AUG
07

EasyApache 4 Aug 7 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on SlackDiscord, or Reddit to talk about this update and much more.

2019-8-7

php-cliEA-8537: Fix php version detection when cwd is a symlink.mod_ruid2ZC-5378: Do not call distiller if its does not exist.ea-tomcat85EA-8590: Fix syntax errors in user-init.shea-nodejs10EA-8592: Update ea-nodejs10 to 10.16.1, drop 10.16.0.ea-apache2-configEA-8572: Fixed typo in setting RLimitCPU and RLimitMEMphp71EA-8595: Update PHP 7.1 to 7.1.31, drop 7.1.30.php71-metaEA-8595: Update PHP 7.1 to 7.1.31, drop 7.1.30.php72EA-8593: Update PHP 7.2 to 7.2.21, drop 7.2.20.php72-metaEA-8593: Update PHP 7.2 to 7.2.21, drop 7.2.20.php73EA-8594: Update PHP 7.3 to 7.3.8, drop 7.3.7.php73-metaEA-8594: Update PHP 7.3 to 7.3.8, drop 7.3.7.

This release includes a security patch that has been issued a fix for a CVE (Common Vulnerabilities and Exposures), the details of which are included below.

SUMMARY
cPanel, L.L.C. has updated RPMs for EasyApache 4 with PHP versions 7.1.31, 7.2.21, and 7.3.8. This release addresses vulnerabilities related to CVE-2019-11041 and CVE-2019-11042, plus other vulnerabilities with no number currently assigned. We strongly encourage all PHP 7.1 users to upgrade to version 7.1.31, all PHP 7.2 users to upgrade to version 7.2.21, and all PHP 7.3 users to upgrade to version 7.3.8.

AFFECTED VERSIONS
All versions of PHP 7.1 through 7.1.30
All versions of PHP 7.2 through 7.2.20
All versions of PHP 7.3 through 7.3.7


SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

Continue reading
  2 Hits

Copyright

© Cpanel

2 Hits
JUL
31

cPanel, the Hosting Platform of Choice, Announces Partnership with CloudLinux extending support for Linux Systems Based on RHEL 6 and CentOS 6

Houston, Texas, July 31, 2019 – cPanel® is excited to announce a partnership with CloudLinux to extend support for systems running Red Hat® Enterprise Linux® 6 and CentOS 6 by nearly 4 years.

Released in 2011, Red Hat Enterprise Linux (RHEL) 6 and CentOS 6 have been receiving only security updates since May of 2017. These operating systems will reach End of Life (EOL) in November of 2020. At that time, without security patches or bug fixes, hosting providers will be required to migrate their customers to avoid using an operating system that is vulnerable to attacks and malware. Additionally, websites hosting on those operating systems will lose compliance with data and system certifications such as SOC 2 and PCI DSS.

To mitigate this scenario and reduce maintenance burden for our community, cPanel and CloudLinux will work together to support CloudLinux OS 6 for cPanel & WHM users until June 30, 2024. Full details about this initiative can be found at cloudlinux.com.

“We are excited to work with CloudLinux to extend the lifecycle of CloudLinux OS 6. Our goals are to give the hosting industry a viable answer and more flexibility in their operations schedule. Hosting companies shouldn’t be required to choose between security and downtime for their customers,” said Ken Power, VP of Product Development for cPanel, L.LC.

Users of the hybrid kernel in CloudLinux OS 6 will effectively enjoy extended support of RHEL 6/CentOS 6 until 2024. By that time, hosting providers will be able to safely migrate directly to RHEL 8, skipping RHEL 7 deployment entirely. RHEL 8 and CentOS 8 will be supported until May 5, 2029. For enterprises and hosting companies running their systems on CloudLinux OS 6, this equates to fewer migrations and less administration.

Continue reading
  2 Hits

Copyright

© Cpanel

2 Hits
JUL
30

cPanel & WHM Version 82 now in RELEASE!

We are happy to announce that cPanel, L.L.C. has released cPanel & WHM Version 82 to the RELEASE tier! Version 82 brings another round of speed and usability improvements for the product. API calls are up to 25% faster, and our software has been made even leaner, leading to a reduction in memory …
Original author: benny Vasquez
  2 Hits

Copyright

© Cpanel

2 Hits
JUL
24

EasyApache 4 – July 24 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! This release includes updating LiteSpeed from Version 7.4 to 7.5. Join us on Slack, Discord, or Reddit to talk about this update and much more. 2019-7-24 ea-apache2-config EA-8573 – Removal of ea-php*-php package does not update .htaccess files libcurl …
Original author: benny Vasquez
  2 Hits

Copyright

© Cpanel

2 Hits
JUL
16

cPanel TSR-2019-0004 Full Disclosure

Yesterday cPanel released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. Below is the full disclosure of the changes included in that update.

