LinkedIn API v2 - Required Update By May 1st

Late last year, LinkedIn announced a new version of their API. Starting May 1st, all integration features with LinkedIn must use the new API. JFBConnect v8.1 was just released and is fully compatible with the required changes. If you use LinkedIn integration on your site with JFBConnect, please upgrade before May 1st to ensure there are no authentication issues on your site. There are quite a few things to be aware of with the new API version as well, so please read everything if you incorporate LinkedIn authentication on your site.

Original author: Alex




EasyApache 4 Apr 3 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! This release includes a version update for ea-apache24 to 2.4.39, resolution to an issue with the installation of ea-liblsapi, and a solution for the premature stoppage of /scripts/ea-tomcat85. Please review the release in its entirety, then join us on SlackDiscord, or Reddit to talk about this update and much more


ea-apache2EA-8307: Update Apache to 2.4.39, drop 2.4.38ea-apache2-configEA-8305: Revert change in EA-8250ea-liblsapiEA-8300: Cannot reinstall ea-liblsapi because of conflicts with liblsapiea-tomcat85EA-8241: /scripts/ea-tomcat85 prematurely dies if fs.protected_symlinks_create is enabled

This release includes a security patch that has been issued a fix for a CVE (Common Vulnerabilities and Exposures), the details of which are included below.

cPanel, L.L.C. has updated RPMs for EasyApache 4 with Apache version 2.4.39. This release addresses vulnerabilities related to CVE-2019-0197, CVE-2019-0196, CVE-2019-0211, CVE-2019-0217, CVE-2019-0215, and CVE-2019-0220. We strongly encourage all Apache users to upgrade to version 2.4.39.


All versions of Apache through 2.4.38

Continue reading


© Cpanel


EasyApache 4 Mar 27 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on Slack, Discord, or Reddit to talk about this update and much more. 2019-3-27 mod_security2 EA-8292:  Patch mod_security for Issue 890 – ModSecurity corrupts the global pool’s cleanups linked list with …
Original author: Phil Hodges


© Cpanel


Support for Version 70 Extended to April 30th, 2019

Support for the current LTS (Long Term Support) version, cPanel & WHM Version 70, has been extended to April 30th, 2019. This extension is due to cPanel & WHM Version 78 not reaching the STABLE tier prior to the end of Version 70 support. Support is not extended for any …
Original author: benny Vasquez


© Cpanel


cPanel TSR-2019-0002 Full Disclosure

Yesterday cPanel released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. Below is the full disclosure of the changes included in that update.

Information on cPanel’s security ratings is available at https://go.cpanel.net/securitylevels.

If your deployed cPanel & WHM servers are configured to automatically update when new releases are available, then no action is required. Your systems will update automatically. If you have disabled automatic updates, then we strongly encourage you to update your cPanel & WHM installations at your earliest convenience.


Unsafe file operations as root in SSL certificate storage.
Security Rating
cPanel has assigned this vulnerability a CVSSv3 score of 5.6 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
The Cpanel::SSL::Objects::Certificate::File module creates a cache file when opening and reading an SSL certificate file. The Cpanel::SSLStorage module uses this to perform operations on SSL certificates stored in the user’s home directory as root. Because of this, it was possible for an attacker to overwrite and/or read root-owned files.
This issue was discovered by the cPanel Security Team.
This issue is resolved in the following builds:78.0.1876.0.2170.0.67

Continue reading


© Cpanel