OCT
07

EasyApache 4 Oct 7 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on Discord or Reddit to talk about this update and much more.

2020-10-7

scl-php72
scl-php72-meta
EA-9338: Update scl-php72 to 7.2.34. drop 7.2.33.
scl-php73
scl-php73-meta
EA-9337: Update scl-php73 to 7.3.23, drop 7.3.22.
ea-php74
ea-php74-meta
EA-9339: Update ea-php74 to 7.4.11, drop 7.4.10.

This release includes a security patch that has been issued a fix for a CVE (Common Vulnerabilities and Exposures), the details of which are included below.

SUMMARY
cPanel, L.L.C. has updated RPMs for EasyApache 4 with PHP versions 7.4.11, 7.3.23, and 7.2.34. This release addresses vulnerabilities related to CVE-2020-7070 and CVE-2020-7069. We strongly encourage all PHP 7.4 users to upgrade to version 7.4.11, all PHP 7.3 users to upgrade to version 7.3.23, and all PHP 7.2 users to upgrade to version 7.2.34.

AFFECTED VERSIONS
All versions of PHP 7.4 through 7.4.10.
All versions of PHP 7.3 through 7.3.22.
All versions of PHP 7.2 through 7.2.33.


SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

Continue reading
  139 Hits

Copyright

© Cpanel

139 Hits
OCT
06

cPanel Unscheduled TSR-2020-0006 Full Disclosure

CPANEL-34212 Summary Live Transfer causes email accounts to not require a password on the source server. Security Rating cPanel has assigned this vulnerability a CVSSv3 score of 5.6 – CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L Description Previously, when Exim asked for authentication data, cpdoveauthd would send Exim the response for proxying without a password.Since Exim …

The post cPanel Unscheduled TSR-2020-0006 Full Disclosure first appeared on cPanel Newsroom.

Original author: Phil Hodges
  119 Hits

Copyright

© Cpanel

119 Hits
OCT
05

cPanel Unscheduled TSR-2020-0006 Announcement

cPanel has an unscheduled release for version 90 of cPanel & WHM. This update provides a targeted change to address a security concern with the cPanel & WHM product. This is currently available to all customers via the standard update system.

cPanel has rated this update as having a CVSSv3 score of 5.6.

Information on cPanel’s security ratings is available at https://go.cpanel.net/securitylevels.

If your deployed cPanel & WHM servers are configured to automatically update when new releases are available, then no action is required. Your systems will update automatically. If you have disabled automatic updates, then we strongly encourage you to update your cPanel & WHM installations at your earliest convenience.

RELEASES

Continue reading
  121 Hits

Copyright

© Cpanel

121 Hits
SEP
30

EasyApache 4 September 30 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on Discord or Reddit to talk about this update and much more. 2020-9-30 scl-ioncube10 EA-9307: Update scl-ioncube10 to 10.4.3, drop 10.4.1. ea-openssl11 EA-9320: Update ea-openssl11 to 1.1.1h, drop 1.1.1g. More Information Information …

The post EasyApache 4 September 30 Release first appeared on cPanel Newsroom.

Original author: Tabby Worthington
  142 Hits

Copyright

© Cpanel

142 Hits
SEP
23

EasyApache 4 September 23 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on Discord or Reddit to talk about this update and much more. 2020-9-23 ea-cpanel-tools ZC-7001: Make PHP 7.3 the default PHP. ZC-7471: Add ea-modsec30-connector-nginx to ea4-metainfo.json’s additional_packages. ZC-7463: Add ea-modsec30-rules-owasp-crs to ea4-metainfo.json’s additional_packages. ea-freetds …

The post EasyApache 4 September 23 Release first appeared on cPanel Newsroom.

Original author: Tabby Worthington
  129 Hits

Copyright

© Cpanel

129 Hits
SEP
22

cPanel TSR-2020-0005 Full Disclosure

SEC-566

Summary

Self-XSS vulnerability in the WHM Edit DNS Zone interface.

Security Rating

cPanel has assigned this vulnerability a CVSSv3 score of 4.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

Description

Continue reading
  137 Hits

Copyright

© Cpanel

137 Hits
SEP
21

cPanel TSR-2020-0005 Announcement

cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.

cPanel has rated these updates as having CVSSv3 scores ranging from 4.7 to 5.5.

