We are happy to announce that cPanel, Inc. has released cPanel & WHM Version 74 to the STABLE tier! Version 74 includes updates for some of our biggest features. Take a look at the full release notes, then join us on Slack, Discord, or Reddit to talk about all the exciting improvements!

Protect your server’s reputation

The combination of the Monitor Recipients for Potential Spammers, and the Action Taken when Spammers Found additions to Tweak Settings will monitor outbound mail on a per-account basis, and allow webhosts to prevent negative impact from a compromised account.

Host Contact Info Shown to Visitors

To help avoid confusion for hosting clients that are looking for their webhost, we now display the hosting provider’s contact information on the Account Suspended and Default Webpage placeholder pages.

SUMMARY
cPanel, Inc. has updated RPMs for EasyApache 4 with OpenSSL version 1.0.2p on August 29, 2018. This release addresses security vulnerabilities related to CVE-2018-0732 and CVE-2018-0737. We strongly encourage all OpenSSL users to update their version of OpenSSL.

AFFECTED VERSIONS
All versions of OpenSSL through 1.0.2o

SECURITY RATING

CVE-2018-0732 – MEDIUM
Fixed bug key agreement related to CVE-2018-0732

CVE-2018-0737 – MEDIUM
Fixed vulnerability in RSA Key generation algorithm related to CVE-2018-0737

On August 20th, 2018, cPanel signed an agreement to be acquired by a group led by Oakley Capital (Oakley). The group also owns Plesk and SolusVM. This investment will enable significant investment in new product and feature innovation and will support growth in headcount in Houston, Texas, USA where cPanel will continue to be headquartered.

Established in 1997 by CEO Nick Koston, cPanel provides one of the Internet infrastructure industry’s most reliable and intuitive web hosting automation software platforms. With its rich feature set and customer first support, the fully-automated hosting platform empowers infrastructure providers and gives customers the ability to administer every facet of their website using simple point-and-click software. Based in Houston, TX, cPanel employs over 220 team members and has customers in more than 70 countries.
cPanel has developed an FAQ at https://go.cpanel.net/investmentfaq/ that it hopes answers many questions that typically arise following the announcement of a transaction.

“This investment reflects a great step forward for cPanel. Our team has developed software that contributes to the success of millions of websites operating globally and looks forward to continuing to do so with the same passion that you, our loyal customers have come to love. This investment will give Internet infrastructure providers access to a wider range of software, features and support. I am excited about what the future holds for the company and the great team at cPanel.” — Nick Koston, CEO

For further information please contact:
cPanel, Inc.
benny Vasquez, Manager of Community Engagement
832-433-4005
This email address is being protected from spambots. You need JavaScript enabled to view it.

HOUSTON, August 15, 2018 (Newswire.com) – cPanel Inc., the Hosting Platform of Choice, is pleased to announce the conference schedule is now live for its 2018 cPanel Conference in Houston, Texas, on Oct. 1-3. A copy of the schedule is now available on the conference website. Visitors will be pleased with what they see.

Over 100 people have already registered this year, which puts registration well ahead of average. All three evening events are included in the cost of an attendee ticket and with the schedule released, there is no better time to register. Even better yet, attendees who stay at the conference hotel and book their stay before Sept. 8 will receive a significant discount on the cost of accommodations.

Ken Power, Vice President of Product Development, is excited to see growth for the cPanel Conference. “This year’s early success over previous years is a product of us reacting to the feedback that our attendees provide. The subjects that our speakers have picked will cover a broad spectrum of disciplines, and the sponsors and exhibitors are precisely who our attendees want to see.”

This year’s early success over previous years is a product of us reacting to the feedback that our attendees provide. The subjects that our speakers have picked will cover a broad spectrum of disciplines, and the sponsors and exhibitors are precisely who our attendees want to see.

We are happy to announce that cPanel, Inc. has released cPanel & WHM Version 74 to the RELEASE tier! Version 74 includes updates for some of our biggest features. Take a look at the full release notes, then join us on Slack, Discord, or Reddit to talk about all the exciting improvements!

