Last modified: 2026 April 6

---

110.0.95

---

2026-04-06

• Fixed CPANEL-50423: Prevent team sub-account members from accessing WHMCS integration endpoints to block a privilege escalation path to WHM root.
• Fixed CPANEL-51415: Cleanup locale bits in cPStore Market Provider.
• Fixed CPANEL-52185: The MultiPHP Manager outdated PHP banner now includes a description explaining that outdated PHP versions no longer receive security updates and recommends PHP ELS. The More Info link is positioned inline with the description instead of pushed to the far right.
• Fixed CPANEL-52338: Update cpanel-roundcubemail to 1.6.15.
• Fixed CPANEL-52361: Do not promote PHP ELS on servers that have an immunify360 license.
• Fixed CPANEL-52428: Fix cPanel MultiPHP Manager failing to display installed PHP versions with an out of date ea-cpanel-tools package.

110.0.93

---

2026-03-30

• Fixed CPANEL-43087: Removed use of cpanel side user cache files.
• Fixed CPANEL-51765: PHP versions older than the system-configured minimum are now labeled “Outdated” in the MultiPHP Manager and EasyApache 4 CloudLinux interfaces, replacing the previous “Deprecated” label.
• Implemented CPANEL-51579: Make EOL and hardened PHP versions more visually apparent in EasyApache 4 and MultiPHP Manager output.
  • Label outdated and secured PHP versions in the MultiPHP Manager UI.
  • Redesign the PHP ELS installation progress indicator in MultiPHP Manager.
  • Add a WHM API endpoint to list sites using end-of-life PHP versions.
  • Add a PHP Status indicator to the WHM sidebar to highlight end-of-life and hardened PHP versions.
• Fixed CPANEL-51920: Upgrade Compress::Raw::Zlib to 2.220+ to address CVE-2026-3381.
  • The previous version bundled a vulnerable zlib version earlier than 1.3.2.
  • Also upgrades IO::Compress and Compress::Raw::Bzip for compatibility.
• Fixed CPANEL-51959: Fix styling of the Cancel button in the outdated PHP version confirmation dialog on the WHM MultiPHP Manager page.
• Fixed CPANEL-52182: Update cpanel-geoipfree-data.
• Fixed CPANEL-52225: CPAN updates, addressing CVE-2026-4177, CVE-2006-10002, CVE-2006-10003.

110.0.92

---

2026-03-23

• Fixed CPANEL-52096: Update cpanel-roundcubemail to 1.6.14.
  • Fix pre-auth arbitrary file write via unsafe deserialization in redis/memcache session handler.
  • Fix password change without old password validation.
  • Fix IMAP Injection and CSRF bypass in mail search.
  • Fix remote image blocking bypass via SVG animate attributes and body background attribute.
  • Fix fixed position mitigation bypass via use of !important.
  • Fix XSS issue in HTML attachment preview.
  • Fix SSRF and Information Disclosure via stylesheet links to local network host.

110.0.91

---

2026-03-09

• Fixed CPANEL-46546: Fix Ticket Assist firewall detection when Imunify360 creates /etc/csf without installing the CSF binary.
• Fixed CPANEL-51916: Upgrade Net::CIDR to 0.27 to address CVE-2021-4456.
• Fixed CPANEL-51918: Upgrade Crypt::URandom for CVE-2026-2474.
• Implemented CPANEL-51430: Add automatic reissuance of short-lived (200-day) SSL certificates via the cPanel Store API.

110.0.90

---

2026-03-04

• Fixed CPANEL-51809: Fix package resolution bug for additional prefixes on CloudLinux 7.

110.0.89

---

2026-02-23

• Case SEC-67580: Fix cPanel File Download Endpoint IDOR Vulnerability.
  • CVSS Score: 6.5
  • CVSS 3.1:AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  • Reporter: Rhevin Fardhika

110.0.88

---

2026-02-16

• Fixed CPANEL-51508: Update cpanel-roundcubemail to 1.6.13. Fix CSS injection vulnerability reported by CERT Polska. Fix remote image blocking bypass via SVG content reported by nullcathedral.

110.0.87

---

2026-02-02

• Fixed CPANEL-50385: Fix 404 errors when granting support access for forked tickets where SSH keys already exist from parent tickets.
• Implemented CPANEL-50759: Fix EasyApache4 wizard to correctly auto-select PHP extensions when installing ALT PHP versions from CloudLinux.

110.0.86

---

2026-01-16

• Fixed CPANEL-51117: Fix "Oops" page on mysql roundcube.

110.0.85

---

2026-01-15

• Fixed CPANEL-51078: Formbricks load in roundcube.

110.0.84

---

2026-01-12

• Implemented CPANEL-50954: Ship formbricks plugin with cPanel.

