100 Change Log

Last modified: February 8, 2023


  • Fixed case BWG-3000: Automatically install ImunifyAV on fresh installs of cPanel.
  • Fixed case CPANEL-39861: Avoid using verify.cpanel.net for license state where possible.
  • Fixed case CPANEL-40100: Ensure the net-tools package is installed for systems preconfigured to install MariaDB.
  • Fixed case DUCK-6814: Fix Jupiter icon config location for plugin installs going forward.


  • Fixed case CPANEL-40072: Update cpanel-phppgadmin to 5.6.0-2.cp1198.


  • [security] Fixed case SEC-594: Avoid usage of predictable PostgreSQL socket in /tmp.
  • [security] Fixed case SEC-607: Disable liveAPI system for accounts in demo mode.
  • [security] Fixed case SEC-610: Fixes potential code injection vulnerabilities on the manage git repo page.
  • [security] Fixed case SEC-613: Block root privilege escalation for resellers without domains.
  • [security] Fixed case SEC-615: Failed linked node account creation leaves account on mail node.
  • [security] Fixed case SEC-617: Demo mode status does not propagate to child nodes.
  • [security] Fixed case SEC-619: Variables::get_user_information UAPI call could reveal sensitive information.
  • [security] Fixed case SEC-620: cPanel account takeover via API2 savecontactinfo.
  • [security] Fixed case SEC-621: Sensitive information revealed by CustInfo::contactprefs and CustInfo::displaycontactinfo API calls.
  • [security] Fixed case SEC-622: Fixed possible reseller ACL restriction bypass for package creation/modification on linked nodes.
  • [security] Fixed case SEC-624: Root privilege escalation via passengerapps REGISTER_APPLICATION call.
  • [security] Fixed case SEC-625: Fixes XSS vulnerability when using DNS Zone Manager.


  • Fixed case CPANEL-39912: Install 'json-c' as a required dependency.


  • Fixed case BWG-2844: Clean up erroneous admin users on GCP.
  • Fixed case BWG-2892: Add Paper Lantern deprecation notices in WHM.
  • Fixed case COBRA-13510: Teach checkallsslcerts to recognize its own 90-day certificates.
  • Fixed case CPANEL-38954: Fixes redirect removal blocked by trailing spaces.
  • Fixed case CPANEL-39128: clamav 0.104.0. Now using local httpupdate mirrors by default.
  • Fixed case CPANEL-39138: Provide trial license status to Google Tag Manager in the Jupiter theme.
  • Fixed case CPANEL-39274: Fixes A record validator on DNS zone manager page.
  • Fixed case CPANEL-39342: Fix enabling and disabling IPv6 on multiple accounts.
  • Fixed case CPANEL-39379: Do not defer install_cpanel_analytics during initial install.
  • Fixed case CPANEL-39395: Update cpanel-mailman to 2.1.38-1.cp1198.
  • Fixed case CPANEL-39709: Update cpanel-roundcubemail to 1.4.12-2.cp1198.


  • Fixed case CPANEL-39775: Update MySQL GPG Key url for 2022.


  • Fixed case CPANEL-38994: Ensure Dovecot Solr starts on systems where iptables reports warnings with it's output.
  • Fixed case CPANEL-39118: Update cpanel-php73-services-weather to 1.4.7-2.cp1198.
  • Fixed case CPANEL-39166: Update cpanel-perl-532-dns-unbound to 0.27-1.cp1198.
  • Fixed case CPANEL-39227: Fix Internal Server Error when accessing WHM > phpMyAdmin on a server with a trial license.
  • Fixed case CPANEL-39240: CRTs created with /scripts/gencrt include attributes input by the user.
  • Fixed case CPANEL-39272: Update cpanel-roundcubemail to 1.4.12-1.cp1198.
  • Fixed case CPANEL-39281: Fix bug in importing CSV files when the account name is "excel", "office", or anything that can be confused for a file type.
  • Fixed case CPANEL-39292: Update cpanel-php73 to 7.3.33-1.cp1198.
  • Fixed case CPANEL-39314: Update cpanel-mailman to 2.1.37-1.cp1198.
  • Fixed case CPANEL-39321: Adjust hostname SSL certs’ DCV for ancestor/implicit DCV change.


