DEC
01

EasyApache 4 December 1 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on the cPanel Community Forums, Discord, or Reddit to talk about this update and much more. If you have additional questions, feel free to reach out on …

The post EasyApache 4 December 1 Release first appeared on cPanel Newsroom.
Original author: Tabby Worthington
  5 Hits

Copyright

© Cpanel

5 Hits
NOV
23

EasyApache 4 November 23 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on the cPanel Community Forums, Discord, or Reddit to talk about this update and much more. If you have additional questions, feel free to reach out on one of our social channels.

2021-11-23

ea-nginx
EA-10221: Always configure domains to use CloudFlare.
scl-php73
EA-10281: Update scl-php73 to 7.3.33, drop 7.3.32 (with fix for CVE-2021-21707).
scl-php73-meta
EA-10281: Update scl-php73 to 7.3.33, drop 7.3.32 (with fix for CVE-2021-21707).
ea-php74
EA-10279: Update ea-php74 to 7.4.26, drop 7.4.25 (with fix for CVE-2021-21707).
ea-php74-meta
EA-10279: Update ea-php74 to 7.4.26, drop 7.4.25 (with fix for CVE-2021-21707).
ea-php80
EA-10284: Update ea-php80 to 8.0.13, drop 8.0.12 (with fix for CVE-2021-21707).
ea-php80-meta
EA-10284: Update ea-php80 to 8.0.13, drop 8.0.12 (with fix for CVE-2021-21707).
mod_security2
EA-10229: Add patch to allow run-regression-tests.pl to function with EA4.
ea-tomcat85
EA-10280: Update ea-tomcat85 to 8.5.73, drop 8.5.72.

This release includes a security patch that has been issued a fix for a CVE (Common Vulnerabilities and Exposures), the details of which are included below.

SUMMARY
cPanel, L.L.C. has updated packages for EasyApache 4 with PHP versions 8.0.13, 7.4.26, and 7.3.33. This release addresses vulnerabilities related to CVE-2021-21707. We strongly encourage all PHP 8.0 users to upgrade to version 8.0.13, all PHP 7.4 users to upgrade to version 7.4.26, and all PHP 7.3 users to upgrade to version 7.3.33.

AFFECTED VERSIONS
All versions of PHP 8.0 through 8.0.12.
All versions of PHP 7.4 through 7.4.25.
All versions of PHP 7.3 through 7.3.32.

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

Continue reading
  19 Hits

Copyright

© Cpanel

19 Hits
NOV
16

cPanel TSR 2021-0006 Full Disclosure

cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.

SEC-592

Summary

Arbitrary code execution via install_locallib_loginprofile script.

Security Rating

Continue reading
  21 Hits

Copyright

© Cpanel

21 Hits
NOV
15

cPanel TSR-2021-0006 Announcement

cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.

cPanel has rated this update as having a CVSSv3.1 score of 1.8 to 5.3.

Information on cPanel’s security ratings is available at https://go.cpanel.net/securitylevels.

If your deployed cPanel & WHM servers are configured to automatically update when new releases are available, then no action is required. Your systems will update automatically. If you have disabled automatic updates, then we strongly encourage you to update your cPanel & WHM installations at your earliest convenience.

RELEASES

Continue reading
  17 Hits

Copyright

© Cpanel

17 Hits
NOV
10

EasyApache 4 November 10 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on the cPanel Community Forums, Discord, or Reddit to talk about this update and much more. If you have additional questions, feel free to reach out on …

The post EasyApache 4 November 10 Release first appeared on cPanel Newsroom.
Original author: Tabby Worthington
  30 Hits

Copyright

© Cpanel

30 Hits
NOV
03

EasyApache 4 November 3 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on the cPanel Community Forums, Discord, or Reddit to talk about this update and much more. If you have additional questions, feel free to reach out on …

The post EasyApache 4 November 3 Release first appeared on cPanel Newsroom.
Original author: Tabby Worthington
  35 Hits

Copyright

© Cpanel

35 Hits
OCT
29

cPanel® Version 100 is now in RELEASE!

We are happy to announce that cPanel Version 100 has now been released to the RELEASE tier!  What’s new in Version 100? So much! Some of the features we’re most excited about include: Jupiter – A Modern Theme for cPanel WordPress Toolkit Deluxe is now included within your cPanel license! Support …

The post cPanel® Version 100 is now in RELEASE! first appeared on cPanel Newsroom.
Original author: Tabby Worthington
  43 Hits

Copyright

© Cpanel

43 Hits
OCT
27

EasyApache 4 October 27 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on the cPanel Community Forums, Discord, or Reddit to talk about this update and much more. If you have additional questions, feel free to reach out on one of our social channels.

