FEB
24

EasyApache 4 February 24 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on Discord or Reddit to talk about this update and much more.

2021-2-24

ea-nodejs10
EA-9587: Update ea-nodejs10 to 10.23.3, drop 10.23.2.
ea-openssl11
libcurl
EA-9567: Update libcurl to 7.75.0, drop 7.74.0.
mod_security2
EA-9584: Update Conflicts for C6.EA-9427: Change the PATH to use /usr/bin/ so perl doesn’t conflict.
ea-modsec2-rules-owasp
ZC-8471: Conflict w/ modsec 3 not ea-nginx.

This release includes a security patch that has been issued a fix for a CVE (Common Vulnerabilities and Exposures), the details of which are included below.

PGP Signed message:

EA4-2021-2-24-CVE.signedDownload

SUMMARY
cPanel, L.L.C. has updated RPMs for EasyApache 4 with OpenSSL version 1.1.1j. This release addresses vulnerabilities related to CVE-2021-23841 and CVE-2021-23840. We strongly encourage all OpenSSL users to update to version 1.1.1j.
 
 
AFFECTED VERSIONS
All versions of OpenSSL through 1.1.1i.

Continue reading
  5 Hits

Copyright

© Cpanel

5 Hits
FEB
10

EasyApache 4 February 10 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on Discord or Reddit to talk about this update and much more.

2021-2-10

ea-apache24-mod_pagespeed
EA-9560: Update to version 1.14.36.1
ea-nghttp2
EA-9573: Update ea-nghttp2 to 1.43.0, drop 1.42.0.
ea-php74
EA-9565: Update ea-php74 to 7.4.15, drop 7.4.14 (with fix for CVE-2021-21702).
ea-php74-meta
EA-9565: Update ea-php74 to 7.4.15, drop 7.4.14 (with fix for CVE-2021-21702).
ea-php80
EA-9574: Update ea-php80 to 8.0.2, drop 8.0.1 (with fix for CVE-2021-21702).
ea-php80-meta
EA-9574: Update ea-php80 to 8.0.2, drop 8.0.1 (with fix for CVE-2021-21702).
ea-tomcat85
EA-9566: Update ea-tomcat85 to 8.5.63, drop 8.5.61.
scl-php73
EA-9568: Update scl-php73 to 7.3.27, drop 7.3.26 (with fix for CVE-2021-21702).
scl-php73-meta
EA-9568: Update scl-php73 to 7.3.27, drop 7.3.26 (with fix for CVE-2021-21702).

This release includes a security patch that has been issued a fix for a CVE (Common Vulnerabilities and Exposures), the details of which are included below.

SUMMARY
cPanel, L.L.C. has updated RPMs for EasyApache 4 with PHP versions 8.0.2, 7.4.15, and 7.3.27. This release addresses vulnerabilities related to CVE-2021-21702. We strongly encourage all PHP 8.0 users to upgrade to version 8.0.2, all PHP 7.4 users to upgrade to version 7.4.15, and all PHP 7.3 users to upgrade to version 7.3.27.
 
 
AFFECTED VERSIONS
All versions of PHP 8.0 through 8.0.1.
All versions of PHP 7.4 through 7.4.14.
All versions of PHP 7.3 through 7.3.26.

 
SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:
 

CVE-2021-21702 – MEDIUM

Continue reading
  50 Hits

Copyright

© Cpanel

50 Hits
FEB
04

EasyApache 4 February 4 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on Discord or Reddit to talk about this update and much more. 2021-2-4 ea-apache2 EA-9463: Enable mod_systemd for further startup enhancements ea-apache2-config EA-9550: Fix to not overwrite errordocument.conf when upgrading. …

The post EasyApache 4 February 4 Release first appeared on cPanel Newsroom.
Original author: Tabby Worthington
  28 Hits

Copyright

© Cpanel

28 Hits
FEB
03

cPanel & WHM Version 94 now in CURRENT!