  • Fixed case COBRA-13435: Make AutoSSL not apply ancestor DCV substition for HTTP DCV.
  • Fixed case CPANEL-38971: Create default SSL files using the default SSL key type.
  • Fixed case CPANEL-39119: Fixed the use of the pkgacct command line options –skipmail and –skippublichtml when using with –incremental.
  • Fixed case CPANEL-39150: Reseller accounts without domains no longer fail when self-changing passwords.
  • Fixed case CPANEL-39172: Ensure cPanel initiated in progress backups are visible in the cPanel UI.
  • Fixed case CPANEL-39173: retrieve_customizations WHMAPI call returns valid options instead of array length.
  • Fixed case CPANEL-39224: Install crypt-perl earlier during install.


  • [security] Fixed case SEC-592: Arbitrary code execution via install_locallib_loginprofile script.
  • [security] Fixed case SEC-593: Cpanel::SecureDownload executes shell commands in an insecure manner.
  • [security] Fixed case SEC-597, SEC-598, SEC-599, SEC-608: Stored-XSS Vulnerability in ModSecurity Rules Interface.
  • [security] Fixed case SEC-600: Reflected-XSS Vulnerability in ModSecurity Vendors Interface.
  • [security] Fixed case SEC-602: Self-XSS Vulnerability in WHM Change Hostname interface.
  • [security] Fixed case SEC-603: Self-stored XSS Vulnerability in WHM Edit Reseller Nameservers and Privileges interface.
  • [security] Fixed case SEC-604: Self-XSS Vulnerability in cPanel Default Address Interface.
  • [security] Fixed case SEC-606: Passphrase submitted via GET request in scripts2/dogencrt.