Information on cPanel’s security ratings is available at https://go.cpanel.net/securitylevels.

If your deployed cPanel & WHM servers are configured to automatically update when new releases are available, then no action is required. Your systems will update automatically. If you have disabled automatic updates, then we strongly encourage you to update your cPanel & WHM installations at your earliest convenience.

RELEASES

Continue reading
  124 Hits

Copyright

© Cpanel

124 Hits
SEP
09

EasyApache 4 September 9 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on Discord or Reddit to talk about this update and much more. mod_security2 ZC-7376: Add explicit package name conflicts for non-yum resolution. ZC-7376: add Provides for mod_security. scl-php54 EA-9281: Update litespeed from upstream …

The post EasyApache 4 September 9 Release first appeared on cPanel Newsroom.

Original author: Tabby Worthington
  122 Hits

Copyright

© Cpanel

122 Hits
AUG
26

EasyApache 4 August 26 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on Discord or Reddit to talk about this update and much more. 2020-8-26 libcurl EA-9260: Update libcurl to 7.72.0, drop 7.72.0 (with fix for CVE-2020-8231.) This release includes a …

The post EasyApache 4 August 26 Release first appeared on cPanel Newsroom.

Original author: Tabby Worthington
  124 Hits

Copyright

© Cpanel

124 Hits
AUG
20

cPanel & WHM Version 90 to RELEASE!

We are happy to announce that cPanel, L.L.C. has released cPanel & WHM Version 90 to the RELEASE tier! This release brings some quality of life improvements, including a number of interface updates. Take a look at highlights for this version on our release site, or check out our full release notes. Then, join us on DiscordReddit, or our Support Forums!

WHM Marketplace Interface Added

We are introducing the WHM Marketplace in cPanel & WHM Version 90. This feature allows the user to install, manage, and purchase additional third-party licenses and products for their account. | Read More

cPanel Application Manager Interface Now Runs on Servers with Nginx

We are adding support for Nginx to cPanel’s Application Manager interface. You can use this interface to manage your applications on servers that run Nginx. Please note that NGINX is experimental. |Read More

Slack® Option Now Available as Communication Type

You can now send system notifications to one or more Slack Webhooks. Specify and test priority of your Webhooks with WHM’s Basic WebHost Manager Setup interface (WHM >> Home >> Server Configuration >> Basic WebHost Manager Setup) and WHM’s Contact Manager interface (WHM >> Home >> Server Contacts >> Contact Manager) | Read More

More Information

Detailed information about all cPanel & WHM versions can be found in the Release Notes. The cPanel Release site provides an overview of the latest features and updates cPanel & WHM has to offer, including highlights of previous versions of cPanel & WHM.

Continue reading
  129 Hits

Copyright

© Cpanel

129 Hits
AUG
19

EasyApache 4 August 19 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on Discord or Reddit to talk about this update and much more. CentOS 8 preparation EA-9227: Distribute EasyApache 4 RPMs for CentOS 8. This does not effect the functionality of …
Original author: Tabby Worthington
  112 Hits

Copyright

© Cpanel

112 Hits
AUG
12

EasyApache 4 August 12 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on Discord or Reddit to talk about this update and much more.

2020-8-12

ea-apache2
ea-php74
EA-9224: Update ea-php74 to 7.4.9, drop 7.4.8 (with fix for CVE-2020-7068).EA-9224: Update ea-php74 to 7.4.9, drop 7.4.8.
scl-php73
EA-9223: Update scl-php73 to 7.3.21, drop 7.3.20 (with fix for CVE-2020-7068).EA-9223: Update scl-php73 to 7.3.21, drop 7.3.20.
scl-php72
EA-9222: Update scl-php72 to 7.2.33, drop 7.2.32 (with fix for CVE-2020-7068).EA-9222: Update scl-php72 to 7.2.33, drop 7.2.32.
libcurl
EA-9138: Update libcurl to 7.71.1, drop 7.71.0.
scl-ruby24-passenger
EA-9221: Include the cxxbuilder files with the source code installed by mod_passenger.

This release includes a security patch that has been issued a fix for a CVE (Common Vulnerabilities and Exposures), the details of which are included below.

