108 Change Log

Last modified: May 23, 2023


  • [security] Fixed case APPSEC-52: HTTP request smuggling vulnerability in cpsrvd.
  • [security] Fixed case SEC-672: Authenticated RCE for webmail virtual accounts.
  • [security] Fixed case SEC-673: XSS vulnerability on 'Repair a MySQL Database' page in WHM.


  • Fixed case BWG-3516: Improve post_snapshot mmpass generation reliability.
  • Fixed case CPANEL-42400: Fixed IPv6 request resolution from cpsrvd.
  • Fixed case CPANEL-42447: Disallow spaces in ssl_cipher_list values.
  • Fixed case CPANEL-42623: Update cpanel-phpmyadmin to 4.9.11-3.cp11102.


  • Fixed case CPANEL-42404: Update cpanel-roundcubemail to
  • Fixed case CPANEL-42420: Fix bug in horde export script when description fields for events contain excessive spaces to begin a line.
  • Fixed case CPANEL-42441: Sign forwarded messages processed through SRS with DKIM.
  • Fixed case CPANEL-42471: Update cpanel-phpmyadmin to 4.9.11-2.cp11102.
  • Fixed case EA-11258: Restore functionality of ModSecurity Tools Hits List when latest version of ea-apche24-mod_security2 is installed.



  • [security] Fixed case SEC-668: Strengthen filter which checks for invalid webmail forwarders.
  • [security] Fixed case SEC-669: Escape the error message displayed by cpsrvd to prevent cross-site scripting.


  • Fixed case CPANEL-42362: Prevent ELevate upgrade message from displaying on CloudLinux 7.
  • Fixed case CPANEL-42372: Ignore deleted root forwarding addresses when migrating to Jupiter.
  • Fixed case CPANEL-42380: Group cpanel-dpkg package under cpanel-devel group.
  • Fixed case CPANEL-42384: Update cpanel-phpmyadmin to 4.9.11-1.cp11102.
  • Fixed case CPANEL-42393: Correct update blocker error handling related to nodes.
  • Fixed case CPANEL-42410: Update cpanel-clamav to
  • Fixed case CPANEL-42417: Revert "Update backups metadata code to avoid calling gzip directly".


  • Fixed case BOO-2346: Prepare for 2023 MariaDB repo signing key change (resolves CPANEL-42354).


  • Fixed case CPANEL-42335: Correct logic with undefined options in Tweak Settings based interfaces.
  • Fixed case CPANEL-42327: Do not require smarthost_user and smarthost_password when smarthost_auth is disabled.


  • Fixed case HB-6622: Ensure Horde calendar events are migrated to Roundcube on upgrade.
  • Implemented case CPANEL-42176: Provide the ability to perform SMTP authentication using the Smarthost support provided in the Basic Editor of the Exim Configuration Manager.
  • Implemented case CPANEL-42288: Notify administrators who may need to change custom Exim configurations in order to continue to support SRS.


  • Fixed case CPANEL-41700: Fix "entries per page" dropdown.
  • Fixed case CPANEL-41943: Update cpanel-exim to 4.96-8.cp108.
  • Fixed case CPANEL-42197: Repair support for outgoing SMTP hostnames and IPs when SRS is applied to a forwarded message.
  • Fixed case CPANEL-42198: Enable WHM >> Process Manager for DNSONLY systems.
  • Fixed case CPANEL-42224: Breadcrumbs will navigate properly if there are new features to showcase.
  • Fixed case CPANEL-42240: Bump angular-ng packages version in rpm.versions.
  • Fixed case CPANEL-42269: Update cpanel-git to 2.38.3-1.cp108.


  • Fixed case BC-6255: Honor restricting root password access when connecting via IPv6.
  • Fixed case BWG-3590: Fix Apache and Dovecot service startup failure under some circumstances in the post_snapshot script.
  • Fixed case BWG-3680: Prevent unexpected service restarts in snapshot_prep and post_snapshot.
  • Fixed case CPANEL-40495: WHM Marketplace Extension installs now show the actual error.
  • Fixed case CPANEL-41179: Disallow spaces in ssl_cipher_list values.
  • Fixed case CPANEL-41627: Improve parsing of addon and alias domains.
  • Fixed case CPANEL-41756: Fix log warning thrown when an email is sent from within the check_security_advice_changes script.
  • Fixed case CPANEL-41908: Update create a new account interface to use system default values.
  • Fixed case CPANEL-41945: Fixed issue with setting a domain's PHP version to "inherit" when a local php.ini file is present.
  • Fixed case CPANEL-42025: Tolerate some extra errors from needs-restarting.
  • Fixed case CPANEL-42142: Update cpanel-perl-536-b-c to v5.036001.
  • Fixed case ZC-10479: Improve NGINX integration with new version of cpanel-splitlogs.


