We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on Discord or Reddit to talk about this update and much more.

2021-3-31

ea-apache2-config

ea-cpanel-tools

ea-openssl11

scl-php73

This release includes a security patch that has been issued a fix for a CVE (Common Vulnerabilities and Exposures), the details of which are included below.

SUMMARY

cPanel, L.L.C. has updated RPMs for EasyApache 4 with  OpenSSL version 1.1.1k. This release addresses vulnerabilities related to CVE-2021-3450 and 
CVE-2021-3449. We strongly encourage all OpenSSL users to update to version 1.1.1k.
 
 
AFFECTED VERSIONS
All versions of OpenSSL through 1.1.1j.

 
SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:
 

CVE-2021-3450 – MEDIUM

HOUSTON, Texas – WebPros, a leader in hosting infrastructure, billing, and virtualization automation, today announced the acquisition of NIXStats, the company best known for its intelligent server performance and uptime management platform. NIXStats joins other WebPros companies, including hosting management solutions cPanel®, Plesk®, and WHMCS®, to provide a comprehensive suite of solutions and broaden their capabilities to their expanding set of partners and customers.

NIXStats delivers unparalleled insight into server performance and uptime management by leveraging a suite of comprehensive and proprietary technologies tightly integrated into the NIXStats platform. This unique approach allows NIXStats to provide clear and concise reporting while dramatically reducing false positives. NIXStats and its integrated decision engine can be deployed into any customer environment, enabling customers to manage their servers proactively and isolate and react to real-time events to maintain maximum performance uptime.

“Customers rely on cPanel, Plesk, and WHMCS to deliver exceptional insights and automation on their hosting infrastructure,” said Jens Meggers, Chief Executive Officer, WebPros. “NIXStats empowers our customers to make data-driven decisions on that infrastructure in record time without compromising uptime and performance. When customers integrate NIXStats into their hosting environments, they benefit from increased awareness of their performance, and they can do so at a lower cost.”

NIXStats is the most recent acquisition for WebPros. Other prominent WebPros companies include infrastructure management and automation companies cPanel, Plesk, and WHMCS; digital marketing solution XOVI; and SolusIO virtualization management software. For more information about WebPros, visit www.webpros.com.

NIXStats founder Vincent van Megen will join the company as Head of Monitoring.

cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.

cPanel has rated this update as having a CVSSv3.1 score of 1.8.

Information on cPanel’s security ratings is available at https://go.cpanel.net/securitylevels.

If your deployed cPanel & WHM servers are configured to automatically update when new releases are available, then no action is required. Your systems will update automatically. If you have disabled automatic updates, then we strongly encourage you to update your cPanel & WHM installations at your earliest convenience.

RELEASES

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on Discord or Reddit to talk about this update and much more.

2021-3-3

scl-sourceguardian

EA-9610: Update scl-sourceguardian to 12.0 drop 11.4.1.

ea-nodejs10

EA-9601: Updateea-nodejs10 to 10.24.0, drop 10.23.3 (with fixes for CVE-2020-8265, CVE-2020-8287, and CVE-2020-1971).

This release includes a security patch that has been issued a fix for a CVE (Common Vulnerabilities and Exposures), the details of which are included below.

SUMMARY

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on Discord or Reddit to talk about this update and much more.

2021-2-24

ea-nodejs10

ea-openssl11

libcurl

mod_security2

ea-modsec2-rules-owasp

This release includes a security patch that has been issued a fix for a CVE (Common Vulnerabilities and Exposures), the details of which are included below.

PGP Signed message:

EA4-2021-2-24-CVE.signedDownload

SUMMARY
cPanel, L.L.C. has updated RPMs for EasyApache 4 with OpenSSL version 1.1.1j. This release addresses vulnerabilities related to CVE-2021-23841 and CVE-2021-23840. We strongly encourage all OpenSSL users to update to version 1.1.1j.
 
 
AFFECTED VERSIONS
All versions of OpenSSL through 1.1.1i.

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on Discord or Reddit to talk about this update and much more.

2021-2-10

ea-apache24-mod_pagespeed

ea-nghttp2

ea-php74

ea-php74-meta

ea-php80

ea-php80-meta

ea-tomcat85

scl-php73

scl-php73-meta

This release includes a security patch that has been issued a fix for a CVE (Common Vulnerabilities and Exposures), the details of which are included below.

SUMMARY
cPanel, L.L.C. has updated RPMs for EasyApache 4 with PHP versions 8.0.2, 7.4.15, and 7.3.27. This release addresses vulnerabilities related to CVE-2021-21702. We strongly encourage all PHP 8.0 users to upgrade to version 8.0.2, all PHP 7.4 users to upgrade to version 7.4.15, and all PHP 7.3 users to upgrade to version 7.3.27.
 
 
AFFECTED VERSIONS
All versions of PHP 8.0 through 8.0.1.
All versions of PHP 7.4 through 7.4.14.
All versions of PHP 7.3 through 7.3.26.

 
SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:
 

CVE-2021-21702 – MEDIUM

cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.

cPanel has rated these updates as having CVSSv3.1 scores ranging from 2.5 to 3.3.

Information on cPanel’s security ratings is available at https://go.cpanel.net/securitylevels.

If your deployed cPanel & WHM servers are configured to automatically update when new releases are available, then no action is required. Your systems will update automatically. If you have disabled automatic updates, then we strongly encourage you to update your cPanel & WHM installations at your earliest convenience.

SEC-578

Summary