JUL
28

EasyApache 4 July 28 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on the cPanel Community Forums, Discord, or Reddit to talk about this update and much more. If you have additional questions, feel free to reach out on one of our social channels.

2021-7-28

ea-apache2-config
ZC-7402: Set SecRuleEngine under mod sec 3.x the same as we do for 2.x.
libcurl

This release includes a security patch that has been issued a fix for a CVE (Common Vulnerabilities and Exposures), the details of which are included below.

SUMMARY
cPanel, L.L.C. has updated RPMs for EasyApache 4 with libcurl 7.78.0. This release addresses vulnerabilities related to CVE-2021-22922, CVE-2021-22923, CVE-2021-22924, CVE-2021-22925, and CVE-2021-22926. We strongly encourage all libcurl users to upgrade to version 7.78.0.

AFFECTED VERSIONS
All versions of libcurl through 7.77.0.

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

Continue reading
  1 Hits

Copyright

© Cpanel

1 Hits
JUL
21

EasyApache 4 July 21 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on the cPanel Community Forums, Discord, or Reddit to talk about this update and much more. If you have additional questions, feel free to reach out on …

The post EasyApache 4 July 21 Release first appeared on cPanel Newsroom.
Original author: Tabby Worthington
  38 Hits

Copyright

© Cpanel

38 Hits
JUL
20

cPanel TSR-2021-0004 Full Disclosure

cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.

cPanel TSR-2021-0004 Full Disclosure

SEC-585

Summary

WHM Locale Upload allows vulnerable to XXE and unserialization attacks.

Security Rating

cPanel has assigned this vulnerability a CVSSv3.1 score of 2.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:N/I:L/A:N

Description

The WHM Local Upload functionality allows for arbitrary XML documents to be uploaded. These documents may be serialized Perl object data. These documents may include references to external entities and/or be recorded as blessed Perl objects. This may lead to arbitrary file read/writes and/or code execution.

Credits

This issue was discovered by Adrian Tiron, Fortbridge (Cyber Security Services – London – Your application security mavens ).

Continue reading
  28 Hits

Copyright

© Cpanel

28 Hits
JUL
19

cPanel TSR-2021-0004 Announcement

cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.

cPanel TSR-2021-0004 Announcement

cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.

cPanel has rated this update as having a CVSSv2.3 score of 3.1.

Information on cPanel’s security ratings is available at https://go.cpanel.net/securitylevels.

If your deployed cPanel & WHM servers are configured to automatically update when new releases are available, then no action is required. Your systems will update automatically. If you have disabled automatic updates, then we strongly encourage you to update your cPanel & WHM installations at your earliest convenience.

Continue reading
  18 Hits

Copyright

© Cpanel

18 Hits
JUL
15

cPanel & WHM® Version 98 is now in CURRENT!

We are happy to announce that cPanel, L.L.C. has released cPanel & WHM Version 98 to the CURRENT tier! What’s new in Version 98? To see what’s changing in this new version, check out the release notes, as well as the brief highlights below If you have other questions or comments, join …

The post cPanel & WHM® Version 98 is now in CURRENT! first appeared on cPanel Newsroom.
Original author: Tabby Worthington
  31 Hits

Copyright

© Cpanel

31 Hits
JUL
14

EasyApache4 July 14 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on the cPanel Community Forums, Discord, or Reddit to talk about this update and much more. If you have additional questions, feel free to reach out on …

The post EasyApache4 July 14 Release first appeared on cPanel Newsroom.
Original author: Tabby Worthington
  43 Hits

Copyright

© Cpanel

43 Hits
JUL
07

EasyApache 4 July 7 Release

EasyApache 4 July 7 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on the cPanel Community Forums, Discord, or Reddit to talk about this update and much more. If you have additional questions, feel free to reach out on one of our social channels.