110.0.83

---

2026-01-06

• Fixed CPANEL-49029: Fixed stored XSS vulnerability in File Viewer.
• Improved CPANEL-46535: Improved email analytics tracking to include MIME type rejection failures in the eximstats database.
• Fixed CPANEL-50569: Fixed Extended Lifecycle Support for PHP automatic installation repository check to work correctly with redirected URLs.
• Fixed CPANEL-50142: Added missing –disable flags to the restorepkg command.
• Fixed CPANEL-50170: Fixed Email message headers “X-Ham-Reports” and “X-Spam-Reports” output to be readable.
• Improved CPANEL-50328: Added Site Publisher deprecation notification to WHM.
• Improved CPANEL-50461: Updated Unbound DNS resolver with security patches.
• Improved CPANEL-50480: Updated phpPgAdmin to version 7.14.7.
• Improved CPANEL-50493: Improved PHP Extended Lifecycle Support banner display.
• Fixed CPANEL-50682: Fixed EasyApache UI error when package data exceeds localStorage limits.
• Improved CPANEL-50738: Updated Roundcube webmail to version 1.6.12.
• Improved CPANEL-50758: Updated Exim mail server to version 4.99.1.

110.0.81

---

2025-12-18

• Fixed CPANEL-50800: Update cpanel-php81 to 8.1.34.
  • Fixed CVE-2025-14177: Information Leak of Memory in getimagesize.
  • Fixed CVE-2025-14178: Heap buffer overflow in array_merge.
  • Fixed CVE-2025-14180: PDO quoting result null deref.

110.0.80

---

2025-11-05

• Case SEC-70235: Fix CVE-2025-66429 - Local privilege escalation vulnerability due to directory traversal in Team Manager API.
  • CVSS Score: 9.3
  • CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
  • Reporters: Philip Okhonko, Sergey Gerasimov of SolidLab LLC
• Fixed CPANEL-49422: Line-wrap the encoded SpamAssassin report in email headers to better comply with RFC 2047.
• Fixed CPANEL-49683: Update awstats pkg for CWE-78/PTT-2025-021.

110.0.79

---

2025-10-16

• Fixed CPANEL-46200: Unship cpanel-postgresql to address CVE-2024-7348 for pg_dump.
• Fixed CPANEL-46939: Stored XSS in Mailing List archives
  • Reporter: John Lightsey
  • Severity: 4.3 CVSS 3.1:AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
• Fixed CPANEL-49111: Arbitrary webmail account access possible for users missing ACL for feature.
• Fixed CPANEL-49116: Arbitrary file download possible for users missing ACL for filemanager feature.
• Fixed CPANEL-49670: Update YAML::Syck to 1.36 for CVE-2025-11683.
• Implemented CPANEL-48174: Optimize wptk api routes.

110.0.77

---

2025-09-25

• Fixed Case CPANEL-48812: Arbitrary webmail account access possible for users missing ACL for feature
  • Credit: MATETIC, Luka
  • Severity: 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
  • Note: The case was mis-labeled as CPANEL-46580 previously

110.0.76

---

2025-09-23

• Fixed CPANEL-49179: updateuserdomains was hiding preexisting users with reserved names.
• Fixed CPANEL-48405: Ensure that email headers containing SpamAssassin reports are properly escaped to comply with RFC 2047
  • Reporter: Chris Pirazzi
  • Score: 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

110.0.75

---

2025-09-17

• Fixed CPANEL-48317: Upgrade AWStats to 8.0.
• Fixed CPANEL-48960: Fix potential race condition in the cPanel Log and Bandwidth Processor daemon.
• Fixed CPANEL-49106: Update Cpanel::JSON::XS and JSON::XS to address CVE-2025-40929.
• Fixed CPANEL-49215: Bump rpm.versions for cpanel-geoipfree-data.

110.0.74

---

2025-09-10

• Fixed CPANEL-46582: Security Update: Add local sudoers group names to reserved username
  • Credit: Ionut Cernica
  • CVSS Score: 6.0 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

110.0.73

---

2025-09-09

• Fixed case CPANEL-48811: Security Update: Generic Unseen Parameters Discovery in resetpass.cgi

  • Blocked unauthenticated users from enabling debug mode via a query parameter in the URL.
  • Credit to reporter: adwin
  • CVSS Score: 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

• Fixed case CPANEL-49051: Update CGI::Simple to address CVE-2025-40927.

• Fixed Case CPANEL-48276: Personhood removals and Analytics Consent functionality based on Leika

110.0.71

---

2025-08-21

• Fixed CPANEL-48296: Update cpanel-sqlite to 3.50.3 for CVE-2025-6965.
• Fixed CPANEL-48744: WHM Notification that ConfigServer is shutting down.

110.0.70

---

2025-07-16

• Fixed CPANEL-48142: Update cpanel-php83 to 8.3.23 in etc/rpm.versions.

  • Fixed GHSA-hrwm-9436-5mv3 (pgsql extension does not check for errors during escaping). (CVE-2025-1735)
  • Fixed GHSA-453j-q27h-5p8x (NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace Prefix). (CVE-2025-6491)
  • Fixed GHSA-3cr5-j632-f35r (Null byte termination in hostnames). (CVE-2025-1220)

• Fixed CPANEL-48149: Bump rpm.versions for update to cpanel-git-2.48.2.

110.0.68

---

2025-06-12

• Fixed case CPANEL-47693: Add HTML Editor removal notice to WHM Notification center.

110.0.67

---

2025-06-10

• Fixed CPANEL-47735: The directory /usr/local/cpanel/whostmgr/addonfeatures/ was unintentionally removed in a previous commit. This update restores the directory to maintain expected file structure and prevent potential issues with dependent features. No additional changes were made beyond the restoration.

