JAN
19

cPanel TSR-2021-0001 Full Disclosure

cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.

cPanel has rated these updates as having CVSSv3.1 scores ranging from 2.5 to 3.3.

Information on cPanel’s security ratings is available at https://go.cpanel.net/securitylevels.

If your deployed cPanel & WHM servers are configured to automatically update when new releases are available, then no action is required. Your systems will update automatically. If you have disabled automatic updates, then we strongly encourage you to update your cPanel & WHM installations at your earliest convenience.

SEC-578

Summary

Continue reading
  421 Hits

Copyright

© Cpanel

421 Hits
JAN
18

cPanel TSR-2021-0001 Announcement

cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.

cPanel has rated these updates as having CVSSv3.1 scores ranging from 2.5 to 3.3.

Information on cPanel’s security ratings is available at https://go.cpanel.net/securitylevels.

If your deployed cPanel & WHM servers are configured to automatically update when new releases are available, then no action is required. Your systems will update automatically. If you have disabled automatic updates, then we strongly encourage you to update your cPanel & WHM installations at your earliest convenience.

RELEASES

The following cPanel & WHM versions address all known vulnerabilities:

Continue reading
  383 Hits

Copyright

© Cpanel

383 Hits
JAN
13

EasyApache 4 January 13 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on Discord or Reddit to talk about this update and much more.

ea-apache2
EA-9506: Do not start htcacheclean service if mod_cache_disk module is not loaded.
ea-libicu
EA-9527: Update ea-libicu to 68.2. drop 67.
ea-nodejs10
ea-php74
EA-9517: Update ea-php74 to 7.4.14, drop 7.4.13 (with fix for CVE-2020-7071).
ea-php74-meta
EA-9517: Update ea-php74 to 7.4.14, drop 7.4.13 (with fix for CVE-2020-7071).
ea-php80
EA-9519: Update ea-php80 to 8.0.1, drop 8.0.0 (with fix for CVE-2020-7071).
ea-php80-meta
EA-9519: Update ea-php80 to 8.0.1, drop 8.0.0 (with fix for CVE-2020-7071).
ea-ruby27-passenger
ZC-8196: Ensure pre-2.7 apps are configured for 2.4 so that they continue to use 2.4.ZC-8188: Configure python if python3 is not thereZC-8188: Provide /etc/cpanel/ea4/passenger.python.
ea-tomcat85
EA-9505: Update ea-tomcat85 to 8.5.61, drop 8.5.60.
scl-php73
EA-9518: Update scl-php73 to 7.3.26, drop 7.3.25 (with fix for CVE-2020-7071).
scl-php73-meta
EA-9518: Update scl-php73 to 7.3.26, drop 7.3.25 (with fix for CVE-2020-7071).
scl-ruby24
ZC-8143: Compile ruby 2.4 binary to work when called directly.
scl-ruby24-passenger
ZC-8188: Make python check verbose and explicitly for mod_passenger package.ZC-8188: Configure python if python3 is not there.ZC-8188: Provide /etc/cpanel/ea4/passenger.python.

This release includes a security patch that has been issued a fix for a CVE (Common Vulnerabilities and Exposures), the details of which are included below.

SUMMARY
cPanel, L.L.C. has updated RPMs for EasyApache 4 with PHP versions 8.0.1, 7.4.14, and 7.3.26 and NodeJS version 10.23.1. This release addresses vulnerabilities related to CVE-2020-8265, CVE-2020-8287, CVE-2020-1971, and CVE-2020-7071. We strongly encourage all PHP 8.0 users to upgrade to version 8.0.1, all PHP 7.4 users to upgrade to version 7.4.14, all PHP 7.3 users to upgrade to version 7.3.26, and all NodeJS users to upgrade to version 10.23.1.
 
 
AFFECTED VERSIONS
All versions of PHP 8.0 through 8.0.0.
All versions of PHP 7.4 through 7.4.13.
All versions of PHP 7.3 through 7.3.25.
All versions of NodeJS through 10.23.0.

