install.
ea-cpanel-tools
ZC-9253: Install nobody hook via ea-cpanel-tools so it’s available for pre-txn profile install.

This release includes a security patch that has been issued a fix for a CVE (Common Vulnerabilities and Exposures), the details of which are included below.

SUMMARY
cPanel, L.L.C. has updated packages for EasyApache 4 with PHP versions 7.3.31, 7.4.24, and 8.0.11.. This release addresses vulnerabilities related to CVE-2021-21706. We strongly encourage all PHP 7.3 users to upgrade to version 7.3.31, all PHP 7.4 users to upgrade to version 7.4.24, and all PHP 8.0 users to upgrade to version 8.0.11.

AFFECTED VERSIONS
All versions of PHP 7.3 through 7.3.30.
All versions of PHP 7.4 through 7.4.23.
All versions of PHP 8.0 through 8.0.10.

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

Continue reading
  45 Hits

Copyright

© Cpanel

45 Hits
SEP
24

cPanel® Version 100 now in EDGE!

We are happy to announce that cPanel Version 100 has now been released to the EDGE tier!  Warning: Due to the dynamic nature of EDGE builds, only use EDGE for testing in a controlled environment. We do not recommend this tier for production servers. This version has only received rudimentary testing. We publish this tier most often (up …

The post cPanel® Version 100 now in EDGE! first appeared on cPanel Newsroom.
Original author: Tabby Worthington
  39 Hits

Copyright

© Cpanel

39 Hits
SEP
22

EasyApache 4 September 22 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on the cPanel Community Forums, Discord, or Reddit to talk about this update and much more. If you have additional questions, feel free to reach out on one of our social channels.

2021-9-22

ea-nginx
EA-10108: Update ea-nginx to 1.21.3, drop 1.21.2.ZC-9261: Allow include to prefix proxy_cache_key based on any criteria.ZC-9260: Move standalone includes to separate folder and bring in server includes on reverse proxy and standalone.
libcurl
ea-tomcat85
EA-10109: Update ea-tomcat85 to 8.5.71, drop 8.5.70.
ea-apache2
mod_security2
ZC-9217: Fix the RPM path for modsec_audit.ZC-8704: Build for Ubuntu, and minor changes for CentOS.

This release includes a security patch that has been issued a fix for a CVE (Common Vulnerabilities and Exposures), the details of which are included below.

SUMMARY
cPanel, L.L.C. has updated packages for EasyApache 4 with Apache 2.4.49 and libcurl 7.79.0. This release addresses vulnerabilities related to CVE-2021-22945, CVE-2021-22946, CVE-2021-22947, CVE-2021-40438, CVE-2021-39275, CVE-2021-36160, CVE-2021-34798, and CVE-2021-33193. We strongly encourage all Apache users to upgrade to version 2.4.49 and all libcurl users to upgrade to version 7.79.0.

AFFECTED VERSIONS
All versions of Apache through 2.4.48.
All versions of libcurl through 7.78.0.

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

Continue reading
  55 Hits

Copyright

© Cpanel

55 Hits
SEP
21

cPanel TSR-2021-0005 Full Disclosure

cPanel has released its Targeted Security Release to address security concerns with the cPanel product. These updates are currently available to all customers via the standard update system.

cPanel has rated this update as having a CVSSv3.1 score of 3.9 to 5.3. For more information on ratings, please visit our documentation.

Is there any action required?

If you have disabled cPanel & WHM automatic updates, please update your cPanel & WHM installations at your earliest convenience.

If you have configured cPanel & WHM servers to automatically update, no action is required. Your servers have automatically been updated.

