104 Change Log

Last modified: February 8, 2023


  • Fixed case HB-6538: Disable Horde by default in the Tweak Settings.
  • Fixed cases HB-6555, CPANEL-41501: Add Horde deprecation notice in WHM.
  • Fixed case CPANEL-41569: Update cpanel-exim to 4.95-6.cp11104.
  • Fixed case CPANEL-41331: Update MariaDB yum/dnf repository files.


  • Fixed case COBRA-13802: Improve Discoverability of WHM Notifications.
  • Fixed case COBRA-13884: Prevent cPanel’s AutoSSL provider from requesting duplicate certs.
  • Fixed case CPANEL-40673: Don't show disk-related "Upgrade Opportunities" info for unlimited quota users in WHM List Accounts.
  • Fixed case CPANEL-40713: Adjust routing for cpsrvd to allow URL arguments for PHP apps.
  • Fixed case CPANEL-40769: Ensure sane minrate setting is in place for dnf.conf.
  • Fixed case CPANEL-40931: Prevent currently-unlimited bandwidth users from being incorrectly flagged for excessive prior month bandwidth usage.
  • Fixed case CPANEL-41141: Have clean_user_php_sessions script use defaults to clean session files in directories associated with uninstalled php versions.
  • Fixed case CPANEL-41192: Return an ip url for sessions when the hostname cannot resolve.


  • [security] Fixed case SEC-646: Explicitly set the error log in /usr/local/cpanel/scripts/cleanphpsessions.php.
  • [security] Fixed case SEC-652: Fix Self-XSS vulnerability in ModSecurity Tools interface.
  • [security] Fixed case SEC-653: Prevent unprivileged accounts from performing arbitrary file reads when a DNS zone is parsed.
  • [security] Fixed case SEC-654: Fix XSS vulnerability in WHM ModSecurity Vendors interface.
  • [security] Fixed case SEC-655: Verify necessary domain ownership for cPanel subdomain API calls.
  • [security] Fixed case SEC-658: Prevent database user account name collisions for accounts created when MySQL is temporarily disabled.


  • Fixed case CPANEL-40020: Prevent backup transports (rsync) from stalling on Almalinux 8.
  • Fixed case CPANEL-40720: Include build number in cpanel_and_whm version returned by the installed_versions WHMAPI1 call.
  • Fixed case CPANEL-40966: Improve performance of Webmail using the Jupiter theme.
  • Fixed case CPANEL-41085: Update cpanel-php74-turba to 4.2.29-1.cp11102.
  • Fixed case PH-18039: Add x button in WHM main menu nav search box.


  • Fixed case CPANEL-40731: Fix a bug where webmail partially showed dark styles.
  • Fixed case CPANEL-40761: Fixed paper_lantern sprites not being generated on installation.
  • Fixed case CPANEL-40783: Update cpanel-php74 to 7.4.30-2.cp11102.
  • Fixed case CPANEL-40933: Update cpanel-roundcubemail to
  • Fixed case CPANEL-40940: Update cpanel-dovecot to 2.3.18-3.cp11104.
  • Fixed case CPANEL-41023: Respect pre-install configuration with regards to FTP server selection.
  • Fixed case HB-6454: Allow account restore over existing accounts w/overrides.


  • Fixed case BOO-2098: Implement force_short_prefix tweak setting.
  • Fixed case CPANEL-39456: Update cpanel-exim to 4.95-5.cp11104.
  • Fixed case CPANEL-40191: Ensure web stats are always run.
  • Fixed case CPANEL-40797: Discard non-hostname-matching issued hostname certs.
  • Fixed case CPANEL-40899: Update cpanel-php74 to 7.4.30-1.cp11102.
  • Fixed case CPANEL-40934: Adjusted the ability of a user to undo file changes in file manager, after they commit to a save.
  • Fixed case CPANEL-40941: Allow system package updates to remove obsolete packages blocking dependencies on EL8-derived distributions.
  • Fixed case PH-18192: Updated the Pricing and Term agreement.
  • Fixed case PH-18193: Update the Privacy Policy to version 04-29-2022.
  • Fixed case HB-6470: Update cpanel-php74-turba to 4.2.28-1.cp11102 (resolves UPS-462).


