JAN
18

cPanel TSR-2021-0001 Announcement

cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.

cPanel has rated these updates as having CVSSv3.1 scores ranging from 2.5 to 3.3.

Information on cPanel’s security ratings is available at https://go.cpanel.net/securitylevels.

If your deployed cPanel & WHM servers are configured to automatically update when new releases are available, then no action is required. Your systems will update automatically. If you have disabled automatic updates, then we strongly encourage you to update your cPanel & WHM installations at your earliest convenience.

RELEASES

The following cPanel & WHM versions address all known vulnerabilities:

Continue reading
  94 Hits

Copyright

© Cpanel

94 Hits
JAN
13

EasyApache 4 January 13 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on Discord or Reddit to talk about this update and much more.

ea-apache2
EA-9506: Do not start htcacheclean service if mod_cache_disk module is not loaded.
ea-libicu
EA-9527: Update ea-libicu to 68.2. drop 67.
ea-nodejs10
ea-php74
EA-9517: Update ea-php74 to 7.4.14, drop 7.4.13 (with fix for CVE-2020-7071).
ea-php74-meta
EA-9517: Update ea-php74 to 7.4.14, drop 7.4.13 (with fix for CVE-2020-7071).
ea-php80
EA-9519: Update ea-php80 to 8.0.1, drop 8.0.0 (with fix for CVE-2020-7071).
ea-php80-meta
EA-9519: Update ea-php80 to 8.0.1, drop 8.0.0 (with fix for CVE-2020-7071).
ea-ruby27-passenger
ZC-8196: Ensure pre-2.7 apps are configured for 2.4 so that they continue to use 2.4.ZC-8188: Configure python if python3 is not thereZC-8188: Provide /etc/cpanel/ea4/passenger.python.
ea-tomcat85
EA-9505: Update ea-tomcat85 to 8.5.61, drop 8.5.60.
scl-php73
EA-9518: Update scl-php73 to 7.3.26, drop 7.3.25 (with fix for CVE-2020-7071).
scl-php73-meta
EA-9518: Update scl-php73 to 7.3.26, drop 7.3.25 (with fix for CVE-2020-7071).
scl-ruby24
ZC-8143: Compile ruby 2.4 binary to work when called directly.
scl-ruby24-passenger
ZC-8188: Make python check verbose and explicitly for mod_passenger package.ZC-8188: Configure python if python3 is not there.ZC-8188: Provide /etc/cpanel/ea4/passenger.python.

This release includes a security patch that has been issued a fix for a CVE (Common Vulnerabilities and Exposures), the details of which are included below.

SUMMARY
cPanel, L.L.C. has updated RPMs for EasyApache 4 with PHP versions 8.0.1, 7.4.14, and 7.3.26 and NodeJS version 10.23.1. This release addresses vulnerabilities related to CVE-2020-8265, CVE-2020-8287, CVE-2020-1971, and CVE-2020-7071. We strongly encourage all PHP 8.0 users to upgrade to version 8.0.1, all PHP 7.4 users to upgrade to version 7.4.14, all PHP 7.3 users to upgrade to version 7.3.26, and all NodeJS users to upgrade to version 10.23.1.
 
 
AFFECTED VERSIONS
All versions of PHP 8.0 through 8.0.0.
All versions of PHP 7.4 through 7.4.13.
All versions of PHP 7.3 through 7.3.25.
All versions of NodeJS through 10.23.0.

 
SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:
 

CVE-2020-8265 – CRITICAL
NodeJS 10.23.1
Fixed bug related to CVE-2020-8265.

Continue reading
  135 Hits

Copyright

© Cpanel

135 Hits
JAN
06

cPanel & WHM Version 94 now in EDGE!

We are happy to announce that cPanel, L.L.C. has released cPanel & WHM Version 94 to the EDGE tier!  To see what’s changing in this new version, check out our full release notes. Releases to the EDGE tier are for testing only, and should not be used on production servers.  If …

The post cPanel & WHM Version 94 now in EDGE! first appeared on cPanel Newsroom.
Original author: Tabby Worthington
  106 Hits

Copyright

© Cpanel

106 Hits
DEC
29

cPanel & WHM Version 90 Now EOL

December 29, 2020 With Version 92 in STABLE, cPanel & WHM Version 90 has reached End of Life. This version will now only be supported by cPanel when upgrading to a supported version. In accordance with our EOL policy, Version 90 will continue to function on servers where it is already installed. …

The post cPanel & WHM Version 90 Now EOL first appeared on cPanel Newsroom.
Original author: Tabby Worthington
  106 Hits

Copyright

© Cpanel

106 Hits
DEC
23

EasyApache 4 December 23 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on Discord or Reddit to talk about this update and much more.