110.0.65

---

2025-06-10

• Fixed CPANEL-46906: Provide module to work with Leika data.
• Fixed CPANEL-47113: Block transfers of temp domains to servers that do not support it.
• Fixed CPANEL-47605: Remove "HTML Editor" from cPanel >> FileManager, as it relies on an EOL version of ckeditor which has known CVEs against it.
• Fixed CPANEL-47664: Update cpanel-file-find-rule to 0.35 to fix CVE-2011-10007.
• Fixed CPANEL-47693: Add a notice within the Feature Showcase about ckeditor removal.
• Implemented CPANEL-46909: Teach CpKeyClt about leika data.

110.0.62

---

2025-06-02

• Fixed case CPANEL-47587: Update Roundcube to 1.6.11 to fix CVE-2025-49113.

110.0.59

---

2025-05-01

• Fixed case CPANEL-46995: Update MixPanel Proxy usage.
• Fixed case DUCKS-2217: Modify Domain Creation Process for Sitejet.
• Fixed case RE-1425: Update EOL blocker message in upcp to reference ELevate where relevant.
• Fixed case RE-1477: Bump rpm.versions for cpanel-perl-536.

110.0.58

---

2025-04-13

• Fixed RE-1477: Update rpm.versions for cpanel-perl-536: CVE-2024-56406: Heap-buffer-overflow with tr//

110.0.57

---

2025-04-08

• Fixed case MOON-2951: Update in-app TypeForm Survey URL's.

110.0.55

---

2025-03-26

• Fixed case RE-1417: Update cpanel-exim to 4.98.1-2.cp108 for CVE-2025-30232.

110.0.54

---

2025-03-20

• Fixed case RE-1392: Update cpanel-php81 to 8.1.32 in etc/rpm.versions. (CVE-2025-1736, CVE-2025-1861, CVE-2025-1734, CVE-2025-1217, CVE-2025-1219, CVE-2024-11235)

110.0.53

---

2025-02-25

• Fixed CPANEL-46432: Teach the (deprecated) Sectigo AutoSSL provider to recognize certificates signed by an updated CA.

110.0.52

---

2025-02-24

• Fixed case RE-771: For the timezone cookie, set the "Secure" attribute to true.
• Fixed case RE-1071: Update cpanel-pdns to rely on system provided boost libraries and mark cpanel-boost* packages as obsolete in rpm.versions.
• Fixed case RE-1081: Update cpanel-exim to 4.98 for CVE-2025-26794.
• Fixed case RE-1166: Update ProFTPD to 1.3.8c.
• Fixed case RE-1192: Update cpanel-pigz to 2.4-2.cp108.
• Fixed case RE-1326: Update cpanel-exim to 4.98.1 in rpm.versions.

110.0.51

---

2025-01-15

• Fixed case RE-1030: Mark CloudLinux 6 as no longer supported.
• Fixed case RE-1035: Update AWStats to version 7.9.
• Fixed case RE-1037: Update cpanel-dovecot to 2.3.21.1 (CVE-2024-23184, CVE-2024-23185).
• Fixed case RE-1038: Update cpanel-mariadb-connector to 3.3.13.
• Fixed case RE-1038: Make cPanel depend on the Zstd library.
• Fixed case RE-1040: Update RRDtool to 1.9.0.
• Fixed case RE-1041: Upgrade SQLite to 3.47.2.

110.0.50

---

2024-12-10

• [SECURITY] - TSR-2024-0002

110.0.49

---

2024-11-25

• Fixed case RE-868: Fix an exception when shutting down socket connections in Cpanel::Server::Connection::SSL.
• Fixed case RE-985: Bump rpm.versions for PHP update.
• • (Single byte overread with convert.quoted-printable-decode filter). (CVE-2024-11233)
• • (Configuring a proxy in a stream context might allow for CRLF injection in URIs). (CVE-2024-11234)
• • (Integer overflow in the dblib quoter causing OOB writes). (CVE-2024-11236)
• • (Integer overflow in the firebird quoter causing OOB writes). (CVE-2024-11236)
• • (Leak partial content of the heap through heap buffer over-read). (CVE-2024-8929)
• • (OOB access in ldap_escape). (CVE-2024-8932)

110.0.48

---

2024-11-04

• Fixed case HB-7053: Script skips RoundCube’s “responses” table
• Fixed case RE-935: Guard against bad userdata in cpkeyclt
• Fixed case RE-888: Have license servers report domains breakdown
• Fixed case RE-927: Update Cpanel::JSON::XS to 4.38 to address CVE-2022-48623

110.0.47

---

2024-10-31

• Fixed case RE-919: Update cpanel-pure-ftpd to 1.0.52 which addresses CVE-2024-48208.

110.0.46

---

2024-10-24

• Fixed case RE-896: Fix corruption of home directory paths during quota cache handling introduced with TSR-2024-0001.
• Fixed case WPX-4516: Add a global exception handler the checkallsslcerts.

110.0.45

---

2024-10-17

• Fixed case HB-7939: Update cpanel-roundcubemail to v1.6.9.0.110-1.
• Fixed case RE-853: Update cpanel-php81 to v8.1.30, addresses the following CVEs: CVE-2024-9026, CVE-2024-8925, CVE-2024-8926, & CVE-2024-8927.