  • Fixed case CPANEL-39815: Allow Security Advisor to re-issue notifications if the issue occurs again.
  • Fixed case CPANEL-40169: The UI under the notifications tab in WHM Contact Manager now filters, sorts, and displays as intended.
  • Fixed case CPANEL-40670: Update cpanel-roundcubemail to
  • Fixed case CPANEL-40684: Ensure DH key for Dovecot is adequately complex.


  • [security] Fixed case SEC-629: Fixed arbitrary directory creation exploit in bxd.cgi.
  • [security] Fixed case SEC-630: Update cpanel-php74-horde to 5.2.23-4.cp11102.
  • [security] Fixed case SEC-631: Fix MySQL admin takeover via cpmysql adminbin.
  • [security] Fixed case SEC-632: MySQL admin takeover via postponed dbuser creation.
  • [security] Fixed case SEC-633: Fix demo mode bypass in Htaccess::setindex.
  • [security] Fixed case SEC-634: Block cronjob removal when using API1 calls for accounts with demo mode enabled.
  • [security] Fixed case SEC-641: Account modification API calls ensure remote node API tokens are not included in the returned user data.
  • [security] Fixed case SEC-643: Perform an immediate check of account ownership for all accounts submitted to massmodifyacct.
  • [security] Fixed case STS-762: A notification now goes out if a demo account is distributing mail to a child node after an upgrade. It is recommended that these accounts be removed as this is no longer a valid configuration.
  • [security] Fixed case STS-763: Block remote nodes on restoration of an account that is in demo mode.


  • Fixed case CPANEL-39404: Fix a bug where configure_firewall_for_cpanel would cause changes made by scripts/smtpmailgidonly to be removed. Now any 'legacy' iptables tables/chains/rules will simply be ignored by configure_firewall_for_cpanel instead of flushed.
  • Fixed case CPANEL-40587: Update cpanel-clamav to 0.104.3-1.cp11100.


  • Fixed case CPANEL-39758: Downgrade cpanel-perl-532-cpanel-xslib to 0.05-1.cp1198.
  • Fixed case CPANEL-40244: Update cpanel-roundcubemail to
  • Fixed case CPANEL-40473: Handle uninitialized variables in autoresponder logging.
  • Fixed case CPANEL-40614: Remove race condition pattern from subqueue's of queueprocd.
  • Fixed case CPANEL-40617: Update cpanel-git to 2.36.1-1.cp1198.


  • Fixed case CPANEL-40471: The 'X' icon in the header now clears the input field on mobile devices.
  • Fixed case CPANEL-40507: Rebuild web vhost data cache when missing rather than erroring.
  • Fixed case CPANEL-40536: Fix detection of reseller without domain accounts.
  • Fixed case CPANEL-40554: autossl_check no longer dumps stack trace to the logs if AutoSSL has been administratively disabled.
  • Fixed case CPANEL-40559: Update cpanel-perl-532 to 5.32.0-4.cp1198.
  • Fixed case CPANEL-40577: Avoid race condition within the subqueue of the update_userdata_cache queueprocd task.


  • Fixed case ART-2359: Improvements to how we show load averages in WHM Jupiter.
  • Fixed case CPANEL-40211: Fix detection of reseller without domain accounts.
  • Fixed case CPANEL-40348: Avoid race conditions in queuprocd that can result in missing apache vhosts.
  • Fixed case CPANEL-40357: Fixed descriptions of how many days of files will be kept when purging an account's trash directory.
  • Fixed case CPANEL-40366: Fix install log noise from rebuild_whm_chrome during install.
  • Fixed case CPANEL-40374: Arrow symbols now correctly display on the DNS Path Diagram on the DNS Cluster page.
  • Fixed case CPANEL-40448: Update cpanel-php74 to 7.4.29-1.cp11102.
  • Fixed case CPANEL-40459: Fixed searchbar behaviour on Android devices.
  • Fixed case CPANEL-40490: Update cpanel-php-composer to 2.2.12-1.cp11102.
  • Fixed case CPANEL-40534: Update cpanel-exim to 4.95-4.cp11104.
  • Fixed case PH-18009: WHM Main Menu Filter.


