118 Change Log
Last modified: December 10, 2024
118.0.30
2024-12-10
- [SECURITY] - TSR-2024-0002
118.0.29
2024-11-25
- Fixed case DUCKS-1455: Include agent360 in reserved usernames list.
- Fixed case RE-744: Bump rpm.versions for cpanel-munin.
- Fixed case RE-770: Silence some warnings about undef vars in roundcube error logs when adding All Day events in the calendar view.
- Fixed case RE-868: Fix an exception when shutting down socket connections in Cpanel::Server::Connection::SSL.
- Fixed case RE-986: Bump rpm.versions for cpanel-php 8.3.14.
-
- (Single byte overread with convert.quoted-printable-decode filter). (CVE-2024-11233)
-
- (Configuring a proxy in a stream context might allow for CRLF injection in URIs). (CVE-2024-11234)
-
- (Integer overflow in the dblib quoter causing OOB writes). (CVE-2024-11236)
-
- (Integer overflow in the firebird quoter causing OOB writes). (CVE-2024-11236)
-
- (Leak partial content of the heap through heap buffer over-read). (CVE-2024-8929)
-
- (OOB access in ldap_escape). (CVE-2024-8932)
118.0.25
2024-11-04
- Fixed case HB-7053: Script skips RoundCube’s “responses” table
- Fixed case RE-935: Guard against bad userdata in cpkeyclt
- Fixed case RE-888: Have license servers report domains breakdown
- Fixed case RE-927: Update Cpanel::JSON::XS to 4.38 to address CVE-2022-48623
- Fixed case RE-884: Optimize get_account_function in UIAnalytics template plugin.
118.0.24
2024-10-31
- Fixed case RE-884: Optimize load of Koality cpanel template plugin.
- Fixed case RE-913: Update cpanel-php83 to v8.3.13.
- Fixed case RE-919: Update cpanel-pure-ftpd to 1.0.52 which addresses CVE-2024-48208.
- Fixed case WPX-2863: Setup CageFS configuration for cPanel when cagefs is enabled.
118.0.23
2024-10-28
- Fixed case DUCKS-930: Enable the cpanel-monitoring-plugin for WHM.
- Fixed case RE-769: Assure Imunify360/AVPlus install happens exclusively.
118.0.22
2024-10-24
- Fixed case RE-819: Remove "additional-from-cache" line from BIND config for BIND versions 9.16 and above.
- Fixed case RE-883: Update cpanel-pdns to 4.9.2.
- Fixed case RE-896: Fix corruption of home directory paths during quota cache handling introduced with TSR-2024-0001.
- Fixed case WPX-4516: Add a global exception handler the checkallsslcerts.
118.0.21
2024-10-17
- Fixed case HB-7826: Ignore ManualMX changes when mail is hosted on remote exchange.
- Fixed case HB-7938: Update cpanel-roundcubemail to 1.6.9.0.118-1.
- Fixed RE-819: Remove "additional-from-cache" line from BIND config for BIND versions 9.16 and above.
- Fixed case RE-726: Fixed the "SSH Password Authorization Tweak" for cases where the sshd configuration file has an include directory.
- Fixed case RE-848: Update cpanel-php83 to v8.3.12 which addresses: CVE-2024-9026, CVE-2024-8925, CVE-2024-8926, & CVE-2024-8927.
- Fixed case RE-873: Update cpanel-unbound to 1.21.1-1.cp110 (fixes CVE-2024-8508).
118.0.20
2024-10-15
- [Security] TSR-2024-0001
- Case RE-480 via TSR-503: Remove . from @INC for bin/cpanm.
- Case TSR-192, RE-778: Prevent an unlink() from running as root.
- Case RE-776 via TSR-562: Encoding issue in cPanel login_log.
- Case TSR-417: Information disclosure issue via login page caching.
118.0.18
2024-09-30
- Fixed case DUCKS-847: Sitejet will not throw 400 after Transfer Tool process.
- Fixed case RE-683: Provide API calls to facilitate account transfers with 2FA enabled.
- Fixed case RE-794: Update cpanel-php-sourceguardian to 15.0.2.
- Fixed case HB-7761: Reject inbound mail with dangerous attachments
118.0.17
2024-09-21
- Fixed case MOONS-1756: Upon cPanel user login, collect consent and privacy settings if they do not exist.
- Fixed case MOONS-1801: Fix default webmail app routing when consent modal is shown.
118.0.16
2024-09-17
- Fixed case CPANEL-45860: Stop requiring iptables package to be installed on RHEL9 variants.
- Fixed case DUCKS-69: Install the cpanel-plugin-monitoring-campaigns.
