JUN
22

EasyApache June 22 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on the cPanel Community Forums, Discord, or Reddit to talk about this update and much more. If you have additional questions, feel free to reach out on one of our social channels.

ea-libzipEA-10770: Update ea-libzip from v1.8.0 to v1.9.0ea-ruby27-rubygem-sqlite3EA-10771: Update ea-ruby27-rubygem-sqlite3 from v1.4.2 to v1.4.4ea-openssl11EA-10773: Update ea-openssl11 from v1.1.1o to v1.1.1pThe c_rehash script allows command injection (with fix for CVE-2022-2068)

This release includes a security patch that has been issued a fix for a CVE (Common Vulnerabilities and Exposures), the details of which are included below.

SUMMARY
cPanel, L.L.C. has updated packages for EasyApache 4 with OpenSSL version 1.1.1p. This release addresses vulnerabilities related to CVE-2022-2068. We strongly encourage all OpenSSL users to update to version 1.1.1p.

AFFECTED VERSIONS
All versions of OpenSSL through 1.1.1o.

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

Continue reading
  18 Hits

Copyright

© Cpanel

18 Hits
JUN
15

EasyApache June 15 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on the cPanel Community Forums, Discord, or Reddit to talk about this update and much more. If you have additional questions, feel free to reach out on one of our social channels.

ea-apache24EA-10756: Update ea-apache2 from v2.4.53 to v2.4.54CVE-2022-26377: mod_proxy_ajp: Possible request smugglingCVE-2022-28330: Read beyond bounds in mod_isapiCVE-2022-28614: Read beyond bounds via ap_rwrite()CVE-2022-28615: Read beyond bounds in ap_strcmp_match()CVE-2022-29404: Denial of service in mod_lua r:parsebodyCVE-2022-30522: mod_sed: Denial of serviceCVE-2022-30556: Information Disclosure in mod_lua with websocketsCVE-2022-31813: mod_proxy X-Forwarded-For dropped by hop-by-hop mechanismea-nodejs16EA-10748: Update ea-nodejs16 from v16.15.0 to v16.15.1ea-tomcat85EA-10761: Update ea-tomcat85 from v8.5.79 to v8.5.81ea-php74ea-php74-metaEA-10757: Update ea-php74 from v7.4.29 to v7.4.30mysqlnd:Fixed bug #81719: mysqlnd/pdo password buffer overflow. (CVE-2022-31626)pgsql:Fixed bug #81720: Uninitialized array in pg_query_params(). (CVE-2022-31625) ea-php80ea-php80-metaEA-10760: Update ea-php80 from v8.0.19 to v8.0.20mysqlnd:Fixed bug #81719: mysqlnd/pdo password buffer overflow. (CVE-2022-31626)pgsql:Fixed bug #81720: Uninitialized array in pg_query_params(). (CVE-2022-31625)ea-php81ea-php81-metaEA-10758: Update ea-php81 from v8.1.6 to v8.1.7mysqlnd:Fixed bug #81719: mysqlnd/pdo password buffer overflow. (CVE-2022-31626)pgsql:Fixed bug #81720: Uninitialized array in pg_query_params(). (CVE-2022-31625) ea-podmanZC-9993: Add script for dev/QA/smold4r to be able to test against internal docker hubea-podman-repoZC-10010: enable powertools on Rocky 8ea-nginxZC-9940: Change worker_processes default back to 1ZC-9940: Have worker_shutdown_timeout default to 10 seconds

SUMMARY
cPanel, L.L.C. has updated packages for EasyApache 4 with PHP versions 7.4.30, 8.0.20, and 8.1.7 and Apache version 2.4.54. This release addresses vulnerabilities related to CVE-2022-26377, CVE-2022-28330, CVE-2022-28614, CVE-2022-28615, CVE-2022-29404, CVE-2022-30522, CVE-2022-30556, CVE-2022-31813, CVE-2022-31626, and CVE-2022-31625. We strongly encourage all PHP 7.4 users to update to version 7.4.30, all PHP 8.0 users to update to version 8.0.20, all PHP 8.1 users to update to version 8.1.7, and all Apache users to update to version 2.4.54.

AFFECTED VERSIONS
All versions of PHP 7.4 through 7.4.29.
All versions of PHP 8.0 through 8.0.19.
All versions of PHP 8.1 through 8.1.6.
All versions of Apache through 2.4.53.

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

CVE-2022-26377 – MEDIUM
Apache 2.4.54
Fixed vulnerability in the mod_proxy_ajp module related to CVE-2022-26377.

Continue reading
  26 Hits

Copyright

© Cpanel

26 Hits
JUN
09

cPanel® Version 104 now in RELEASE!

We are happy to announce that cPanel Version 104 has now been released to the RELEASE tier!  What’s new in Version 104? So much! Some of the features we’re most excited about include: Vastly improved mail experience, including auto-purge and smart spam handling. A new SQL config UI that automatically provides …

The post cPanel® Version 104 now in RELEASE! first appeared on cPanel Newsroom.
Original author: Rhoda Arnes
  29 Hits

Copyright

© Cpanel

29 Hits
JUN
01

cPanel TSR-2022-0002 Full Disclosure

cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.
SEC-629

Summary

Respect the “no_create” parameter in BoxTrapper_getemaildirs.