2021-7-7

ea-nginx
EA-9909: Add hard coded fallback values for keys in settings.json.ZC-9005: Do not hide Upgrade header when proxying websockets under main service subdomains.ZC-9018: Rebuild all users, reporting any issues at the end.ZC-9020: Add cache-related methods to adminbin.EA-9874: Cache 301 redirects.EA-9814: Set client_max_body_size to 128m.ZC-9009: Do not die when a domain’s PHP config is missing.ZC-8589: Improve proxy/SSL configuration.
ea-apache2-config
ZC-8936: Address C8 issue with 001-ensure-nobody hook.
ea-modsec2-rules-owasp-crs
EA-9921: Update ea-modsec2-rules-owasp-crs to 3.3.2, drop 3.3.0. Version update includes CVE-2021-35368 (previously patched).
ea-php74
ea-php74-meta
ea-php80
ea-php80-meta
ea-ruby27
EA-9864: Update ea-ruby27 to 2.7.3, drop 2.7.2.ZC-8967: Update ea-ruby27 to 2.7.3, drop 2.7.2.ZC-8891: Update ea-ruby27 to 2.7.3, drop 2.7.2.
ea-ruby27-meta
EA-9864: Update ea-ruby27 to 2.7.3, drop 2.7.2.ZC-8967: Update ea-ruby27 to 2.7.3, drop 2.7.2.ZC-8891: Update ea-ruby27 to 2.7.3, drop 2.7.2.
ea-ruby27-rubygem-nokogiri
EA-9904: Update ea-ruby27-rubygem-nokogiri to 1.11.7, drop 1.11.6.
ea-ruby27-passenger
EA-9860: Update ea-ruby27-passenger from v6.0.9, drop 6.0.8.
mod_bw
ZC-8700: Rename the tarball, Fix for C8.
scl-php73
scl-php73-meta

This release includes a security patch that has been issued a fix for a CVE (Common Vulnerabilities and Exposures), the details of which are included below.

SUMMARY
cPanel, L.L.C. has updated RPMs for EasyApache 4 with PHP versions 7.3.29, 7.4.21, and 8.0.8. This release addresses vulnerabilities related to CVE-2021-21704 and CVE-2021-21705. We strongly encourage all PHP 7.3 users to upgrade to version 7.3.29, all PHP 7.4 users to upgrade to version 7.4.21, and all PHP 8.0 users to upgrade to version 8.0.8.

AFFECTED VERSIONS
All versions of PHP 7.3 through 7.3.28.
All versions of PHP 7.4 through 7.4.20.
All versions of PHP 8.0 through 8.0.8.

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

Continue reading
  47 Hits

Copyright

© Cpanel

47 Hits
JUN
30

EasyApache 4 June 30 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on the cPanel Community Forums, Discord, or Reddit to talk about this update and much more. If you have additional questions, feel free to reach out on one of our social channels.

2021-6-30

ea-modsec2-rules-owasp-crs
ea-apache2
EA-9895: Ensure httpd is configured to start after reboot on chkconfig systems

This release includes a security patch that has been issued a fix for a CVE (Common Vulnerabilities and Exposures), the details of which are included below.

SUMMARY
cPanel, L.L.C. has updated RPMs for EasyApache 4 a new version of the Drupal ModSecurity OWASP rules. This release addresses vulnerabilities related to CVE-2021-35368. We strongly encourage all Drupal ModSecurity OWASP rules users to update their rules.

AFFECTED VERSIONS
All versions of the Drupal ModSecurity OWASP rules prior to June 30, 2021.

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

Continue reading
  67 Hits

Copyright

© Cpanel

67 Hits
JUN
23

EasyApache June 23 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on the cPanel Community Forums, Discord, or Reddit to talk about this update and much more. If you have additional questions, feel free to reach out on one of our social channels. …

The post EasyApache June 23 Release first appeared on cPanel Newsroom.
Original author: Daniela Cardona
  44 Hits

Copyright

© Cpanel

44 Hits
JUN
22

cPanel & WHM® Version 98 now in EDGE!

We are happy to announce that cPanel, L.L.C. has released cPanel & WHM Version 98 to the EDGE tier!  Warning: Due to the dynamic nature of EDGE builds, only use EDGE for testing in a controlled environment. We do not recommend this tier for production servers. This version has only received rudimentary testing. We publish this tier most …

The post cPanel & WHM® Version 98 now in EDGE! first appeared on cPanel Newsroom.
Original author: Tabby Worthington
  43 Hits

Copyright

© Cpanel

43 Hits
JUN
21

cPanel & WHM® Version 96 now in STABLE!