To avoid service interruptions, please ensure you are on one of the following secure versions:

Continue reading
  48 Hits

Copyright

© Cpanel

48 Hits
SEP
20

cPanel TSR-2021-0005 Announcement

cPanel has released its Targeted Security Release to address security concerns with the cPanel & WHM product. These updates are currently available to all customers via the standard update system. cPanel has rated this update as having a CVSSv3.1 score of 3.9 to 5.3. For more information on ratings, please visit our documentation. Is …

The post cPanel TSR-2021-0005 Announcement first appeared on cPanel Newsroom.
Original author: Tabby Worthington
  36 Hits

Copyright

© Cpanel

36 Hits
SEP
15

EULA and Pricing and Term Agreement Updates 

As part of our decision to include WordPress Toolkit in cPanel licenses at no additional charge, we recently notified customers that we made changes to our End User License and our Pricing and Term Agreement.  The changes that we made to these agreements were to facilitate that decision, and move …

The post EULA and Pricing and Term Agreement Updates  first appeared on cPanel Newsroom.
Original author: Tabby Worthington
  48 Hits

Copyright

© Cpanel

48 Hits
SEP
15

EasyApache 4 September 15 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on the cPanel Community Forums, Discord, or Reddit to talk about this update and much more. If you have additional questions, feel free to reach out on …

The post EasyApache 4 September 15 Release first appeared on cPanel Newsroom.
Original author: Tabby Worthington
  43 Hits

Copyright

© Cpanel

43 Hits
SEP
08

cPanel & WHM Version 96 Now EOL

8 Sept 2021

With Version 98 in STABLE cPanel & WHM Version 96 has reached End of Life. This version will now only be supported by cPanel when upgrading to a supported version.

In accordance with our EOL policy, Version 96 will continue to function on servers where it is already installed. The last release of cPanel & WHM Version 96 will remain on our mirrors indefinitely. However, no further updates, including fixes for known security flaws, will be provided for Version 96. Older releases of cPanel & WHM will be removed from our mirrors.

We recommend that all customers upgrade any existing installations of cPanel & WHM Version 96 to the most recent version of cPanel & WHM Version 98, which you can read about on https://releases.cpanel.net.

If your server setup complicates the process of upgrading to a supported version of cPanel & WHM (review the list of upgrade blockers), cPanel is here to help. Simply open a support ticket and our knowledgeable support team will provide recommendations, upgrade assistance, and more.

Continue reading
  49 Hits

Copyright

© Cpanel

49 Hits
SEP
01

EasyApache 4 September 1 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on the cPanel Community Forums, Discord, or Reddit to talk about this update and much more. If you have additional questions, feel free to reach out on one of our social channels.

2021-9-1

apr
ea-freetds
EA-10071: Update ea-freetds to 1.3.2, drop 1.3.1.
ea-nginx
EA-9954: Add logic for server_names_hash_max_size and server_names_hash_bucket_size to syntax checker.
ea-openssl11
ea-php74
EA-10081: Update ea-php74 to 7.4.23, drop 7.4.22.
ea-php74-meta
EA-10081: Update ea-php74 to 7.4.23, drop 7.4.22.
ea-php80
EA-10080: Update ea-php80 to 8.0.10, drop 8.0.9.
ea-php80-meta
EA-10080: Update ea-php80 to 8.0.10, drop 8.0.9.
scl-php73
EA-10074: Update scl-php73 to 7.3.30, drop 7.3.29.
scl-php73-meta
EA-10074: Update scl-php73 to 7.3.30, drop 7.3.29.

This release includes a security patch that has been issued a fix for a CVE (Common Vulnerabilities and Exposures), the details of which are included below.

SUMMARY
cPanel, L.L.C. has updated RPMs for EasyApache 4 with OpenSSL 1.1.1l and a patch for APR 1.7.0. This release addresses vulnerabilities related to CVE-2021-35940, CVE-2021-3711, and CVE-2021-3712. We strongly encourage all OpenSSL users to upgrade to version 1.1.1l and all APR users to upgrade to the patched version 1.7.0.

AFFECTED VERSIONS
All versions of OpenSSL through 1.1.1k.
APR version 1.7.0.

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

Continue reading
  72 Hits

Copyright

© Cpanel

72 Hits
AUG
31

cPanel & WHM® Version 98 now in STABLE!