We are happy to announce that cPanel, L.L.C. has released cPanel & WHM Version 94 to the CURRENT tier!  To see what’s changing in this new version, check out our full release notes. If you have other questions or comments, join us on Discord, Reddit, or our Support Forums! Highlights of what’s new: Full support for …

The post cPanel & WHM Version 94 now in CURRENT! first appeared on cPanel Newsroom.
Original author: Tabby Worthington
  42 Hits

Copyright

© Cpanel

42 Hits
JAN
27

EasyApache 4 January 27 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on Discord or Reddit to talk about this update and much more. ea-cpanel-tools ZC-6815: Add ea-nginx-standalone to additional_packages. More Information Information about all releases this year can be found in …

The post EasyApache 4 January 27 Release first appeared on cPanel Newsroom.
Original author: Tabby Worthington
  36 Hits

Copyright

© Cpanel

36 Hits
JAN
19

cPanel TSR-2021-0001 Full Disclosure

cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.

cPanel has rated these updates as having CVSSv3.1 scores ranging from 2.5 to 3.3.

Information on cPanel’s security ratings is available at https://go.cpanel.net/securitylevels.

If your deployed cPanel & WHM servers are configured to automatically update when new releases are available, then no action is required. Your systems will update automatically. If you have disabled automatic updates, then we strongly encourage you to update your cPanel & WHM installations at your earliest convenience.

SEC-578

Summary

Continue reading
  57 Hits

Copyright

© Cpanel

57 Hits
JAN
18

cPanel TSR-2021-0001 Announcement

cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.

cPanel has rated these updates as having CVSSv3.1 scores ranging from 2.5 to 3.3.

Information on cPanel’s security ratings is available at https://go.cpanel.net/securitylevels.

If your deployed cPanel & WHM servers are configured to automatically update when new releases are available, then no action is required. Your systems will update automatically. If you have disabled automatic updates, then we strongly encourage you to update your cPanel & WHM installations at your earliest convenience.

RELEASES

The following cPanel & WHM versions address all known vulnerabilities:

Continue reading
  52 Hits

Copyright

© Cpanel

52 Hits
JAN
13

EasyApache 4 January 13 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on Discord or Reddit to talk about this update and much more.

ea-apache2
EA-9506: Do not start htcacheclean service if mod_cache_disk module is not loaded.
ea-libicu
EA-9527: Update ea-libicu to 68.2. drop 67.
ea-nodejs10
ea-php74
EA-9517: Update ea-php74 to 7.4.14, drop 7.4.13 (with fix for CVE-2020-7071).
ea-php74-meta
EA-9517: Update ea-php74 to 7.4.14, drop 7.4.13 (with fix for CVE-2020-7071).
ea-php80
EA-9519: Update ea-php80 to 8.0.1, drop 8.0.0 (with fix for CVE-2020-7071).
ea-php80-meta
EA-9519: Update ea-php80 to 8.0.1, drop 8.0.0 (with fix for CVE-2020-7071).
ea-ruby27-passenger
ZC-8196: Ensure pre-2.7 apps are configured for 2.4 so that they continue to use 2.4.ZC-8188: Configure python if python3 is not thereZC-8188: Provide /etc/cpanel/ea4/passenger.python.
ea-tomcat85
EA-9505: Update ea-tomcat85 to 8.5.61, drop 8.5.60.
scl-php73
EA-9518: Update scl-php73 to 7.3.26, drop 7.3.25 (with fix for CVE-2020-7071).
scl-php73-meta
EA-9518: Update scl-php73 to 7.3.26, drop 7.3.25 (with fix for CVE-2020-7071).
scl-ruby24
ZC-8143: Compile ruby 2.4 binary to work when called directly.
scl-ruby24-passenger
ZC-8188: Make python check verbose and explicitly for mod_passenger package.ZC-8188: Configure python if python3 is not there.ZC-8188: Provide /etc/cpanel/ea4/passenger.python.

This release includes a security patch that has been issued a fix for a CVE (Common Vulnerabilities and Exposures), the details of which are included below.

SUMMARY
cPanel, L.L.C. has updated RPMs for EasyApache 4 with PHP versions 8.0.1, 7.4.14, and 7.3.26 and NodeJS version 10.23.1. This release addresses vulnerabilities related to CVE-2020-8265, CVE-2020-8287, CVE-2020-1971, and CVE-2020-7071. We strongly encourage all PHP 8.0 users to upgrade to version 8.0.1, all PHP 7.4 users to upgrade to version 7.4.14, all PHP 7.3 users to upgrade to version 7.3.26, and all NodeJS users to upgrade to version 10.23.1.
 