110.0.44

---

2024-10-15

• [Security] TSR-2024-0001
• Case RE-480 via TSR-503: Remove . from @INC for bin/cpanm.
• Case TSR-192, RE-778: Prevent an unlink() from running as root.
• Case RE-776 via TSR-562: Encoding issue in cPanel login_log.

110.0.42

---

2024-10-02

• Fixed case DUCKS-847: Sitejet will not throw 400 after Transfer Tool process.
• Fixed case HB-7761: Reject inbound mail with dangerous attachments

110.0.41

---

2024-09-21

• Fixed case MOONS-1817: Fix default webmail app routing when consent modal is shown.

110.0.40

---

2024-09-18

• Fixed case HB-7822: Bump rpm.versions for roundcube 1.6.8 update.
• Fixed case HB-7843: Added disallowed extension blacklist to ACL_SMTP_MIME.
• Fixed case HB-7901: Update Mailman for template-related language fix.
• Fixed case MOONS-1575: Collect consent/privacy settings of webmail users.
• Fixed case RE-360: New version of cpanel-pdns 4.9.1, but not for CentOS 6 variants.
• Fixed case RE-677: Update cpanel-dovecot to 2.3.21-1cp108.
• Fixed case RE-742: Update scripts/migrate-pdns-conf to remove or rename config keys changed since the last update of the PowerDNS package.
• Fixed case WPX-4225: When building a CA Bundle from the CA Issuer URI chain, don't stop at the first self-signed cert encountered in a P7C bundle.
• Implemented case QUACKEN-359: Update French translations focusing on Sitejet.
• Implemented case QUACKEN-359: Angular apps and plugin localization.

110.0.39

---

2024-08-15

• Fixed case HB-7822: Update Roundcube to 1.6.8 to address CVE’s (CVE-2024-42008, CVE-2024-42009, CVE-2024-42010)

110.0.38

---

2024-08-06

• Fixed case RE-414: Added the ability to read DMI tables on systems running SMBIOS v3.
• Fixed case RE-471: Improve criteria for detecting cgroup containers.
• Fixed case RE-563: Update cpanel-exim to 4.96.2-3.cp108 (patches for CVE-2024-39929).
• Fixed case RT-770: Fixed to be able to locate the binary for named-checkzone for the latest version of bind9-utils on Ubuntu 20.
• Fixed case WPX-3868: Add wp-toolkit to Cpanel::Binaries.

110.0.36

---

2024-07-01

• Fixed case RE-365: Install ELS on eligible OSs that are licensed for ELS.

110.0.35

---

2024-06-25

• Fixed case CPANEL-45617: Avoid "Service SSL Certificate Expires Soon" notification by renewing hostname certificates at the 30 day mark.
• Fixed case RE-370: Update EOL banner to inform about ELS on supported servers.
• Fixed case RE-422: Update cpanel-php81 to v8.1.29.

110.0.34

---

2024-06-11

• Fixed case CPANEL-35830: Provide specific per-domain error messages when there is a failure to insert new records in a DNS zone such as during AutoSSL DNS DCV.
• Fixed case BOO-3552: Fix restorepkg database map error
• Fixed case PH-20642: Fix Account Preferences and report Webmail Home app_keys
• Fixed case RE-331: cpanel-system-python27 fails check_cpanel_pkgs on Ubuntu.
• Fixed case CPANEL-43514: Update cpanel-roundcubemail package to 1.6.0.20-1.
• Fixed case CPANEL-44152: Force SQLite Roundcube conversion on MySQL 5.6 or Maria 10.0.
• Fixed case PH-20726: Decrease the complexity of the cPanel & WHM Mixpanel instrumentation distribution strategy.
• Fixed case PH-20732: Add account age attribute to Retently embed meta data.
• Fixed case PH-20735: Emit analyticsInstanceLoaded event when mixpanel instance is initialized.
• Fixed case PH-20737: Add proper prefix to Retently data properties.
• Fixed case RE-351: Update Terms/Policy.
• Fixed case BOO-4120: Fix plugin component loading for jupiter interfaces.
• Implemented case HB-7610: Optimize a particularuse case involving MySQL roundcube backends when SQLite databases exist for some users.
• Case CPANEL-44214: Type-tiny brings in Types::Common and it’s dependencies.

110.0.33

---

2024-05-20

• Fixed case CPANEL-44088: Update cpanel-php81 to 8.1.28-1.cp110.
• Fixed case DUCK-10018: Add support for plugins to provide localized strings to the product.
• Fixed case DUCK-10195: Add component injection points to cPanel, Webmail and WHM.
• Fixed case DUCK-10462: Fix some of component framework bugs.
• Fixed case HB-6807: Add an advisory/warning to transfer tool about what happens with CalDAV/CardDAV data from v120 when xferring to versions lower than 120.

110.0.31

---

2024-04-23

• Fixed case RE-309: Switch EOL in CL6/C7 banner for 110 to July 31.

110.0.30

---

2024-04-19

• Fixed case CPANEL-42459: Fixed subdomain restoration when the primary domain is parked under a subdomain.
• Fixed case WPX-3234: Only load the Analytics template plugin when the cpanel-analytics pkg is installed.