We are happy to announce that cPanel, L.L.C. has released cPanel & WHM Version 98 to the STABLE tier!  What’s new in Version 98? To see what’s changing in this new version, check out the release notes, as well as the brief highlights below If you have other questions or comments, join …

The post cPanel & WHM® Version 98 now in STABLE! first appeared on cPanel Newsroom.
Original author: Tabby Worthington
  79 Hits

Copyright

© Cpanel

79 Hits
AUG
25

EasyApache 4 August 25 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on the cPanel Community Forums, Discord, or Reddit to talk about this update and much more. If you have additional questions, feel free to reach out on …

The post EasyApache 4 August 25 Release first appeared on cPanel Newsroom.
Original author: Tabby Worthington
  68 Hits

Copyright

© Cpanel

68 Hits
AUG
18

EasyApache 4 August 18 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on the cPanel Community Forums, Discord, or Reddit to talk about this update and much more. If you have additional questions, feel free to reach out on …

The post EasyApache 4 August 18 Release first appeared on cPanel Newsroom.
Original author: Tabby Worthington
  112 Hits

Copyright

© Cpanel

112 Hits
AUG
13

cPanel & WHM® Version 98 is now in RELEASE!

We are happy to announce that cPanel, L.L.C. has released cPanel & WHM Version 98 to the RELEASE tier!  What’s new in Version 98? To see what’s changing in this new version, check out the release notes, as well as the brief highlights below If you have other questions or comments, join …

The post cPanel & WHM® Version 98 is now in RELEASE! first appeared on cPanel Newsroom.
Original author: Tabby Worthington
  87 Hits

Copyright

© Cpanel

87 Hits
AUG
11

EasyApache 4 August 11 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on the cPanel Community Forums, Discord, or Reddit to talk about this update and much more. If you have additional questions, feel free to reach out on …

The post EasyApache 4 August 11 Release first appeared on cPanel Newsroom.
Original author: Tabby Worthington
  91 Hits

Copyright

© Cpanel

91 Hits
AUG
10

Unscheduled TSR 10 August 2021

On August 9th, 2021, Perl announced a vulnerability in the Encode.pm Perl module version 3.05. 

Porters,

I have attached a fix for a bug in Encode, registered as CVE-2021-36770.  This bug replaces the contents of @INC with a predictable integer, which is treated as a directory relative to the current working directory, long enough to execute one “require”.

The vulnerability was introduced in Encode v3.05, here: dankogai/p5-encode@9c5f5a3  It was shipped with Perl v5.32 and v5.34.

A simple proof of concept:

Continue reading
  70 Hits

Copyright

© Cpanel

70 Hits
AUG
04

EasyApache 4 August 4 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on the cPanel Community Forums, Discord, or Reddit to talk about this update and much more. If you have additional questions, feel free to reach out on …

The post EasyApache 4 August 4 Release first appeared on cPanel Newsroom.
Original author: Tabby Worthington
  112 Hits

Copyright

© Cpanel

112 Hits
JUL
28

EasyApache 4 July 28 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on the cPanel Community Forums, Discord, or Reddit to talk about this update and much more. If you have additional questions, feel free to reach out on one of our social channels.

2021-7-28

ea-apache2-config
ZC-7402: Set SecRuleEngine under mod sec 3.x the same as we do for 2.x.
libcurl

This release includes a security patch that has been issued a fix for a CVE (Common Vulnerabilities and Exposures), the details of which are included below.

SUMMARY
cPanel, L.L.C. has updated RPMs for EasyApache 4 with libcurl 7.78.0. This release addresses vulnerabilities related to CVE-2021-22922, CVE-2021-22923, CVE-2021-22924, CVE-2021-22925, and CVE-2021-22926. We strongly encourage all libcurl users to upgrade to version 7.78.0.

AFFECTED VERSIONS
All versions of libcurl through 7.77.0.

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

Continue reading
  127 Hits

Copyright

© Cpanel

127 Hits
Advertisement