cPanel & WHM 11.28 Release Notes

Last updated April 25, 2011.

These Release Notes detail feature updates in cPanel & WHM version 11.28.

Related White Papers

Database Mapping

With version 11.28, cPanel & WHM introduces the Database Mapping feature. This feature lays the groundwork for providing more flexibility in naming databases and database users.

In the past, cPanel has always prepended an account's username to any database name or database username created by the account (for example, a database might be named "user_dbname"). This changes with the addition of the Database Mapping feature.

In cPanel 11.28, Database Mapping provides the following benefits:

  1. Accounts transferred from non-cPanel servers, such as those running Plesk or Ensim, will no longer have the cPanel account name added as a prefix to the names of databases and database users. This means applications like blogs and forums should work with minimal (or no) changes after transfer.
  2. Server owners can disable use of the database name prefix server-wide. If a server owner chooses this option, databases and database users will no longer be created with the cPanel account as a prefix (for example, a database could be named "dbase" instead of "user_dbase"). This option is not reversible.

Both of the features above will make a server incompatible with older versions of cPanel. If either:

  1. a non-cPanel account is transferred to an 11.28 server, or
  2. the server owner opts to disable prefixing,
then that server will not be able downgrade to 11.28 later.

Transferring an account from a cPanel system that does not use the database prefix to one that does (e.g., cPanel 11.28 with prefixing disabled, to cPanel 11.28) will result in support issues. Databases and database users whose names lack the prefix will be unmanageable in the cPanel interface.

  • note Note: Databases created by cPAddons will always be named with a prefix, regardless of whether Database Mapping is turned on or off. The prefix will consist of the database username, followed by an underscore (_).

For more technical information about Database Mapping, see our Database Mapping white paper (PDF).

Database Creation

Prior to cPanel 11.28, cPanel users were able to create a database via direct MySQL connections as long as the database was properly prefixed for the cPanel account (e.g. account-name_database).

However, in version 11.28, if the WHM administrator turns prefixing off, the grant statement that provides that permission will be removed and the cPanel account's MySQL user will not be able to create databases via direct MySQL connections. cPanel users will need to use the cPanel UI or API to create databases if prefixing has been disabled.

Removed phpMyAdmin User Modification Features

We have removed some user modification features from phpMyAdmin in cPanel & WHM 11.28. The features we have removed include the ability to add users, delete users, and modify certain user properties, such as the hostname.

Custom Webmail

Server owners can now offer third-party webmail applications from the cPanel interface. This requires some Perl scripting ability.

For instructions, see Integrating Webmail Applications.

LOCK Method for WebDAV

cPanel's Web Disk feature, provided by the cpdavd service, is now fully compliant with the RFC 4918 Class 2 WebDAV standard.

This means that cpdavd now provides full resource locking support, increasing the range of supported WebDAV clients significantly. Errors that previously occurred when users saved files via Microsoft® Office®, as well as seemingly random failures performing bulk file operations from Mac OS® X Finder®, are alleviated with the implementation of a proper locking mechanism.

Changes to phpMyAdmin Authentication

cPanel & WHM 11.28 substantially changes the way that phpMyAdmin authenticates.

We have added a new phpMyAdmin authentication library, located at /usr/local/cpanel/base/3rdparty/phpMyAdmin/libraries/auth/cpanel.auth.php. Its purpose is to allow for multiple types of authentication to phpMyAdmin, as the user's cpanel account does not necessarily have to have the same password for MySQL as it uses for system authentication.

When phpMyAdmin loads, it will now attempt to get authentication data from multiple sources. It will validate the authentication data by attempting a mysql_connect() against the configured MySQL server for each source, until it finds the correct authentication information. The order of sources that it will attempt to load is:

  1. The user's system password.
  2. The user and password contained in ~/.my.cnf
  3. If both of these fail, it will prompt for authentication with a login form.

As a result of this change, users should take note of the following:

  • When invalidated session data exists, it is possible for phpMyAdmin to have problems authenticating. So, if the user notices abnormalities in phpMyAdmin, clearing browser session data should always be the first step in attempting to resolve the issue.
  • The Log out link in phpMyAdmin only functions when the user has authenticated manually with a login form. The function of this Log out link is to remove and invalidate the temporary files, and redirect to the login page. If the correct login credentials are still available to phpMyAdmin (in the user's system password via the environment, or in ~/.my.cnf), the login process will reconnect upon redirect. As a result, the Log out link will have no effect in this case.