110.0.28

---

2024-04-18

• Fixed case PH-20722: Backport Retently support into v110.
• Fixed case WPX-3047: Package extensions apply null value to new accounts.

110.0.27

---

2024-04-15

• Fixed case BC-6571: Enable elevation from CloudLinux 7 to CloudLinux 8.
• Fixed case CPANEL-43066: Updated domain-management link on SSL/TLS page.
• Fixed case DUCK-10270: Show Sitejet in the 110 cPanel Welcome Modal.
• Fixed case DUCK-10303: Add mixpanel tracking to feature showcase action items.
• Fixed case EK-43: Convert checkallsslcerts to use Let's Encrypt for hostname certificates.
• Fixed case RE-202: Fixed the update mechanism for the elevate-cpanel script so it only updates when needed.
• Fixed case WPX-3127: get_users_features_settings warns on unknown features.

110.0.24

---

2024-02-29

• Fixed case CPANEL-43832: Update to cpanel-clamav-0.104.4.2-4.
• Fixed case WPX-2369: Prevent transfers for cPanel accounts to WP2 and vice-versa.

110.0.23

---

2024-02-19

• Fixed case RE-156: Ensure that ea_install_profile fails on failing dnf transactions.

110.0.20

---

2024-01-16

• Fixed cases BOO-2730,DUCK-9601: Add initial support for the cPanel Jupiter left menu to be extended by plugins.
• Fixed case BOO-3472: Implement the ability to install the Site Quality Monitoring plugin.
• Fixed case CPANEL-43573: Update cpanel-php8 to 8.1.26-1.cp110.
• Fixed case CPANEL-43579: Update cpanel-phppgadmin to 7.13.0-2.cp110.
• Fixed case CPANEL-43665: Update cpanel-geoipfree-data to 110.0-2.cp110.
• Fixed case CPANEL-43672: Import 2024 MySQL repo signing key on v110.
• Fixed case CPANEL-43701: Convert legal documents to embedded PDFs.
• Fixed case CPANEL-43715: Update legal agreements to use new PDF documents.
• Fixed case DUCK-9601: Make maintenance script install Sitejet plugin.

110.0.17

---

2023-12-07

• Fixed case CPANEL-40343: Enable chunking for apt based Cpanel::PackMan commands.
• Fixed case CPANEL-42432: Fixed 'View SSL Certificate' on cPanel's Dynamic DNS interface.
• Fixed case CPANEL-43003: Make configurable the default state of the "Share document root" box on the "Create a New Domain" page in cPanel.
• Fixed case CPANEL-43124: Fix JSON parsing error when handling nftables output.
• Fixed case CPANEL-43270: Add hook points for Domain::addsubdomain and Domain::delsubdomain.
• Fixed case CPANEL-43408: Fixed Transfer Tool hooks not returning data when Live Transfer is enabled.
• Fixed case CPANEL-43487: Update cpanel-php81 to 8.1.25-1.cp110.
• Fixed case CPANEL-43493: Update cpanel-ckeditor to 4.22.1-1.cp108.
• Fixed case CPANEL-43496: Update cpanel-git to 2.42.0-1.cp108.
• [security] Fixed case CPANEL-43497: Update cpanel-php-composer to 2.6.5-1.cp110.
• Fixed case CPANEL-43499: Update cpanel-sqlite to 3.44.0-1.cp108.
• [security] Fixed case SEC-680: Update cpanel-perl-536 to 5.36.0-4.cp108.

110.0.15

---

2023-11-13

• [security] Fixed case SEC-675: Encoding issue in cPanel access_log.
• [security] Fixed case SEC-677: Update cpanel-roundcubemail to 1.6.0.19-3.cp110.

110.0.14

---

2023-10-27

• [security] Fixed case CPANEL-43459: Update cpanel-roundcubemail to 1.6.0.19-2.cp110.

110.0.13

---

2023-10-18

• [security] Fixed case CPANEL-43422: Update cpanel-exim to 4.96.2-1.cp108.

110.0.12

---

2023-10-03

• [security] Fixed case CPANEL-43374: Update cpanel-exim to 4.96.1-2.cp108.
• [security] Fixed case CPANEL-43378: Update cpanel-libspf2 to 1.2.11-2.cp108.

110.0.11

---

2023-10-02

• Fixed case CPANEL-41776: Update cpanel-roundcubemail to 1.6.0.17-1.cp110.
• Fixed case CPANEL-42495: Allow the selection of table elements on the Domains interface.
• Fixed case CPANEL-43173: Fix bug where horde export task would only ever export for one user.

110.0.10

---

2023-08-21

• Fixed case CPANEL-40545: Security Advisor: Identify Imunify360 as brute force and SMTP protection.
• Fixed case CPANEL-41423: Fixed bug in EasyApache 4 when the system locale is not set to US English.
• Fixed case CPANEL-42225: Update cpanel-perl-536 to 5.36.0-3.cp108.
• Fixed case CPANEL-42759: Update cpanel-dnspython to 1.12.0-4.cp108.
• Fixed case ZC-11029: Ensure USER_ID is set in all vhosts when it is enabled.

