106 Change Log

Last modified: March 2, 2023



  • [security] Fixed case SEC-668: Strengthen filter which checks for invalid webmail forwarders.
  • [security] Fixed case SEC-669: Escape the error message displayed by cpsrvd to prevent cross-site scripting.


  • Fixed case CPANEL-42384: Update cpanel-phpmyadmin to 4.9.11-1.cp11102.
  • Fixed case CPANEL-42393: Correct update blocker error handling related to nodes.
  • Fixed case CPANEL-42428: Update cpanel-clamav to


  • Fixed case BOO-2346: Prepare for 2023 MariaDB repo signing key change (resolves CPANEL-42354).


  • Fixed case CPANEL-41773: Do not pass –allowdeletes, stop requiring glibc-static enable powertools and epel on 8+ systems.
  • Fixed case CPANEL-42025: Tolerate some extra errors from needs-restarting.
  • Fixed case CPANEL-42270: Update cpanel-git to 2.37.5-1.cp1198.
  • Fixed case CPANEL-42282: Update cpanel-exim to 4.95-7.cp11104.


  • Fixed case CPANEL-41845: Ensure cpanellogd is recreating domlog files with correct ownership and permissions for both nginx and apache.
  • Fixed case CPANEL-42221: Fix SegFault from queueprocd.


  • Fixed case COBRA-14060: Fix DCV method order in paid TLS certificate orders.
  • Fixed case CPANEL-40847: Update cpanel-roundcubemail to
  • Fixed case CPANEL-41626: Fix issue with nightly Security Advisor run not issuing notifications appropriately.
  • Fixed case CPANEL-41657: Ensure cpdavd doesn't send an improper 400 response due to module load errors.
  • Fixed case CPANEL-41736: Update cpanel-git to 2.37.4-1.cp1198.
  • Fixed case CPANEL-41742: Patch cpanel-unbound for CVE-2022-3204.
  • Fixed case CPANEL-41820: Update cpanel-clamav to
  • Fixed case CPANEL-41861: Update cpanel-php74 to 7.4.33-1.cp11102.
  • Fixed case PH-18966: Update Sprite Generator to work with ImageMagick 6.9.12-61 on C8.
  • Fixed case PH-19185: Restore legacy language support.


  • [security] Fixed case SEC-665: Prevent accounts from arbitrary file reads via injecting bad include directives into a DNS zone file.
  • [security] Fixed case SEC-666: Fix various maketext vulnerabilities.
  • [security] Fixed case SEC-661: Fix test used by cpsrvd to check PHP for extra PATH info
  • [security] Fixed case SEC-662: Fix HttpRequest from writing to homedirs
  • [security] Fixed case SEC-667: Ensure SET_SERVICE_PROXY_BACKENDS is the calling user.


  • [security] Fixed case SEC-650: cPanel Visitors UI does not display direct apache access when ea-nginx is installed/enabled.


  • Fixed case HB-6538: Disable Horde by default in the Tweak Settings.
  • Fixed cases HB-6555, CPANEL-41501: Add Horde deprecation notice in WHM.
  • Fixed case CPANEL-41569: Update cpanel-exim to 4.95-6.cp11104.


  • Fixed case CPANEL-40231: Fix lack of description for plugins within WHM >> Manage Plugins on Ubuntu.
  • Fixed case CPANEL-41297: Ensure create_user_session properly handles the case where the hostname fails to resolve.
  • Fixed case CPANEL-41331: Update MariaDB yum/dnf repository files.
  • Fixed case CPANEL-41387: Provide help option for bin/process_ssl_pending_queue.
  • Fixed case CPANEL-41404: Fix broken reference to “default” throttle option for process_ssl_pending_queue.
  • Fixed case CPANEL-41414: Fixed adminbin limit error for large number of domains.
  • Fixed case CPANEL-41186: Update cpanel-clamav to 0.104.4-1.cp11100.
  • Fixed case CPANEL-41482: Update cpanel-roundcubemail to


  • Fixed case CPANEL-35583: Fix invalid ACL error message when no backup metadata yet exists.
  • Fixed case CPANEL-40673: Don't show disk-related "Upgrade Opportunities" info for unlimited quota users in WHM List Accounts.
  • Fixed case CPANEL-40713: Adjust routing for cpsrvd to allow URL arguments for PHP apps.
  • Fixed case CPANEL-40769: Ensure sane minrate setting is in place for dnf.conf.
  • Fixed case CPANEL-40890: Fixed a condition where it was possible that upcp updates could fail early, and alerts to the user would not be set.
  • Fixed case CPANEL-40931: Prevent currently-unlimited bandwidth users from being incorrectly flagged for excessive prior month bandwidth usage.
  • Fixed case CPANEL-41250: Prevent modifyacct from erasing contact email addresses inadvertently.
  • Fixed case CPANEL-41293: Fix typo in WHM search results for SSL/TLS Configuration.
  • Fixed case CPANEL-41345: Exclude kernel-modules* when running /scripts/update-packages on EL8-derived distributions.
  • Fixed case PH-18407: Language survey link update.