2021-10-27

ea-php80
EA-10044: Patch PHP-FPM/OpCache for kill_all_lockers bug (74709)EA-10225: Update ea-php80 to 8.0.12, drop 8.0.11 (with fix for CVE-2021-21703).
ea-php80-meta
EA-10044: Patch PHP-FPM/OpCache for kill_all_lockers bug (74709)EA-10225: Update ea-php80 to 8.0.12, drop 8.0.11 (with fix for CVE-2021-21703).
ea-php74
EA-10228: Update ea-php74 to 7.4.25, drop 7.4.24 (with fix for CVE-2021-21703).
ea-php74-meta
EA-10228: Update ea-php74 to 7.4.25, drop 7.4.24 (with fix for CVE-2021-21703).
scl-php73
EA-10237: Update scl-php73 to 7.3.32, drop 7.3.31 (with fix for CVE-2021-21703).
scl-php73-meta
EA-10237: Update scl-php73 to 7.3.32, drop 7.3.31 (with fix for CVE-2021-21703).
ea-nghttp2
EA-10224: Update ea-nghttp2 to 1.46.0, drop 1.45.1.
ea-modsec2-rules-owasp-crs
ZC-9412: Add is_pkg for 102 and beyond.

This release includes a security patch that has been issued a fix for a CVE (Common Vulnerabilities and Exposures), the details of which are included below.

SUMMARY
cPanel, L.L.C. has updated packages for EasyApache 4 with PHP versions 8.0.12, 7.4.25, and 7.3.32. This release addresses vulnerabilities related to CVE-2021-21703. We strongly encourage all PHP 8.0 users to upgrade to version 8.0.12, all PHP 7.4 users to upgrade to version 7.4.25, and all PHP 7.3 users to upgrade to version 7.3.32.

AFFECTED VERSIONS
All versions of PHP 8.0 through 8.0.11.
All versions of PHP 7.4 through 7.4.24.
All versions of PHP 7.3 through 7.3.31.

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

Continue reading
  34 Hits

Copyright

© Cpanel

34 Hits
OCT
13

EasyApache 4 October 13 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on the cPanel Community Forums, Discord, or Reddit to talk about this update and much more. If you have additional questions, feel free to reach out on …

The post EasyApache 4 October 13 Release first appeared on cPanel Newsroom.
Original author: Tabby Worthington
  52 Hits

Copyright

© Cpanel

52 Hits
OCT
07

EasyApache 4 October 7 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on the cPanel Community Forums, Discord, or Reddit to talk about this update and much more. If you have additional questions, feel free to reach out on one of our social channels.

2021-10-7

ea-apache2
EA-10179: Update ea-apache2 to 2.4.51, drop 2.4.50 (with fix for CVE-2021-42013).

This release includes a security patch that has been issued a fix for a CVE (Common Vulnerabilities and Exposures), the details of which are included below.

SUMMARY
cPanel, L.L.C. has updated packages for EasyApache 4 with Apache 2.4.51. This release addresses vulnerabilities related to CVE-2021-42013. We strongly encourage all Apache users to upgrade to version 2.4.51.

AFFECTED VERSIONS
All versions of Apache through 2.4.50

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

Continue reading
  70 Hits

Copyright

© Cpanel

70 Hits
OCT
06

EasyApache 4 October 6 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on the cPanel Community Forums, Discord, or Reddit to talk about this update and much more. If you have additional questions, feel free to reach out on one of our social channels.

2021-10-6

scl-sourceguardian
EA-10163: Update scl-sourceguardian to 12.1.2, drop 12.1.
ea-ruby27-passenger
EA-10161: Update ea-ruby27-passenger to 6.0.11, drop 6.0.10.
ea-nghttp2
EA-10159: Update ea-nghttp2 to 1.45.1, drop 1.44.0.
ea-apache2
EA-10157: Update ea-apache2 to 2.4.50, drop 2.4.49 (with fixes for CVE-2021-41773 and CVE-2021-41524).ZC-9300: Ensure only one package owns http2.conf.

This release includes a security patch that has been issued a fix for a CVE (Common Vulnerabilities and Exposures), the details of which are included below.

SUMMARY
cPanel, L.L.C. has updated packages for EasyApache 4 with Apache 2.4.50. This release addresses vulnerabilities related to CVE-2021-41773 and CVE-2021-41524. We strongly encourage all Apache users to upgrade to version 2.4.50.