User Interface Changes in WHM

Breadcrumbs (navigation links that appear at the top of each page) now appear in all WHM screens.

In addition, WHM includes the following updates.

Updated Screens

cPanel & WHM Configuration screens

WHM includes updates to the following interfaces:

  • Basic cPanel/WHM Setup.
  • Tweak Settings.
  • Exim Configuration Editor.

Each interface has been changed in the following ways:

  • It has been reorganized into tabs, making specific settings easier to find.
  • If offers radio "on/off" buttons instead of checkboxes.
  • It attempts to warn the user if he or she tries to enter invalid data. In addition, any invalid data the user enters will be replaced by an acceptable value when the user clicks Save.

You can find a complete description of each updated interface in our WHM User Guide.

New Default Values

Default values for the following options on the Tweak Settings screen have changed:

  • Enable HTTP Authentication now defaults to off.
  • Require SSL now defaults to on.

The default value for the following setting on the Exim Configuration Editor screen has been changed:

  • Reject mail for users over quota at SMTP time now defaults to on.

The default value for the following setting on the Basic cPanel/WHM Setup screen has been changed:

  • The minimum user ID value used when creating new accounts now defaults to 500. Leaving this field blank is no longer a valid entry.

Changing the Default Apache Port in Tweak Settings

On the Tweak Settings screen in WHM, the server owner has long been able to change the port on which the Apache web server listens for requests.

While using this option to configure Apache to listen on a port other than the default has previously broken the functionality of various utilities on the server, with version 11.28, those failures no longer occur.

The utilities that now function with Apache listening on a non-default port are:

  • The apachectl script
  • The httpd daemon
  • The checksrvd daemon
  • The Apache Status page in WHM

Setting the Default Email Quota for New Accounts in Tweak Settings

Three new options on the Tweak Settings screen allow server owners to set up defaults for email quotas. Server owners can now:

  • Specify available options for email quotas (user-defined, unlimited, or both).
  • Specify the default user-defined quota value for new accounts.
  • Specify which quota option (user-defined or unlimited) will be the default.
    • note Note: This setting was removed in version 11.28.74.

Choosing MD5 Passwords in Tweak Settings

The Tweak Settings screen offers the following new option:

Use MD5 passwords with Apache

Formerly, cPanel & WHM used the crypt password hashing function. Now, server owners can opt to use MD5 hashing instead.

Both crypt and MD5-encoded passwords can be any length; however, crypt only uses the first 8 characters of the password for authentication.

Using the INFORMATION_SCHEMA View

In Tweak Settings, you can now enable the system to use the INFORMATION_SCHEMA view when calculating disk usage. This can, however, degrade MySQL performance. This option is:

Use INFORMATION_SCHEMA to acquire MySQL disk usage

Setting the Maximum Number of cpsrvd Connections

Tweak Settings now allows you to specify the maximum number of connections cpsrvd can have open at once. This option is:

Max cPanel/WHM/Webmail service handlers

Security Tokens Enabled by Default on New Installations

Beginning with version 11.28, new installations of cPanel & WHM will have Security Tokens enabled by default. You can enable or disable Security Tokens in WHM's Tweak Settings interface.

Existing cPanel & WHM systems upgrading to 11.28 will retain their existing configurations.

The Apache Global Configuration Screen

The Apache configuration interface in WHM at Main » Service Configuration » Apache Configuration » Global Configuration now offers the following directives (click a directive name to read Apache's documentation):

Directive Description
StartServers This directive sets the number of child server processes created when Apache starts up.
KeepAlive This directive enables long-lived HTTP sessions, which allow multiple requests to be sent over the same TCP connection. This can speed up latency times for HTML documents with many images.
KeepAliveTimeout This directive sets the number of seconds Apache will wait for a subsequent request before closing a connection.
MaxKeepAliveRequests This directive limits the number of requests a TCP connection can make when KeepAlive is on. Setting this value to 0 specifies that you do not wish to limit KeepAlive requests.
TimeOut This directive defines the amount of time Apache will wait for certain events before failing a request.
ServerLimit This directive sets the maximum configured value for the MaxClients directive for the lifetime of the Apache process.