- Fixed case HB-7843: Added disallowed extension blacklist to ACL_SMTP_MIME.
- Fixed case HB-7902: Update Mailman for template-related language fix.
- Fixed case MOONS-1583: Upon webmail user login, collect consent privacy settings if they do not exist.
- Fixed case QUACKEN-14: Add hooks for Server Profile changes.
- Fixed case RE-595: Update phpPgAdmin to 7.13.0-3.cp110 to patch a PHP 8 compatibility issue.
- Fixed case RE-596: Fixed to be able to locate the binary for named-checkzone for the latest version of bind9-utils on Ubuntu 20.
- Fixed case RE-610: Update cpanel-php83 to v8.3.10.
- Fixed case RE-612: Updated cpanel-geoipfree-data with data version 20240806.
- Fixed case RE-624: Switch to cpanel-php83 for use in whm and cpanel interfaces.
- Fixed case RE-635: Prevent 3rdparty installs from cPanel locking when they try to install things.
- Fixed case RE-671: Updated cpanel-unbound to 1.21.0.
- Fixed case RE-677: Update cpanel-dovecot to 2.3.21-1cp108.
- Fixed case RE-740: Update cpanel-roundcubemail to 1.6.8.1.118-1.cp118.
- Fixed case RE-742: Update scripts/migrate-pdns-conf to remove or rename config keys changed since the last update of the PowerDNS package.
- Fixed case WPX-4225: When building a CA Bundle from the CA Issuer URI chain, don't stop at the first self-signed cert encountered in a P7C bundle.
- Implemented case QUACKEN-359: Angular apps and plugin localization.
- Implemented case QUACKEN-359: Update French translations focusing on Sitejet.
118.0.15
2024-08-15
- Fixed case HB-7824: Update Roundcube to 1.6.8 to address CVE’s (CVE-2024-42008, CVE-2024-42009, CVE-2024-42010)
118.0.14
2024-08-07
- Fixed case CPANEL-45624: Update roundcube to 1.6.6.1.118-1.cp118 in rpm.versions.
- Fixed case DUCK-10687: Prevent warnings with TT Plugin Whostmgr::is_server_analytics_enabled.
- Fixed case RE-366: Update cpanel-unbound to 1.20.0-1.cp110.
- Fixed case RE-414: Added the ability to read DMI tables on systems running SMBIOS v3.
- Fixed case RE-471: Improve criteria for detecting cgroup containers.
- Fixed case RE-563: Update cpanel-exim to 4.96.2-3.cp108 (patches for CVE-2024-39929).
118.0.13
2024-06-26
- Fixed case CPANEL-35830: Provide specific per-domain error messages when there is a failure to insert new records in a DNS zone such as during AutoSSL DNS DCV.
- Fixed case CPANEL-44152: Force SQLite Roundcube conversion on MySQL 5.6 or Maria 10.0.
- Fixed case CPANEL-44164: Add dbus-broker to the ignore list for find_outdated_services.
- Fixed case CPANEL-44216: Remove default public grants on MariaDB 10.11.
- Fixed case CPANEL-45617: Avoid "Service SSL Certificate Expires Soon" notification by renewing hostname certificates at the 30 day mark.
- Fixed case PH-20740: Add proper prefix to Retently data properties.
- Fixed case RE-351: Update Terms/Policy for ELS.
- Fixed case RE-351: Bump angular-ng packages version in rpm.versions.
- Fixed case RE-422: Update cpanel-php81 to v8.1.29.
- Fixed case ZC-11573: Have EA4 API/UI prefer cPanel profiles if they exist.
- Fixed case ZC-11669: Performance improvement for package listing on apt systems.
- Fixed case CPANEL-44214: Add Types::Common and dependencies
- Implemented case HB-7610: Optimize a particular use case involving MySQL roundcube backends when SQLite databases exist for some users.
118.0.12
2024-06-05
- Fixed case HB-7596: Fix version check for CalDAV/CardDAV 120->118 transfer warning.
- Fixed case PH-20726: Decrease the complexity of the cPanel & WHM Mixpanel instrumentation distribution strategy.
- Fixed case PH-20732: Add account age attribute to Retently embed meta data.
- Fixed case PH-20735: Emit analyticsInstanceLoaded event when mixpanel instance is initialized.
118.0.11
2024-05-16
- Fixed case CPANEL-44045: Fix incorrect content for cpsess0/scripts/authorizesupport page.
- Fixed case CPANEL-44088: Update cpanel-php81 to 8.1.28-1.cp110.
- Fixed case DUCK-10018: Add support for plugins to provide localized strings to the product.