110.0.9

---

2023-07-31

• Fixed case CPANEL-42509: Fix bug in horde ICS exporter where events recorded in the Horde DB with a bogus DTSTART/DTEND of JAN 1 0AD 00:00:00 were not discarded.
• Fixed case CPANEL-42515: Remove vestigial cpsrvd code relating to horde cookies.
• Fixed case CPANEL-42758: Change default fstab entries for disks added by securetmp to be ext4 instead of ext3.
• Fixed case CPANEL-42998: Update cpanel-roundcubemail to 1.6.0.14-1.cp110.
• Fixed case CPANEL-43005: Anticipate support for ELevate on CloudLinux 7 in user-visible text.
• Fixed case CPANEL-43012: Fix NFTables to clean out all linked chains when old and/or incorrect firewall rules are in place.

110.0.8

---

2023-07-13

• Fixed case CPANEL-42943: Ensure cPanel can update from 102 to 110 or report the correct error if it fails due to a child node needing an update.
• Fixed case CPANEL-42947: Update cpanel-roundcubemail to 1.6.0.13-1.cp110.

110.0.7

---

2023-05-30

• Fixed case CPANEL-39343: Add provision in outdated service check to suggest reboot instead of dying when systemd-libs updates trigger redhat bug #2122587.
• Fixed case CPANEL-40268: Have get/set NVData calls validate defaultdir.
• Fixed case CPANEL-42620: Fixed error produced when unsetting the quota while removing an FTP user.
• Fixed case CPANEL-42711: Have packman-apt indicate whether virtual packages are installed or not.
• Fixed case CPANEL-42717: Update cpanel-pdns to 4.7.3-1.cp110.
• Fixed case CPANEL-42793: Ensure user's are able to convert roundcube from mysql to sqlite.
• Fixed case CPANEL-42798: Fix bug in Roundcube schema where only one response was possible due to a UNIQUE constraint on the ix_responses_user_id index.
• Fixed case CPANEL-42800: Update cpanel-phpmyadmin to 5.2.1-4.cp110.
• Fixed case CPANEL-42836: Update cpanel-git to 2.40.1-1.cp108.
• Fixed case PH-18848: Update German translations.
• Fixed case PH-19466: Implement new Spanish translations.
• Fixed case PH-19829: Update Japanese and restore JA as a supported locale.

110.0.6

---

2023-05-22

• [security] Fixed case APPSEC-52: HTTP request smuggling vulnerability in cpsrvd.
• [security] Fixed case SEC-672: Authenticated RCE for webmail virtual accounts.
• [security] Fixed case SEC-673: XSS vulnerability on 'Repair a MySQL Database' page in WHM.

110.0.5

---

2023-04-27

• Fixed case HB-6753: Fix bug where update-roundcube-sqlite-db would exit early on update instead of updating as was necessary.

110.0.4

---

2023-04-26

• Fixed case CPANEL-42082: Update cpanel-phpmyadmin to 5.2.1-3.cp110.
• Fixed case CPANEL-42700: Update cpanel-php81 to 8.1.16-2.cp110.
• Fixed case CPANEL-42752: Update cpanel-roundcubemail to 1.6.0.10-1.cp110.
• Fixed case CPANEL-42756: Fix bug in update-roundcube-db where roundcube-version was outdated but otherwise up to date on all schema other than missing a 'responses' table.

110.0.3

---

2023-04-20

• Fixed case CPANEL-42527: Don't show elevation related messaging in c7 EOL banner in WHM when /var/cpanel/elevate-noc-recommendations exists.
• Fixed case CPANEL-42639: Revert "Don't URI decode arguments when not necessary.".
• Fixed case CPANEL-42660: Support Imunify360 on Rocky Linux 8.
• Fixed case CPANEL-42697: Update cpanel-roundcubemail to 1.6.0.9-1.cp110 in rpm.versions.
• Fixed case CPANEL-42697: Refactor update-roundcube-db in order to help fix bugs where schemas would not properly apply.
• Fixed case CPANEL-42722: Add touch file to allow users to force older kernel option when creating a socket.
• Fixed case HB-6674: Fix bugs related to MySQL roundcube and horde import.
• Implemented case CPANEL-42648: Silence ELevate assessor when the recommendations file is present on the system.

110.0.2

---

2023-04-05

• Fixed case CPANEL-42666: Ensure cpsrvd can start on VZ systems with C6 kernels.

110.0.1

---

2023-03-27

• Fixed case CPANEL-41425: Don't run create-swap on Virtuozzo systems.
• Fixed case CPANEL-42400: Fixed IPv6 request resolution from cpsrvd.
• Fixed case CPANEL-42402: Mask hidden types when saving Exim configuration.
• Fixed case CPANEL-42445: Only allow horde banner to be dismissed by clicking .
• Fixed case CPANEL-42447: Disallow spaces in ssl_cipher_list values.
• Fixed case CPANEL-42455: Ensure that the proper permissions (0751) are set for /var/lib/mysql on Ubuntu.
• Fixed case CPANEL-42481: Updated URL regex to check URLs and only allow http[s] schemes.
• Fixed case CPANEL-42489: Don't URI decoded apitool arguments when not necessary.
• Fixed case CPANEL-42538: Fix substr outside of string error in export_horde_calendar_to_ics.
• Fixed case CPANEL-42580: Update cpanel-phpmyadmin to 5.2.1-2.cp110.
• Fixed case HB-6681: Update cpanel-roundcubemail to 1.6.0.7-1.cp110.

