As of cPanel & WHM Version 70’s release to STABLE on June 6th, cPanel & WHM version 68 has reached End of Life and will no longer be supported by cPanel except when upgrading to a supported version. Additionally, new trial licenses for versions older 70 will no longer be issued.

In accordance with our EOL policy (https://go.cpanel.net/longtermsupport), 68 will continue functioning on servers where it is already installed. The last release of cPanel & WHM version 68, 68.0.39, will remain on our mirrors indefinitely. However, no further updates, such as security fixes and installations, will be provided for 68. Older releases of cPanel & WHM 68 have been removed from our mirrors.

We recommend that all customers migrate any existing installations of cPanel & WHM Version 68 to the most recent version of cPanel & WHM 72, which you can read about on https://releases.cpanel.net.

If your server setup complicates the process of migrating to a newer version of cPanel & WHM (an upgrade blocker list is available at https://go.cpanel.net/blockers), then cPanel is here to help. Simply open a support ticket at https://tickets.cpanel.net/submit so that our knowledgeable support team can provide recommendations, migration assistance, and more.

For the PGP-Signed version of this announcement please see: 201806.68EOLnow-signed.

We are happy to announce that cPanel, Inc. has released cPanel & WHM Version 72 to the CURRENT tier! The second 2018 release of cPanel & WHM, Version 72 includes a focus on improving backups, security, and application development. Take a look at the full release notes, then join us on Slack, Discord, or Reddit to discuss more! :wave:

Git Version Control

If you have been following along on our feature request site, you already know about our new feature, Git™ Version Control. We’re designing it to make hosting repositories as easy for developers as a “Hello World!” script. See the full depth of features and a feature introduction on our blog.

Improved Automation around Apache and PHP-FPM

With version 72 we adjusted PHP-FPM to use a graceful restart, preventing service interruptions. In Version 70 we added two options in Tweak Settings that help reduce the number of Apache restarts. Delayed Graceful Restarts and Deferred Reload Time will help keep high-capacity servers online.

More Information

Check out the cPanel Release site to see an overview of the latest features and updates cPanel & WHM has to offer! All of the details about all cPanel & WHM Version 72 features can be found in the Release Notes.

We are happy to announce that cPanel, Inc. has released cPanel & WHM Version 70 to the STABLE tier! As the first 2018 release of cPanel & WHM, Version 70 is the only version that will enter the LTS tier this year. Support for Version 62 remains until the end of June, allowing users of the LTS tier time to upgrade to Version 70. Below are just a few of the updates included in this version.

Geofilter User Logins

Server Administrators can now drastically increase security with cPHulk’s new “Country Management” interface. By blocking or white-listing logins in the new “Country Management” interface, you can define who is allowed to log in to your cPanel accounts, WHM accounts, and much more.

More details are provided in the Version 70 cPHulk documentation.

Suspend Mail per Email Account

You can now suspend or queue the outgoing mail from a single email account on your server. This feature expands on the options we added in version 54 allowing you to suspend individual email accounts. Read more in the Version 70 Release Notes.

Join the Discussion!

Starting today we have added two more ways for you to interact with us! In addition to IRC, for the next 24 hours you can join us in our Slack and Discord channels.

The 2018 cPanel Conference, in Houston on October 2 & 3, is excited to announce its top-level sponsor!

HOUSTON, June 5, 2018 (Newswire.com) – cPanel is excited to announce that WHMCS, has returned to claim the New Horizons sponsorship of the 2018 cPanel Conference! This year represents the 7th time that WHMCS has sponsored the Annual cPanel Conference. This year the conference will be returning to our home, Houston, Texas.

“The annual cPanel Conference is a great opportunity for us to meet and connect with customers of the most widely used web hosting automation software in the world.” Said Matt Pugh, CEO of WHMCS. “This year we’re excited to be part of the conference again and will be giving some incredible talks, as well as providing customers and partners the chance to meet and talk face to face with members of our team. We look forward to seeing you there.”

It has been six years since cPanel partnered with WHMCS! In that time, the two companies have worked closely to deliver a more seamless user experience for web hosting customers who can now benefit from single sign-on, deep linking, automated cloud service provisioning and more.

The current LTS (Long Term Support) Version, cPanel & WHM version 62, will reach End of Life at the end of June, 2018. At that time, version 62 will no longer be supported by cPanel except when upgrading to a supported version.

In accordance with our EOL policy (https://go.cpanel.net/longtermsupport), 62 will continue functioning on servers where it is already installed. However, no further updates, including security fixes and installations, will be provided for 62 once it reaches End of Life.

We recommend that all customers migrate any existing installations of cPanel & WHM Version 62 to the most recent version of cPanel & WHM, Version 70, which you can read about on https://releases.cpanel.net. Version 70 will be the only version to enter the LTS tier this year.

If your server setup complicates the process of migrating to a newer version of cPanel & WHM (an upgrade blocker list is available at https://go.cpanel.net/blockers), then the cPanel support team is here to help! Simply open a support ticket at https://tickets.cpanel.net/submit so that our knowledgeable support team can provide recommendations, migration assistance, and more.