Information on cPanel’s security ratings is available at https://go.cpanel.net/securitylevels.

If your deployed cPanel & WHM servers are configured to automatically update when new releases are available, then no action is required. Your systems will update automatically. If you have disabled automatic updates, then we strongly encourage you to update your cPanel & WHM installations at your earliest convenience.

SEC-501

Summary
Demo account remote code execution via faulty URI dispatching.
Security Rating
cPanel has assigned this vulnerability a CVSSv3 score of 6.5 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L
Description
Errors in the dispatching logic for email autoconfiguration URIs allowed demo accounts to execute functions in the cpanel templating engine that are normally prohibited.
Credits
This issue was discovered by the cPanel Security Team.
Solution
This issue is resolved in the following builds:
11.80.0.22
11.78.0.34

Continue reading
  2 Hits

Copyright

© Cpanel

2 Hits
JUL
15

TSR-2019-0004 Announcement

cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.

cPanel has rated these updates as having CVSSv3 scores ranging from 3.3 to 7.3.

Information on cPanel’s security ratings is available at https://go.cpanel.net/securitylevels.

If your deployed cPanel & WHM servers are configured to automatically update when new releases are available, then no action is required. Your systems will update automatically. If you have disabled automatic updates, then we strongly encourage you to update your cPanel & WHM installations at your earliest convenience.

RELEASES

Continue reading
  2 Hits

Copyright

© Cpanel

2 Hits
JUL
10

EasyApache 4 July 10 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! This release includes some PHP version updates. Join us on Slack, Discord, or Reddit to talk about this update and much more. 2019-7-10 scl-php72 EA-8560: Update PHP 7.2 to version 7.2.20, drop 7.2.19. scl-php72-meta EA-8560: Update PHP 7.2 to …
Original author: Phil Hodges
  2 Hits

Copyright

© Cpanel

2 Hits
JUL
09

cPanel & WHM Version 82 now in CURRENT!

We are happy to announce that cPanel, L.L.C. has released cPanel & WHM Version 82 to the CURRENT tier! Version 82 brings another round of speed and usability improvements for the product. API calls are up to 25% faster, and our software has been made even leaner, leading to a reduction in memory …
Original author: benny Vasquez
  2 Hits

Copyright

© Cpanel

2 Hits
JUL
02

EasyApache 4 July 2 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on Slack, Discord, or Reddit to talk about this update and much more. 2019-7-2 apr EA-8542 – Change APR to use USE_SYSVSEM_SERIALIZE for the apr_lock_method. ea-apache2 EA-8533 – Ensure ea-apr and …
Original author: Phil Hodges
  2 Hits

Copyright

© Cpanel

2 Hits
JUN
19

cPanel & WHM Version 80 now in STABLE!

We are happy to announce that cPanel, LLC. has released cPanel & WHM Version 80 to the STABLE tier! For this version, we have focused on speed and expanding the types of websites you can host on a cPanel server.

We want to especially thank those of you who have Send error reports to cPanel for analysis enabled, as you were critical in helping us reduce the install and update times. If you are interested in helping with these decisions in the future, make sure to participate in the cPanel Analytics program!

Take a look at highlights for this version on our release site, or check out the full release notes. Then, join us on Slack, Discord, or Reddit to talk about all the exciting improvements.

Build Node.js Applications

Website owners can now host Node.js applications on cPanel & WHM servers. Hosting providers can install the ea-nodejs10 module in the Additional Packages section of WHM’s EasyApache 4 interface. | Read More

Plus Addressing Management

cPanel users can disable automatic mailbox creation for plus addressing in the Email Accounts interface. This only affects mailbox creation, and your server will still deliver plus address messages to the correct address. | Read More

Continue reading
  2 Hits

Copyright

© Cpanel

2 Hits
JUN
06

Urgent Updates for 70, 76, and 78 and Exim CVE-2019-10149

In a post on the cPanel Blog last night we shared information regarding an exploit that had been identified in Exim. This exploit allows attackers to execute code as the root user on your server without authentication and was rated a 9.8 out of 10 in severity. While Version 80 was never vulnerable …
Original author: benny Vasquez
  2 Hits