  • [security] Fixed case SEC-646: Explicitly set the error log in /usr/local/cpanel/scripts/cleanphpsessions.php.
  • [security] Fixed case SEC-652: Fix Self-XSS vulnerability in ModSecurity Tools interface.
  • [security] Fixed case SEC-653: Prevent unprivileged accounts from performing arbitrary file reads when a DNS zone is parsed.
  • [security] Fixed case SEC-654: Fix XSS vulnerability in WHM ModSecurity Vendors interface.
  • [security] Fixed case SEC-655: Verify necessary domain ownership for cPanel subdomain API calls.
  • [security] Fixed case SEC-658: Prevent database user account name collisions for accounts created when MySQL is temporarily disabled.


  • Fixed case CPANEL-40883: Add breadcrumbs to Team Manager interfaces.
  • Fixed case CPANEL-41071: Improve WHM's header search for plugins.
  • Fixed case CPANEL-41110: Allow Ubuntu systems to update the “kmod” package even when kernel updates are disabled.
  • Fixed case CPANEL-41110: Ensure that stale package excludes on Ubuntu are not retained.
  • Fixed case CPANEL-41192: Return an ip url for sessions when the hostname cannot resolve.
  • Fixed case CPANEL-41208: Fix warning issued by the Apache assessor in the Security Advisor on Virtuozzo 7 systems.
  • Fixed case CPANEL-41235: check_cpanel_pkgs needs to remove ubuntu pkgs with –force-all.
  • Fixed case PH-18745: Improve appearance of the WHM main menu scroll bar.


  • Fixed case CPANEL-40863: Updated the i_cpanel_snowmen locale to be hidden by default.
  • Fixed case CPANEL-40958: Update cpanel-roundcubemail to
  • Fixed case CPANEL-41067: Execute findphpversion in the background to avoid potential bottlenecks during upcp.
  • Fixed case CPANEL-41141: Have clean_user_php_sessions script use defaults to clean session files in directories associated with uninstalled php versions.
  • Fixed case DUCK-7209: Discourage API Log spoofing and dangerous characters.
  • Implemented case CPANEL-41025: Report cPanel ELevate blockers in Security Advisor.


  • Fixed case COBRA-13884: Prevent cPanel’s AutoSSL provider from requesting duplicate certs.
  • Fixed case CPANEL-40783: Update cpanel-php74 to 7.4.30-2.cp11102.
  • Fixed case CPANEL-40966: Improve performance of Webmail using the Jupiter theme.
  • Fixed case CPANEL-41023: Respect pre-install configuration with regards to FTP server selection.
  • Fixed case CPANEL-41068: Update cpanel-git to version 2.37.0.
  • Fixed case CPANEL-41085: Update cpanel-php74-turba to 4.2.29-1.cp11102.


  • Fixed case BWG-3396: Fix httpd being down after post_snapshot changes the hostname.
  • Fixed case CPANEL-39888: Fix order of operations issue when validating MySQL upgrade conf.
  • Fixed case CPANEL-40724: For DNSOnly servers, prevent erroneous "service down" notices for the cpanel_php_fpm service since it does not run on DNSOnly.
  • Fixed case CPANEL-40761: Fixed paper_lantern sprites not being generated on installation.
  • Fixed case CPANEL-40782: Improvements to Modify/Upgrade Multiple Accounts.
  • Fixed case CPANEL-40934: Adjusted the ability of a user to undo file changes in file manager, after they commit to a save.
  • Fixed case CPANEL-40940: Update cpanel-dovecot to 2.3.18-3.cp11104.
  • Fixed case CPANEL-40941: Allow system package updates to remove obsolete packages blocking dependencies on EL8-derived distributions.
  • Fixed case PH-18365: Add a feature showcase to disclose the language removals.
  • Fixed case ZC-9975: EA recommendations display in a list.