List Accounts

When the server owner uses the Tweak Settings screen to disable root and account owners' abilities to log into cPanel user accounts, the List Accounts screen does not display the cPanel logo linking to users' cPanel accounts. This functionality has long been present in WHM.

Now, a notification appears to clarify the reason cPanel user accounts are no longer available from List Accounts.

For the root user, It reads:

Root access to users' cPanel accounts has been disabled in Tweak Settings (System).

For account owners, it reads:

Reseller access to users' cPanel accounts has been disabled in Tweak Settings (System).

Modify an Account

As of version 11.28, WHM includes 2 changes to the Modify an Account screen:

  • Modifying a user's account will change the user's package to undefined. The undefined package is a reserved package name that can contain different values for different users.
  • This screen now includes a setting for Max Relayed mails/hour/domain. This option sets a limit on the number of emails relayed per hour for the account's main domain only.
    • If you previously used the build_maxemails_config script to set different limits for each domain, this field will display the limit assigned to the primary domain for the account.

cPHulk Brute Force Protection

The daemon that provides the cPHulk Brute Force Protection feature (cphulkd) now allows whitelisting of a range of IP addresses written in CIDR notation.

You can find the graphical interface for whitelisting IP addresses at cPHulk Brute Force Protection >> Trusted IPs.

Terminating Accounts

Resellers with access to the WHM Terminate an Account screen are no longer presented with the option of terminating their own WHM account.

New Screens

WHM also includes the following new interfaces:

  • Configure Security Policies — See Security Policy changes below for more information.
  • Security Questions — See Security Policy changes below for more information.
  • Database Map Tool — This allows a server owner to confer access to a database, via cPanel, to 2 or more cPanel users.
  • Disable Database Prefix — This allows a server owner to disable database prefixes as described in the Database Mapping section above.

Removed Screens

WHM will no longer include the following interfaces:

  • Interactive Knowledge Base
  • x3 Skin Migration Wizard

Changes to the WHM Interface Template

With this release, WHM begins its migration to a template-based interface, using Template Toolkit. In the future, a template-based WHM interface will offer benefits including the ability for users to:

  • Create custom branding or translation for WHM.
  • Take advantage of an easier system for building WHM skins.

WHM 11.28 simply provides the foundation for these capabilities, which will become available in the near future.

More information about the progress of this templating process will appear in the release notes of future versions of WHM, when applicable.

User Interface Changes in cPanel

The following cPanel screens have changed:

  • FTP Accounts is now easier to use.
  • Disk Space Usage is now easier to use.
  • Change Password? now lets the cPanel account owner click a checkbox to apply the password change to the MySQL database owner (DBOWNER) account as well.

You can read a complete description of each interface in the cPanel User Guide.

cPanel also includes a new Security Policy screen. See Security Policy changes below for more information.

Security Policy Changes

Server owners can now:

  • Set a maximum password age for the server's cPanel, WHM, and webmail interfaces. Once the password reaches the specified age, it must be reset.
    • note Note: This policy will only apply to system accounts, not virtual accounts (such as webmail accounts).
  • Define their own security policies. See the Security Policy white paper (.pdf) for more details.
  • Choose to only allow verified IP addresses to access the server's cPanel, WHM, and webmail interfaces.

For a complete description of the interfaces where the user configures these options, see the following documents:

Password Age

A new screen in WHM entitled Configure Security Policies allows server owners to apply a maximum age to WHM, cPanel, and webmail passwords. The server owner can also opt to specify maximum password ages for XML API requests and DNS cluster requests.

Once a password has reached the specified age, the account owner must change the password.

The maximum password age is 1,095 days.

Limit Logins to Verified IP Addresses

This feature allows server owners to turn on source IP checking for the WHM, cPanel, and webmail interfaces. Server owners can also opt to check source IPs for XML API requests and DNS cluster requests. They may enable this feature on the Configure Security Policies screen.

Source IP checking requires users who attempt to access WHM, cPanel, or webmail to either:

  • have their IP addresses listed on the Manage Access IPs screen in the appropriate interface, or
  • successfully answer security questions to gain access to the WHM, cPanel, or webmail interface.

cPanel and webmail users can enter security questions and answers, as well as authorize IP addresses, on the cPanel Security Policy screen.