  • Fixed case CPANEL-40426: Update cpanel-git to 2.35.2-1.cp1198.
  • Fixed case DUCK-6854: Sprite_generator defaults to Jupiter.


  • Fixed case ART-1401: Update the whm banners to be horizontally centered.
  • Fixed case ART-1601: Replace the build-in banner system with the banners plugin.
  • Fixed case ART-1829: Updated Cpanel::LoadModule::Custom options.
  • Fixed case ART-1829: Extend WHM API 1 to support custom APIs installed from a plugin.
  • Fixed case BC-4828: Hide cPaddons in WHM when none installed.
  • Fixed case BOO-1830: Improve keyboard navigation on the WHM » SQL Services » Edit SQL Configuration interface.
  • Fixed case BOO-1919: Fix toggle focus outline on Edit SQL Configuration interface.
  • Fixed case BOO-1920: Refactor Edit SQL Config integer input to handle min and max values.
  • Fixed case BOO-1948: Provide a confirmation dialog on the WHM » SQL Services » Edit SQL Configuration form.
  • Fixed case BOO-1956: Minor improvements to the Edit SQL Configuration interface.
  • Fixed case BOO-1988: Minor improvements to WHM Edit SQL Configuration UI.
  • Fixed case BOO-1990: Fix version check for sql settings.
  • Fixed case BOO-1992: Improve navigation on the WHM Edit SQL Configuration UI.
  • Fixed case BOO-2005: Add optimizations to WHM Edit SQL Configuration interface.
  • Fixed case BOO-2019: Add survey links to the Edit SQL Configuration interface.
  • Fixed case BOO-2024: Minor improvements to the WHM Edit SQL Configuration interface.
  • Fixed case BOO-2045: Restructure key_buffer_size recommendation.
  • Fixed case BWG-2582: Add Upgrade Opportunities to WHM List Accounts UI and CSV output.
  • Fixed case BWG-2586: Add Upgrade Opportunities API.
  • Fixed case BWG-2616: Add ability to remove resellers without domains.
  • Fixed case COBRA-13027: Link Server Nodes: Fix implicit submission of change-hostname form.
  • Fixed case COBRA-13282: Improve internal IPC serialization.
  • Fixed case COBRA-13421: Fix zone editor’s handling of non-ASCII characters.
  • Fixed case COBRA-13449: DNS Zone Manager: Fix RTL layout of Actions drop-down.
  • Fixed case COBRA-13452: DNS Zone Manager: Fix “View Raw DNS ZoneFile” in mobile view.
  • Fixed case COBRA-13752: Remove “Like the new interface?” callout from WHM.
  • Fixed case CPANEL-36730: Allow enabling/disabling of Calendar Delegation feature.
  • Fixed case CPANEL-38299: Allow SSL pending queue processor to skip throttling.
  • Fixed case CPANEL-38323: Live Transfers: Copy the zone’s nameservers, not reseller default.
  • Fixed case CPANEL-38478: checkallsslcerts: Report cP Store error details.
  • Fixed case CPANEL-39317: AutoSSL/cPStore: Report fallback DNS DCV failures.
  • Fixed case CPANEL-39336: Provide help text for bin/checkphpini and bin/install_php_inis.
  • Fixed case CPANEL-39488: Add WP deprecation banner in site software.
  • Fixed case CPANEL-39508: Update Template-Toolkit to version 3.010.
  • Fixed case CPANEL-39561: Update the banner insufficiencies notice to be easier to understand.
  • Fixed case CPANEL-39573: Ensure package exists and is not a reserved package name when modifying an account.
  • Fixed case CPANEL-39633: Add new Tweak Setting for cPanel's internal PHP memory_limit.
  • Fixed case CPANEL-39690: Avoid some invalid opcode errors in dmesg.
  • Fixed case CPANEL-39716: Adjusts multiple features of the filemanager file editors to be more consistent with what one would expect.