Improved Domain Validation

Both DNS-based DCV (Domain Control Validation) and Ancestor- (or primary-domain) DCV have been added in Version 74. These two will drastically reduce hiccups with SSLs issued by AutoSSL and Market Place Providers.

Object-Storage, S3-Compatible Backup Destinations

We have expanded the remote backup destinations further to include object storage destinations similar to Amazon S3.

SUMMARY
cPanel, Inc. has updated RPMs for EasyApache 4 with PHP versions 5.6.37, 7.0.31, 7.1.20, and 7.2.8 and released EasyApache 3.36.7 with PHP version 5.6.37 on July 25, 2018. This release addresses security vulnerabilities with no CVE numbers currently assigned. We strongly encourage PHP users to update their version of PHP.

AFFECTED VERSIONS
All versions of PHP 5.6 through 5.6.36
All versions of PHP 7.0 through 7.0.30
All versions of PHP 7.1 through 7.1.19
All versions of PHP 7.2 through 7.2.7

SECURITY RATING

At this time, no CVE numbers are assigned. We will update this notice when they are available.

SOLUTION
cPanel, Inc. has released updated RPMs for EasyApache 4 on July 25, 2018 with PHP versions 5.6.37, 7.0.31, 7.1.20, and 7.2.8. Unless you have enabled automatic RPM updates in your cron, update your system with either yum update or WHM’s Run System Update interface.

We are happy to announce that cPanel, Inc. has released cPanel & WHM Version 74 to the CURRENT tier! Version 74 includes updates for some of our biggest features. Take a look at the full release notes, then join us on Slack, Discord, or Reddit to talk about all the exciting improvements! :thumbsup:

Git Automatic Deployment

Improving on the new Git Version Control feature, we now include the ability to automatically deploy changes merged into any branch of your cPanel-hosted git repositories.

Stop Spammers Instantly

The combination of the Monitor Recipients for Potential Spammers, and the Action Taken when Spammers Found additions to Tweak Settings will monitor outbound mail on a per-account basis, and allow webhosts to prevent negative impact from a compromised account.

SUMMARY

cPanel, Inc. has updated RPMs for EasyApache 4 with cURL version 7.61.0 and Apache 2.4.34 and released EasyApache 3.36.6 with cURL 7.61.0 and Apache 2.4.34 on July 18, 2018. This release addresses vulnerabilities related to CVE-2018-0500, CVE-2018-8011, and CVE-2018-1333. We strongly encourage all cURL users to update to version 7.61.0 and all Apache 2.4 users to upgrade to version 2.4.34.

AFFECTED VERSIONS
All versions of cURL through cURL 7.60.0
All versions of Apache through Apache 2.4.33

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

CVE-2018-0500 – MEDIUM
cURL 7.61.0
Fixed bug related to CVE-2018-0500

CVE-2018-8011 – MEDIUM
Apache 2.4.34
Fixed bug in mod_md module related to CVE-2018-8011

We are happy to announce that cPanel, Inc. has released cPanel & WHM Version 72 to the STABLE tier! Version 72 includes a focus on improving backups, security, and application development. Take a look at the full release notes, then join us on Slack, Discord, or Reddit to discuss more! :wave:

File and Directory Restoration

We have improved and updated the File Restoration interface to include directory restoration. We take you through the new interface on cPanelTV.

Backup Metadata Improvements

The metadata system that powers our File and Directory Restoration interface has been rebuilt from the ground up with a focus on speed and scalability.

More Information

Check out the cPanel Release site to see an overview of the latest features and updates cPanel & WHM has to offer! All of the details about all cPanel & WHM Version 72 features can be found in the Release Notes.

To ensure that you receive up-to-date product news from cPanel, we encourage you to subscribe to the “Product & Security Notifications” mailing list at cPanel Mailing List.

cPanel TSR-2018-0004 Full Disclosure

SEC-367

Summary

Stored-XSS in WHM File Restoration interface.

Security Rating

cPanel TSR-2018-0004 Announcement

cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.

cPanel has rated these updates as having CVSSv3 scores ranging from 2.8 to 6.5.

Information on cPanel’s security ratings is available at https://go.cpanel.net/securitylevels.