  • Fixed case BOO-1544: Fix issues with generating the Imunify360 dovecot PAM extension local template.
  • Fixed case BOO-1648: Refactor Whostmgr::Mysql::Upgrade::Warnings.
  • Fixed case BOO-1657: Provide support for PowerDNS 4.4.1.
  • Fixed case BOO-1693: Remove dovecot's expire plugin and replace it with autoexpunge.
  • Fixed case BOO-1696: Add MariaDB 10.6 initial support.
  • Fixed case BOO-1699: Implement update_sql_config WHMAPI1 call.
  • Fixed case BOO-1719: Update integration tests for newly supported versions of MariaDB.
  • Fixed case BOO-1800: Fix javascript errors on the MySQL/MariaDB Upgrade UI.
  • Fixed case COBRA-12971: Check for local tar errors before streaming over websocket.
  • Fixed case COBRA-13032: Create api_token_get_details WHM API v1 call; alter unlink_server_node.
  • Fixed case COBRA-13037: Add options on what to do with the API token when unlinking a server node.
  • Fixed case COBRA-13045: Prevent distribution of IPv6 enabled accounts.
  • Fixed case COBRA-13046: Prevent enabling IPv6 on distributed accounts.
  • Fixed case COBRA-13055: Fix spurious warning in user-authenticated live transfers.
  • Fixed case COBRA-13058: Remove broken link from hostname zone file in DNS Zone Manager.
  • Fixed case COBRA-13063: Update MX records when updating child-node hostnames.
  • Fixed case COBRA-13072: cPanel DNS zone mass edit: send file validation errors to cPanel callers.
  • Fixed case COBRA-13073: Improve record name validation for A and AAAA records containing underscores.
  • Fixed case COBRA-13092: Prevent enabling or disabling IPv6 on a child accounts.
  • Fixed case COBRA-13100: Add child node info to listaccts output.
  • Fixed case COBRA-13106: Add new 'Accounts Manager' interface to allow users to manage accounts that exist on the server.
  • Fixed case COBRA-13109: Zone Manager: Fix implicit form submission.
  • Fixed case COBRA-13110: Add character-string validation to HINFO, NAPTR, and TXT records.
  • Fixed case COBRA-13322: Improve/tighten List Account’s description.
  • Fixed case CPANEL-30985: Run update gatherer from cron instead of upcp.
  • Fixed case CPANEL-36271: Clean up descriptions in Tweak Settings for jail /proc mounts.
  • Fixed case CPANEL-36831: Reset for localhost IP as well as localhost when resetting the root MySQL/MariaDB password.
  • Fixed case CPANEL-36975: Alter configure_firewall_for_cpanel so that it does not set up the cPanel-Firewall-1-INPUT chain when the 'skip_rules_added_by_configure_firewall_for_cpanel' Tweak Setting is enabled.
  • Fixed case CPANEL-36994: Teach Proxy Subdomain utilities about ea-nginx.
  • Fixed case CPANEL-37231: Remove newlines in link description.
  • Fixed case CPANEL-37391: Improve the functionality of cPanel theme selection in the Firefox browser.
  • Fixed case CPANEL-37483: Make API token restores accommodate existing tokens.
  • Fixed case CPANEL-37510: Automatically add MAILTO=“” when creating crontab file for a user when adding entries to empty crontabs.
  • Fixed case CPANEL-37526: Make local-authority check logic avoid CNAME records.
  • Fixed case CPANEL-37533: Add "from" and Reply-To customization to iContact:.
  • Fixed case CPANEL-37539: Download EA4.list and use cPanelPublicPkgKey.
  • Fixed case CPANEL-37558: Fix Find TTL and singleton-RRtype JS problems in Zone Manager.
  • Fixed case CPANEL-37621: Add libmysqlclient-dev for ubuntu installs.
  • Fixed case CPANEL-37635: Skip /snap/ mounts on Ubuntu disk space checks.
  • Fixed case CPANEL-37637: Add user crontab support on Ubuntu.
  • Fixed case CPANEL-37642: Fix firewall logic on Ubuntu.
  • Fixed case CPANEL-37666: Access init.d dir via /etc/init.d.
  • Fixed case CPANEL-37691: disable fs.protected_regular by default.
  • Fixed case CPANEL-37692: Move code using Cpanel::FindBin::findbin to Cpanel::Binaries:path:.
  • Fixed case CPANEL-37750: Fix personalization_set()’s docs to be accurate.
  • Fixed case CPANEL-37752: Fix /scripts/quotacheck to handle blank lines in quota files.
  • Fixed case CPANEL-37774: Fix minor typo in cPanel Jupiter welcome modal.