  • Fixed case ART-2045: Turn WHM 'Top Tools' into 'Favorites' and allow customization.
  • Fixed case ART-2047: Add the ability to view Favorites in a compact way.
  • Fixed case ART-2170: Public contact tab should prevent navigation with changes.
  • Fixed case ART-2202: Usability improvements to cPHulk WHM UI.
  • Fixed case ART-2217: Provide a way to download the cphulk blacklist and whitelist ips.
  • Fixed case ART-2359: Improvements to how we show load averages in WHM Jupiter.
  • Fixed case ART-2480: Added instructions to help users with editing Favorites.
  • Fixed case ART-2552: Improve statistics panel hostname wrapping.
  • Fixed case ART-2612: Updated the WHM cPHulk app to support full download and upload of the whitelist & blacklists including any provided comments.
  • Fixed case ART-2804: Extend certain post install updates until the next LTS version.
  • Fixed case ART-2831: Update the new stats header based on user study data.
  • Fixed case BOO-1773: Implement prefix-size flag for create database/user uapi calls.
  • Fixed case BOO-2098: Implement force_short_prefix tweak setting.
  • Fixed case BWG-2711: Create minimal cpuser file for reseller without domain.
  • Fixed case BWG-3049: Add plugin system to snapshot_prep, and handle CCS.
  • Fixed case COBRA-13671: Remove 'Aliases' interface in cPanel (Jupiter only).
  • Fixed case COBRA-13672: Remove 'Subdomains' interface in cPanel (Jupiter only).
  • Fixed case COBRA-13672: Remove 'Addon Domains' interface in cPanel.
  • Fixed case COBRA-13674: Rename “Aliases” to “Alias Domains” in cPanel’s stats bar.
  • Fixed case COBRA-13746: Store cpuser contact email addresses solely in cpuser files.
  • Fixed case COBRA-13747: Make set_email_addresses() API call use its own admin function.
  • Fixed case COBRA-13748: Convert Contact Information UI to use new contact-email APIs.
  • Fixed case COBRA-13802: Improve Discoverability of WHM Notifications.
  • Fixed case COBRA-13811: Improve UAPI contact email APIs.
  • Fixed case COBRA-13856: Allow administrators to force-disable insecure contact-email updates.
  • Fixed case COBRA-13866: Add Feature Showcase item for contact-email hardening.
  • Fixed case COBRA-13887: Add improved help text to domain's creation interface.
  • Fixed case CPANEL-13538: Add utilities to prepare cPanel servers for image creation and deployment.
  • Fixed case CPANEL-38316: Improve zonefile chown order of operations.
  • Fixed case CPANEL-39344: Hide Email Routing Configuration link on unsupported product types.
  • Fixed case CPANEL-39483: Fix empty data save message in WHM's Configure Remote Service IPs.
  • Fixed case CPANEL-39800: Remove “Department Name” from the OV/EV certificate order fields.
  • Fixed case CPANEL-40020: Prevent rsync hangs on AlmaLinux backups.
  • Fixed case CPANEL-40176: Improve horizontal scroll bar on List Accounts page.
  • Fixed case CPANEL-40191: Ensure web stats are always run.
  • Fixed case CPANEL-40352: Update webcomponents to fix style load issues in WHM and cPanel Jupiter theme.
  • Fixed case CPANEL-40402: MariaDB 10.4 can no longer be used as a remote database profile.
  • Fixed case CPANEL-40429: Update net-google-drive-simple to v3.01.
  • Fixed case CPANEL-40437: Change color for Favorites selector icon.
  • Fixed case CPANEL-40451: Enable Munin MySQL plugins only when MySQL/MariaDB is installed.
  • Fixed case CPANEL-40493: Disable regenerate_tokens task on initial install, and increase timeout.
  • Fixed case CPANEL-40505: Fix Pushbullet validation message in contact preferences.
  • Fixed case CPANEL-40510: Sort authentication providers on login page.
  • Fixed case CPANEL-40547: No longer depend on cpanel-mysql.
  • Fixed case CPANEL-40550: Rebuild cpanel-analog against static zlib v1.2.12.
  • Fixed case CPANEL-40570: Remove nsd/mydns from nameserverconfig UI.
  • Fixed case CPANEL-40604: Fix bug preventing delete selected black/whitelist ips in cphulk.
  • Fixed case CPANEL-40616: Fix the toggle switch web-component to properly support accessibility.