If your deployed cPanel & WHM servers are configured to automatically update when new releases are available, then no action is required. Your systems will update automatically. If you have disabled automatic updates, then we strongly encourage you to update your cPanel & WHM installations at your earliest convenience.

cPanel & WHM version 62 has reached End of Life and will no longer be supported by cPanel except when upgrading to a supported version. This was an extension of support, which can be read further about here: http://news.cpanel.com/support-for-cpanel-whm-version-62-extended-to-june-2018/

In accordance with our EOL policy (https://go.cpanel.net/longtermsupport), 62 will continue functioning on servers where it is already installed. The last release of cPanel & WHM version 62, 62.0.48, will remain on our mirrors indefinitely. However, no further updates, such as security fixes and installations, will be provided for 62. Older releases of cPanel & WHM 62 will be removed from our mirrors.

We recommend that all customers migrate any existing installations of cPanel & WHM version 62 to the most recent version of cPanel & WHM presently. They can upgrade to version 70 if they would like to upgrade to the 2018 LTS version. Our latest version, 72 is detailed on our current release site: https://releases.cpanel.net.

If your server setup complicates the process of migrating to a newer version of cPanel & WHM (an upgrade blocker list is available at https://go.cpanel.net/blockers), then cPanel is here to help. Simply open a support ticket at https://tickets.cpanel.net/submit so that our knowledgeable support team can provide recommendations, migration assistance, and more.

For the PGP-signed message, see 62EOLnow-signed.

We are happy to announce that cPanel, Inc. has released cPanel & WHM Version 72 to the RELEASE tier! Version 72 includes a focus on improving backups, security, and application development. Take a look at the full release notes, then join us on Slack, Discord, or Reddit to discuss more! :wave:

Web-Based Terminal

Whether you’re on the road, or just not at your computer, you will love the power of this new feature. Both root-level WHM users and cPanel users can now manage their server or website using cPanel & WHM’s new web-based terminal.

Limit Available PHP Versions​

Web hosting providers can now limit the PHP versions that cPanel accounts are allowed to view and use. Doing so helps to increase server security and reduce complexity for cPanel users.​

More Information

Check out the cPanel Release site to see an overview of the latest features and updates cPanel & WHM has to offer! All of the details about all cPanel & WHM Version 72 features can be found in the Release Notes.

To ensure that you receive up-to-date product news from cPanel, we encourage you to subscribe to the “Product & Security Notifications” mailing list at cPanel Mailing List.

As of cPanel & WHM Version 70’s release to STABLE on June 6th, cPanel & WHM version 68 has reached End of Life and will no longer be supported by cPanel except when upgrading to a supported version. Additionally, new trial licenses for versions older 70 will no longer be issued.

In accordance with our EOL policy (https://go.cpanel.net/longtermsupport), 68 will continue functioning on servers where it is already installed. The last release of cPanel & WHM version 68, 68.0.39, will remain on our mirrors indefinitely. However, no further updates, such as security fixes and installations, will be provided for 68. Older releases of cPanel & WHM 68 have been removed from our mirrors.

We recommend that all customers migrate any existing installations of cPanel & WHM Version 68 to the most recent version of cPanel & WHM 72, which you can read about on https://releases.cpanel.net.

If your server setup complicates the process of migrating to a newer version of cPanel & WHM (an upgrade blocker list is available at https://go.cpanel.net/blockers), then cPanel is here to help. Simply open a support ticket at https://tickets.cpanel.net/submit so that our knowledgeable support team can provide recommendations, migration assistance, and more.

For the PGP-Signed version of this announcement please see: 201806.68EOLnow-signed.

We are happy to announce that cPanel, Inc. has released cPanel & WHM Version 72 to the CURRENT tier! The second 2018 release of cPanel & WHM, Version 72 includes a focus on improving backups, security, and application development. Take a look at the full release notes, then join us on Slack, Discord, or Reddit to discuss more! :wave:

Git Version Control

If you have been following along on our feature request site, you already know about our new feature, Git™ Version Control. We’re designing it to make hosting repositories as easy for developers as a “Hello World!” script. See the full depth of features and a feature introduction on our blog.

