JUL
28

EasyApache 4 July 28 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on the cPanel Community Forums, Discord, or Reddit to talk about this update and much more. If you have additional questions, feel free to reach out on one of our social channels.

2021-7-28

ea-apache2-config
ZC-7402: Set SecRuleEngine under mod sec 3.x the same as we do for 2.x.
libcurl

This release includes a security patch that has been issued a fix for a CVE (Common Vulnerabilities and Exposures), the details of which are included below.

SUMMARY
cPanel, L.L.C. has updated RPMs for EasyApache 4 with libcurl 7.78.0. This release addresses vulnerabilities related to CVE-2021-22922, CVE-2021-22923, CVE-2021-22924, CVE-2021-22925, and CVE-2021-22926. We strongly encourage all libcurl users to upgrade to version 7.78.0.

AFFECTED VERSIONS
All versions of libcurl through 7.77.0.

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

Continue reading
  322 Hits

Copyright

© Cpanel

322 Hits
JUL
21

EasyApache 4 July 21 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on the cPanel Community Forums, Discord, or Reddit to talk about this update and much more. If you have additional questions, feel free to reach out on …

The post EasyApache 4 July 21 Release first appeared on cPanel Newsroom.
Original author: Tabby Worthington
  314 Hits

Copyright

© Cpanel

314 Hits
JUL
20

cPanel TSR-2021-0004 Full Disclosure

cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.

cPanel TSR-2021-0004 Full Disclosure

SEC-585

Summary

WHM Locale Upload allows vulnerable to XXE and unserialization attacks.

Security Rating

cPanel has assigned this vulnerability a CVSSv3.1 score of 2.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:N/I:L/A:N

Description

The WHM Local Upload functionality allows for arbitrary XML documents to be uploaded. These documents may be serialized Perl object data. These documents may include references to external entities and/or be recorded as blessed Perl objects. This may lead to arbitrary file read/writes and/or code execution.

Credits

This issue was discovered by Adrian Tiron, Fortbridge (Cyber Security Services – London – Your application security mavens ).

Continue reading
  234 Hits

Copyright

© Cpanel

234 Hits
JUL
19

cPanel TSR-2021-0004 Announcement

cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.

cPanel TSR-2021-0004 Announcement

cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.

cPanel has rated this update as having a CVSSv2.3 score of 3.1.

Information on cPanel’s security ratings is available at https://go.cpanel.net/securitylevels.

If your deployed cPanel & WHM servers are configured to automatically update when new releases are available, then no action is required. Your systems will update automatically. If you have disabled automatic updates, then we strongly encourage you to update your cPanel & WHM installations at your earliest convenience.

Continue reading
  249 Hits

Copyright

© Cpanel

249 Hits
JUL
15

cPanel & WHM® Version 98 is now in CURRENT!

We are happy to announce that cPanel, L.L.C. has released cPanel & WHM Version 98 to the CURRENT tier! What’s new in Version 98? To see what’s changing in this new version, check out the release notes, as well as the brief highlights below If you have other questions or comments, join …

The post cPanel & WHM® Version 98 is now in CURRENT! first appeared on cPanel Newsroom.
Original author: Tabby Worthington
  225 Hits

Copyright

© Cpanel

225 Hits
JUL
14

EasyApache4 July 14 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on the cPanel Community Forums, Discord, or Reddit to talk about this update and much more. If you have additional questions, feel free to reach out on …

The post EasyApache4 July 14 Release first appeared on cPanel Newsroom.
Original author: Tabby Worthington
  254 Hits

Copyright

© Cpanel

254 Hits
JUL
07

EasyApache 4 July 7 Release

EasyApache 4 July 7 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on the cPanel Community Forums, Discord, or Reddit to talk about this update and much more. If you have additional questions, feel free to reach out on one of our social channels.