- Fixed case DUCK-10195: Add component injection points to cPanel, Webmail and WHM.
- Fixed case DUCK-10462: Fix some of component framework bugs.
- Fixed case HB-6807: Add an advisory/warning to transfer tool about what happens with CalDAV/CardDAV data from v120 when xferring to versions lower than 120.
118.0.8
2024-04-19
- Fixed case CPANEL-42459: Fixed subdomain restoration when the primary domain is parked under a subdomain.
- Fixed case CPANEL-43944: Fix database quotas for Postgres on alma/rocky 9.
- Fixed case WPX-3234: Only load the Analytics template plugin when the cpanel-analytics pkg is installed.
118.0.6
2024-04-18
- Fixed case CPANEL-43964: Teach find_outdated_services to ignore CL spacewalk errors.
- Fixed case PH-20722: Backport Retently in-app embed tags in WHM to 118.
- Fixed case WPX-3047: Package extensions apply null value to new accounts
118.0.5
2024-04-17
- Fixed case CPANEL-41383: Don't report warnings for domains covered by wildcards.
- Fixed case CPANEL-43819: Ensure an ACME account is created after the Let's Encrypt plugin is installed, regardless of the AutoSSL provider being enabled.
- Fixed case CPANEL-43922: Do not block upgrades to 118 if the openssl rpm is not installed.
- Fixed case DUCK-10303: Add mixpanel tracking to feature showcase action items.
- Fixed case WPX-3127: get_users_features_settings warns on unknown features.
118.0.4
2024-03-04
- Fixed case BC-6660: Update to cpanel-unbound-1.19.1-1.
- Fixed case BC-6662: Update to git-2.43.2.
- Fixed case CPANEL-43874: Removed experimental tag from Ubuntu 22 in 118.
- Fixed case RE-202: Fixed the update mechanism for the elevate-cpanel script so it only updates when needed.
- Fixed case ZC-11443: Correct installer support for 9 based Jetbackup installs.
118.0.2
2024-02-27
- Fixed case CPANEL-43826: New upstream release clamav-1.0.5.
- Fixed case CPANEL-43873: Fix bug in writing zones when DNS server is set to disabled.
- Fixed case WPX-2369: Prevent transfers for cPanel accounts to WP2 and vice-versa.
118.0.1
2024-02-15
- Fixed case CPANEL-40334: Fix exception in the Kernel assessor of the Security Advisor when using non-English locale.
- Fixed case CPANEL-43591: Instruct NetworkManager not to overwrite DNS resolver configuration, if needed.
- Fixed case CPANEL-43608: Fix display of EasyApache 4 packages in WHM when colorization is forcibly enabled for DNF.
- Fixed case DUCK-9900: Fix create email_account issue as team_user.
- Fixed case RE-156: Ensure that ea_install_profile fails on failing dnf transactions.
117.9999.78
2024-01-18
- [security] Fixed case APPSEC-69: Encoding issue in cPanel access_log.
- Fixed case BOO-2504: Mark MySQL 5.7 and MariaDB 10.3 as EOL.
- Fixed case BOO-2517: Import 2024 MySQL repo signing key.
- Fixed case BOO-2730: Add support for the cPanel Jupiter left menu to be extended by plugins.
- Fixed case BOO-2781: Support MariaDB on Ubuntu.
- Fixed case BOO-2911: Remove the disabling feature flag for site quality monitoring install.
- Fixed case BOO-2911: New locale strings for Site Quality Monitoring plugin.
- Fixed case CPANEL-39270: Add a News link to the WHM footer.
- Fixed case CPANEL-40221: Automatically prefix http:// protocol to URLs set in WHM >> Customization >> Public Contact when it is not present.
- Fixed case CPANEL-40343: Enable chunking for apt based Cpanel::PackMan commands.
- Fixed case CPANEL-40343: Changed to better handle Proc::FastSpawn errors.
- Fixed case CPANEL-40343: Enable chunking for apt based Cpanel::PackMan commands.
- Fixed case CPANEL-41154: update-packages will now contact if there was a failure during the update.
- Fixed case CPANEL-42395: Participate_in_analytics API call returns 0 and error message incorrectly.
- Fixed case CPANEL-42451: Removed bind reloading messages.
- Fixed case CPANEL-42459: Changed to check that subdomain has proper main domain.
- Fixed case CPANEL-42463: Don't disable custom RBLs when saving basic exim config.
- Fixed case CPANEL-42605: Ensure openldap-compat install is installed on Rocky/AlmaLinux 9.
- Fixed case CPANEL-42712: Allow WHM's graceful reboot interface to detect a completed reboot.