Transfer Improvements

In addition to Database Name Mapping, version 11.28 provides the following improvements to the process of transferring accounts from non-cPanel servers:

  • WHM now accepts usernames up to 16 characters in length for transferred accounts.
  • Mail groups are now migrated from Parallels® Plesk® panel accounts.
  • Ensim® accounts are transferred using the Ensim account's username rather than the word "site" followed by a number.
  • MySQL for accounts transferred from Ensim will no longer automatically stop and start.

Horde Groupware Webmail Edition

cPanel now provides Horde Groupware Webmail Edition, which allows for sharing of calendars, contacts, and tasks. cPanel's switch to Horde Groupware Webmail will provide you with the most up-to-date Horde modules. Learn more about Horde Groupware Webmail Edition at Horde's website.

Benefits of this Horde client include:

  • It provides a streamlined update process, since you no longer have to track updates for each component.
  • It will allow cPanel to provide future Horde updates in a more timely manner.
  • It fixes longstanding bugs and problems present in older Horde releases.

You can also customize Horde Groupware Webmail Edition.

PICK Important:

  • We do not support downgrading from Horde Groupware Webmail Edition 1.2.7 to older releases.

ALERT! Warning: Attempting to use and configure new mail notifications in Horde Groupware Webmail Edition may cause Safari® on Mac OS® X to become unresponsive. This is due to the way information is passed between Safari® and QuickTime® on OS X.

Faster Incremental Backups

In testing, cPanel 11.28 has shown incremental backup times ranging from 1.7 times to over 10 times faster than previous versions. This happens due to optimizations made to the code, and because databases are now backed up only if they have changed.

Users will see this improvement during the second backup after upgrading.

ext4 File System Support

cPanel & WHM now supports the ext4 file system on CentOS and RedHat® Enterprise Linux® versions 5 and higher. However, CentOS and RedHat do not yet support quotas on ext4. This means you are not yet able to use quotas and ext4 with CentOS or RedHat.

Scripts Removed from the /scripts Directory

The following deprecated scripts have been removed from the /scripts/ directory in cPanel & WHM 11.28:

  • addstatus
  • fixfpwml
  • nomodattach
  • nomodauthmysql
  • nomodbwprotect
  • nomodperl
  • /rebuildcpusers
  • killmoddav
  • fixwebmail
  • verify
  • check_apache_ssl
  • rebuildcpusers

/scripts/cPScript Removed

Additionally, version 11.28 removes the /scripts/cPScript directory from the server. All modules formerly contained by this directory will now reside in /usr/local/cpanel/Cpanel.

Any application or script that relies upon that directory or the modules contained within will not function in this version. This change effectively discontinues the use of the cPScript Perl module namespace in favor of the Cpanel namespace (/usr/local/cpanel/Cpanel).

Scripts Added to the /scripts Directory

check_users_my_cnf

This script is available at /scripts/check_users_my_cnf.

It will check user accounts for ~/.my.cnf files that do not work, and rename them. By default, the script only returns output when it detects a bad ~/.my.cnf.

For more information, run /scripts/check_users_my_cnf --help.

comparegdbm

This script is available at /scripts/comparegdbm.

It will compare the contents of 2 GDBM files.

To use this script, run

/scripts/comparegdbm $file1 $file2
where $file1 and $file2 are the full paths to the files you wish to compare.

Moved cphulkd Configuration Files

The following cphulkd configuration files have moved.

In version 11.28, the system checks these new locations first. It checks legacy file locations as a failover.

New location /var/cpanel/hulkd/enabled
Old location /var/cpanel/cphulk_enable
Description This presence of this flag file indicates that cPHulkd is enabled. You can enable or disable cPHulkd in WHM at Main >> Security Center >> cPHulk Brute Force Protection.

New location /var/cpanel/hulkd/conf
Old location /var/cpanel/cphulk.conf
Description This file is cPHulkd's general configuration file. It contains a number of settings that you can configure from within the WHM interface.
note Note: Old configurations will not automatically migrate from /var/cpanel/cphulk.conf to /var/cpanel/cphulkd/conf until you re-save your configuration.