2020-12-23

ea-openssl11
EA-9478: Update ea-openssl11 to 1.1.1i, drop 1.1.1h (with fix for CVE-2020-1971)
ea-profiles-cpanel
ZC-7620: Update Ruby profile for 2.7 on C7 and C8.
libcurl
scl-ruby24-passenger
ZC-8096: Use full path in passenger.ruby.ZC-7897: Add version/package specific template file (and support userdata paths like nginx).ZC-7655: Provide/Conflict apache24-passenger.ZC-8143: Compile ruby 2.4 binary to work when called directly.
ea-cpanel-tools
ZC-7904: Add EOL recommendation for ruby24 on C7 and later.
ea-nodejs10
ZC-8150: Install /etc/cpanel/ea4/passenger.nodejs.
ea-apache2-config
EA-9493: Remove need for perl-libwww-perl.
CentOS 8 System OpenSSL
ZC-8005: Replace ea-openssl11 with system openssl on C8.aprapr-utilea-apache2ea-freetdsea-libzipea-nghttp2ea-php74ea-php80scl-libc-clientscl-php72scl-php73
Ruby 2.7 in Production
EA-9480: Publish ea-ruby27 to production.ea-ruby27ea-ruby27-libuvea-ruby27-metaea-ruby27-passengerea-ruby27-rubygem-mizuhoea-ruby27-rubygem-nokogiriea-ruby27-rubygem-rackea-ruby27-rubygem-sqlite3

This release includes a security patch that has been issued a fix for a CVE (Common Vulnerabilities and Exposures), the details of which are included below.

SUMMARY
cPanel, L.L.C. has updated RPMs for EasyApache 4 with OpenSSL version 1.1.1i and libcurl version 7.74.0. This release addresses vulnerabilities related to CVE-2020-1971, CVE-2020-8284, CVE-2020-8285, and CVE-2020-8586. We strongly encourage all OpenSSL 1.1 users to update to version 1.1.1i and all libcurl users to update to version 7.74.0.
 
 
AFFECTED VERSIONS
All versions of OpenSSL through 1.1.1h.
All versions of libcurl through 7.73.0.

 
SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:
 

CVE-2020-1971 – MEDIUM
OpenSSL 1.1.1i
Fixed bug related to CVE-2020-1971.

Continue reading
  221 Hits

Copyright

© Cpanel

221 Hits
DEC
21

cPanel & WHM Version 92 to STABLE!

We are happy to announce that cPanel, L.L.C. has released cPanel & WHM Version 92 to the STABLE tier! Some highlights of this release can be found below, but please check the Release Site for more information. WordPress Toolkit–The Evolution of WordPress Manager We added a new feature called WordPress Toolkit. …

The post cPanel & WHM Version 92 to STABLE! first appeared on cPanel Newsroom.
Original author: Tabby Worthington
  141 Hits

Copyright

© Cpanel

141 Hits
DEC
09

EasyApache 4 December 9 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on Discord or Reddit to talk about this update and much more. ea-cpanel-tools EA-9444: Add PHP 7.2 to EOL recommendations. ea-oniguruma EA-9466: Update ea-oniguruma to 6.9.6, drop 6.9.5_rev1. ea-profiles-cpanel EA-9444: …

The post EasyApache 4 December 9 Release first appeared on cPanel Newsroom.

Original author: Tabby Worthington
  129 Hits

Copyright

© Cpanel

129 Hits
DEC
02

EasyApache 4 December 2 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on Discord or Reddit to talk about this update and much more. ea-apache2-config COBRA-11968: Fix Let’s Encrypt HTTP DCV under SSL force-redirect. ea-nghttp2 EA-9445: Update ea-nghttp2 to 1.42.0, drop 1.41.0. …

The post EasyApache 4 December 2 Release first appeared on cPanel Newsroom.

