cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.

cPanel has rated these updates as having CVSSv3 scores ranging from 3.3 to 7.3.

Information on cPanel’s security ratings is available at https://go.cpanel.net/securitylevels.

If your deployed cPanel & WHM servers are configured to automatically update when new releases are available, then no action is required. Your systems will update automatically. If you have disabled automatic updates, then we strongly encourage you to update your cPanel & WHM installations at your earliest convenience.

RELEASES

We are happy to announce that cPanel, LLC. has released cPanel & WHM Version 80 to the STABLE tier! For this version, we have focused on speed and expanding the types of websites you can host on a cPanel server.

We want to especially thank those of you who have Send error reports to cPanel for analysis enabled, as you were critical in helping us reduce the install and update times. If you are interested in helping with these decisions in the future, make sure to participate in the cPanel Analytics program!

Take a look at highlights for this version on our release site, or check out the full release notes. Then, join us on Slack, Discord, or Reddit to talk about all the exciting improvements.

Build Node.js Applications

Website owners can now host Node.js applications on cPanel & WHM servers. Hosting providers can install the ea-nodejs10 module in the Additional Packages section of WHM’s EasyApache 4 interface. | Read More

Plus Addressing Management

cPanel users can disable automatic mailbox creation for plus addressing in the Email Accounts interface. This only affects mailbox creation, and your server will still deliver plus address messages to the correct address. | Read More

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on Slack, Discord, or Reddit to talk about this update and much more.

This release includes a security patch that has been issued a fix for a CVE (Common Vulnerabilities and Exposures), the details of which are included below.

SUMMARY
cPanel, L.L.C. has updated RPMs for EasyApache 4 with PHP versions 7.1.30, 7.2.19, and 7.3.6. This release addresses vulnerabilities related to CVE-2019-11038, CVE-2019-11039, and CVE-2019-11040. We strongly encourage all PHP 7.1 users to upgrade to version 7.1.30, all PHP 7.2 users to upgrade to version 7.2.19, and all PHP 7.3 users to upgrade to version 7.3.6.

AFFECTED VERSIONS
All versions of PHP 7.1 through 7.1.29
All versions of PHP 7.2 through 7.2.18
All versions of PHP 7.3 through 7.3.5

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

cPanel®, the Hosting Platform of Choice, announces its new Certified Partner Program.

Houston, Texas – June 2019 cPanel is excited to announce that, starting immediately, PartnerNOCs can distinguish themselves as leaders in the industry by joining the new cPanel Certified Partner Program.

The cPanel Certified Partner Program will give cPanel Partners an opportunity to acquire a new form of esteemed accreditation, displayed prominently alongside their company’s name in the cPanel Partner Directory. cPanel Certified Partners will receive a certificate, and a high-resolution, digital badge to represent their new status. These partners will also have their support requests automatically escalated to cPanel’s entirely new Ultra Priority Technical Support queue.

“cPanel is known for its incredible quality support team, and we want to recognize Partners that work to provide that same quality support,” said Nick Koston, cPanel’s CEO.

Partners achieve a cPanel Certified Partner status by ensuring they have the required number of cPanel UniversityTM Certified employees and meeting the criteria set out in the program documents. “The cPanel University is an online resource for everyone trying to learn cPanel & WHM®, sharpen old cPanel & WHM skills, or prove what they already know,” said Jesse Asklund, Director of Support at cPanel. “Leveraging the cPanel University to offer this extra recognition for our Partners was an obvious choice.”

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4!  This release includes updates to multiple modules including apr, libcurl, nodejs10, sourceguardian, and ruby24. Take a look at some highlights below, and then join us on Slack, Discord, or Reddit to talk about this update and much more.

• apr
     • EA-8471 – Update apr from v1.6.5 to v1.7.0

• ea-apache2-config
     • EA-8436 – Mailman aliases exist in httpd.conf after it’s disabled via Tweak Settings

• ea-freetds
     • EA-8462 – Update freetds from 1.00.27 to 1.1.6

• ea-nghttp2
     • EA-8473 – Update ea-nghttp2 from v1.32.0 to v1.38.0

We are happy to announce that cPanel, LLC. has released cPanel & WHM Version 80 to the RELEASE tier! For this version, we have focused on speed and expanding the types of websites you can host on a cPanel server.

We want to especially thank those of you who have Send error reports to cPanel for analysis enabled, as you were critical in helping us reduce the install and update times. If you are interested in helping with these decisions in the future, make sure to participate in the cPanel Analytics program!