  • Fixed case CPANEL-41843: Add back mistakenly removed "Calendar and Contacts" item in the feature lists.
  • Fixed case CPANEL-41845: Ensure cpanellogd is recreating domlog files with correct ownership and permissions for both nginx and apache.
  • Fixed case CPANEL-41892: Install Template::Plugin::CGI package.
  • Fixed case CPANEL-41896: Update cpanel-perl-536-dbd-sqlite to v1.72.
  • Fixed case CPANEL-41906: Ensure 'Create a New Account' UI is functional for resellers without the 'viewglobalpackages' privilege.


  • Fixed case CPANEL-40847: Update cpanel-roundcubemail to work with older curl library.
  • Fixed case CPANEL-41735: Update cpanel-git to 2.38.1-1.cp108.
  • Fixed case CPANEL-41861: Update cpanel-php74 to 7.4.33-1.cp11102.
  • Fixed case CPANEL-41879: Only named packages will now show up in Create Account.
  • Fixed case HB-6613: Fix further bugs in cpdavd relating to horde removal.
  • Fixed case HB-6614: Fix bugs in Horde ICS export script.
  • Fixed case HB-6619: Update cpanel-roundcubemail to


  • [security] Fixed case SEC-665: Prevent accounts from arbitrary file reads via injecting bad include directives into a DNS zone file.
  • [security] Fixed case SEC-666: Fix various maketext vulnerabilities.
  • [security] Fixed case SEC-661: Fix test used by cpsrvd to check PHP for extra PATH info
  • [security] Fixed case SEC-662: Fix HttpRequest from writing to homedirs
  • [security] Fixed case SEC-667: Ensure SET_SERVICE_PROXY_BACKENDS is the calling user.


  • Fixed case CPANEL-41773: Do not pass –allowerasing, stop requiring glibc-static, and enable powertools and epel on C8+ systems.
  • Fixed case CPANEL-41793: Update cpanel-clamav to
  • Fixed case CPANEL-41829: Remove obsolete cpanel-chosen-1.1.0 package.
  • Fixed case HB-6602: Fix bug in cpdavd revealed by horde removal.
  • Fixed case HB-6548: Migrate from calendar and contact data from Horde to Roundcube


  • Fixed case BOO-2261: Fixed application instability in the Edit SQL Configuration UI.
  • Fixed case COBRA-14059: Make the API reject SSL orders that use HTTP DCV for wildcards.
  • Fixed case CPANEL-39963: Reduced AutoSSL stuck detection time to 3 hours.
  • Fixed case CPANEL-39966: Email filters will now recognize negative numbers.
  • Fixed case CPANEL-40019: Added checks to make sure root isn't calling cPanel APIs.
  • Fixed case CPANEL-40339: Update cpanel-phpmyadmin to 4.9.7-3.cp11102.
  • Fixed case CPANEL-41452: update_local_rpm_versions now displays proper usage.
  • Fixed case CPANEL-41560: Validate account name in the UAPI FTP::get_quota function.
  • Fixed case CPANEL-41626: Fix issue with nightly Security Advisor run not issuing notifications appropriately.
  • Fixed case CPANEL-41705: Enable the Security Advisor to keep the ELevate script up to date.
  • Fixed case CPANEL-41725: Fixup PATH for python3 on CentOS 6.
  • Fixed case CPANEL-41740: Update cpanel-unbound to version 1.16.3.
  • Fixed case CPANEL-41746: Updated help for update_local_rpm_versions to clarify options.
  • Fixed case CPANEL-41748: Changed update_local_rpm_versions to allow 0 value.
  • Fixed case CPANEL-41777: Remove duplicate Let's Encrypt plugin installation.
  • Fixed case PH-19048: Fix javascript console errors when CCS is not installed.
  • Fixed case PH-19185: Restore legacy language support.