For the PGP-signed message, see 62EOL1Month-signed.

SUMMARY

cPanel, Inc. has updated RPMs for EasyApache 4 with cURL version 7.60.0 and released EasyApache 3.36.5 with cURL 7.60.0 on May 22, 2018. This release addresses vulnerabilities related to CVE-2018-1000300 and CVE-2018-1000301. We strongly encourage all cURL users to update to version 7.60.0.

AFFECTED VERSIONS
All versions of cURL through cURL 7.59.0

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

CVE-2018-1000300 – MEDIUM
cURL 7.60.0
Fixed bug related to CVE-2018-1000300

cPanel TSR-2018-0003 Full Disclosure

SEC-393

Summary

API tokens retain ACLs that are removed from accounts.

Security Rating

cPanel TSR-2018-0003 Announcement

cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.

cPanel has rated these updates as having CVSSv3 scores ranging from 2.2 to 6.5.

Information on cPanel’s security ratings is available at https://go.cpanel.net/securitylevels.

If your deployed cPanel & WHM servers are configured to automatically update when new releases are available, then no action is required. Your systems will update automatically. If you have disabled automatic updates, then we strongly encourage you to update your cPanel & WHM installations at your earliest convenience.

We are happy to announce that cPanel, Inc. has released cPanel & WHM Version 70 to the RELEASE tier! Below are just a few of the updates included in this version.

Geofilter User Logins

Server Administrators can now drastically increase security with cPHulk’s new “Country Management” interface. By blocking or white-listing logins in the new “Country Management” interface, you can define who is allowed to log in to your cPanel accounts, WHM accounts, and much more.

More details are provided in the Version 70 cPHulk documentation.

Suspend Mail per Email Account

You can now suspend or queue the outgoing mail from a single email account on your server. This feature expands on the options we added in version 54 allowing you to suspend individual email accounts. Read more in the Version 70 Release Notes.

Join the Discussion!

Starting today we have added two more ways for you to interact with us! In addition to IRC, for the next 24 hours you can join us in our Slack and Discord channels.

SUMMARY
cPanel, Inc. has updated RPMs for EasyApache 4 with PHP versions 5.6.36, 7.0.30, 7.1.17, and 7.2.5 and released EasyApache 3.36.4 with PHP 5.6.36 on May 1, 2018. This release addresses vulnerabilities related to CVE-2018-10549, CVE-2018-10548, CVE-2018-10547, and CVE-2018-10546. We strongly encourage all PHP 5.6 users to update to version 5.6.36, PHP 7.0 users to update to version 7.0.30, PHP 7.1 users to update to version 7.1.17, and PHP 7.2 users to update to version 7.2.5.

AFFECTED VERSIONS
All versions of PHP 5.6 through 5.6.35
All versions of PHP 7.0 through 7.0.29
All versions of PHP 7.1 through 7.1.16
All versions of PHP 7.2 through 7.2.4

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

CVE-2018-10549 – MEDIUM
PHP 5.6.36
Fixed bug in EXIF extensions related to CVE-2018-10549

PHP 7.0.30
Fixed bug in EXIF extensions related to CVE-2018-10549

cPanel & WHM version 62 will reach End of Life at the end of June, 2018, and will no longer be supported by cPanel except when upgrading to a supported version.

In accordance with our EOL policy (https://go.cpanel.net/longtermsupport), 62 will continue functioning on servers where it is already installed. However, no further updates, such as security fixes and installations, will be provided for 62 once it reaches End of Life.

We recommend that all customers migrate any existing installations of cPanel & WHM version 62 to the most recent version of cPanel & WHM 70, which you can read about on https://releases.cpanel.com.

If your server setup complicates the process of migrating to a newer version of cPanel & WHM (an upgrade blocker list is available at https://go.cpanel.net/blockers), then cPanel is here to help. Simply open a support ticket at https://tickets.cpanel.net/submit so that our knowledgeable support team can provide recommendations, migration assistance, and more.

For the PGP-signed message, see 62EOL2Months-signed.

cPanel, Inc. has updated RPMs for EasyApache 4 with Apache version 2.4.33 and PHP versions 5.6.35, 7.0.29, 7.1.16, and 7.2.4 and released EasyApache 3.36.3 with Apache version 2.4.33 and PHP 5.6.35 on April 3, 2018. This release addresses vulnerabilities related to CVE-2017-15710, CVE-2018-1283, CVE-2018-1303, CVE-2018-1301, CVE-2017-15715, CVE-2018-1312, and CVE-2018-1302. We strongly encourage all Apache 2.4 users to upgrade to version 2.4.33 and all PHP 5.6 users to update to version 5.6.35, PHP 7.0 users to update to version 7.0.29, PHP 7.1 users to update to version 7.1.16, and PHP 7.2 users to update to version 7.2.4.