 
SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:
 

CVE-2020-8265 – CRITICAL
NodeJS 10.23.1
Fixed bug related to CVE-2020-8265.

Continue reading
  444 Hits

Copyright

© Cpanel

444 Hits
JAN
06

cPanel & WHM Version 94 now in EDGE!

We are happy to announce that cPanel, L.L.C. has released cPanel & WHM Version 94 to the EDGE tier!  To see what’s changing in this new version, check out our full release notes. Releases to the EDGE tier are for testing only, and should not be used on production servers.  If …

The post cPanel & WHM Version 94 now in EDGE! first appeared on cPanel Newsroom.
Original author: Tabby Worthington
  376 Hits

Copyright

© Cpanel

376 Hits
DEC
29

cPanel & WHM Version 90 Now EOL

December 29, 2020 With Version 92 in STABLE, cPanel & WHM Version 90 has reached End of Life. This version will now only be supported by cPanel when upgrading to a supported version. In accordance with our EOL policy, Version 90 will continue to function on servers where it is already installed. …

The post cPanel & WHM Version 90 Now EOL first appeared on cPanel Newsroom.
Original author: Tabby Worthington
  395 Hits

Copyright

© Cpanel

395 Hits
DEC
23

EasyApache 4 December 23 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on Discord or Reddit to talk about this update and much more.

2020-12-23

ea-openssl11
EA-9478: Update ea-openssl11 to 1.1.1i, drop 1.1.1h (with fix for CVE-2020-1971)
ea-profiles-cpanel
ZC-7620: Update Ruby profile for 2.7 on C7 and C8.
libcurl
scl-ruby24-passenger
ZC-8096: Use full path in passenger.ruby.ZC-7897: Add version/package specific template file (and support userdata paths like nginx).ZC-7655: Provide/Conflict apache24-passenger.ZC-8143: Compile ruby 2.4 binary to work when called directly.
ea-cpanel-tools
ZC-7904: Add EOL recommendation for ruby24 on C7 and later.
ea-nodejs10
ZC-8150: Install /etc/cpanel/ea4/passenger.nodejs.
ea-apache2-config
EA-9493: Remove need for perl-libwww-perl.
CentOS 8 System OpenSSL
ZC-8005: Replace ea-openssl11 with system openssl on C8.aprapr-utilea-apache2ea-freetdsea-libzipea-nghttp2ea-php74ea-php80scl-libc-clientscl-php72scl-php73
Ruby 2.7 in Production
EA-9480: Publish ea-ruby27 to production.ea-ruby27ea-ruby27-libuvea-ruby27-metaea-ruby27-passengerea-ruby27-rubygem-mizuhoea-ruby27-rubygem-nokogiriea-ruby27-rubygem-rackea-ruby27-rubygem-sqlite3

This release includes a security patch that has been issued a fix for a CVE (Common Vulnerabilities and Exposures), the details of which are included below.

SUMMARY
cPanel, L.L.C. has updated RPMs for EasyApache 4 with OpenSSL version 1.1.1i and libcurl version 7.74.0. This release addresses vulnerabilities related to CVE-2020-1971, CVE-2020-8284, CVE-2020-8285, and CVE-2020-8586. We strongly encourage all OpenSSL 1.1 users to update to version 1.1.1i and all libcurl users to update to version 7.74.0.
 
 
AFFECTED VERSIONS
All versions of OpenSSL through 1.1.1h.
All versions of libcurl through 7.73.0.

 
SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:
 

CVE-2020-1971 – MEDIUM
OpenSSL 1.1.1i
Fixed bug related to CVE-2020-1971.

Continue reading
  567 Hits

Copyright

© Cpanel

567 Hits
DEC
21

cPanel & WHM Version 92 to STABLE!