Take a look at highlights for this version on our release site, or check out the full release notes. Then, join us on Slack, Discord, or Reddit to talk about all the exciting improvements.

One-Click HTTPS Redirection of Websites

Version 80 brings a Force HTTPS Redirect toggle to cPanel’s Domains interface. When enabled, it automatically redirects website visitors to a secured version (HTTPS) when a valid SSL certificate is installed.

Read More

Yesterday cPanel released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. Below is the full disclosure of the changes included in that update.

Information on cPanel’s security ratings is available at https://go.cpanel.net/securitylevels.

If your deployed cPanel & WHM servers are configured to automatically update when new releases are available, then no action is required. Your systems will update automatically. If you have disabled automatic updates, then we strongly encourage you to update your cPanel & WHM installations at your earliest convenience.

SEC-486

Summary

Local code execution as other cPanel accounts via insecure cpphp execution.

cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.

cPanel has rated these updates as having CVSSv3 scores ranging from 3.3 to 7.4.

Information on cPanel’s security ratings is available at https://go.cpanel.net/securitylevels.

If your deployed cPanel & WHM servers are configured to automatically update when new releases are available, then no action is required. Your systems will update automatically. If you have disabled automatic updates, then we strongly encourage you to update your cPanel & WHM installations at your earliest convenience.

RELEASES

We are happy to announce that cPanel, LLC. has released cPanel & WHM Version 80 to the CURRENT tier! For this version, we have focused on speed and expanding the things you can host on a cPanel server. Take a look at highlights on our release site, or check out the full release notes for v80. Then, join us on Slack, Discord, or Reddit to talk about all the exciting improvements.

Install cPanel & WHM in Less than 5 Minutes

Version 80 improves the installation and update speeds of cPanel & WHM by making significant backend improvements. Installation times now average 3.5 minutes, depending on hardware and bandwidth. | Read More

Improved Password Strength Algorithm

We are improving the password strength check algorithm throughout cPanel & WHM; now returning lower scores for passwords with common dictionary words. | Read More

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! This release contains a debuginfo package for ea-liblsapi, a fix for an Apache issue with symlink protection, and a number of PHP updates. Take a look at some highlights below, and then join us on Slack, Discord, or Reddit to talk about this update and much more.

This release includes a security patch that has been issued a fix for a CVE (Common Vulnerabilities and Exposures), the details of which are included below.

SUMMARY
cPanel, L.L.C. has updated RPMs for EasyApache 4 with PHP versions 7.1.29, 7.2.18, and 7.3.5. This release addresses vulnerabilities related to CVE-2019-11036 and another other vulnerability which has not yet been assigned a number. We strongly encourage all PHP 7.1 users to upgrade to version 7.1.29, all PHP 7.2 users to upgrade to version 7.2.18, all PHP 7.3 users to upgrade to version 7.3.5.

AFFECTED VERSIONS
All versions of PHP 7.1 through 7.1.28
All versions of PHP 7.2 through 7.2.17
All versions of PHP 7.3 through 7.3.4

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

cPanel®, the Hosting Platform of ChoiceTM, announces its newest partnership with JetApps, providing JetBackup to cPanel’s users.

Houston, Texas, May 1, 2019 (Newswire) -​​ cPanel is excited to announce a new partnership with JetApps. Starting immediately, users can buy a JetBackup license directly from cPanel.

JetBackup supplies hosting providers with a great deal of flexibility by allowing unlimited backup jobs, multiple schedules per job, and unlimited destinations. Creating and applying custom hooks to backup and restore functions gives companies the ability to meet the unique needs of their clients.

When asked about the importance of quality backups, Eric Ellis, Vice President of Customer Experience for cPanel, LLC said, “Throughout my technical career, I’ve always preached about how vital it is to make and test backups. Understanding how important this is when considering a backup technology partnership, JetBackup stood out as a dependable name in backup software making it an easy choice for cPanel. I’ll be using this robust software on my servers from now on.”

JetBackup’s self-service functionality allows cPanel end-users, hosting customers, to restore an account in seconds, removing the support burden with traditional cPanel & WHM backups. Some hosting providers have seen up to 70% fewer support tickets related to account backups and restores. When clients have speed and ease-of-use, it is a win-win for both cPanel partners and their clients. Users can also enable JetBackup’s GDPR compliance feature for their account backups.