  • Fixed case COBRA-14032: Show Feature Showcase item for Let’s Encrypt default availability.
  • Fixed case COBRA-14060: Fix DCV method order in paid TLS certificate orders.
  • Fixed case CPANEL-40080: The update_spamassassin_config script will now honor the verbose option.
  • Fixed case CPANEL-41657: Ensure cpdavd doesn't send an improper 400 response due to module load errors.
  • Fixed case CPANEL-41678: Fix cpanel-open-sans installation path.


  • Fixed case CPANEL-39897: Remove inference of customization support for WHM.
  • Fixed case CPANEL-41561: Apply package locale modifications to users assigned to that package when editing a package.
  • Fixed case CPANEL-41585: Fix URL in Horde Removal Feature Showcase.
  • [security] Fixed case SEC-650: cPanel Visitors UI does not display direct apache access when ea-nginx is installed/enabled.


  • Fixed case ART-2754: Add the users favorites to the WHM left menu.
  • Fixed case BOO-1935: Updated form validation when supplying decimal numbers on the Edit SQL Configuration page.
  • Fixed case BOO-1938: Updated form validation for filenames on the edit SQL configuration page.
  • Fixed case BOO-1954: DB property names are now displayed alongside their form labels on the Edit SQL Configuration page.
  • Fixed case BOO-2040: Error messaging for database optimizations are now more user friendly.
  • Fixed case BOO-2125: Clarify Join Buffer Size recommendation text.
  • Fixed case BOO-2223: Fixed an issue that could occur where the value in the form did not accurately depict the setting value on the Edit SQL Configuration page.
  • Fixed case BWG-3137: Refine handling of hostname and AutoSSL checks in post_snapshot.
  • Fixed case BWG-3319: snapshot_prep: Handle additional per-instance data found in a base install.
  • Fixed case BWG-3428: Improve snapshot_prep checks for existing user backups and backup metadata, and add a new task to remove the transports database.
  • Fixed case BWG-3538: Fix exception in mkwwwacctconf when a DNS server is not responsive.
  • Fixed case COBRA-13831: Fix MySQL streaming segfaults.
  • Fixed case COBRA-13945: Update 'Tweak Settings' default to harden the functionality for updating a contact email address.
  • Fixed case COBRA-14031: Show AutoSSL’s Let’s Encrypt provider in the Manage Plugins UI.
  • Fixed case COBRA-14031: Install the Let’s Encrypt AutoSSL plugin on upgrade and install.
  • Fixed case COBRA-14037: Update AutoSSL provider table in WHM >> Manage AutoSSL for more accurate representation.
  • Fixed case COBRA-14053: Install Let’s Encrypt dependencies as part of initial installation.
  • Fixed case CPANEL-39549: Users are now notified if their Let's Encrypt Account ID is missing from the cache file responsible for managing auto ssl. This message directs users on how to fix the problem.
  • Fixed case CPANEL-39737: WHM notifications can now link externally.
  • Fixed case CPANEL-39777: MySQL installs on RHEL systems will now use the offical release rpm for the repo file.
  • Fixed case CPANEL-39859: Update MX line parsing to account for dnssec.
  • Fixed case CPANEL-40572: Make cpsrvd await WebSocket close() response.
  • Fixed case CPANEL-40713: Adjust routing for cpsrvd to allow URL arguments for PHP apps.
  • Fixed case CPANEL-40769: Ensure sane minrate setting is in place for dnf.conf.
  • Fixed case CPANEL-40796: Redirect to docs.cpanel.net when accessing changelog in WHM.
  • Fixed case CPANEL-40839: Update cpanel-sqlite to version 3.38.5.
  • Fixed case CPANEL-40883: Add breadcrumbs to Team Manager interfaces.
  • Fixed case CPANEL-40893: Update cpanel-analog to 6.0-1.cp108.
  • Fixed case CPANEL-40918: Add IPV6 support to scripts/smtpmailgidonly.
  • Fixed case CPANEL-40923: Fix rocky mysql repo detection.