Improved Automation around Apache and PHP-FPM

With version 72 we adjusted PHP-FPM to use a graceful restart, preventing service interruptions. In Version 70 we added two options in Tweak Settings that help reduce the number of Apache restarts. Delayed Graceful Restarts and Deferred Reload Time will help keep high-capacity servers online.

More Information

Check out the cPanel Release site to see an overview of the latest features and updates cPanel & WHM has to offer! All of the details about all cPanel & WHM Version 72 features can be found in the Release Notes.

We are happy to announce that cPanel, Inc. has released cPanel & WHM Version 70 to the STABLE tier! As the first 2018 release of cPanel & WHM, Version 70 is the only version that will enter the LTS tier this year. Support for Version 62 remains until the end of June, allowing users of the LTS tier time to upgrade to Version 70. Below are just a few of the updates included in this version.

Geofilter User Logins

Server Administrators can now drastically increase security with cPHulk’s new “Country Management” interface. By blocking or white-listing logins in the new “Country Management” interface, you can define who is allowed to log in to your cPanel accounts, WHM accounts, and much more.

More details are provided in the Version 70 cPHulk documentation.

Suspend Mail per Email Account

You can now suspend or queue the outgoing mail from a single email account on your server. This feature expands on the options we added in version 54 allowing you to suspend individual email accounts. Read more in the Version 70 Release Notes.

Join the Discussion!

Starting today we have added two more ways for you to interact with us! In addition to IRC, for the next 24 hours you can join us in our Slack and Discord channels.

The 2018 cPanel Conference, in Houston on October 2 & 3, is excited to announce its top-level sponsor!

HOUSTON, June 5, 2018 (Newswire.com) – cPanel is excited to announce that WHMCS, has returned to claim the New Horizons sponsorship of the 2018 cPanel Conference! This year represents the 7th time that WHMCS has sponsored the Annual cPanel Conference. This year the conference will be returning to our home, Houston, Texas.

“The annual cPanel Conference is a great opportunity for us to meet and connect with customers of the most widely used web hosting automation software in the world.” Said Matt Pugh, CEO of WHMCS. “This year we’re excited to be part of the conference again and will be giving some incredible talks, as well as providing customers and partners the chance to meet and talk face to face with members of our team. We look forward to seeing you there.”

It has been six years since cPanel partnered with WHMCS! In that time, the two companies have worked closely to deliver a more seamless user experience for web hosting customers who can now benefit from single sign-on, deep linking, automated cloud service provisioning and more.

The current LTS (Long Term Support) Version, cPanel & WHM version 62, will reach End of Life at the end of June, 2018. At that time, version 62 will no longer be supported by cPanel except when upgrading to a supported version.

In accordance with our EOL policy (https://go.cpanel.net/longtermsupport), 62 will continue functioning on servers where it is already installed. However, no further updates, including security fixes and installations, will be provided for 62 once it reaches End of Life.

We recommend that all customers migrate any existing installations of cPanel & WHM Version 62 to the most recent version of cPanel & WHM, Version 70, which you can read about on https://releases.cpanel.net. Version 70 will be the only version to enter the LTS tier this year.

If your server setup complicates the process of migrating to a newer version of cPanel & WHM (an upgrade blocker list is available at https://go.cpanel.net/blockers), then the cPanel support team is here to help! Simply open a support ticket at https://tickets.cpanel.net/submit so that our knowledgeable support team can provide recommendations, migration assistance, and more.

For the PGP-signed message, see 62EOL1Month-signed.

SUMMARY

cPanel, Inc. has updated RPMs for EasyApache 4 with cURL version 7.60.0 and released EasyApache 3.36.5 with cURL 7.60.0 on May 22, 2018. This release addresses vulnerabilities related to CVE-2018-1000300 and CVE-2018-1000301. We strongly encourage all cURL users to update to version 7.60.0.

AFFECTED VERSIONS
All versions of cURL through cURL 7.59.0

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

CVE-2018-1000300 – MEDIUM
cURL 7.60.0
Fixed bug related to CVE-2018-1000300

cPanel TSR-2018-0003 Full Disclosure

SEC-393

Summary

API tokens retain ACLs that are removed from accounts.

Security Rating