Security Rating

cPanel has assigned this vulnerability a CVSSv3.1 score of 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Continue reading
  44 Hits

Copyright

© Cpanel

44 Hits
JUN
01

EasyApache June 1 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on the cPanel Community Forums, Discord, or Reddit to talk about this update and much more. If you have additional questions, feel free to reach out on …

The post EasyApache June 1 Release first appeared on cPanel Newsroom.
Original author: Rhoda Arnes
  45 Hits

Copyright

© Cpanel

45 Hits
MAY
31

cPanel TSR-2022-0002 Announcement

cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.

cPanel has rated this update as having a CVSSv3.1 score of 2.2 to 8.0.

Information on cPanel’s security ratings is available at https://go.cpanel.net/securitylevels .

If your deployed cPanel & WHM servers are configured to automatically update when new releases are available, then no action is required. Your systems will update automatically. If you have disabled automatic updates, then we strongly encourage you to update your cPanel & WHM installations at your earliest convenience.

RELEASES

Continue reading
  47 Hits

Copyright

© Cpanel

47 Hits
MAY
26

cPanel® Version 104 now in CURRENT!

We are happy to announce that cPanel Version 104 has now been released to the CURRENT tier!  To fully explore all the changes in Version 104, as well as see detailed information about all cPanel & cPanel WebHost Manager versions, visit the release notes. More Information Our Release site also provides an …

The post cPanel® Version 104 now in CURRENT! first appeared on cPanel Newsroom.
Original author: Rhoda Arnes
  48 Hits

Copyright

© Cpanel

48 Hits
MAY
18

EasyApache May 18 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on the cPanel Community Forums, Discord, or Reddit to talk about this update and much more. If you have additional questions, feel free to reach out on …

The post EasyApache May 18 Release first appeared on cPanel Newsroom.
Original author: Rhoda Arnes
  55 Hits

Copyright

© Cpanel

55 Hits
MAY
18

cPanel® Version 102 now in STABLE!

We are happy to announce that cPanel Version 102 has now been released to the STABLE tier!  To fully explore all the changes in Version 102, as well as see detailed information about all cPanel & cPanel WebHost Manager versions, visit the release notes. More Information Our Release site also provides …

The post cPanel® Version 102 now in STABLE! first appeared on cPanel Newsroom.
Original author: Rhoda Arnes
  63 Hits

Copyright

© Cpanel

63 Hits
MAY
11

EasyApache May 11 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on the cPanel Community Forums, Discord, or Reddit to talk about this update and much more. If you have additional questions, feel free to reach out on one of our social channels.

ea-openssl11

This release includes a security patch that has been issued a fix for a CVE (Common Vulnerabilities and Exposures), the details of which are included below.

SUMMARY
cPanel, L.L.C. has updated packages for EasyApache 4 with OpenSSL version 1.1.1o. This release addresses vulnerabilities related to CVE-2022-1473 and CVE-2022-1292. We strongly encourage all OpenSSL users to upgrade to version 1.1.1o.

AFFECTED VERSIONS
All versions of OpenSSL through 1.1.1n.

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

Continue reading
  65 Hits

Copyright

© Cpanel

65 Hits
APR
27

EasyApache April 27 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on the cPanel Community Forums, Discord, or Reddit to talk about this update and much more. If you have additional questions, feel free to reach out on …

The post EasyApache April 27 Release first appeared on cPanel Newsroom.
Original author: Rhoda Arnes
  87 Hits

Copyright

© Cpanel

87 Hits
APR
20

EasyApache April 20 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on the cPanel Community Forums, Discord, or Reddit to talk about this update and much more. If you have additional questions, feel free to reach out on …

The post EasyApache April 20 Release first appeared on cPanel Newsroom.
Original author: Rhoda Arnes
  85 Hits

Copyright

© Cpanel

85 Hits
APR
13

EasyApache April 13 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on the cPanel Community Forums, Discord, or Reddit to talk about this update and much more. If you have additional questions, feel free to reach out on …

The post EasyApache April 13 Release first appeared on cPanel Newsroom.
Original author: Rhoda Arnes
  215 Hits

Copyright

© Cpanel

215 Hits
APR
12

cPanel® Version 104 now in EDGE!

We are happy to announce that cPanel Version 104 has now been released to the EDGE tier!  Warning: Due to the dynamic nature of EDGE builds, only use EDGE for testing in a controlled environment. We do not recommend this tier for production servers. This version has only received rudimentary testing. We publish this tier most often (up …

The post cPanel® Version 104 now in EDGE! first appeared on cPanel Newsroom.
Original author: Rhoda Arnes
  305 Hits

Copyright

© Cpanel

305 Hits
APR
06

EasyApache April 6 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on the cPanel Community Forums, Discord, or Reddit to talk about this update and much more. If you have additional questions, feel free to reach out on …

The post EasyApache April 6 Release first appeared on cPanel Newsroom.
Original author: Rhoda Arnes
  289 Hits