- Fixed case CPANEL-42833: Remove cpanalyticsd as a service managed by cPanel/WHM.
- Fixed case CPANEL-43037: Simplified the user interaction for restarting services.
- Fixed case CPANEL-43066: Updated domain-management link on SSL/TLS page.
- Fixed case CPANEL-43157: Fixed issue occurring when adding IP's to cPhulk via URL.
- Fixed case CPANEL-43175: Added spacing between IPv4 and IPv6 addresses on Dynamic DNS interface.
- Fixed case CPANEL-43181: Check for correct permissions and group ownership of /etc/shadow on Ubuntu systems.
- Fixed case CPANEL-43215: Fix bug in grant support access and token denied pages.
- Fixed case CPANEL-43233: Have the 'Create a New Account' interface show the correct error in the event that the server does not have any nameservers configured.
- Fixed case CPANEL-43251: Fixed issue where the Initial Setup Wizard may appear blank.
- Fixed case CPANEL-43257: Revert "Changed to handle FastSpawn errors better".
- Fixed case CPANEL-43258: Update cpanel-geoipfree-data to 118.0-1.cp118.
- Fixed case CPANEL-43261: Fix overwrite DNS malfunction when creating a new account.
- Fixed case CPANEL-43262: Ensure CloudLinux 9 enables the CRB package repository on the system.
- Fixed case CPANEL-43270: Add hook points for Domain::addsubdomain and Domain::delsubdomain.
- Fixed case CPANEL-43273: Rotate modsec_debug.log by default.
- Fixed case CPANEL-43277: Fix an issue where restoring Greylisting settings could sometimes result in an error.
- Fixed case CPANEL-43278: Allow EA4 WHM interface to work with cPanel EA4 packages on CloudLinux.
- Fixed case CPANEL-43280: Fix bug in "Max Users Exceeded" message on login page introduced with login page performance improvements.
- Fixed case CPANEL-43282: Fixed remote API issues with self signed certificates on RHEL 9 based systems.
- Fixed case CPANEL-43284: Remove experimental tag for CloudLinux 9 in 118.
- Fixed case CPANEL-43287: Improve logging around EA4 repository addition during installation.
- Fixed case CPANEL-43302: Teach ensure_hostname_resolves about localhost.
- Fixed case CPANEL-43304: Remove the cpanalyticsd service.
- Fixed case CPANEL-43308: Revised show/hide rules for Create Support Ticket in WHM.
- Fixed case CPANEL-43316: Fixed text spacing in initial Webmail UI.
- Fixed case CPANEL-43329: Ensure locale-maketext-utils is installed on binaries.
- Fixed case CPANEL-43345: Expire WHM sessions for root when using passwd to change the password for root.
- Fixed case CPANEL-43348: Allow “root” and “shadow” group ownership on Ubuntu systems.
- Fixed case CPANEL-43373: Added parameter validation to the cPanel API 1 function Fileman::fmrename.
- Fixed case CPANEL-43377: Avoid prompt from STDIN when converting to CloudLinux.
- [security] Fixed case CPANEL-43378: Update cpanel-libspf2 to 1.2.11-2.cp108.
- Fixed case CPANEL-43385: Email autoconfig instructions will now send if CCS is not installed.
- Fixed case CPANEL-43387: Fixed an issue where sometimes the header menu was not functional in Safari.
- Fixed case CPANEL-43392: Added parameter validation to the cPanel API 1 function Fileman::delfile.
- Fixed case CPANEL-43403: Make link for collapsing Cron Email section more link like in cPanel >> Cron Jobs.
- Fixed case CPANEL-43408: Fixed Transfer Tool hooks not returning data when Live Transfer is enabled.
- [security] Fixed case CPANEL-43422: Update cpanel-exim to 4.96.2-1.cp108.
- Fixed case CPANEL-43426: Update CloudLinux logo in WHM.
- Fixed case CPANEL-43452: Ensure consistent rlimit value between UI and CLI during upcp.
- [security] Fixed case CPANEL-43459: Update cpanel-roundcubemail to 1.6.0.19-2.cp110.
- Fixed case CPANEL-43475: Fixed uninitialized value warnings in cPanel error_log when accessing inappropriately named documents.
- Fixed case CPANEL-43483: Quit autofilling username in login.tmpl when no relative path.
- Fixed case CPANEL-43493: Update cpanel-ckeditor to 4.22.1-1.cp108.
- [security] Fixed case CPANEL-43494: Update cpanel-clamav to 1.0.4-1.cp112.
- Fixed case CPANEL-43496: Update cpanel-git to 2.42.0-1.cp108.
- [security] Fixed case CPANEL-43497: Update cpanel-php-composer to 2.6.5-1.cp110.
