We are happy to announce that cPanel, Inc. has released cPanel & WHM Version 78 to the STABLE tier! This version is our 2019 LTS (Long Term Support) version and will be supported until March of 2020. This move also brings an end to support for cPanel & WHM Version 76. Take a look at highlights on our release site, or check out the full release notes for v78. Then, join us on Slack, Discord, or Reddit to talk about all the exciting improvements.

Introducing Email Deliverability

Spam and spoofing cause problems for all email hosting providers. With this brand new interface, identifying and correcting problems with your domain’s SPF, DKIM, and PTR configuration is even easier. | Read More

Deliver backups to Backblaze B2

Version 78 brings the BackBlaze B2 destination to WHM’s Backup Configuration Interface allowing hosting providers to save their backups to Backblaze B2 Cloud Storage. | Read More

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! This release includes a version update for ea-apache24 to 2.4.39, resolution to an issue with the installation of ea-liblsapi, and a solution for the premature stoppage of /scripts/ea-tomcat85. Please review the release in its entirety, then join us on Slack, Discord, or Reddit to talk about this update and much more

2019-4-3

This release includes a security patch that has been issued a fix for a CVE (Common Vulnerabilities and Exposures), the details of which are included below.

SUMMARY
cPanel, L.L.C. has updated RPMs for EasyApache 4 with Apache version 2.4.39. This release addresses vulnerabilities related to CVE-2019-0197, CVE-2019-0196, CVE-2019-0211, CVE-2019-0217, CVE-2019-0215, and CVE-2019-0220. We strongly encourage all Apache users to upgrade to version 2.4.39.

AFFECTED VERSIONS

All versions of Apache through 2.4.38

Yesterday cPanel released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. Below is the full disclosure of the changes included in that update.

Information on cPanel’s security ratings is available at https://go.cpanel.net/securitylevels.

If your deployed cPanel & WHM servers are configured to automatically update when new releases are available, then no action is required. Your systems will update automatically. If you have disabled automatic updates, then we strongly encourage you to update your cPanel & WHM installations at your earliest convenience.

SEC-477

Summary
Unsafe file operations as root in SSL certificate storage.
Security Rating
cPanel has assigned this vulnerability a CVSSv3 score of 5.6 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
Description
The Cpanel::SSL::Objects::Certificate::File module creates a cache file when opening and reading an SSL certificate file. The Cpanel::SSLStorage module uses this to perform operations on SSL certificates stored in the user’s home directory as root. Because of this, it was possible for an attacker to overwrite and/or read root-owned files.
Credits
This issue was discovered by the cPanel Security Team.
Solution
This issue is resolved in the following builds:78.0.1876.0.2170.0.67

Texas – March 2019 cPanel is excited to announce that it will be integrating ImunifyAV into all cPanel & WHM servers in the coming months. By integrating ImunifyAV, part of the Imunify Security product set from industry partner CloudLinux, cPanel will provide all customers with one of the most effective malware detection solutions in the industry. All cPanel & WHM users will benefit from automatic scans of their sites and servers to check whether they have been infected with hidden malware. If ImunifyAV discovers infections, cPanel customers can choose to clean the infection themselves with provided instructions, or automatically clean the infections with a simple upgrade to ImunifyAV+. Hosting providers can also elect to move to Imunify360, the only multi-layer proactive defense suite for web hosting, directly from their WHMÒ interface.

 “We are very intentional with decisions to pre-install 3rd party products into our software, and we knew we could only have one security scanner. After working extensively with the Imunify Security development team and reviewing test results, we decided it was a tool we wanted to provide to all cPanel customers,” said Nick Koston, cPanel’s CEO. “The detection rates and product performance are superior to anything else we have seen.”

cPanel and Imunify Security. “The CloudLinux and Imunify Security team are long-term friends of cPanel. In 2018 we started to offer Imunify360 as a featured security product”, Nick continued. “As we collaborated with them on the ImunifyAV integration we became convinced it was the right decision for our community.”

 “We couldn’t be more thrilled to build on our strategic partnership with cPanel,” said Jim Jackson, President and Chief Revenue Officer at CloudLinux. “Having partnered successfully with cPanel for years on the CloudLinux OS and KernelCare, we knew we could do something special with them in the security arena as we were rapidly growing the Imunify Security product set. We view the integration of ImunifyAV into cPanel & WHM, and the availability of all Imunify products directly through their industry-leading panel, as the ultimate testament of our work together to protect our joint user community from all forms of malicious attacks.”

The product team will be working to build this integration for cPanel & WHM Version 82, which will be released in the third quarter of 2019. To be notified of this and other product updates, sign up for the cPanel Mailing List.

cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.

cPanel has rated these updates as having CVSSv3 scores ranging from 2.5 to 7.8.

Information on cPanel’s security ratings is available at https://go.cpanel.net/securitylevels.