Original author: Tabby Worthington
  133 Hits

Copyright

© Cpanel

133 Hits
NOV
30

cPanel & WHM Version 92 to RELEASE!

We are happy to announce that cPanel, L.L.C. has released cPanel & WHM Version 92 to the RELEASE tier! Some highlights of this release can be found below, but please check the Release Site for more information. Experimental ImageMagick for CentOS 8 For CentOS 8 and CloudLinux 8 servers, the system …

The post cPanel & WHM Version 92 to RELEASE! first appeared on cPanel Newsroom.

Original author: Tabby Worthington
  173 Hits

Copyright

© Cpanel

173 Hits
NOV
23

EasyApache 4 November 23 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on Discord or Reddit to talk about this update and much more. 2020-11-23 mod_security2 ZC-7925: Install /etc/cpanel/ea4/modsecurity.version. More Information Information about all releases this year can be found in …

The post EasyApache 4 November 23 Release first appeared on cPanel Newsroom.

Original author: Tabby Worthington
  131 Hits

Copyright

© Cpanel

131 Hits
NOV
23

cPanel & WHM Version 88 Now EOL

With Version 90 in STABLE, cPanel & WHM Version 88 has reached End of Life. This version will now only be supported by cPanel when upgrading to a supported version. In accordance with our EOL policy, Version 88 will continue to function on servers where it is already installed. The last release of …

The post cPanel & WHM Version 88 Now EOL first appeared on cPanel Newsroom.

Original author: Tabby Worthington
  135 Hits

Copyright

© Cpanel

135 Hits
NOV
17

cPanel TSR-2020-0007 Full Disclosure


SEC-567

Summary

URL parameter injection vulnerabilities in multiple interfaces.

Security Rating

cPanel has assigned this vulnerability a CVSSv3.1 score of 2.6 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N

Description

Continue reading
  135 Hits

Copyright

© Cpanel

135 Hits
NOV
16

cPanel TSR-2020-0007 Announcement

cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.

cPanel has rated these updates as having CVSSv3.1 scores ranging from 2.6 to 4.7

Information on cPanel’s security ratings is available at https://go.cpanel.net/securitylevels.

If your deployed cPanel & WHM servers are configured to automatically update when new releases are available, then no action is required. Your systems will update automatically. If you have disabled automatic updates, then we strongly encourage you to update your cPanel & WHM installations at your earliest convenience.

RELEASES

The following cPanel & WHM versions address all known vulnerabilities:

Continue reading
  131 Hits

Copyright

© Cpanel

131 Hits
NOV
11

EasyApache 4 November 11 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on Discord or Reddit to talk about this update and much more. 2020-11-11 ea-freetds EA-9397: Update ea-freetds to 1.2.9, drop 1.2.5. ea-nodejs10 EA-9400: Update ea-nodejs10 to 10.23.0, drop 10.22.1. ea-php74 ZC-7893: Remove …

The post EasyApache 4 November 11 Release first appeared on cPanel Newsroom.

Original author: Tabby Worthington
  126 Hits

Copyright

© Cpanel

126 Hits
NOV
04

EasyApache 4 November 4 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on Discord or Reddit to talk about this update and much more. 2020-11-4 ea-apache24-mod_pagespeed EA-9262: Exclude cpanel. subdomain from Pagespeed. ea-apache2-config ZC-7308: Updates for PHP 8. ea-brotli EA-9380: Updated from …

The post EasyApache 4 November 4 Release first appeared on cPanel Newsroom.

Original author: Tabby Worthington
  135 Hits

Copyright

© Cpanel

135 Hits
NOV
03

cPanel & WHM Version 92 to CURRENT!

We are happy to announce that cPanel, L.L.C. has released cPanel & WHM Version 92 to the CURRENT tier

Included with this release are several great features, such as standardized hooks for ModSecurity functions and experimental support for CentOS 8 and CloudLinux 8. ModSecurity 3.0 is also provided on an experimental basis, for both Apache and NGINX servers.

Take a look at highlights for this version on our release site, or check out the full release notes. Then, join us on SlackDiscord, or Reddit!

WordPress Toolkit

We added a new feature called WordPress Toolkit. WordPress Toolkit is a management interface that enables you to easily install, configure, and manage WordPress®. WordPress Toolkit is available in both a Lite and Deluxe version. Click to Learn More.