2021-7-7

ea-nginx
EA-9909: Add hard coded fallback values for keys in settings.json.ZC-9005: Do not hide Upgrade header when proxying websockets under main service subdomains.ZC-9018: Rebuild all users, reporting any issues at the end.ZC-9020: Add cache-related methods to adminbin.EA-9874: Cache 301 redirects.EA-9814: Set client_max_body_size to 128m.ZC-9009: Do not die when a domain’s PHP config is missing.ZC-8589: Improve proxy/SSL configuration.
ea-apache2-config
ZC-8936: Address C8 issue with 001-ensure-nobody hook.
ea-modsec2-rules-owasp-crs
EA-9921: Update ea-modsec2-rules-owasp-crs to 3.3.2, drop 3.3.0. Version update includes CVE-2021-35368 (previously patched).
ea-php74
ea-php74-meta
ea-php80
ea-php80-meta
ea-ruby27
EA-9864: Update ea-ruby27 to 2.7.3, drop 2.7.2.ZC-8967: Update ea-ruby27 to 2.7.3, drop 2.7.2.ZC-8891: Update ea-ruby27 to 2.7.3, drop 2.7.2.
ea-ruby27-meta
EA-9864: Update ea-ruby27 to 2.7.3, drop 2.7.2.ZC-8967: Update ea-ruby27 to 2.7.3, drop 2.7.2.ZC-8891: Update ea-ruby27 to 2.7.3, drop 2.7.2.
ea-ruby27-rubygem-nokogiri
EA-9904: Update ea-ruby27-rubygem-nokogiri to 1.11.7, drop 1.11.6.
ea-ruby27-passenger
EA-9860: Update ea-ruby27-passenger from v6.0.9, drop 6.0.8.
mod_bw
ZC-8700: Rename the tarball, Fix for C8.
scl-php73
scl-php73-meta

This release includes a security patch that has been issued a fix for a CVE (Common Vulnerabilities and Exposures), the details of which are included below.

SUMMARY
cPanel, L.L.C. has updated RPMs for EasyApache 4 with PHP versions 7.3.29, 7.4.21, and 8.0.8. This release addresses vulnerabilities related to CVE-2021-21704 and CVE-2021-21705. We strongly encourage all PHP 7.3 users to upgrade to version 7.3.29, all PHP 7.4 users to upgrade to version 7.4.21, and all PHP 8.0 users to upgrade to version 8.0.8.

AFFECTED VERSIONS
All versions of PHP 7.3 through 7.3.28.
All versions of PHP 7.4 through 7.4.20.
All versions of PHP 8.0 through 8.0.8.

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

Continue reading
  249 Hits

Copyright

© Cpanel

249 Hits
JUN
30

EasyApache 4 June 30 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on the cPanel Community Forums, Discord, or Reddit to talk about this update and much more. If you have additional questions, feel free to reach out on one of our social channels.

2021-6-30

ea-modsec2-rules-owasp-crs
ea-apache2
EA-9895: Ensure httpd is configured to start after reboot on chkconfig systems

This release includes a security patch that has been issued a fix for a CVE (Common Vulnerabilities and Exposures), the details of which are included below.

SUMMARY
cPanel, L.L.C. has updated RPMs for EasyApache 4 a new version of the Drupal ModSecurity OWASP rules. This release addresses vulnerabilities related to CVE-2021-35368. We strongly encourage all Drupal ModSecurity OWASP rules users to update their rules.

AFFECTED VERSIONS
All versions of the Drupal ModSecurity OWASP rules prior to June 30, 2021.

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

Continue reading
  449 Hits

Copyright

© Cpanel

449 Hits
JUN
23

EasyApache June 23 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on the cPanel Community Forums, Discord, or Reddit to talk about this update and much more. If you have additional questions, feel free to reach out on one of our social channels. …

The post EasyApache June 23 Release first appeared on cPanel Newsroom.
Original author: Daniela Cardona
  263 Hits

Copyright

© Cpanel

263 Hits
JUN
22

cPanel & WHM® Version 98 now in EDGE!

We are happy to announce that cPanel, L.L.C. has released cPanel & WHM Version 98 to the EDGE tier!  Warning: Due to the dynamic nature of EDGE builds, only use EDGE for testing in a controlled environment. We do not recommend this tier for production servers. This version has only received rudimentary testing. We publish this tier most …

The post cPanel & WHM® Version 98 now in EDGE! first appeared on cPanel Newsroom.
Original author: Tabby Worthington
  227 Hits

Copyright

© Cpanel

227 Hits
JUN
21

cPanel & WHM® Version 96 now in STABLE!