  • Fixed case CPANEL-40924: Update cpanel-p0f to 3.09b-1.cp108.
  • Fixed case CPANEL-40948: Update backups metadata code to avoid calling gzip directly.
  • Fixed case CPANEL-40966: Improve performance of Webmail using the Jupiter theme.
  • Fixed case CPANEL-40967: Improve appearance of the WHM main menu scroll bar.
  • Fixed case CPANEL-40972: Don't create duplicate entries with /usr/local/cpanel/bin/create-swap.
  • Fixed case CPANEL-40973: Fixed behaviour of the context menu when navigating directories in filemanager.
  • Fixed case CPANEL-40981: Improved error messaging when a forced password reset fails due to disk quota breach.
  • Fixed case CPANEL-41008: Update cpanel-eventsource-polyfill-js to 1.0.0-1.cp108.
  • Fixed case CPANEL-41012: Update fontawesome to version 5.15.4.
  • Fixed case CPANEL-41021: Fix quota setup on systems where the locale is not English.
  • Fixed case CPANEL-41032: Remove cpanel-libmcrypt package.
  • Fixed case CPANEL-41033: Update cpanel-libspf2 to release 1.2.11.
  • Fixed case CPANEL-41044: Update cpanel-mariadb-connector to 3.3.1.
  • Fixed case CPANEL-41051: Update cpanel-mysql to version 5.6.51.
  • Fixed case CPANEL-41072: Fix an issue which can prevent WHM List Accounts loading when Linked Nodes are used.
  • Fixed case CPANEL-41076: Ensure start_background_mysql_upgrade does not suggest installing unsupported database versions.
  • Fixed case CPANEL-41092: Update cpanel-puttygen to version 0.77.
  • Fixed case CPANEL-41097: Update PowerDNS to upstream version 4.4.3.
  • Fixed case CPANEL-41106: Enhance taint handling for cPanel code.
  • Fixed case CPANEL-41107: Update ProFTPD to upstream version 1.3.7d.
  • Fixed case CPANEL-41123: Update dovecot to upstream version
  • Fixed case CPANEL-41125: Fix cPanel bandwidth interface to work when the system OS locale is set to be non-English.
  • Fixed case CPANEL-41126: Update to exim version 4.96 with native SRS support.
  • Fixed case CPANEL-41146: Teach Cpanel::PHP::Vhosts to update local session.save_path directories that are associated with a specific version of PHP.
  • Fixed case CPANEL-41166: Fix WHM API1 error which can occur when using “set_tier” API call.
  • Fixed case CPANEL-41172: Fix redundant SQL optimizations.
  • Fixed case CPANEL-41222: Adjust ImagePrep for exim 4.96.
  • Fixed case CPANEL-41256: Rocky Linux 8 is no longer experimental in 108.
  • Fixed case CPANEL-41262: Update cpanel-munin to 2.0.30-2.cp108.
  • Fixed case CPANEL-41294: Update packages to version 108 for cpanel-editarea, cpanel-moment, cpanel-pigz, cpanel-promise-polyfill-js-v3.5, cpanel-qrcodejs, cpanel-remixicons, cpanel-requirejs, cpanel-roboto, cpanel-site-publisher-templates, cpanel-sortablejs, cpanel-trigger-os-release, cpanel-webalizer, cpanel-upstream_name.
  • Fixed case CPANEL-41296: Support newer glibc with the quotacheck wrapper in cpanel-wrap.
  • Fixed case CPANEL-41305: Update X::Tiny to release 0.22.
  • Fixed case CPANEL-41309: Update x-tiny version in fix-cpanel-perl.
  • Fixed case CPANEL-41316: Prevent certain WHM API v1 calls from running the API if an unknown argument is given.
  • Fixed case CPANEL-41319: Fix warnings from SpamAssassin::Rules.
  • Fixed case CPANEL-41378: Fix FTP password strength error message to include the account type.
  • Fixed case CPANEL-41379: Don't produce an error stating that no error has occurred when running the Ftp::set_quota UAP call.
  • Fixed case CPANEL-41381: Updated the instructions in WHM for changing the server hostname.
  • Fixed case CPANEL-41390: Update clamav to upstream version 0.104.4.
  • Fixed case CPANEL-41408: Rebuild cpanel-pythontidy for 108.
  • Fixed case CPANEL-41408: Update mailman to use cpanel-system-python27.
  • Fixed case CPANEL-41408: Update cpanel-mailman to version 2.1.39.