We are happy to announce that cPanel, L.L.C. has released cPanel & WHM Version 96 to the STABLE tier!  To see what’s changing in this new version, check out our full release notes.  If you have other questions or comments, join us on Discord, Reddit, or our Support Forums! Highlights of what’s new: New UAPI functions …

The post cPanel & WHM® Version 96 now in STABLE! first appeared on cPanel Newsroom.
Original author: Tabby Worthington
  59 Hits

Copyright

© Cpanel

59 Hits
JUN
16

EasyApache 4 June 16 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on Discord or Reddit to talk about this update and much more. 2021-6-16 ea-ruby27 EA-9801: Reduce time needed to install this package. ea-ruby27-meta EA-9801: Reduce time needed to …

The post EasyApache 4 June 16 Release first appeared on cPanel Newsroom.
Original author: Tabby Worthington
  64 Hits

Copyright

© Cpanel

64 Hits
JUN
09

EasyApache 4 June 9 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on Discord or Reddit to talk about this update and much more. 2021-6-9 ea-nginx EA-9789: Silence logrotate script. EA-9812: NGINX fails to start when a folder contains a …

The post EasyApache 4 June 9 Release first appeared on cPanel Newsroom.
Original author: Tabby Worthington
  77 Hits

Copyright

© Cpanel

77 Hits
JUN
02

EasyApache 4 June 2 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on Discord or Reddit to talk about this update and much more. 2021-6-2 ea-nginx EA-9791: Add alarm to request to determine if a domain is using CloudFlare. EA-9798: …

The post EasyApache 4 June 2 Release first appeared on cPanel Newsroom.
Original author: Tabby Worthington
  55 Hits

Copyright

© Cpanel

55 Hits
MAY
19

EasyApache 4 May 19 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on Discord or Reddit to talk about this update and much more. 2021-5-19 ea-nginx EA-9774: Ensure logs are rotated daily. ZC-8830: Fix cache clearing bug w/ cache. ZC-8817: clear …

The post EasyApache 4 May 19 Release first appeared on cPanel Newsroom.
Original author: Tabby Worthington
  90 Hits

Copyright

© Cpanel

90 Hits
MAY
18

cPanel TSR 2021-0003 Full Disclosure

SEC-584 Summary Information disclosure via weak web stats permissions. Security Rating cPanel has assigned this vulnerability a CVSSv3.1 score of 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Description The processing of web log reports for cPanel accounts used insecure storage locations for the generated files. This allowed other local users to read the log reports. …

The post cPanel TSR 2021-0003 Full Disclosure first appeared on cPanel Newsroom.
Original author: Tabby Worthington
  86 Hits

Copyright

© Cpanel

86 Hits
MAY
17

cPanel TSR-2021-0003 Announcement

cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.

cPanel has rated this update as having a CVSSv3.1 score of 3.3.

Information on cPanel’s security ratings is available at https://go.cpanel.net/securitylevels.

If your deployed cPanel & WHM servers are configured to automatically update when new releases are available, then no action is required. Your systems will update automatically. If you have disabled automatic updates, then we strongly encourage you to update your cPanel & WHM installations at your earliest convenience.

The following cPanel & WHM versions address all known vulnerabilities:

Continue reading
  76 Hits

Copyright

© Cpanel

76 Hits
MAY
12

EasyApache 4 May 12 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on Discord or Reddit to talk about this update and much more. 2021-5-12 ea-nginx EA-9757: Remove unnecessary proxy config setting for wordpress sites. ea-php74 EA-9752: Update ea-php74 to 7.4.19, drop …

The post EasyApache 4 May 12 Release first appeared on cPanel Newsroom.
Original author: Tabby Worthington
  97 Hits

Copyright

© Cpanel

97 Hits
MAY
05

EasyApache 4 May 5 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on Discord or Reddit to talk about this update and much more.

2021-5-5

scl-php73

EA-9730: Update scl-php73 to 7.3.28, drop 7.3.27.

scl-php73-meta

EA-9730: Update scl-php73 to 7.3.28, drop 7.3.27.

ea-php74

Continue reading
  104 Hits

Copyright

© Cpanel

104 Hits
APR
28

EasyApache 4 April 28 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on Discord or Reddit to talk about this update and much more. 2021-4-28 ea-libicu EA-9714: Update ea-libicu to 69.1, drop 68.2. ea-nginx EA-9706: Update ea-nginx to 1.20.0, drop 1.19.10. ea-nodejs10 EA-9707: Update ea-nodejs10 to …

The post EasyApache 4 April 28 Release first appeared on cPanel Newsroom.
Original author: Tabby Worthington
  94 Hits

Copyright

© Cpanel

94 Hits
Advertisement