Copyright

© Cpanel

2 Hits
JUN
05

EasyApache 4 June 5 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on SlackDiscord, or Reddit to talk about this update and much more.

ea-apache24EA-8508: Apache crashes with Prefork due to ‘couldn’t release the accept mutexea-nodejs10ZC-5152: Remove mod_passenger requirement from ea-nodejsmod_security2EA-8506: Fix update to Mod_Security 2.9.3: Update is segfaulting on some serversEA-8507: Mod_Security 2.9.3 update some rules fail syntax check / Segmentation faultscl-php71EA-8516: Update scl-php71 from v7.1.29 to v7.1.30scl-php71-metaEA-8516: Update scl-php71 from v7.1.29 to v7.1.30scl-php72EA-8514 : Update scl-php72 from v7.2.18 to v7.2.19scl-php72-metaEA-8514: Update scl-php72 from v7.2.18 to v7.2.19scl-php73EA-8515: Update scl-php73 from v7.3.5 to v7.3.6scl-php73-metaEA-8515: Update scl-php73 from v7.3.5 to v7.3.6

This release includes a security patch that has been issued a fix for a CVE (Common Vulnerabilities and Exposures), the details of which are included below.

SUMMARY
cPanel, L.L.C. has updated RPMs for EasyApache 4 with PHP versions 7.1.30, 7.2.19, and 7.3.6. This release addresses vulnerabilities related to CVE-2019-11038, CVE-2019-11039, and CVE-2019-11040. We strongly encourage all PHP 7.1 users to upgrade to version 7.1.30, all PHP 7.2 users to upgrade to version 7.2.19, and all PHP 7.3 users to upgrade to version 7.3.6.

AFFECTED VERSIONS
All versions of PHP 7.1 through 7.1.29
All versions of PHP 7.2 through 7.2.18
All versions of PHP 7.3 through 7.3.5


SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

Continue reading
  2 Hits

Copyright

© Cpanel

2 Hits
JUN
04

Announcing our new cPanel Certified Partner Program

cPanel®, the Hosting Platform of Choice, announces its new Certified Partner Program.

Houston, Texas – June 2019 cPanel is excited to announce that, starting immediately, PartnerNOCs can distinguish themselves as leaders in the industry by joining the new cPanel Certified Partner Program.

The cPanel Certified Partner Program will give cPanel Partners an opportunity to acquire a new form of esteemed accreditation, displayed prominently alongside their company’s name in the cPanel Partner Directory. cPanel Certified Partners will receive a certificate, and a high-resolution, digital badge to represent their new status. These partners will also have their support requests automatically escalated to cPanel’s entirely new Ultra Priority Technical Support queue.

“cPanel is known for its incredible quality support team, and we want to recognize Partners that work to provide that same quality support,” said Nick Koston, cPanel’s CEO.

Partners achieve a cPanel Certified Partner status by ensuring they have the required number of cPanel UniversityTM Certified employees and meeting the criteria set out in the program documents. “The cPanel University is an online resource for everyone trying to learn cPanel & WHM®, sharpen old cPanel & WHM skills, or prove what they already know,” said Jesse Asklund, Director of Support at cPanel. “Leveraging the cPanel University to offer this extra recognition for our Partners was an obvious choice.”

Continue reading
  2 Hits

Copyright

© Cpanel

2 Hits
MAY
29

EasyApache 4 May 29 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4!  This release includes updates to multiple modules including apr, libcurl, nodejs10, sourceguardian, and ruby24. Take a look at some highlights below, and then join us on SlackDiscord, or Reddit to talk about this update and much more.

• apr
     • EA-8471 – Update apr from v1.6.5 to v1.7.0

• ea-apache2-config
     • EA-8436 – Mailman aliases exist in httpd.conf after it’s disabled via Tweak Settings

• ea-freetds
     • EA-8462 – Update freetds from 1.00.27 to 1.1.6

• ea-nghttp2
     • EA-8473 – Update ea-nghttp2 from v1.32.0 to v1.38.0

Continue reading
  2 Hits

Copyright

© Cpanel

2 Hits
MAY
28

cPanel & WHM Version 80 now in RELEASE!

We are happy to announce that cPanel, LLC. has released cPanel & WHM Version 80 to the RELEASE tier! For this version, we have focused on speed and expanding the types of websites you can host on a cPanel server.

We want to especially thank those of you who have Send error reports to cPanel for analysis enabled, as you were critical in helping us reduce the install and update times. If you are interested in helping with these decisions in the future, make sure to participate in the cPanel Analytics program!