  • Fixed case CPANEL-41421: Return an error when attempting to set_quota for a non-existent ftp user.
  • Fixed case CPANEL-41424: Disallow MySQL/MariaDB upgrades if the service is disabled.
  • Fixed case CPANEL-41428: Teach Cpanel::JSON to decode JSON Unicode escape sequences.
  • Fixed case CPANEL-41491: Obsolete cpanel-elfinder-devel package.
  • Fixed case CPANEL-41507: Fix popup display bug on cPanel Virus Scanner interface.
  • Fixed case CPANEL-41521: Update cpanel-pam-cpses to 108.0-2.cp108.
  • Fixed case CPANEL-41528: Fix typo in WHM cl6 deprecation banner.
  • Fixed case CPANEL-41541: Remove deprecated DEFAULTWEBMAILTHEME entry from migrate process.
  • Fixed case CPANEL-41553: Fix uninitialized value warnings when using listaccts search on a system with a user with the “undefined” package.
  • Fixed case CPANEL-41587: Disable imunify support for Rocky Linux 8.
  • Fixed case DUCK-7331: New UI for retrieving API logs.
  • Fixed case HB-6441: Remove deprecated Horde webmail client.
  • Fixed case HB-6473: Create script to transfer log backups to remote server destination.
  • Fixed case HB-6490: Add EOL banner notices for CentOS 7, CloudLinux 7 and CloudLinux 6 in WHM for the administrator.
  • Fixed case HB-6548: Update cpanel-roundcubemail to
  • Fixed case HB-6552: Add banner to webmail alerting users of Horde removal.
  • Fixed case HB-6554: Add Horde removal feature showcase item.
  • Fixed case MOON-91: Update elfinder to upstream version 2.1.61.
  • Fixed case MOON-165: Update Angular workspaces to Angular v13.
  • Fixed case NG-642: Update Angular Workspaces to use new angular-locale.
  • Fixed case PH-17595: Migrate packages which are assigned to Paper Lantern to Jupiter.
  • Fixed case PH-17652: Update the default theme to Jupiter during upcp.
  • Fixed case PH-17659: Migrate users which are assigned to Paper Lantern to Jupiter upon upcp.
  • Fixed case PH-18401: Improve locales strings by making quantity words translatable.
  • Fixed case PH-18407: Language survey link update.
  • Fixed case PH-18473: Remove expired feature showcase items regarding Jupiter.
  • Fixed case PH-18475: Add a new migration experience to cPanel for users coming from the Paper Lantern them to Jupiter.
  • Fixed case PH-18476: Implement feedback survey link in cPanel Jupiter interface.
  • Fixed case PH-18628: Remove Paper Lantern deprecation warnings from WHM.
  • Fixed case PH-18651: Remove paper_lantern from lists in the interface.
  • Fixed case PH-18662: Ensure paper lantern users are assigned to Jupiter when being restored.
  • Fixed case PH-18670: Ensure the Paper Lantern deprecation warning always shows for users assigned to the Paper Lantern theme.
  • Fixed case PH-18700: Paper Lantern packages are assigned to Jupiter when being restored.
  • Fixed case PH-18729: Allow Paper Lantern to be shown in WHM dropdowns if in use.
  • Fixed case PH-18741: Remove the ability to customize Paper Lantern from WHM.
  • Fixed case PH-18832: Remove default webmail entry from the basic setup.
  • Fixed case PH-18852: Add nvdata to track which users have their themes updated.
  • Fixed case PH-18914: Remove paper_lantern from the View Available Locales table.
  • Fixed case PH-18915: Ensure the UAPI Themes::get_theme_base supports Jupiter.
  • Fixed case PH-18963: Add feature showcase regarding the great migration of PL users to Jupiter.
  • Fixed case PH-18966: Update Sprite Generator to work with ImageMagick 6.9.12-61 on C8.
  • Fixed case ZC-9687: Restore alert when the MPM package is removed.
  • Implemented case CPANEL-40194: Implement cPanel & WHM root password restriction based on CIDR using /var/cpanel/authorized_whm_root_ips.
  • Implemented case CPANEL-41246: Update cpanel-perl to 5.36 and related CPAN modules.

Additional Documentation