110.0.0

---

2023-03-08

• Fixed case CPANEL-40000: Have maintenance script schedule checkallsslcerts for random time in the next 18 hours instead of running it immediately.
• Fixed case CPANEL-40000: Avoid sending hostname ssl notifications when the allow-retry option is enabled.
• Fixed case CPANEL-42424: Fix bug where we were too specific about directory permissions in horde ics/vcf exporter scripts.

109.9999.119

---

2023-03-02

• Fixed case CPANEL-42420: Fix bug in horde export script when description fields for events contain excessive spaces to begin a line.
• Fixed case CPANEL-42450: Update cpanel-roundcubemail to 1.6.0.3-1.cp110.
• Fixed case EA-11258: Restore functionality of ModSecurity Tools Hits List when latest version of ea-apche24-mod_security2 is installed.

109.9999.116

---

2023-02-27

• Fixed case CPANEL-42441: Sign forwarded messages processed through SRS with DKIM.
• [security] Fixed case SEC-668: Strengthen filter which checks for invalid webmail forwarders.
• [security] Fixed case SEC-669: Escape the error message displayed by cpsrvd to prevent cross-site scripting.

109.9999.113

---

2023-02-23

• Fixed case CPANEL-41131: Cease asking for confirmation on saving of files in the ACE editor.
• Fixed case CPANEL-42372: Ignore deleted root forwarding addresses when migrating to Jupiter.
• Fixed case CPANEL-42373: Remove blank lines in an account's shadow file while suspending an account.
• Fixed case CPANEL-42387: Update cpanel-php81 to 8.1.16-1.cp110.
• Fixed case CPANEL-42410: Update cpanel-clamav to 0.104.4.2-3.cp108 (includes changes for CPANEL-40969).
• Fixed case CPANEL-42412: Enable Process Manager in WHM navigation menu.
• Fixed case CPANEL-42417: Revert "Update backups metadata code to avoid calling gzip directly".

109.9999.107

---

2023-02-15

• Fixed case ART-2476: IPv6 support for WHM API token authentication whitelist.
• Fixed case BOO-1923: Fixed an issue where some unicode inputs on the Edit Sql Configuration form would incorrectly be flagged as non-printable characters.
• Fixed case BOO-1952: Holding increment and decrement buttons on the Edit SQL Configuration page will now continuously adjust values.
• Fixed case BOO-1976: Updated the sql mode form field to a textarea for a better UX on the Edit SQL Configuration page.
• Fixed case BOO-1979: Fixed an issue where a user could save an empty change set when using Edit SQL Config interface.
• Fixed case BOO-2201: Improved UX by stabilizing the order in which form fields are displayed on the Edit SQL Configuration page.
• Fixed case BOO-2221: Improved UX when using the Edit SQL Configuration page and adjusting integer values.
• Fixed case BOO-2235: Update MySQL profile creation for local connections.
• Fixed case BOO-2260: Add a new Security Advisor check for EOL database versions.
• Fixed case BOO-2264: Make MariaDB 10.6 the recommended version for MariaDB upgrades.
• Fixed case BOO-2266: Fixed a page inconsistency in firefox on the Edit SQL Configuration page.
• Fixed case BOO-2272: Fixed mobile responsiveness on the Edit SQL Configuration page.
• Fixed case BWG-3516: Improve post_snapshot mmpass generation reliability.
• Fixed case BWG-3537: Add more DNSSEC algorithm and digest types for WHM DNS Zone Manager.
• Fixed case BWG-3590: Fix Apache and Dovecot service startup failure under some circumstances in the post_snapshot script.
• Fixed case BWG-3680: Prevent unexpected service restarts in snapshot_prep and post_snapshot.
• Fixed case BWG-3785: Update PowerDNS to 4.7.2.
• Fixed case COBRA-13810: Remove deprecated domains interfaces cruft files.
• Fixed case COBRA-13930: Create remote-storage APIs.
• Fixed case COBRA-14006: Create 'cluster setup steps' interface for cPanel Cloud Edition.
• Fixed case COBRA-14071: Permanently remove unauthenticated contact-email updates.
• Fixed case COBRA-14088: Add “WEB_REPLICAS” to account packages.
• Fixed case COBRA-14092: Add web-replicas to the Add/Edit Package UIs.
• Fixed case CPANEL-40392: Changed to also stop syslog.socket (Ubuntu only).
• Fixed case CPANEL-40434: Skip intermediate versions when installing or upgrading MariaDB.
• Fixed case CPANEL-40487: Updated tweak setting description for purging users' File Manager Trash.
• Fixed case CPANEL-41137: Update angular libaries.
• Fixed case CPANEL-41191: Ignore non-fatal "Tried to add None" yum error when running find_outdated_services during upcp.
• Fixed case CPANEL-41380: Specify Passphrase: explictly to gpg.
• Fixed case CPANEL-41407: Don't display disk usage percentage when quota is unlimited for email users.
• Fixed case CPANEL-41440: Ensure “Add or Remove Recognized IP Addresses” interface under “WHM > Security Questions“ is able to sort both IPv4 and IPv6 addresses.
• Fixed case CPANEL-41487: Update cpanel-geoipfree-data to version 110.0.
• Fixed case CPANEL-41489: Fix visual anomalies in ClamAV and Munin plugin icons.
• Fixed case CPANEL-41539: Update mysql community repo packages.
• Fixed case CPANEL-41555: Avoid warnings from bin/set_hostname.
• Fixed case CPANEL-41685: Use python2 from cpanel-system-python27.
• Fixed case CPANEL-41732: Add and start using EA is_installed helper.
• Fixed case CPANEL-41741: Update cpanel-unbound to version 1.17.0.
• Fixed case CPANEL-41782: MySQL transfers: send periodic WS pongs to preserve TCP stream.
• Fixed case CPANEL-41788: Disable RPM::Versions hooks during first installation.
• Fixed case CPANEL-41792: Use the table cpanel for all nft rules injected by cPanel.
• Fixed case CPANEL-41819: Fix UI bug checkbox placement.
• Fixed case CPANEL-41823: Remove further cruft from subdomain and alias domain interfaces and update links in email accounts interface.
• Fixed case CPANEL-41824: Fix bug preventing WPT API calls with token auth.
• Fixed case CPANEL-41850: Restore implicit submit in WHM's account creation form.
• Fixed case CPANEL-41868: Ensure WHM header loads when server hostname is not a FQDN.
• Fixed case CPANEL-41872: Prepare “scripts/fixquotas” for AlmaLinux 9 support.
• Fixed case CPANEL-41943: Update cpanel-exim to 4.96-8.cp108.
• Fixed case CPANEL-41951: Fix bug in SecurityAdvisor where it would incorrectly warn about LiteSpeed issues when LiteSpeed was not even installed.
• Fixed case CPANEL-41958: Fixed unintended behaviour when using long press feature to increment or decrement values on the edit sql configuration page.
• Fixed case CPANEL-41963: No longer require postgresql 9.6 to install CCS server.
• Fixed case CPANEL-42056: Fixed host DKIM setup during install; error messages about refresh_dkim_validity_cache having invalid arguments no longer appear in the log after installation.
• Fixed case CPANEL-42119: Fix alignment of “phantom” clickable elements in modifyacct.
• Fixed case CPANEL-42151: Allow email accounts to be specified with the generate_mobileconfig WHMAPI call.
• Fixed case CPANEL-42153: Fix modifyacct when renaming without the upgrade-account ACL.
• Fixed case CPANEL-42163: Tolerate “missing” checkboxes in createacct.js.
• Fixed case CPANEL-42178: Use distro openssl on CL8.
• Fixed case CPANEL-42241: Update cpanel-roundcubemail to 1.6.0.2-2.cp110.
• Fixed case CPANEL-42269: Update cpanel-git to 2.38.3-1.cp108.
• Fixed case CPANEL-42276: Fix alignment of assorted dropdown menus.
• Fixed case CPANEL-42294: Fix footer on package deletion page in WHM.
• Fixed case CPANEL-42329: Ensure DNSSEC key backups work with incremental backups enabled.
• Fixed case CPANEL-42334: Fixed a spacing issue occurring in Exim's Basic Editor after clicking save.
• Fixed case CPANEL-42338: Ensure external and relative URLs work for WHM notifications.
• Fixed case CPANEL-42362: Prevent ELevate upgrade message from displaying on CloudLinux 7.
• Fixed case CPANEL-42380: Allow installation of “cpanel-dpkg” development package.
• Fixed case CPANEL-42385: Update cpanel-phpmyadmin to 5.2.1-1.cp110.
• Fixed case CPANEL-42393: Correct update blocker error handling related to nodes.
• Fixed case DUCK-7609: Call has_feature() to check if license has Team Manager feature enabled.
• Fixed case HB-6622: Horde calendar events aren't migrated to Roundcube on upgrade.
• Fixed case HB-6642: Fix bug in RoundCube schema updates.
• Fixed case PH-17296: Remove API used only by Paper Lantern theme.
• Fixed case PH-17544: Remove Paper Lantern support from locale generation.
• Fixed case PH-17594: Remove references of styled from cPanel & WHM.
• Fixed case PH-18817: Update transfer tool to validate theme setting.
• Fixed case PH-18929: Remove uses of DEFWEBMAILTHEME.
• Fixed case PH-18950: Deprecate the UAPI Themes::get_theme_base function.
• Fixed case PH-19002: Remove Paper Lantern from cPanel and WHM.
• Fixed case PH-19037: Update angular workspaces with latest versions of the dependencies.
• Fixed case PH-19039: Ensure the user and package migrations runs during upcp to v110.
• Fixed case PH-19053: Remove references of Paper Lantern.
• Fixed case PH-19117: remove brand and style routing from cpanel.
• Fixed case PH-19279: Fix an uninitialized value message from lt command.
• Fixed case PH-19345: Create Account default limit bug.
• Implemented case CPANEL-42288: Notify administrators who may need to change custom Exim configurations in order to continue to support SRS.