If your deployed cPanel & WHM servers are configured to automatically update when new releases are available, then no action is required. Your systems will update automatically. If you have disabled automatic updates, then we strongly encourage you to update your cPanel & WHM installations at your earliest convenience.

RELEASES

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! This update includes a number of security updates for PHP versions 7.1.27, 7.2.16, and 7.3.3, as well as OpenSSL version 1.0.2r, and the addition of PassengerNodejs to passenger_apps.default. We are also adding ea-nodejs10 in preparation for work that will be released in cPanel & WHM Version 80. Please take a look at the release below, and then join us on Slack, Discord, or Reddit to talk about this update and much more.

2019-3-13

This release also includes security patches that have been issued for CVEs (Common Vulnerabilities and Exposures), the details of which are included below.

SUMMARY
cPanel, L.L.C. has updated RPMs for EasyApache 4 with PHP versions 7.1.27, 7.2.16, and 7.3.3 and OpenSSL version 1.0.2r. This release addresses vulnerabilities related to CVE-2019-9637, CVE-2019-9641, CVE-2019-9640, CVE-2019-9638, CVE-2019-9639, CVE-2019-1559, and several other vulnerabilities which have not yet been assigned a number. We strongly encourage all PHP 7.1 users to upgrade to version 7.1.27, all PHP 7.2 users to upgrade to version 7.2.16, all PHP 7.3 users to upgrade to version 7.3.3 and all OpenSSL 1.0.2 users to upgrade to version 1.0.2r.

AFFECTED VERSIONS
All versions of PHP 7.1 through 7.1.26
All versions of PHP 7.2 through 7.2.15
All versions of PHP 7.3 through 7.3.2
All versions of OpenSSL 1.0.2 through 1.0.2q

Texas – March 2019 cPanel, the Hosting Platform of Choice, is excited to be part of a brand new platform to connect developers with the applications they need: DigitalOcean Marketplace. Launched today, this is the first partner-led offering by DigitalOcean, making it easier for companies like cPanel to deliver their solutions to developers on demand.

Marketplace presents DigitalOcean customers with a focused ecosystem of partner-built 1-Click Apps — pre-configured software and infrastructure stacks running on DigitalOcean. By listing cPanel & WHM solution on Marketplace, we make it even easier for DigitalOcean to provide its community of 3.5 million developers with the services, components, and tools necessary for modern app development.

“DigitalOcean’s highly-performant Developer Cloud, coupled with the power of cPanel & WHM’s automation will help administrators, and developers host the applications their customers want more efficiently than ever before,” said Eric Ellis, cPanel’s Vice President of Customer Experience. “This historic partnership is also a huge step forward for the thousands of developers who work with cPanel & WHM and already use DigitalOcean. We’ve enjoyed using DigitalOcean over the years to benchmark our installers, and can’t wait for our customers to take advantage of it. DigitalOcean’s commitment to the developer community and open source software make them an excellent choice for any cPanel customer.”

First released in 1997, cPanel & WHM is the leading web hosting automation software globally. Its ever-growing user base prefers the familiar, feature-full, and simple interface. Coupled with the ease of DigitalOcean 1-Click Apps, this removes the biggest hurdles in managing a server. The 1-Click Apps on Marketplace makes it simple to build your server with cPanel & WHM installed already, allowing users to get straight to work building and maintaining an online presence.

While highly technical features like its robust APIs and EasyApache make managing infrastructure simple, features like the Website Builder and WordPress Manager make it easy to for even technical novices to build and manage stunning websites. This Linux-based software allows you to take control of your website files, databases, web directories, and email accounts as well as set up domains in one single interface. Even website owners can handle this software without fuss.

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on Slack, Discord, or Reddit to talk about this update and much more.

This release includes a security patch that has been issued a fix for a CVE (Common Vulnerabilities and Exposures), the details of which are included below.

SUMMARY
cPanel, L.L.C. has updated RPMs for EasyApache 4 with cURL version 7.64.0 on February 6, 2019. This release addresses vulnerabilities related to CVE-2018-16890, CVE-2019-3822, and CVE-2019-3823. We strongly encourage all cURL users to update to version 7.64.0.

AFFECTED VERSIONS
All versions of cURL through cURL 7.63.0

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on Slack, Discord, or Reddit to talk about this update and much more.

This release includes a security patch that has been issued a fix for a CVE (Common Vulnerabilities and Exposures), the details of which are included below.

SUMMARY
cPanel, L.L.C. has updated RPMs for EasyApache 4 with Apache version 2.4.38. This release addresses vulnerabilities related to CVE-2019-0190, CVE-2018-17199, and CVE-2018-17189. We strongly encourage all Apache users to update to version 2.4.38.

AFFECTED VERSIONS
All versions of Apache through Apache 2.4.37

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs: