APR
09

EasyApache 4 Apr 9 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4 which includes several PHP version updates. Take a look at the changes below, and then join us on Slack, Discord, or Reddit to talk about this update and much more. 2019-4-9 scl-php71 EA-8316: Update PHP to version 7.1.28, drop …
Original author: Phil Hodges
  806 Hits

Copyright

© Cpanel

806 Hits
APR
08

cPanel & WHM Version 78 now in STABLE!

We are happy to announce that cPanel, Inc. has released cPanel & WHM Version 78 to the STABLE tier! This version is our 2019 LTS (Long Term Support) version and will be supported until March of 2020. This move also brings an end to support for cPanel & WHM Version 76. Take a look at highlights on our release site, or check out the full release notes for v78. Then, join us on Slack, Discord, or Reddit to talk about all the exciting improvements.

Introducing Email Deliverability

Spam and spoofing cause problems for all email hosting providers. With this brand new interface, identifying and correcting problems with your domain’s SPF, DKIM, and PTR configuration is even easier. | Read More

Deliver backups to Backblaze B2

Version 78 brings the BackBlaze B2 destination to WHM’s Backup Configuration Interface allowing hosting providers to save their backups to Backblaze B2 Cloud Storage. | Read More

Continue reading
  797 Hits

Copyright

© Cpanel

797 Hits
APR
03

EasyApache 4 Apr 3 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! This release includes a version update for ea-apache24 to 2.4.39, resolution to an issue with the installation of ea-liblsapi, and a solution for the premature stoppage of /scripts/ea-tomcat85. Please review the release in its entirety, then join us on SlackDiscord, or Reddit to talk about this update and much more

2019-4-3

ea-apache2EA-8307: Update Apache to 2.4.39, drop 2.4.38ea-apache2-configEA-8305: Revert change in EA-8250ea-liblsapiEA-8300: Cannot reinstall ea-liblsapi because of conflicts with liblsapiea-tomcat85EA-8241: /scripts/ea-tomcat85 prematurely dies if fs.protected_symlinks_create is enabled

This release includes a security patch that has been issued a fix for a CVE (Common Vulnerabilities and Exposures), the details of which are included below.

SUMMARY
cPanel, L.L.C. has updated RPMs for EasyApache 4 with Apache version 2.4.39. This release addresses vulnerabilities related to CVE-2019-0197, CVE-2019-0196, CVE-2019-0211, CVE-2019-0217, CVE-2019-0215, and CVE-2019-0220. We strongly encourage all Apache users to upgrade to version 2.4.39.

AFFECTED VERSIONS

All versions of Apache through 2.4.38

Continue reading
  903 Hits

Copyright

© Cpanel

903 Hits
MAR
27

EasyApache 4 Mar 27 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on Slack, Discord, or Reddit to talk about this update and much more. 2019-3-27 mod_security2 EA-8292:  Patch mod_security for Issue 890 – ModSecurity corrupts the global pool’s cleanups linked list with …
Original author: Phil Hodges
  733 Hits

Copyright

© Cpanel

733 Hits
MAR
26

Support for Version 70 Extended to April 30th, 2019

Support for the current LTS (Long Term Support) version, cPanel & WHM Version 70, has been extended to April 30th, 2019. This extension is due to cPanel & WHM Version 78 not reaching the STABLE tier prior to the end of Version 70 support. Support is not extended for any …
Original author: benny Vasquez
  752 Hits

Copyright

© Cpanel

752 Hits
MAR
19

cPanel TSR-2019-0002 Full Disclosure

Yesterday cPanel released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. Below is the full disclosure of the changes included in that update.

Information on cPanel’s security ratings is available at https://go.cpanel.net/securitylevels.

If your deployed cPanel & WHM servers are configured to automatically update when new releases are available, then no action is required. Your systems will update automatically. If you have disabled automatic updates, then we strongly encourage you to update your cPanel & WHM installations at your earliest convenience.

SEC-477

Summary
Unsafe file operations as root in SSL certificate storage.
Security Rating
cPanel has assigned this vulnerability a CVSSv3 score of 5.6 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
Description
The Cpanel::SSL::Objects::Certificate::File module creates a cache file when opening and reading an SSL certificate file. The Cpanel::SSLStorage module uses this to perform operations on SSL certificates stored in the user’s home directory as root. Because of this, it was possible for an attacker to overwrite and/or read root-owned files.
Credits
This issue was discovered by the cPanel Security Team.
Solution
This issue is resolved in the following builds:78.0.1876.0.2170.0.67

Continue reading
  722 Hits

Copyright

© Cpanel

722 Hits
MAR
19

cPanel integrates industry-leading web hosting security solution ImunifyAV into cPanel & WHM.

Texas – March 2019 cPanel is excited to announce that it will be integrating ImunifyAV into all cPanel & WHM servers in the coming months. By integrating ImunifyAV, part of the Imunify Security product set from industry partner CloudLinux, cPanel will provide all customers with one of the most effective malware detection solutions in the industry. All cPanel & WHM users will benefit from automatic scans of their sites and servers to check whether they have been infected with hidden malware. If ImunifyAV discovers infections, cPanel customers can choose to clean the infection themselves with provided instructions, or automatically clean the infections with a simple upgrade to ImunifyAV+. Hosting providers can also elect to move to Imunify360, the only multi-layer proactive defense suite for web hosting, directly from their WHMÒ interface.

 “We are very intentional with decisions to pre-install 3rd party products into our software, and we knew we could only have one security scanner. After working extensively with the Imunify Security development team and reviewing test results, we decided it was a tool we wanted to provide to all cPanel customers,” said Nick Koston, cPanel’s CEO. “The detection rates and product performance are superior to anything else we have seen.”

cPanel and Imunify Security. “The CloudLinux and Imunify Security team are long-term friends of cPanel. In 2018 we started to offer Imunify360 as a featured security product”, Nick continued. “As we collaborated with them on the ImunifyAV integration we became convinced it was the right decision for our community.”

 “We couldn’t be more thrilled to build on our strategic partnership with cPanel,” said Jim Jackson, President and Chief Revenue Officer at CloudLinux. “Having partnered successfully with cPanel for years on the CloudLinux OS and KernelCare, we knew we could do something special with them in the security arena as we were rapidly growing the Imunify Security product set. We view the integration of ImunifyAV into cPanel & WHM, and the availability of all Imunify products directly through their industry-leading panel, as the ultimate testament of our work together to protect our joint user community from all forms of malicious attacks.”

The product team will be working to build this integration for cPanel & WHM Version 82, which will be released in the third quarter of 2019. To be notified of this and other product updates, sign up for the cPanel Mailing List.

Continue reading
  871 Hits

Copyright

© Cpanel

871 Hits
MAR
18

TSR-2019-0002 Announcement

cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.

cPanel has rated these updates as having CVSSv3 scores ranging from 2.5 to 7.8.

Information on cPanel’s security ratings is available at https://go.cpanel.net/securitylevels.

If your deployed cPanel & WHM servers are configured to automatically update when new releases are available, then no action is required. Your systems will update automatically. If you have disabled automatic updates, then we strongly encourage you to update your cPanel & WHM installations at your earliest convenience.

RELEASES

Continue reading
  749 Hits

Copyright

© Cpanel

749 Hits
MAR
13

EasyApache 4 Mar 13 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! This update includes a number of security updates for PHP versions 7.1.27, 7.2.16, and 7.3.3, as well as OpenSSL version 1.0.2r, and the addition of PassengerNodejs to passenger_apps.default. We are also adding ea-nodejs10 in preparation for work that will be released in cPanel & WHM Version 80. Please take a look at the release below, and then join us on SlackDiscord, or Reddit to talk about this update and much more.

2019-3-13

ea-apache2EA-8279: Remove noreplace from old EA3 config file in ea-apache24.spec ea-opensslEA-8265: Update OpenSSL to version 1.0.2r, drop 1.0.2q (with fix for CVE-2019-1559)scl-php71scl-php71-metaEA-8267: Update PHP 7.1 to version 7.1.27, drop 7.1.26scl-php72scl-php72-metaEA-8271: Update PHP 7.2 to version 7.2.16, drop 7.2.15scl-php73scl-php73-metaEA-8275: Update PHP 7.3 to version 7.3.3, drop 7.3.2scl-ruby24-passengerEA-8238: Add PassengerNodejs to passenger_apps.defaultea-nodejs10EA-8125: Move ea-nodejs10 into production

This release also includes security patches that have been issued for CVEs (Common Vulnerabilities and Exposures), the details of which are included below.

SUMMARY
cPanel, L.L.C. has updated RPMs for EasyApache 4 with PHP versions 7.1.27, 7.2.16, and 7.3.3 and OpenSSL version 1.0.2r. This release addresses vulnerabilities related to CVE-2019-9637, CVE-2019-9641, CVE-2019-9640, CVE-2019-9638, CVE-2019-9639, CVE-2019-1559, and several other vulnerabilities which have not yet been assigned a number. We strongly encourage all PHP 7.1 users to upgrade to version 7.1.27, all PHP 7.2 users to upgrade to version 7.2.16, all PHP 7.3 users to upgrade to version 7.3.3 and all OpenSSL 1.0.2 users to upgrade to version 1.0.2r.

AFFECTED VERSIONS
All versions of PHP 7.1 through 7.1.26
All versions of PHP 7.2 through 7.2.15
All versions of PHP 7.3 through 7.3.2
All versions of OpenSSL 1.0.2 through 1.0.2q

Continue reading
  776 Hits

Copyright

© Cpanel

776 Hits
MAR
07

EasyApache 4 Mar 7 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! We are happy to announce that PHP 7.3 is now available. Take a look at some highlights below, and then join us on Slack, Discord, or Reddit to talk about this update and much more. 2019-3-7 scl-php73-meta EA-8254: Prepare …
Original author: Phil Hodges
  735 Hits

Copyright

© Cpanel

735 Hits
MAR
05

cPanel Joins DigitalOcean Marketplace

Texas – March 2019 cPanel, the Hosting Platform of Choice, is excited to be part of a brand new platform to connect developers with the applications they need: DigitalOcean Marketplace. Launched today, this is the first partner-led offering by DigitalOcean, making it easier for companies like cPanel to deliver their solutions to developers on demand.

Marketplace presents DigitalOcean customers with a focused ecosystem of partner-built 1-Click Apps — pre-configured software and infrastructure stacks running on DigitalOcean. By listing cPanel & WHM solution on Marketplace, we make it even easier for DigitalOcean to provide its community of 3.5 million developers with the services, components, and tools necessary for modern app development.

“DigitalOcean’s highly-performant Developer Cloud, coupled with the power of cPanel & WHM’s automation will help administrators, and developers host the applications their customers want more efficiently than ever before,” said Eric Ellis, cPanel’s Vice President of Customer Experience. “This historic partnership is also a huge step forward for the thousands of developers who work with cPanel & WHM and already use DigitalOcean. We’ve enjoyed using DigitalOcean over the years to benchmark our installers, and can’t wait for our customers to take advantage of it. DigitalOcean’s commitment to the developer community and open source software make them an excellent choice for any cPanel customer.”

First released in 1997, cPanel & WHM is the leading web hosting automation software globally. Its ever-growing user base prefers the familiar, feature-full, and simple interface. Coupled with the ease of DigitalOcean 1-Click Apps, this removes the biggest hurdles in managing a server. The 1-Click Apps on Marketplace makes it simple to build your server with cPanel & WHM installed already, allowing users to get straight to work building and maintaining an online presence.

While highly technical features like its robust APIs and EasyApache make managing infrastructure simple, features like the Website Builder and WordPress Manager make it easy to for even technical novices to build and manage stunning websites. This Linux-based software allows you to take control of your website files, databases, web directories, and email accounts as well as set up domains in one single interface. Even website owners can handle this software without fuss.

Continue reading
  754 Hits

Copyright

© Cpanel

754 Hits
FEB
28

cPanel & WHM Version 70 EOL in 1 Month

The current LTS (Long Term Support) version, cPanel & WHM version 70, will reach End of Life in one month at the end of March 2019. At that time, Version 70 will no longer be supported by cPanel except when upgrading to a supported version. We recommend that all customers …
Original author: benny Vasquez
  758 Hits

Copyright

© Cpanel

758 Hits
FEB
20

EasyApache 4 Feb 20 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look below, and then join us on Slack, Discord, or Reddit to talk about this update and much more. cPanel, L.L.C. has updated 3 RPMs for EasyApache 4. 2019-2-20 apr EA-8225: Update APR to 1.6.5, drop 1.6.3 …
Original author: Phil Hodges
  744 Hits

Copyright

© Cpanel

744 Hits
FEB
20

cPanel & WHM Version 78 now in RELEASE!

We are happy to announce that cPanel, Inc. has released cPanel & WHM Version 78 to the RELEASE tier! This version is our 2019 LTS (Long Term Support) version and will be supported until March of 2020. Take a look at highlights on our release site, or check out the full …
Original author: benny Vasquez
  758 Hits

Copyright

© Cpanel

758 Hits
FEB
13

EasyApache 4 Feb 13 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on SlackDiscord, or Reddit to talk about this update and much more.

This release includes a security patch that has been issued a fix for a CVE (Common Vulnerabilities and Exposures), the details of which are included below.

SUMMARY
cPanel, L.L.C. has updated RPMs for EasyApache 4 with cURL version 7.64.0 on February 6, 2019. This release addresses vulnerabilities related to CVE-2018-16890, CVE-2019-3822, and CVE-2019-3823. We strongly encourage all cURL users to update to version 7.64.0.


AFFECTED VERSIONS
All versions of cURL through cURL 7.63.0


SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

Continue reading
  653 Hits

Copyright

© Cpanel

653 Hits
FEB
06

EasyApache 4 Feb 6 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on Slack, Discord, or Reddit to talk about this update and much more. mod_lsapi, mod_liblsapi, cURL and Tomcat are all receiving updates in this release. ea-apache2-config ZC-4742: Install …
Original author: Phil Hodges
  636 Hits

Copyright

© Cpanel

636 Hits
FEB
01

cPanel & WHM Version 70 EOL in 2 Months

The current LTS (Long Term Support) version, cPanel & WHM version 70, will reach End of Life at the end of March 2019. At that time, Version 70 will no longer be supported by cPanel except when upgrading to a supported version. We recommend that all customers migrate any existing …
Original author: benny Vasquez
  655 Hits

Copyright

© Cpanel

655 Hits
JAN
30

EasyApache 4 Jan 30 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on SlackDiscord, or Reddit to talk about this update and much more.

This release includes a security patch that has been issued a fix for a CVE (Common Vulnerabilities and Exposures), the details of which are included below.

SUMMARY
cPanel, L.L.C. has updated RPMs for EasyApache 4 with Apache version 2.4.38. This release addresses vulnerabilities related to CVE-2019-0190, CVE-2018-17199, and CVE-2018-17189. We strongly encourage all Apache users to update to version 2.4.38.

AFFECTED VERSIONS
All versions of Apache through Apache 2.4.37

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

Continue reading
  697 Hits

Copyright

© Cpanel

697 Hits
JAN
22

cPanel TSR-2019-0001 Full Disclosure

Yesterday we released new builds for versions 70, 76, and 78. These updates provided targeted changes to address security concerns with the cPanel & WHM product. Below is the full disclosure of the updates that were included in these builds.

SEC-415

Summary

Internal data disclosed to OpenID providers.

Security Rating

Continue reading
  643 Hits

Copyright

© Cpanel

643 Hits
JAN
21

cPanel TSR-2019-0001 Announcement

cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.

cPanel has rated these updates as having CVSSv3 scores ranging from 2.2 to 6.5.

Information on cPanel’s security ratings is available at https://go.cpanel.net/securitylevels.

If your deployed cPanel & WHM servers are configured to automatically update when new releases are available, then no action is required. Your systems will update automatically. If you have disabled automatic updates, then we strongly encourage you to update your cPanel & WHM installations at your earliest convenience.

RELEASES

Continue reading
  708 Hits

Copyright

© Cpanel

708 Hits
Advertisement