AFFECTED VERSIONS
All versions of Apache through 2.4.49

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

Continue reading
  49 Hits

Copyright

© Cpanel

49 Hits
SEP
29

EasyApache 4 September 29 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on the cPanel Community Forums, Discord, or Reddit to talk about this update and much more. If you have additional questions, feel free to reach out on one of our social channels.

2021-9-29

ea-php74
EA-10136: Update ea-php74 to 7.4.24, drop 7.4.23 (with fix for CVE-2021-21706).
ea-php74-meta
EA-10136: Update ea-php74 to 7.4.24, drop 7.4.23 (with fix for CVE-2021-21706).
ea-php80
EA-10130: Update ea-php80 to 8.0.11, drop 8.0.10 (with fix for CVE-2021-21706).
ea-php80-meta
EA-10130: Update ea-php80 to 8.0.11, drop 8.0.10 (with fix for CVE-2021-21706).
scl-php73
EA-10132: Update scl-php73 to 7.3.31, drop 7.3.30 (with fix for CVE-2021-21706).
scl-php73-meta
EA-10132: Update scl-php73 to 7.3.31, drop 7.3.30 (with fix for CVE-2021-21706).
ea-nginx
ZC-9317: Stop using deprecated (and unused) module.
ea-apache2-config
ZC-9253: Install nobody hook via ea-cpanel-tools so it’s available for pre-txn profile install.
ea-cpanel-tools
ZC-9253: Install nobody hook via ea-cpanel-tools so it’s available for pre-txn profile install.

This release includes a security patch that has been issued a fix for a CVE (Common Vulnerabilities and Exposures), the details of which are included below.

SUMMARY
cPanel, L.L.C. has updated packages for EasyApache 4 with PHP versions 7.3.31, 7.4.24, and 8.0.11.. This release addresses vulnerabilities related to CVE-2021-21706. We strongly encourage all PHP 7.3 users to upgrade to version 7.3.31, all PHP 7.4 users to upgrade to version 7.4.24, and all PHP 8.0 users to upgrade to version 8.0.11.

AFFECTED VERSIONS
All versions of PHP 7.3 through 7.3.30.
All versions of PHP 7.4 through 7.4.23.
All versions of PHP 8.0 through 8.0.10.

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

Continue reading
  79 Hits

Copyright

© Cpanel

79 Hits
SEP
24

cPanel® Version 100 now in EDGE!

We are happy to announce that cPanel Version 100 has now been released to the EDGE tier!  Warning: Due to the dynamic nature of EDGE builds, only use EDGE for testing in a controlled environment. We do not recommend this tier for production servers. This version has only received rudimentary testing. We publish this tier most often (up …

The post cPanel® Version 100 now in EDGE! first appeared on cPanel Newsroom.
Original author: Tabby Worthington
  67 Hits

Copyright

© Cpanel

67 Hits
SEP
22

EasyApache 4 September 22 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on the cPanel Community Forums, Discord, or Reddit to talk about this update and much more. If you have additional questions, feel free to reach out on one of our social channels.

2021-9-22

ea-nginx
EA-10108: Update ea-nginx to 1.21.3, drop 1.21.2.ZC-9261: Allow include to prefix proxy_cache_key based on any criteria.ZC-9260: Move standalone includes to separate folder and bring in server includes on reverse proxy and standalone.
libcurl
ea-tomcat85
EA-10109: Update ea-tomcat85 to 8.5.71, drop 8.5.70.
ea-apache2
mod_security2
ZC-9217: Fix the RPM path for modsec_audit.ZC-8704: Build for Ubuntu, and minor changes for CentOS.

This release includes a security patch that has been issued a fix for a CVE (Common Vulnerabilities and Exposures), the details of which are included below.

SUMMARY
cPanel, L.L.C. has updated packages for EasyApache 4 with Apache 2.4.49 and libcurl 7.79.0. This release addresses vulnerabilities related to CVE-2021-22945, CVE-2021-22946, CVE-2021-22947, CVE-2021-40438, CVE-2021-39275, CVE-2021-36160, CVE-2021-34798, and CVE-2021-33193. We strongly encourage all Apache users to upgrade to version 2.4.49 and all libcurl users to upgrade to version 7.79.0.

AFFECTED VERSIONS
All versions of Apache through 2.4.48.
All versions of libcurl through 7.78.0.

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

Continue reading
  86 Hits

Copyright

© Cpanel

86 Hits
SEP
21

cPanel TSR-2021-0005 Full Disclosure

cPanel has released its Targeted Security Release to address security concerns with the cPanel product. These updates are currently available to all customers via the standard update system.

cPanel has rated this update as having a CVSSv3.1 score of 3.9 to 5.3. For more information on ratings, please visit our documentation.