SUMMARY
cPanel, L.L.C. has updated RPMs for EasyApache 4 with Apache version 2.4.46 and PHP versions 7.4.9, 7.3.21, and 7.2.33. This release addresses vulnerabilities related to CVE-2020-7068, CVE-2020-11984, and CVE-2020-11993. We strongly encourage all Apache 2.4 users to upgrade to version 2.4.46, all PHP 7.4 users to upgrade to version 7.4.9, all PHP 7.3 users to upgrade to version 7.3.21, and all PHP 7.2 users to upgrade to version 7.2.33.

AFFECTED VERSIONS
All versions of Apache through 2.4.43. (Apache versions 2.4.44 and 2.4.45 were not released.)
All versions of PHP 7.4 through 7.4.8.
All versions of PHP 7.3 through 7.3.20.
All versions of PHP 7.2 through 7.2.32.


SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

Continue reading
  106 Hits

Copyright

© Cpanel

106 Hits
AUG
05

EasyApache 4 August 5 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on Discord or Reddit to talk about this update and much more. 2020-8-5 scl-ioncube10 EA-9206: Update to 10.4.1, drop 10.4.0. ea-nodejs10 EA-9210: Update ea-nodejs10 to 10.22.0, drop 10.21.0. ea-libzip EA-9209: …
Original author: Tabby Worthington
  109 Hits

Copyright

© Cpanel

109 Hits
JUL
30

cPanel & WHM Version 90 to CURRENT!

We are happy to announce that cPanel, L.L.C. has released cPanel & WHM Version 90 to the CURRENT tier! This release brings some quality of life improvements, including a number of interface updates. Take a look at highlights for this version on our release site, or check out our full release notes. Then, join us on DiscordReddit, or our Support Forums!

WHM Marketplace Interface Added

We are introducing the WHM Marketplace in cPanel & WHM Version 90. This feature allows the user to install, manage, and purchase additional third-party licenses and products for their account. | Read More

cPanel Application Manager Interface Now Runs on Servers with Nginx

We are adding support for Nginx to cPanel’s Application Manager interface. You can use this interface to manage your applications on servers that run Nginx. Please note that NGINX is experimental. |Read More

Slack® Option Now Available as Communication Type

You can now send system notifications to one or more Slack Webhooks. Specify and test priority of your Webhooks with WHM’s Basic WebHost Manager Setup interface (WHM >> Home >> Server Configuration >> Basic WebHost Manager Setup) and WHM’s Contact Manager interface (WHM >> Home >> Server Contacts >> Contact Manager) | Read More

More Information

Detailed information about all cPanel & WHM versions can be found in the Release Notes. The cPanel Release site provides an overview of the latest features and updates cPanel & WHM has to offer, including highlights of previous versions of cPanel & WHM.

Continue reading
  96 Hits

Copyright

© Cpanel

96 Hits
JUL
29

EasyApache 4 July 29 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on Discord or Reddit to talk about this update and much more. 2020-7-29 ea-libzip EA-9181: Patch CMakeLists file so the RPATH does not end with a colon. ea-profiles-cpanel EA-9154: Add iconv and mbstring to the mpm_itk …
Original author: Tabby Worthington
  111 Hits

Copyright

© Cpanel

111 Hits
JUL
21

cPanel & WHM Version 90 Now in EDGE!

We are happy to announce that cPanel, L.L.C. has released cPanel & WHM Version 90 to the EDGE tier! This release brings some quality of life improvements, including a number of interface updates. Take a look at highlights for this version, or check out our full release notes. Then, join us on Discord, Reddit, or our Support Forums!

WHM Marketplace Interface Added

In cPanel & WHM Version 90 we are introducing the WHM Marketplace. This feature allows the user to install, manage, and purchase additional third-party licenses and products for their account. | Read More

cPanel Application Manager Interface Now Runs on Servers with Nginx

With cPanel & WHM Version 90, we are adding support for Nginx to cPanel’s Application Manager interface. You can use this interface to manage your applications on servers that run Nginx and require the ea-ruby24-mod_passenger Apache module. The system will install this module and other related modules when you install Nginx. For more information, read our Nginx documentation. |Read More

Slack® Option Now Available as Communication Type

cPanel & WHM Version 90 introduces the ability to send system notifications through one or more Slack WebHooks. You can specify Slack WebHooks in WHM’s Basic WebHost Manager Setup interface (WHM >> Home >> Server Configuration >> Basic WebHost Manager Setup) and test and set the priority for the Slack WebHooks in WHM’s Contact Manager interface (WHM >> Home >> Server Contacts >> Contact Manager). | Read More

More Information

Detailed information about all cPanel & WHM versions can be found in the Release Notes. The cPanel Release site provides an overview of the latest features and updates cPanel & WHM has to offer, including highlights of previous versions of cPanel & WHM.