We are happy to announce that cPanel, L.L.C. has released cPanel & WHM Version 92 to the STABLE tier! Some highlights of this release can be found below, but please check the Release Site for more information. WordPress Toolkit–The Evolution of WordPress Manager We added a new feature called WordPress Toolkit. …

The post cPanel & WHM Version 92 to STABLE! first appeared on cPanel Newsroom.
Original author: Tabby Worthington
  429 Hits

Copyright

© Cpanel

429 Hits
DEC
09

EasyApache 4 December 9 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on Discord or Reddit to talk about this update and much more. ea-cpanel-tools EA-9444: Add PHP 7.2 to EOL recommendations. ea-oniguruma EA-9466: Update ea-oniguruma to 6.9.6, drop 6.9.5_rev1. ea-profiles-cpanel EA-9444: …

The post EasyApache 4 December 9 Release first appeared on cPanel Newsroom.

Original author: Tabby Worthington
  492 Hits

Copyright

© Cpanel

492 Hits
DEC
02

EasyApache 4 December 2 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on Discord or Reddit to talk about this update and much more. ea-apache2-config COBRA-11968: Fix Let’s Encrypt HTTP DCV under SSL force-redirect. ea-nghttp2 EA-9445: Update ea-nghttp2 to 1.42.0, drop 1.41.0. …

The post EasyApache 4 December 2 Release first appeared on cPanel Newsroom.

Original author: Tabby Worthington
  447 Hits

Copyright

© Cpanel

447 Hits
NOV
30

cPanel & WHM Version 92 to RELEASE!

We are happy to announce that cPanel, L.L.C. has released cPanel & WHM Version 92 to the RELEASE tier! Some highlights of this release can be found below, but please check the Release Site for more information. Experimental ImageMagick for CentOS 8 For CentOS 8 and CloudLinux 8 servers, the system …

The post cPanel & WHM Version 92 to RELEASE! first appeared on cPanel Newsroom.

Original author: Tabby Worthington
  520 Hits

Copyright

© Cpanel

520 Hits
NOV
23

EasyApache 4 November 23 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on Discord or Reddit to talk about this update and much more. 2020-11-23 mod_security2 ZC-7925: Install /etc/cpanel/ea4/modsecurity.version. More Information Information about all releases this year can be found in …

The post EasyApache 4 November 23 Release first appeared on cPanel Newsroom.

Original author: Tabby Worthington
  444 Hits

Copyright

© Cpanel

444 Hits
NOV
23

cPanel & WHM Version 88 Now EOL

With Version 90 in STABLE, cPanel & WHM Version 88 has reached End of Life. This version will now only be supported by cPanel when upgrading to a supported version. In accordance with our EOL policy, Version 88 will continue to function on servers where it is already installed. The last release of …

The post cPanel & WHM Version 88 Now EOL first appeared on cPanel Newsroom.

Original author: Tabby Worthington
  485 Hits

Copyright

© Cpanel

485 Hits
NOV
17

cPanel TSR-2020-0007 Full Disclosure


SEC-567

Summary

URL parameter injection vulnerabilities in multiple interfaces.

Security Rating

cPanel has assigned this vulnerability a CVSSv3.1 score of 2.6 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N

Description

Continue reading
  525 Hits

Copyright

© Cpanel

525 Hits
NOV
16

cPanel TSR-2020-0007 Announcement

cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.

cPanel has rated these updates as having CVSSv3.1 scores ranging from 2.6 to 4.7

Information on cPanel’s security ratings is available at https://go.cpanel.net/securitylevels.

If your deployed cPanel & WHM servers are configured to automatically update when new releases are available, then no action is required. Your systems will update automatically. If you have disabled automatic updates, then we strongly encourage you to update your cPanel & WHM installations at your earliest convenience.

RELEASES

The following cPanel & WHM versions address all known vulnerabilities:

Continue reading
  440 Hits

Copyright

© Cpanel

440 Hits
NOV
11

EasyApache 4 November 11 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on Discord or Reddit to talk about this update and much more. 2020-11-11 ea-freetds EA-9397: Update ea-freetds to 1.2.9, drop 1.2.5. ea-nodejs10 EA-9400: Update ea-nodejs10 to 10.23.0, drop 10.22.1. ea-php74 ZC-7893: Remove …

The post EasyApache 4 November 11 Release first appeared on cPanel Newsroom.