  • Fixed case CPANEL-37783: Update Cpanel::OS logic for distro compatibility.
  • Fixed case CPANEL-37784: Fixes select all behavior on email accounts page.
  • Fixed case CPANEL-37787: Clarify whether download during cPanel update is due to missing file or signature.
  • Fixed case CPANEL-37801: Assure install/SUSetup happens prior to CPanelPost.
  • Fixed case CPANEL-37829: Fix spurious my.cnf migration warnings.
  • Fixed case CPANEL-37831: Adjust WHM 'Manage Wheel Group Users' for Ubuntu.
  • Fixed case CPANEL-37832: Fix bugs in WHM >> Manage Plugins on Ubuntu.
  • Fixed case CPANEL-37857: Make notify_expiring_certificates ignore child accounts.
  • Fixed case CPANEL-37883: Add NGINX cache clearing button to cPanel.
  • Fixed case CPANEL-37897: Fix dismiss feature of the cPanel welcome panel.
  • Fixed case CPANEL-37925: Make package searches with listaccts case sensitive.
  • Fixed case CPANEL-37926: Ensure SpamAssassin uses Pyzor when the software is available.
  • Fixed case CPANEL-37938: Adjust is_supported_distro for fresh install.
  • Fixed case CPANEL-37958: Stop providing /var/cpanel/sysinfo.config.
  • Fixed case CPANEL-37972: Add task to update PUblicSuffix list during maintenance.
  • Fixed case CPANEL-38008: Fix bug in Mailman managment interfaces on CentOS 8 & Ubuntu.
  • Fixed case CPANEL-38011: Don't terminate processes listening on HTTP(s) ports over a reserved IP.
  • Fixed case CPANEL-38022: Remove “scripts/safeup2date” and “scripts/checkup2date”.
  • Fixed case CPANEL-38027: Ensure MultiPHP Manager sets the same PHP version for domains sharing the same document root..
  • Fixed case CPANEL-38035: Add script to mass update email accounts quotas for a user.
  • Fixed case CPANEL-38041: Teach iContact notification about default email account.
  • Fixed case CPANEL-38060: Add new key to modifyacct API call.
  • Fixed case CPANEL-38062: stop using 3rdparty/bin/python. Use /usr/bin/python2 instead.
  • Fixed case CPANEL-38070: The rpmup script runs with or without the –verbose flag being set.
  • Fixed case CPANEL-38071: Add new option to Modify An Account page in WHM.
  • Fixed case CPANEL-38082: Adjust “scripts/disable_prelink” to work on Ubuntu systems.
  • Fixed case CPANEL-38089: Improvements to cPanel Analytics.
  • Fixed case CPANEL-38100: Make Perl forget file descriptors it gives to libcurl.
  • Fixed case CPANEL-38103: Update cPanel Customization page to display information related to Jupiter customization.
  • Fixed case CPANEL-38107: build_maxemails_config script now has –help support.
  • Fixed case CPANEL-38110: cPanel PHP maximum execution time Tweak Setting now has a maximum value of 500, reflecting the effective maximum for this parameter.
  • Fixed case CPANEL-38111: Fix async AskDnsAdmin client’s cancellation (prevent stalled AutoSSL).
  • Fixed case CPANEL-38123: Update munin.conf when setting new hostname in WHM.
  • Fixed case CPANEL-38158: Ensure cPanel scripts running under a jailed shell can determine the current operating system version.
  • Fixed case CPANEL-38161: Abstract check_package_manager method.
  • Fixed case CPANEL-38167: Fix/prevent bugs regarding duplicate hostname-history entries.
  • Fixed case CPANEL-38173: Rename Version::Comapre::RPM to Package.
  • Fixed case CPANEL-38193: Remame iContact Check::CpanelRPMs.
  • Fixed case CPANEL-38195: Add the ability to create a reseller without a domain to WHM API 1 createacct.
  • Fixed case CPANEL-38196: Ensure 'scripts/fix_reseller_acls' correctly saves stored ACL lists.
  • Fixed case CPANEL-38212: Report proper system group name on Ubuntu in error messages to the “ticket_grant” WHM API1 call.
  • Fixed case CPANEL-38220: Update php73 pkgs that previously had incorrect obsoletes set.
  • Fixed case CPANEL-38227: Check for locally installed packages with Cpanel::Pkgr.
  • Fixed case CPANEL-38228: Postgres login now accepts passwords created in the WMH Postgres Password tool that have backslashes ().
  • Fixed case CPANEL-38252: Update webmail navigation bar colors to match the Jupiter theme.