Continue reading
  108 Hits

Copyright

© Cpanel

108 Hits
JUL
21

cPanel TSR-2020-0004 Full Disclosure

SEC-488 Summary Code execution due to faulty file extension dispatching. Security Rating cPanel has assigned this vulnerability a CVSSv3 score of 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Description cPanel & WHM’s cpsrvd daemon did not verify that some file extensions matched the actual file that would handle a request before dispatching the request to …
Original author: Phil Hodges
  101 Hits

Copyright

© Cpanel

101 Hits
JUL
20

cPanel TSR-2020-0004 Announcement

cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.

cPanel has rated these updates as having CVSSv3 scores ranging from 4.3 to 8.8.

Information on cPanel’s security ratings is available at https://go.cpanel.net/securitylevels.

If your deployed cPanel & WHM servers are configured to automatically update when new releases are available, then no action is required. Your systems will update automatically. If you have disabled automatic updates, then we strongly encourage you to update your cPanel & WHM installations at your earliest convenience.

RELEASES

Continue reading
  124 Hits

Copyright

© Cpanel

124 Hits
JUL
15

EasyApache 4 July 15 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on Discord or Reddit to talk about this update and much more.

2020-7-15

ea-libicu
EA-9155: Update ea-libicu to 67.1, drop 66.
ea-freetds
EA-9148: Update ea-freetds to 1.2.3, drop 1.1.24.
ea-php74
EA-9150: Update ea-php74 to 7.4.8, drop 7.4.7 (with fix for Windows users in CVE-2020-8169).EA-9150: Update ea-php74 to 7.4.8, drop 7.4.7 (with fix for Windows users in CVE-2020-8169).
scl-php72
EA-9152: Update scl-php72 to 7.2.32, drop 7.2.31 (with fix for Windows users in CVE-2020-8169).EA-9152: Update scl-php72 to 7.2.32, drop 7.2.31 (with fix for Windows users in CVE-2020-8169).
scl-php73
EA-9153: Update scl-php73 to to 7.3.20, drop 7.3.19 (with fix for Windows users in CVE-2020-8169).EA-9153: Update scl-php73 to 7.3.20, drop 7.3.19 (with fix for Windows users in CVE-2020-8169).
ea-tomcat85

This release includes a security patch that has been issued a fix for a CVE (Common Vulnerabilities and Exposures), the details of which are included below.

SUMMARY
cPanel, L.L.C. has updated RPMs for EasyApache 4 with PHP versions 7.4.8, 7.3.20, and 7.2.32 and Tomcat version 8.5.57. This release addresses vulnerabilities related to CVE-2020-8169, CVE-2020-13934 and CVE-2020-13935. We strongly encourage all PHP 7.4 users to upgrade to version 7.4.8, all PHP 7.3 users to upgrade to version 7.3.20, all PHP 7.2 users to upgrade to version 7.2.32, and all Tomcat users to upgrade to version 8.5.57.

AFFECTED VERSIONS
All versions of PHP 7.4 through 7.4.7.
All versions of PHP 7.3 through 7.3.19.
All versions of PHP 7.2 through 7.2.31.
All version of Tomcat 8.5 through 7.5.56.

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

Continue reading
  114 Hits

Copyright

© Cpanel

114 Hits
JUL
09

EasyApache 4 July 8 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on Discord or Reddit to talk about this update and much more. scl-ruby24-passenger ZC-7058: Include passenger source to support ea-nginx. scl-ioncube10 EA-9085: Update to 10.4.0, drop 10.3.9, enable ioncube10 …
Original author: Tabby Worthington
  113 Hits

Copyright

© Cpanel

113 Hits
Advertisement