Copyright

© Cpanel

289 Hits
MAR
30

EasyApache March 30 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on the cPanel Community Forums, Discord, or Reddit to talk about this update and much more. If you have additional questions, feel free to reach out on …

The post EasyApache March 30 Release first appeared on cPanel Newsroom.
Original author: Rhoda Arnes
  302 Hits

Copyright

© Cpanel

302 Hits
MAR
23

EasyApache March 23 Release Announcement

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on the cPanel Community Forums, Discord, or Reddit to talk about this update and much more. If you have additional questions, feel free to reach out on one of our social channels.

ea-modsec2-rules-owasp-crs
EA-10394: Update version in meta_OWASP3.yaml.
ea-nginx
EA-10576: Fix server configuration template proxy caching setting.
ea-tomcat85
EA-10578: Update ea-tomcat85 from 8.5.76 to 8.5.77.
ea-php80
EA-10575: Update ea-php80 from 8.0.16 to 8.0.17.
ea-php80-meta
EA-10575: Update ea-php80 from 8.0.16 to 8.0.17.
ea-php81
EA-10577: Update ea-php81 from 8.1.3 to 8.1.4.
ea-php81-meta
EA-10577: Update ea-php81 from 8.1.3 to 8.1.4.
ea-nodejs16
EA-10588: Update ea-nodejs16 from 16.13.1 to 16.14.2 (with fix for OpenSSL via CVE-2022-0778 )
ea-cpanel-tools
ZC-9823: Set php default version to 8.0.
ea-profiles-cpanel
ZC-9823: Update profiles for PHP8.

SUMMARY
cPanel, L.L.C. has updated packages for EasyApache 4 with OpenSSL version 1.1.1n in NodeJS. This release addresses vulnerabilities related to CVE-2022-0778. We strongly encourage all NodeJS users to upgrade to version 16.14.2 and take advantage of this OpenSSL fix.

AFFECTED VERSIONS
All versions of NodeJS through 16.14.1.
All versions of OpenSSL through 1.1.1m.

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

CVE-2022-0778 – HIGH
OpenSSL 1.1.1n
Fixed vulnerability related to CVE-2022-0778.

Continue reading
  321 Hits

Copyright

© Cpanel

321 Hits
MAR
21

cPanel® Version 102 now in RELEASE!

cPanel® Version 102 now in RELEASE! We are happy to announce that cPanel Version 102 has now been released to the RELEASE tier!  What’s new in Version 102? So much! Some of the features we’re most excited about include: Full support for Ubuntu 20 LTS Jupiter for cPanel WebHost Manager and …

The post cPanel® Version 102 now in RELEASE! first appeared on cPanel Newsroom.
Original author: Rhoda Arnes
  318 Hits

Copyright

© Cpanel

318 Hits
MAR
17

EasyApache 4 March 17 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on the cPanel Community ForumsDiscord, or Reddit to talk about this update and much more. If you have additional questions, feel free to reach out on one of our social channels.

ea-openssl11
EA-10564: Update ea-openssl11 from 1.1.1m to 1.1.1n (with fix for CVE-2022-0778).More Information

This release includes a security patch that has been issued a fix for a CVE (Common Vulnerabilities and Exposures), the details of which are included below.

SUMMARY
cPanel, L.L.C. has updated packages for EasyApache 4 with OpenSSL version 1.1.1n. This release addresses vulnerabilities related to CVE-2022-0778. We strongly encourage all OpenSSL users to upgrade to version 1.1.1n.

AFFECTED VERSIONS
All versions of OpenSSL through 1.1.1m.

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

Continue reading
  354 Hits

Copyright

© Cpanel

354 Hits
MAR
15

cPanel & WHM® expands collaboration with Ubuntu to bring full support for Ubuntu LTS in V102

HOUSTON, March 9, 2022 /PRNewswire/ — cPanel® L.L.C., the Hosting Platform of Choice, a WebPros® portfolio company, is expanding its collaboration with Ubuntu to provide full support for Ubuntu LTS 20.04 with cPanel & WHM version 102.

In the winter of 2020, CentOS 8 announced that it would be reaching its end-of-life in December of 2021. This news was somewhat unexpected in the open-source and web hosting worlds. In response, cPanel has been working towards providing solutions that will benefit our partners and customers and expand options as we move forward together.

Our Commitment to Growth
Aila Power, VP of Product Development, said: “Ubuntu is a solid Linux Distribution with a great track record of security and innovation. I’m really excited that cPanel & WHM are now available on this distro that is the first choice for many when they build a new application.” We provide greater Operating System (OS) diversity, more substantial stability, and increased safety for our customers and their customers. 

Our collaboration with Ubuntu will give cPanel & WHM users more open-source Linux distribution architecture options within their current infrastructure while providing a more robust business suite of solutions to help customers scale and expand their business hosting operations.

“Ubuntu has long been the platform of choice for large scale compute estates and Canonical are delighted to partner with cPanel to mitigate the impact on long term stability and predictability brought about by the changes to CentOS” shared Mark Lewis, VP of Application Services, at Canonical | Ubuntu.

Continue reading
  149 Hits

Copyright

© Cpanel

149 Hits
Advertisement