  • Fixed case CPANEL-38266: Modify ownership of DKIM data directories for better compatibility with Ubuntu.
  • Fixed case CPANEL-38274: use cPanel level lock waiting for rpm/dpkg commands.
  • Fixed case CPANEL-38287: Address possible warnings related to forwarding mail for the “nobody” user on Ubuntu.
  • Fixed case CPANEL-38292: MariaDB not starting after upgrade from MySQL.
  • Fixed case CPANEL-38301: Prepare cPanel & WHM for WPTK Deluxe inclusion.
  • Fixed case CPANEL-38335: Fix for bugs preventing analytics UI from being enabled.
  • Fixed case CPANEL-38341: Ensure UI agreement with the result from invoking whmapi1 system_needs_reboot.
  • Fixed case CPANEL-38342: Improve left nav search to use 'wordpress' and 'toolkit' to find WHM Marketplace.
  • Fixed case CPANEL-38343: Fix detection of "reboot required" state on CloudLinux 6.
  • Fixed case CPANEL-38364: Update the root user for the current hostname when calling set_local_mysql_root_password.
  • Fixed case CPANEL-38366: Include “style” in the whmapi1 modifyacct output.
  • Fixed case CPANEL-38377: Stop creating junk files in the account home directory when running a user backup with pkgacct.
  • Fixed case CPANEL-38380: Ensure resetzone does not fail for invalid SOA record.
  • Fixed case CPANEL-38388: Feature Showcase WP Toolkit Deluxe inclusion.
  • Fixed case CPANEL-38393: Make get_available_applications API call include Terminal UI.
  • Fixed case CPANEL-38404: Move the customizations template logic to a plugin to be reusable.
  • Fixed case CPANEL-38407: Add Imunify keywords for WHM menu search.
  • Fixed case CPANEL-38410: Fix for accounting.log generation.
  • Fixed case CPANEL-38414: Make application manager aware of arbitrary non-versioned ruby.
  • Fixed case CPANEL-38414: Make application manager aware of arbitrary dep bins.
  • Fixed case CPANEL-38427: Expands feature description of the Mail module to end user.
  • Fixed case CPANEL-38444: Set the server default theme to Jupiter for new installations.
  • Fixed case CPANEL-38446: Update Trial banner with new user limit.
  • Fixed case CPANEL-38468: Explicitly require nscd on all cPanel installs.
  • Fixed case CPANEL-38473: Update cpanel-perl-532-mail-spamassassin to 3.004004-6.cp1198.
  • Fixed case CPANEL-38475: Blacklisted IPs can be overridden by adding them via the Trusted SMTP IP section of the Exim Configuration Manager.
  • Fixed case CPANEL-38476: Prevents reservation of server / shared IP address in Apache Reserved IP Editor.
  • Fixed case CPANEL-38485: Stop downloading WP Toolkit Deluxe license check data for WPTK 5.6.2+.
  • Fixed case CPANEL-38494: MariaDB will automatically restart after upgraded and after a server reboot.
  • Fixed case CPANEL-38496: Fix the check for an outdated kernel in the Security Advisor.
  • Fixed case CPANEL-38593: Hide account summary for accounts without domains.
  • Fixed case CPANEL-38603: Improve discoverability of the default theme settings in WHM.
  • Fixed case CPANEL-38620: Properly localize the numbers in CJT2’s page size selector.
  • Fixed case CPANEL-38635: Update cpanel-clamav to 0.101.5-6.cp1198.
  • Fixed case CPANEL-38648: Update the End User License Agreement and Pricing Agreement.
  • Fixed case CPANEL-38674: Update the license change detector to use more reliable way to detect trial licenses.
  • Implemented case CPANEL-37991: Apply customization stylesheet to users interface.
  • Implemented case CPANEL-38036: Implement the ability to change the color of the graphics on the Solutions page in the Jupiter theme.
  • Implemented case CPANEL-38153: Implement the ability to show a custom logo in the Jupiter theme when the root user has specified a logo.
  • Implemented case CPANEL-38236: Improvement for license type and status detection.
  • Implemented case CPANEL-38248: Implement the WHM API functions for update_customizations, retrieve_customizations, and delete_customizations.
  • Implemented case CPANEL-38434: Add Customization support for resellers and add more validation.

Additional Documentation