We are happy to announce that cPanel, L.L.C. has released cPanel & WHM Version 96 to the STABLE tier!  To see what’s changing in this new version, check out our full release notes.  If you have other questions or comments, join us on Discord, Reddit, or our Support Forums! Highlights of what’s new: New UAPI functions …

The post cPanel & WHM® Version 96 now in STABLE! first appeared on cPanel Newsroom.
Original author: Tabby Worthington
  251 Hits

Copyright

© Cpanel

251 Hits
JUN
16

EasyApache 4 June 16 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on Discord or Reddit to talk about this update and much more. 2021-6-16 ea-ruby27 EA-9801: Reduce time needed to install this package. ea-ruby27-meta EA-9801: Reduce time needed to …

The post EasyApache 4 June 16 Release first appeared on cPanel Newsroom.
Original author: Tabby Worthington
  296 Hits

Copyright

© Cpanel

296 Hits
JUN
09

EasyApache 4 June 9 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on Discord or Reddit to talk about this update and much more. 2021-6-9 ea-nginx EA-9789: Silence logrotate script. EA-9812: NGINX fails to start when a folder contains a …

The post EasyApache 4 June 9 Release first appeared on cPanel Newsroom.
Original author: Tabby Worthington
  319 Hits

Copyright

© Cpanel

319 Hits
JUN
02

EasyApache 4 June 2 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on Discord or Reddit to talk about this update and much more. 2021-6-2 ea-nginx EA-9791: Add alarm to request to determine if a domain is using CloudFlare. EA-9798: …

The post EasyApache 4 June 2 Release first appeared on cPanel Newsroom.
Original author: Tabby Worthington
  281 Hits

Copyright

© Cpanel

281 Hits
MAY
19

EasyApache 4 May 19 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on Discord or Reddit to talk about this update and much more. 2021-5-19 ea-nginx EA-9774: Ensure logs are rotated daily. ZC-8830: Fix cache clearing bug w/ cache. ZC-8817: clear …

The post EasyApache 4 May 19 Release first appeared on cPanel Newsroom.
Original author: Tabby Worthington
  334 Hits

Copyright

© Cpanel

334 Hits
MAY
18

cPanel TSR 2021-0003 Full Disclosure

SEC-584 Summary Information disclosure via weak web stats permissions. Security Rating cPanel has assigned this vulnerability a CVSSv3.1 score of 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Description The processing of web log reports for cPanel accounts used insecure storage locations for the generated files. This allowed other local users to read the log reports. …

The post cPanel TSR 2021-0003 Full Disclosure first appeared on cPanel Newsroom.
Original author: Tabby Worthington
  321 Hits

Copyright

© Cpanel

321 Hits
MAY
17

cPanel TSR-2021-0003 Announcement

cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.

cPanel has rated this update as having a CVSSv3.1 score of 3.3.

Information on cPanel’s security ratings is available at https://go.cpanel.net/securitylevels.

If your deployed cPanel & WHM servers are configured to automatically update when new releases are available, then no action is required. Your systems will update automatically. If you have disabled automatic updates, then we strongly encourage you to update your cPanel & WHM installations at your earliest convenience.

The following cPanel & WHM versions address all known vulnerabilities:

Continue reading
  383 Hits

Copyright

© Cpanel

383 Hits
MAY
12

EasyApache 4 May 12 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on Discord or Reddit to talk about this update and much more. 2021-5-12 ea-nginx EA-9757: Remove unnecessary proxy config setting for wordpress sites. ea-php74 EA-9752: Update ea-php74 to 7.4.19, drop …

The post EasyApache 4 May 12 Release first appeared on cPanel Newsroom.
Original author: Tabby Worthington
  350 Hits

Copyright

© Cpanel

350 Hits
MAY
05

EasyApache 4 May 5 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on Discord or Reddit to talk about this update and much more.

2021-5-5

scl-php73

EA-9730: Update scl-php73 to 7.3.28, drop 7.3.27.

scl-php73-meta

EA-9730: Update scl-php73 to 7.3.28, drop 7.3.27.

ea-php74

Continue reading
  341 Hits

Copyright

© Cpanel

341 Hits
APR
28

EasyApache 4 April 28 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on Discord or Reddit to talk about this update and much more. 2021-4-28 ea-libicu EA-9714: Update ea-libicu to 69.1, drop 68.2. ea-nginx EA-9706: Update ea-nginx to 1.20.0, drop 1.19.10. ea-nodejs10 EA-9707: Update ea-nodejs10 to …

The post EasyApache 4 April 28 Release first appeared on cPanel Newsroom.
Original author: Tabby Worthington
  328 Hits

Copyright

© Cpanel

328 Hits
Advertisement