Original author: Tabby Worthington
  466 Hits

Copyright

© Cpanel

466 Hits
NOV
04

EasyApache 4 November 4 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on Discord or Reddit to talk about this update and much more. 2020-11-4 ea-apache24-mod_pagespeed EA-9262: Exclude cpanel. subdomain from Pagespeed. ea-apache2-config ZC-7308: Updates for PHP 8. ea-brotli EA-9380: Updated from …

The post EasyApache 4 November 4 Release first appeared on cPanel Newsroom.

Original author: Tabby Worthington
  447 Hits

Copyright

© Cpanel

447 Hits
NOV
03

cPanel & WHM Version 92 to CURRENT!

We are happy to announce that cPanel, L.L.C. has released cPanel & WHM Version 92 to the CURRENT tier

Included with this release are several great features, such as standardized hooks for ModSecurity functions and experimental support for CentOS 8 and CloudLinux 8. ModSecurity 3.0 is also provided on an experimental basis, for both Apache and NGINX servers.

Take a look at highlights for this version on our release site, or check out the full release notes. Then, join us on SlackDiscord, or Reddit!

WordPress Toolkit

We added a new feature called WordPress Toolkit. WordPress Toolkit is a management interface that enables you to easily install, configure, and manage WordPress®. WordPress Toolkit is available in both a Lite and Deluxe version. Click to Learn More.

Dynamic DNS

We added cPanel’s Dynamic DNS interface (cPanel >> Home >> Domains >> Dynamic DNS). The Dynamic DNS (DDNS) feature simplifies access to networks that use a dynamic IP address. This feature automatically updates the zone records for a DDNS domain. Users can navigate to a static hostname that matches the website with the network’s IP address.

Continue reading
  559 Hits

Copyright

© Cpanel

559 Hits
OCT
28

EasyApache 4 October 28 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on Discord or Reddit to talk about this update and much more. ea-apache2 EA-9374: Lower TimeoutStopSec for httpd.service. ea-php74 ZC-7497: Reinstate runselftest. libcurl EA-9371: Update libcurl to 7.73.0, drop 7.72.0 (reworked patches). scl-ruby24-rubygem-mizuho ZC-7497: …

The post EasyApache 4 October 28 Release first appeared on cPanel Newsroom.

Original author: Tabby Worthington
  438 Hits

Copyright

© Cpanel

438 Hits
OCT
14

EasyApache 4 October 14 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on Discord or Reddit to talk about this update and much more. 2020-10-14 ea-apache2-config CPANEL-34021: Proxy /cpanelwebcall/ URLs to cpsrvd. ea-cpanel-tools ZC-7629: Add mod sec 3.0 apache connector to additional packages …

The post EasyApache 4 October 14 Release first appeared on cPanel Newsroom.

Original author: Tabby Worthington
  449 Hits

Copyright

© Cpanel

449 Hits
OCT
12

cPanel & WHM Version 92 to EDGE!

We are happy to announce that cPanel, L.L.C. has released cPanel & WHM Version 92 to the EDGE tier! This release brings some quality of life improvements, including a number of interface updates. Take a look at highlights for this version on our release site, or check out our full release notes. Then, join us on DiscordReddit, or our Support Forums!

Experimental: cPanel & WHM for CentOS 8 and CloudLinux 8

We are adding an experimental version of cPanel & WHM Version 92 that has minimal functionality in CentOS 8 and CloudLinux 8 servers.

cPanel & WHM version 92 for CentOS 8 and CloudLinux 8 is experimental software and is not recommended for production environments. For more information, read our cPanel & WHM for CentOS 8 documentation. | Learn More

Experimental: Added MySQL® 8 support for CentOS 8 and CloudLinux 8

We are introducing added support for MySQL® 8 for CentOS 8 and CloudLinux 8 servers. 

You cannot upgrade MySQL 8 to MariaDB 10.x after you have installed cPanel & WHM version 92. This is due to incompatibilities between these versions. For more information, read MariaDB’s documentation.

Continue reading
  415 Hits

Copyright

© Cpanel

415 Hits
Advertisement