AFFECTED VERSIONS
All versions of Apache 2.4 through 2.4.29
All versions of PHP 5.6 through 5.6.34
All versions of PHP 7.0 through 7.0.28
All versions of PHP 7.1 through 7.1.15
All versions of PHP 7.2 through 7.2.3

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

CVE-2018-1301 – MEDIUM
Apache 2.4.33
Fixed bug in core related to CVE-2018-1301

CVE-2018-1302 – MEDIUM
Apache 2.4.33
Fixed bug in mod_http2 related to CVE-2018-1302

cPanel TSR-2018-0002 Full Disclosure

SEC-338

Summary

Arbitrary file chmod during legacy incremental backups.

Security Rating

cPanel TSR-2018-0002 Announcement

cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.

cPanel has rated these updates as having CVSSv3 scores ranging from 3.8 to 8.2.

Information on cPanel’s security ratings is available at https://go.cpanel.net/securitylevels.

If your deployed cPanel & WHM servers are configured to automatically update when new releases are available, then no action is required. Your systems will update automatically. If you have disabled automatic updates, then we strongly encourage you to update your cPanel & WHM installations at your earliest convenience.

SUMMARY
cPanel, Inc. has released updated RPMs for EasyApache 4 on Mar 06, 2018, with PHP versions 5.6.34, 7.0.28, 7.1.15, and 7.2.3. This release addresses vulnerabilities related to CVE-2018-7584. We strongly encourage all PHP 5.6 users to upgrade to version 5.6.34, all PHP 7.0 users to upgrade to 7.0.28, PHP 7.1 users to upgrade to version 7.1.15, and all PHP 7.2 users to upgrade to version 7.2.3.

AFFECTED VERSIONS
All versions of PHP 5.6 through version 5.6.33
All versions of PHP 7.0 through version 7.0.27
All versions of PHP 7.1 through version 7.1.14
All versions of PHP 7.2 through version 7.2.2

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

CVE-2018-7584 – MEDIUM
PHP 5.6.34
Fixed bug in http_fopen_wrapper.c related to CVE-2018-7584
PHP 7.0.28
Fixed bug in http_fopen_wrapper.c related to CVE-2018-7584
PHP 7.1.15
Fixed bug in http_fopen_wrapper.c related to CVE-2018-7584
PHP 7.2.3
Fixed bug in http_fopen_wrapper.c related to CVE-2018-7584

SOLUTION
cPanel, Inc. has released updated RPMs for EasyApache 4 on Mar 06, 2018, with updated versions of PHP 5.6.34, 7.0.28, 7.1.15, and 7.2.3. Unless you have enabled automatic RPM updates in your cron, update your system with either yum update or WHM’s Run System Update interface.

Version 70’s promotion to the RELEASE tier has been delayed and is now tentatively planned for mid-April, 2018. This delay gives us time to address some performance concerns we have uncovered in our testing that may cause problems on high-capacity systems.

Version 72 will be promoted to the EDGE tier after version 70 is promoted to the RELEASE tier. We aren’t currently anticipating a delay in releasing version 72.

More Information

Check out the cPanel Release site to see an overview of the latest features and updates cPanel & WHM has to offer! All of the details about all cPanel & WHM Version 70 features can be found in the Release Notes http://go.cpanel.net/releasenotes.

Support for the current LTS (Long Term Support) version, cPanel & WHM Version 62, has been extended to June 30th, 2018. This extension is a one-time extension and has been granted to help ease the scheduling pressure caused by security flaws in the kernel of many servers that use cPanel & WHM.

Support is not extended for any other Version, and Version 70 will still be the only new cPanel & WHM version to enter the LTS tier in 2018.

As of June 30th, 2018 Version 62 will no longer be supported by cPanel except when upgrading to a supported version.

In accordance with our EOL policy (https://go.cpanel.com/longtermsupport), 62 will continue functioning on servers where it is already installed. However, no further updates, including security fixes and installations, will be provided for 62 once it reaches End of Life.

The next LTS version of cPanel & WHM, version 70, is the CURRENT tier. We anticipate version 70 entering the STABLE tier in early- to mid-March.

SUMMARY
cPanel, Inc. has updated RPMs for EasyApache 4 with cURL version 7.58.0 on January 25, 2018. This release addresses vulnerabilities related to CVE-2018-1000007. We strongly encourage cURL users to upgrade to version 7.58.0.

AFFECTED VERSIONS
All versions of cURL through 7.57.0

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

CVE-2018-1000007 – MEDIUM
cURL 7.58.0
Fixed bug in authorization: headers related to CVE-2018-1000007

SOLUTION
cPanel, Inc. has released updated RPMs for EasyApache 4 on January 25, 2018, with a updated versions of cURL 7.58.0. Unless you have enabled automatic RPM updates in your cron, update your system with either yum update or WHM’s Run System Update interface.

cPanel TSR-2018-0001 Full Disclosure

SEC-308

Summary

SRS secret revealed in exim.conf.

Security Rating

cPanel TSR-2018-0001 Announcement

cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.

cPanel has rated these updates as having CVSSv3 scores ranging from 2.2 to 6.5.

Information on cPanel’s security ratings is available at https://go.cpanel.net/securitylevels.

If your deployed cPanel & WHM servers are configured to automatically update when new releases are available, then no action is required. Your systems will update automatically. If you have disabled automatic updates, then we strongly encourage you to update your cPanel & WHM installations at your earliest convenience.