New location /var/cpanel/hulkd/password
Old location /var/cpanel/hulkdpass
Description This file stores the password cPHulkd uses to connect to MySQL.

New location /var/cpanel/hulkd/debug
Old location /var/cpanel/hulk_debug
Description The presence of this file enables debug logging for cPHulkd. cPHulkd's log files are /usr/local/cPanel/logs/cphulkd_errors.log and /usr/local/cpanel/logs/cphulkd.log.

Storing Data in the Userdata Cache Instead of the Apache Configuration File

In cPanel & WHM 11.28, two scripts have changed to write account-specific information to—and retrieve it from—the userdata cache at /var/cpanel/userdata, rather than the Apache configuration file (httpd.conf).

Those scripts are:

  • /scripts/fixsubconf (this script has been moved to /usr/local/cpanel/bin/recovery/fixsubconf)
  • /scripts/pkgacct

We recommend that you store userdata in the appropriate /var/cpanel/userdata directory, rather than the httpd.conf file. Otherwise, these scripts will not access the updated information.

chkservd Recognizes Alternate SSH Ports

In the past, if you configured SSH to listen on a port other than the default (port 22), the chkservd service did not recognize this change. As a result, the WHM Service Status screen would falsely show SSH as non-operational, and chkservd would attempt to restart it every 5 minutes.

In this release, chkservd now scans the SSH configuration file and recognizes the port on which SSH listens, alleviating these problems.

Optimizations to the pkgacct Process

The pkgacct process, used to perform account backups and transfers, has been optimized. Specifically, we have reduced the number of times the process forks, which will lower the amount of resources it consumes and speed up its performance.

New restoreaccount XML and JSON API Function

In this version, we've added the ability to restore an account from a backup remotely, via our XML API or JSON API.

The restoreaccount function takes the following required variables as input:

  • user (string) — The name of the user whose account you wish to restore.
  • type (string) — The type of backup to restore; either daily, weekly, or monthly.

Sample API calls:

  • XML API: https://example.com:2087/xml-api/restoreaccount?api.version=1&user=joe&type=weekly
  • JSON API: https://example.com:2087/json-api/restoreaccount?api.version=1&user=joe&type=weekly

For more information about formatting and using XML and JSON API calls, please see our XML and JSON API documentation.

Task Queue Manages Additional Apache Restarts

Use of the task queue has expanded in cPanel 11.28 to manage Apache restarts triggered by the following tasks:

  • Create a New Account (WHM)
  • Modify Account Properties (WHM)
  • Terminate an Account (WHM)
  • Upgrade/Downgrade an Account (WHM)
  • Change Site's IP Address (WHM)
  • Copy an account from another server (Transfers area in WHM)
  • Add or remove an addon domain (Addon Domains area in cPanel)
  • Create or remove a subdomain (Subdomains area in cPanel)
  • Create or remove a parked domain (Parked Domains area in cPanel; Park a Domain in WHM)

For these functions, the task queue will cause Apache to restart in the background. This provides the WHM or cPanel user with a more responsive interface.

Resolved Issue that Prevented Disabling Apache Restarts

In previous versions of cPanel & WHM, disabling Apache restarts would sometimes prove ineffective, resulting in the system attempting to restart a disabled Apache, and failing. In the process, the system would also disable any other services running on port 80.

cPanel & WHM 11.28 resolves this problem. Creating one of the following files will successfully disable Apache restarts and allow services on port 80 to continue running:

  • /etc/httpddisable
  • /etc/apachedisable
  • /etc/httpdisable

Upgraded Third-Party Applications

Upgraded versions of the following third-party software applications have been integrated into this version of cPanel & WHM.

Application New version included in cPanel 11.28 More information
SpamAssassin 3.3.1 SpamAssassin changelog
RoundCube 0.4 RoundCube changelog
phpMyAdmin 3.3.7 (Requires MySQL 5 or higher) phpMyAdmin release notes
AWStats 6.95 AWStats changelog
SquirrelMail 1.4.21 SquirrelMail changelog
Horde Groupware Webmail Edition 1.2.7 Horde Groupware Webmail Edition

Topic revision: r24 - 01 Jun 2011 - 17:30:44 - LindseyLWhite