Take a look at highlights for this version on our release site, or check out the full release notes. Then, join us on Slack, Discord, or Reddit to talk about all the exciting improvements.

One-Click HTTPS Redirection of Websites

Version 80 brings a Force HTTPS Redirect toggle to cPanel’s Domains interface. When enabled, it automatically redirects website visitors to a secured version (HTTPS) when a valid SSL certificate is installed.

Read More

Continue reading
  2 Hits

Copyright

© Cpanel

2 Hits
MAY
21

cPanel TSR-2019-0003 Full Disclosure

Yesterday cPanel released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. Below is the full disclosure of the changes included in that update.

Information on cPanel’s security ratings is available at https://go.cpanel.net/securitylevels.

If your deployed cPanel & WHM servers are configured to automatically update when new releases are available, then no action is required. Your systems will update automatically. If you have disabled automatic updates, then we strongly encourage you to update your cPanel & WHM installations at your earliest convenience.

SEC-486

Summary

Local code execution as other cPanel accounts via insecure cpphp execution.

Continue reading
  2 Hits

Copyright

© Cpanel

2 Hits
MAY
20

cPanel TSR-2019-0003 Announcement

cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.

cPanel has rated these updates as having CVSSv3 scores ranging from 3.3 to 7.4.

Information on cPanel’s security ratings is available at https://go.cpanel.net/securitylevels.

If your deployed cPanel & WHM servers are configured to automatically update when new releases are available, then no action is required. Your systems will update automatically. If you have disabled automatic updates, then we strongly encourage you to update your cPanel & WHM installations at your earliest convenience.

RELEASES

Continue reading
  2 Hits

Copyright

© Cpanel

2 Hits
MAY
15

EasyApache 4 May 15 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! The changes in this version include the removal of PHP 5.6 and 7.0 from default EA4 profiles, an update of Tomcat to v8.5.40, the addition of PHP 7.2 to various profiles, and more! If you …
Original author: Phil Hodges
  2 Hits

Copyright

© Cpanel

2 Hits
MAY
13

cPanel & WHM Version 80 now in CURRENT

We are happy to announce that cPanel, LLC. has released cPanel & WHM Version 80 to the CURRENT tier! For this version, we have focused on speed and expanding the things you can host on a cPanel server. Take a look at highlights on our release site, or check out the full release notes for v80. Then, join us on Slack, Discord, or Reddit to talk about all the exciting improvements.

Install cPanel & WHM in Less than 5 Minutes

Version 80 improves the installation and update speeds of cPanel & WHM by making significant backend improvements. Installation times now average 3.5 minutes, depending on hardware and bandwidth. | Read More

Improved Password Strength Algorithm

We are improving the password strength check algorithm throughout cPanel & WHM; now returning lower scores for passwords with common dictionary words. | Read More

Continue reading
  2 Hits

Copyright

© Cpanel

2 Hits
MAY
08

EasyApache 4 May 8 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! This release contains a debuginfo package for ea-liblsapi, a fix for an Apache issue with symlink protection, and a number of PHP updates. Take a look at some highlights below, and then join us on SlackDiscord, or Reddit to talk about this update and much more.

ea-liblsapiEA-8330 – Build debuginfo package for ea-liblsapiea-apache2CPANEL-27056 – apache is serving up root owned files when symlink protection is enabledscl-php71scl-php71-metaEA-8431 – Update PHP71 from 7.1.28 to 7.1.29scl-php72scl-php72-metaEA-8427 – Update PHP72 from v7.2.17 to v7.2.18scl-php73scl-php73-metaEA-8428 – Update PHP73 from v7.3.4 to v7.3.5


This release includes a security patch that has been issued a fix for a CVE (Common Vulnerabilities and Exposures), the details of which are included below.

SUMMARY
cPanel, L.L.C. has updated RPMs for EasyApache 4 with PHP versions 7.1.29, 7.2.18, and 7.3.5. This release addresses vulnerabilities related to CVE-2019-11036 and another other vulnerability which has not yet been assigned a number. We strongly encourage all PHP 7.1 users to upgrade to version 7.1.29, all PHP 7.2 users to upgrade to version 7.2.18, all PHP 7.3 users to upgrade to version 7.3.5.

AFFECTED VERSIONS
All versions of PHP 7.1 through 7.1.28
All versions of PHP 7.2 through 7.2.17
All versions of PHP 7.3 through 7.3.4


SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

Continue reading
  244 Hits

Copyright

© Cpanel

244 Hits
Advertisement