Dynamic DNS

We added cPanel’s Dynamic DNS interface (cPanel >> Home >> Domains >> Dynamic DNS). The Dynamic DNS (DDNS) feature simplifies access to networks that use a dynamic IP address. This feature automatically updates the zone records for a DDNS domain. Users can navigate to a static hostname that matches the website with the network’s IP address.

Continue reading
  175 Hits

Copyright

© Cpanel

175 Hits
OCT
28

EasyApache 4 October 28 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on Discord or Reddit to talk about this update and much more. ea-apache2 EA-9374: Lower TimeoutStopSec for httpd.service. ea-php74 ZC-7497: Reinstate runselftest. libcurl EA-9371: Update libcurl to 7.73.0, drop 7.72.0 (reworked patches). scl-ruby24-rubygem-mizuho ZC-7497: …

The post EasyApache 4 October 28 Release first appeared on cPanel Newsroom.

Original author: Tabby Worthington
  131 Hits

Copyright

© Cpanel

131 Hits
OCT
14

EasyApache 4 October 14 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on Discord or Reddit to talk about this update and much more. 2020-10-14 ea-apache2-config CPANEL-34021: Proxy /cpanelwebcall/ URLs to cpsrvd. ea-cpanel-tools ZC-7629: Add mod sec 3.0 apache connector to additional packages …

The post EasyApache 4 October 14 Release first appeared on cPanel Newsroom.

Original author: Tabby Worthington
  180 Hits

Copyright

© Cpanel

180 Hits
OCT
12

cPanel & WHM Version 92 to EDGE!

We are happy to announce that cPanel, L.L.C. has released cPanel & WHM Version 92 to the EDGE tier! This release brings some quality of life improvements, including a number of interface updates. Take a look at highlights for this version on our release site, or check out our full release notes. Then, join us on DiscordReddit, or our Support Forums!

Experimental: cPanel & WHM for CentOS 8 and CloudLinux 8

We are adding an experimental version of cPanel & WHM Version 92 that has minimal functionality in CentOS 8 and CloudLinux 8 servers.

cPanel & WHM version 92 for CentOS 8 and CloudLinux 8 is experimental software and is not recommended for production environments. For more information, read our cPanel & WHM for CentOS 8 documentation. | Learn More

Experimental: Added MySQL® 8 support for CentOS 8 and CloudLinux 8

We are introducing added support for MySQL® 8 for CentOS 8 and CloudLinux 8 servers. 

You cannot upgrade MySQL 8 to MariaDB 10.x after you have installed cPanel & WHM version 92. This is due to incompatibilities between these versions. For more information, read MariaDB’s documentation.

Continue reading
  132 Hits

Copyright

© Cpanel

132 Hits
OCT
08

cPanel & WHM Version 90 now in STABLE!

We are happy to announce that cPanel, L.L.C. has released cPanel & WHM Version 90 to the STABLE tier! This release brings some quality of life improvements, including a number of interface updates. Take a look at highlights for this version on our release site, or check out our full release notes. Then, join us on DiscordReddit, or our Support Forums!

WHM Marketplace Interface Added

We are introducing the WHM Marketplace in cPanel & WHM Version 90. This feature allows the user to install, manage, and purchase additional third-party licenses and products for their account. | Read More

cPanel Application Manager Interface Now Runs on Servers with Nginx

We are adding support for Nginx to cPanel’s Application Manager interface. You can use this interface to manage your applications on servers that run Nginx. Please note that NGINX is experimental. |Read More

Slack® Option Now Available as Communication Type

You can now send system notifications to one or more Slack Webhooks. Specify and test priority of your Webhooks with WHM’s Basic WebHost Manager Setup interface (WHM >> Home >> Server Configuration >> Basic WebHost Manager Setup) and WHM’s Contact Manager interface (WHM >> Home >> Server Contacts >> Contact Manager) | Read More

More Information

Detailed information about all cPanel & WHM versions can be found in the Release Notes. The cPanel Release site provides an overview of the latest features and updates cPanel & WHM has to offer, including highlights of previous versions of cPanel & WHM.

Continue reading
  132 Hits

Copyright

© Cpanel

132 Hits
Advertisement