 
AFFECTED VERSIONS
All versions of PHP 8.0 through 8.0.0.
All versions of PHP 7.4 through 7.4.13.
All versions of PHP 7.3 through 7.3.25.
All versions of NodeJS through 10.23.0.

 
SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:
 

CVE-2020-8265 – CRITICAL
NodeJS 10.23.1
Fixed bug related to CVE-2020-8265.

Continue reading
  98 Hits

Copyright

© Cpanel

98 Hits
JAN
06

cPanel & WHM Version 94 now in EDGE!

We are happy to announce that cPanel, L.L.C. has released cPanel & WHM Version 94 to the EDGE tier!  To see what’s changing in this new version, check out our full release notes. Releases to the EDGE tier are for testing only, and should not be used on production servers.  If …

The post cPanel & WHM Version 94 now in EDGE! first appeared on cPanel Newsroom.
Original author: Tabby Worthington
  60 Hits

Copyright

© Cpanel

60 Hits
DEC
29

cPanel & WHM Version 90 Now EOL

December 29, 2020 With Version 92 in STABLE, cPanel & WHM Version 90 has reached End of Life. This version will now only be supported by cPanel when upgrading to a supported version. In accordance with our EOL policy, Version 90 will continue to function on servers where it is already installed. …

The post cPanel & WHM Version 90 Now EOL first appeared on cPanel Newsroom.
Original author: Tabby Worthington
  72 Hits

Copyright

© Cpanel

72 Hits
DEC
23

EasyApache 4 December 23 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on Discord or Reddit to talk about this update and much more.

2020-12-23

ea-openssl11
EA-9478: Update ea-openssl11 to 1.1.1i, drop 1.1.1h (with fix for CVE-2020-1971)
ea-profiles-cpanel
ZC-7620: Update Ruby profile for 2.7 on C7 and C8.
libcurl
scl-ruby24-passenger
ZC-8096: Use full path in passenger.ruby.ZC-7897: Add version/package specific template file (and support userdata paths like nginx).ZC-7655: Provide/Conflict apache24-passenger.ZC-8143: Compile ruby 2.4 binary to work when called directly.
ea-cpanel-tools
ZC-7904: Add EOL recommendation for ruby24 on C7 and later.
ea-nodejs10
ZC-8150: Install /etc/cpanel/ea4/passenger.nodejs.
ea-apache2-config
EA-9493: Remove need for perl-libwww-perl.
CentOS 8 System OpenSSL
ZC-8005: Replace ea-openssl11 with system openssl on C8.aprapr-utilea-apache2ea-freetdsea-libzipea-nghttp2ea-php74ea-php80scl-libc-clientscl-php72scl-php73
Ruby 2.7 in Production
EA-9480: Publish ea-ruby27 to production.ea-ruby27ea-ruby27-libuvea-ruby27-metaea-ruby27-passengerea-ruby27-rubygem-mizuhoea-ruby27-rubygem-nokogiriea-ruby27-rubygem-rackea-ruby27-rubygem-sqlite3

This release includes a security patch that has been issued a fix for a CVE (Common Vulnerabilities and Exposures), the details of which are included below.

SUMMARY
cPanel, L.L.C. has updated RPMs for EasyApache 4 with OpenSSL version 1.1.1i and libcurl version 7.74.0. This release addresses vulnerabilities related to CVE-2020-1971, CVE-2020-8284, CVE-2020-8285, and CVE-2020-8586. We strongly encourage all OpenSSL 1.1 users to update to version 1.1.1i and all libcurl users to update to version 7.74.0.
 
 
AFFECTED VERSIONS
All versions of OpenSSL through 1.1.1h.
All versions of libcurl through 7.73.0.

 
SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:
 

CVE-2020-1971 – MEDIUM
OpenSSL 1.1.1i
Fixed bug related to CVE-2020-1971.

Continue reading
  181 Hits

Copyright

© Cpanel

181 Hits
DEC
21

cPanel & WHM Version 92 to STABLE!