  • Fixed case CPANEL-40626: Show - - - on load average API error rather the NaN.
  • Fixed case CPANEL-40629: Disable most Perl backtraces from appearing in the error log unless the file “/var/cpanel/log_stack_traces” exists.
  • Fixed case CPANEL-40630: Fix innodb optimization check for MariaDB 10.5+.
  • Fixed case CPANEL-40680: Stop spurious button capitalization in Domains UI. (Jupiter only).
  • Fixed case CPANEL-40720: Include full cPanel build number in the installed_versions WHMAPI1 output.
  • Fixed case CPANEL-40721: Fixed overwrite exceptions warnings regarding the timezone cache when running uapi as a cPanel user.
  • Fixed case CPANEL-40724: For DNSOnly servers, prevent erroneous "service down" notices for services that do not run on DNSOnly.
  • Fixed case CPANEL-40728: Generate /var/cpanel/install_version on install.
  • Fixed case CPANEL-40731: Fix a bug where webmail partially showed dark styles.
  • Fixed case CPANEL-40735: The textboxes for the advanced search fields on the Transfer Tools page are now uniform in size.
  • Fixed case CPANEL-40771: Add RockyLinux to Cpanel::OS.
  • Fixed case CPANEL-40779: Restore RPM lock wait behavior on RHEL 8+ systems.
  • Fixed case CPANEL-40797: Discard non-hostname-matching issued hostname certs.
  • Fixed case CPANEL-40834: Remove some mentions of legacy access hashes from DNS Clustering.
  • Fixed case CPANEL-40853: Ensure links in the Feature Showcase can open in a new tab.
  • Fixed case CPANEL-40866: Remove CDB files after removal of legacy locale files.
  • Fixed case CPANEL-40898: Fix up arrow bug in WHMs search dropdown.
  • Fixed case DUCK-6916: Log cPanel API calls.
  • Fixed case DUCK-7007: Fix typo in Tweak Settings help text.
  • Fixed case DUCK-7174: Fix bugs with disabling team_manager.
  • Fixed case HB-6454: Allow account restore over existing accounts w/overrides.
  • Fixed case PH-17723: Improve visual user experience in the main menu.
  • Fixed case PH-17820: Ask user feedback to get more information about what additional languages to support.
  • Fixed case PH-17947: Remove legacy languages from the product.
  • Fixed case PH-17960: Show a warning when on the Edit Account interface for users on removed locales.
  • Fixed case PH-18015: Improve the search feature in the WHM main navigation menu by adding fuzzy logic.
  • Fixed case PH-18033: Add the new sub-header stats panel.
  • Fixed case PH-18033: Remove the whm server info button and menu.
  • Fixed case PH-18033: Improvements to the load average web-component.
  • Fixed case PH-18033: Fixed menu overlay problems with the header menus.
  • Fixed case PH-18039: Add ‘x’ button in WHM main menu nav search box.
  • Fixed case PH-18107: Improve the keyboard shortcuts for the search box filter navigation.
  • Fixed case PH-18192: Updated the Pricing and Term agreement.
  • Fixed case PH-18193: Update the Privacy Policy to version 04-29-2022.
  • Fixed case PH-18268: Add deprecation warning to paper-lantern theme.
  • Fixed case PH-18270: Implement the switch to Jupiter feature showcase.
  • Implemented case CPANEL-40533: Auto upgrade MyDNS to PowerDNS on upgrades.
  • Implemented case CPANEL-40480: Auto upgrade NSD to PowerDNS on upgrades.
  • Implemented case CPANEL-40517: Send iContact notification for auto-upgrade to PowerDNS.
  • Implemented case DUCK-6670: Add list team view part of the Manage Team UI.
  • Fixed case CPANEL-39456: Update cpanel-exim to 4.95-5.cp11104.
  • Fixed case CPANEL-40182: Update cpanel-geoipfree-data to 106.0-1.cp11106.
  • Fixed case CPANEL-40183: Update cpanel-knownproxies-data to 106.0-1.cp11106.
  • Fixed case CPANEL-40244: Update cpanel-roundcubemail to
  • Fixed case CPANEL-40711: Update cpanel-roundcubemail to
  • Fixed case CPANEL-40899: Update cpanel-php74 to 7.4.30-1.cp11102.
  • Fixed case HB-6470: Update cpanel-php74-turba to 4.2.28-1.cp11102 (resolves UPS-462).
  • Fixed case HB-6313: Update cpanel-roundcubemail to
  • Fixed case CPANEL-40560: Emit a message if checkallsslcerts is run while disabled.

Additional Documentation