  • Fixed case CPANEL-39756: Don't warn on 0000 permissions mode for /etc/shadow in Security Advisor.
  • Fixed case CPANEL-39778: Convert more package repositories to use HTTPS as an additional layer of protection.
  • Fixed case CPANEL-39799: Clarify error messaging for Site Software when the operating system is unsupported.
  • Fixed case CPANEL-39808: Enhance updatenow to handle symlink -> directory change.
  • Fixed case CPANEL-39814: Modify the “/scripts” symlink to use a relative path instead of an absolute path.
  • Fixed case CPANEL-39838: Avoid cPstrict usage in modules that are called by scripts using system Perl.
  • Fixed case CPANEL-39920: Remove the deprecated “ignoredepreciated” Tweak Setting.
  • Fixed case CPANEL-39970: Update Unbound to 1.15.0.
  • Fixed case CPANEL-40028: Update cpanel-remixicons to 2.5.0-2.cp1198.
  • Fixed case CPANEL-40032: Raise timeouts when streaming MySQL during transfers.
  • Fixed case CPANEL-40061: Fix search bar behaviour while adjusting window size.
  • Fixed case CPANEL-40062: Teach 'scripts/clean_user_php_sessions' to remove session files for uninstalled versions of php.
  • Fixed case CPANEL-40103: Remove useless IMAPS/POP3S options from Mailserver Configuration on new installs with Dovecot 2.3.
  • Fixed case CPANEL-40153: Update cpanel-pure-ftpd to 1.0.50-1.cp11104.
  • Fixed case CPANEL-40166: Mark cpaddons as deprecated.
  • Fixed case CPANEL-40171: Update cpanel-mariadb-connector to release 3.2.6.
  • Fixed case CPANEL-40218: Fixed bug that skipped wptk install on upgrade.
  • Fixed case CPANEL-40219: WHM Initial Setup Free Trial message now contains proper capitalization.
  • Fixed case CPANEL-40257: Update Net::Google::Drive::Simple to 0.22. Unship Crypt::SSleay.
  • Fixed case CPANEL-40263: Ensure pdo_sqlsrv can function for jailshell users.
  • Fixed case CPANEL-40270: Ensure munin data reflects new hostname on hostname change.
  • Fixed case CPANEL-40284: Fix bug where the correct value for Query Cache Type was not shown on the WHM Edit SQL Configuration interface.
  • Fixed case CPANEL-40293: Update cpanel-exim to 4.95-3.cp11104.
  • Fixed case CPANEL-40299: Update cpanel-ldns to 1.8.1-3.cp1198.
  • Fixed case CPANEL-40305: Line length limits during SMTP transports can now be adjusted to 1,000,000 bytes, up from 65,536 bytes.
  • Fixed case CPANEL-40308: Permit WHM API calls related to MySQL upgrades on DNS-only systems.
  • Fixed case CPANEL-40313: Add some SVG validation to sprite_generator.
  • Fixed case CPANEL-40376: Fixes header display in Safari.
  • Fixed case CPANEL-40380: Fix undefined subroutine error in Apache security advisor.
  • Fixed case CPANEL-40399: Update cpanel-perl-532-dbd-mysql to 4.050-2.cp1198.
  • Fixed case HB-6069: Fix Reseller search control on Transfer Tool account list page.
  • Fixed case HB-6341: Add initial support for Dovecot 2.3.18.
  • Fixed case HB-6359: Update cpanel-roundcubemail to
  • Fixed case PH-17469: Make Webmail Jupiter independent of Paper Lantern.
  • Fixed case PH-17586: Improve functionality of subpages in WebMail.
  • Fixed case PH-17825: Switch test coverage reporters in Angular apps.
  • Fixed case PH-17923: Show maximum file size in kilobytes, rather than bytes, in WHM > cPanel > Customization.
  • Fixed case ZC-9862: Show pagination when additional packages are > 10.
  • Implemented case HB-6314: Add support for expiring spam messages automatically.

Additional Documentation