We are happy to announce that cPanel, L.L.C. has released cPanel & WHM Version 92 to the STABLE tier! Some highlights of this release can be found below, but please check the Release Site for more information. WordPress Toolkit–The Evolution of WordPress Manager We added a new feature called WordPress Toolkit. …

The post cPanel & WHM Version 92 to STABLE! first appeared on cPanel Newsroom.
Original author: Tabby Worthington
  99 Hits

Copyright

© Cpanel

99 Hits
DEC
09

EasyApache 4 December 9 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on Discord or Reddit to talk about this update and much more. ea-cpanel-tools EA-9444: Add PHP 7.2 to EOL recommendations. ea-oniguruma EA-9466: Update ea-oniguruma to 6.9.6, drop 6.9.5_rev1. ea-profiles-cpanel EA-9444: …

The post EasyApache 4 December 9 Release first appeared on cPanel Newsroom.

Original author: Tabby Worthington
  76 Hits

Copyright

© Cpanel

76 Hits
DEC
02

EasyApache 4 December 2 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on Discord or Reddit to talk about this update and much more. ea-apache2-config COBRA-11968: Fix Let’s Encrypt HTTP DCV under SSL force-redirect. ea-nghttp2 EA-9445: Update ea-nghttp2 to 1.42.0, drop 1.41.0. …

The post EasyApache 4 December 2 Release first appeared on cPanel Newsroom.

Original author: Tabby Worthington
  97 Hits

Copyright

© Cpanel

97 Hits
NOV
30

cPanel & WHM Version 92 to RELEASE!

We are happy to announce that cPanel, L.L.C. has released cPanel & WHM Version 92 to the RELEASE tier! Some highlights of this release can be found below, but please check the Release Site for more information. Experimental ImageMagick for CentOS 8 For CentOS 8 and CloudLinux 8 servers, the system …

The post cPanel & WHM Version 92 to RELEASE! first appeared on cPanel Newsroom.

Original author: Tabby Worthington
  137 Hits

Copyright

© Cpanel

137 Hits
NOV
23

EasyApache 4 November 23 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on Discord or Reddit to talk about this update and much more. 2020-11-23 mod_security2 ZC-7925: Install /etc/cpanel/ea4/modsecurity.version. More Information Information about all releases this year can be found in …

The post EasyApache 4 November 23 Release first appeared on cPanel Newsroom.

Original author: Tabby Worthington
  100 Hits

Copyright

© Cpanel

100 Hits
NOV
23

cPanel & WHM Version 88 Now EOL

With Version 90 in STABLE, cPanel & WHM Version 88 has reached End of Life. This version will now only be supported by cPanel when upgrading to a supported version. In accordance with our EOL policy, Version 88 will continue to function on servers where it is already installed. The last release of …

The post cPanel & WHM Version 88 Now EOL first appeared on cPanel Newsroom.

Original author: Tabby Worthington
  96 Hits

Copyright

© Cpanel

96 Hits
NOV
17

cPanel TSR-2020-0007 Full Disclosure


SEC-567

Summary

URL parameter injection vulnerabilities in multiple interfaces.

Security Rating

cPanel has assigned this vulnerability a CVSSv3.1 score of 2.6 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N

Description

Continue reading
  94 Hits

Copyright

© Cpanel

94 Hits
NOV
16

cPanel TSR-2020-0007 Announcement

cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.

cPanel has rated these updates as having CVSSv3.1 scores ranging from 2.6 to 4.7

Information on cPanel’s security ratings is available at https://go.cpanel.net/securitylevels.

If your deployed cPanel & WHM servers are configured to automatically update when new releases are available, then no action is required. Your systems will update automatically. If you have disabled automatic updates, then we strongly encourage you to update your cPanel & WHM installations at your earliest convenience.

RELEASES

The following cPanel & WHM versions address all known vulnerabilities:

Continue reading
  95 Hits

Copyright

© Cpanel

95 Hits
NOV
11

EasyApache 4 November 11 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on Discord or Reddit to talk about this update and much more. 2020-11-11 ea-freetds EA-9397: Update ea-freetds to 1.2.9, drop 1.2.5. ea-nodejs10 EA-9400: Update ea-nodejs10 to 10.23.0, drop 10.22.1. ea-php74 ZC-7893: Remove …

The post EasyApache 4 November 11 Release first appeared on cPanel Newsroom.

Original author: Tabby Worthington
  93 Hits

Copyright

© Cpanel

93 Hits
Advertisement