Is there any action required?

If you have disabled cPanel & WHM automatic updates, please update your cPanel & WHM installations at your earliest convenience.

If you have configured cPanel & WHM servers to automatically update, no action is required. Your servers have automatically been updated.

To avoid service interruptions, please ensure you are on one of the following secure versions:

Continue reading
  73 Hits

Copyright

© Cpanel

73 Hits
SEP
20

cPanel TSR-2021-0005 Announcement

cPanel has released its Targeted Security Release to address security concerns with the cPanel & WHM product. These updates are currently available to all customers via the standard update system. cPanel has rated this update as having a CVSSv3.1 score of 3.9 to 5.3. For more information on ratings, please visit our documentation. Is …

The post cPanel TSR-2021-0005 Announcement first appeared on cPanel Newsroom.
Original author: Tabby Worthington
  63 Hits

Copyright

© Cpanel

63 Hits
SEP
15

EULA and Pricing and Term Agreement Updates 

As part of our decision to include WordPress Toolkit in cPanel licenses at no additional charge, we recently notified customers that we made changes to our End User License and our Pricing and Term Agreement.  The changes that we made to these agreements were to facilitate that decision, and move …

The post EULA and Pricing and Term Agreement Updates  first appeared on cPanel Newsroom.
Original author: Tabby Worthington
  74 Hits

Copyright

© Cpanel

74 Hits
SEP
15

EasyApache 4 September 15 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on the cPanel Community Forums, Discord, or Reddit to talk about this update and much more. If you have additional questions, feel free to reach out on …

The post EasyApache 4 September 15 Release first appeared on cPanel Newsroom.
Original author: Tabby Worthington
  61 Hits

Copyright

© Cpanel

61 Hits
SEP
08

cPanel & WHM Version 96 Now EOL

8 Sept 2021

With Version 98 in STABLE cPanel & WHM Version 96 has reached End of Life. This version will now only be supported by cPanel when upgrading to a supported version.

In accordance with our EOL policy, Version 96 will continue to function on servers where it is already installed. The last release of cPanel & WHM Version 96 will remain on our mirrors indefinitely. However, no further updates, including fixes for known security flaws, will be provided for Version 96. Older releases of cPanel & WHM will be removed from our mirrors.

We recommend that all customers upgrade any existing installations of cPanel & WHM Version 96 to the most recent version of cPanel & WHM Version 98, which you can read about on https://releases.cpanel.net.

If your server setup complicates the process of upgrading to a supported version of cPanel & WHM (review the list of upgrade blockers), cPanel is here to help. Simply open a support ticket and our knowledgeable support team will provide recommendations, upgrade assistance, and more.

Continue reading
  73 Hits

Copyright

© Cpanel

73 Hits
SEP
01

EasyApache 4 September 1 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on the cPanel Community Forums, Discord, or Reddit to talk about this update and much more. If you have additional questions, feel free to reach out on one of our social channels.

2021-9-1

apr
ea-freetds
EA-10071: Update ea-freetds to 1.3.2, drop 1.3.1.
ea-nginx
EA-9954: Add logic for server_names_hash_max_size and server_names_hash_bucket_size to syntax checker.
ea-openssl11
ea-php74
EA-10081: Update ea-php74 to 7.4.23, drop 7.4.22.
ea-php74-meta
EA-10081: Update ea-php74 to 7.4.23, drop 7.4.22.
ea-php80
EA-10080: Update ea-php80 to 8.0.10, drop 8.0.9.
ea-php80-meta
EA-10080: Update ea-php80 to 8.0.10, drop 8.0.9.
scl-php73
EA-10074: Update scl-php73 to 7.3.30, drop 7.3.29.
scl-php73-meta
EA-10074: Update scl-php73 to 7.3.30, drop 7.3.29.

This release includes a security patch that has been issued a fix for a CVE (Common Vulnerabilities and Exposures), the details of which are included below.

SUMMARY
cPanel, L.L.C. has updated RPMs for EasyApache 4 with OpenSSL 1.1.1l and a patch for APR 1.7.0. This release addresses vulnerabilities related to CVE-2021-35940, CVE-2021-3711, and CVE-2021-3712. We strongly encourage all OpenSSL users to upgrade to version 1.1.1l and all APR users to upgrade to the patched version 1.7.0.

AFFECTED VERSIONS
All versions of OpenSSL through 1.1.1k.
APR version 1.7.0.

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

Continue reading
  98 Hits

Copyright

© Cpanel

98 Hits
Advertisement