- Fixed case CPANEL-43499: Update cpanel-sqlite to 3.44.0-1.cp108.
- Fixed case CPANEL-43503: During initial sign up, download links are provided in the event the browser does not support embedded documents.
- Fixed case CPANEL-43503: Bump angular-ng packages version in rpm.versions.
- Fixed case CPANEL-43503: During initial sign up, download links are provided in the event the browser does not support embedded documents.
- [security] Fixed case CPANEL-43509: Update cpanel-roundcubemail to 1.6.0.19-3.cp110.
- Fixed case CPANEL-43513: Update cPLint to 1.4.7-1.
- Fixed case CPANEL-43522: Ensure the dbus-tools package is installed on RHEL9 variants.
- Fixed case CPANEL-43524: Fix goto_url/goto_app caching bug in login templates.
- Fixed case CPANEL-43530: cp-analytics package is now reinstalled via upcp and will no longer break some UI's.
- Fixed case CPANEL-43549: Fixed the "Domain" dropdown for the "Install an SSL Website" section of the "Manage SSL Hosts" page.
- Fixed case CPANEL-43556: list_redirects by destination.
- Fixed case CPANEL-43561: Create new Debian role.
- Fixed case CPANEL-43579: Update cpanel-phppgadmin to 7.13.0-2.cp110.
- Fixed case CPANEL-43596: Fixed disk space tests for installation and upgrades on CloudLinux.
- Fixed case CPANEL-43597: Create /etc/localtime if it doesn't exist when determining timezone.
- Fixed case CPANEL-43605: Remove incorrect message about backups being disabled on the cPanel Backup page when legacy backups are enabled for that account.
- Fixed case CPANEL-43606: Fix bug where webmaillogout.cgi was considered a valid goto_uri after logging out of webmail (leading to a login-logout loop).
- Fixed case CPANEL-43609: Revert "Domain restoration failure when a primary domain is parked under a subdomain".
- Fixed case CPANEL-43612: Revert "Enable fs.proc_can_see_other_uid on CloudLinux".
- Fixed case CPANEL-43631: Ignore cPanel services reported in needs-restarting checks.
- Fixed case CPANEL-43637: Fix login template caching bug when maximum licensed users were exceeded on a server.
- Fixed case CPANEL-43700: Update cpanel-php81 to 8.1.27-1.cp110.
- Fixed case CPANEL-43706: Update cpanel-exim to 4.96.2-2.cp108.
- Fixed case CPANEL-43716: Teach find_outdated_services to ignore the tailwatchd and cpgreylistd services.
- Fixed case CPANEL-43718: Update cpanel-perl-536-spreadsheet-parseexcel to 0.66-1.cp108.
- Fixed case CPANEL-43732: Add "implements" key for Domains UI in cPanel.
- Fixed case DOC-19680: Updated the OpenAPI documentation for the whmapi function get_service_config.
- Fixed case DOC-19774: Updated the examples in the OpenAPI documentation for the WHM API accountsummary function.
- Fixed case DUCK-6966: Allow team-users to change their locale.
- Fixed case DUCK-8092: Adjust counting of team users if they have roles or not.
- Fixed case DUCK-8355: Add mixpanel for manage team UI.
- Fixed case DUCK-9008: Fix transfer tool not copying Team config file.
- Fixed case DUCK-9219: Feature flag changes needed for Sitejet Plugin.
- Fixed case DUCK-9219: ULC changes needed for Sitejet Plugin.
- Fixed case DUCK-9219: Team user changes needed for Sitejet Plugin.
- Fixed case DUCK-9322: Install the cpanel-sitejet-plugin.
- Fixed case DUCK-9418: Add cPanel Promotions Banner.
- Fixed case EA-11577: Update EA4 help links.
- Fixed case EK-24: Convert checkallsslcerts to use Let's Encrypt for hostname certificates.
- Fixed case EK-45: Set the AutoSSL provider to Let's Encrypt on updates to 118.
- Fixed case EK-46: Add a deprecation warning to the AutoSSL UI for the Sectigo provider.
- Fixed case EK-47: Add a feature showcase for the Let's Encrypt changes.
- Fixed case EK-58: Update the current provider headings on the AutoSSL UI.
- Fixed case EK-70: Install the Let's Encrypt plugin before running checkallsslcerts during initial setup.
- Fixed case MM-471: Enable log rotation for cpbackup_transport_history by default.
- Fixed case PH-19735: Implement new Turkish translations.
- Fixed case PH-19765: Implement new Indonesian translations.
- Fixed case PH-20333: Fixes feedback survey links.
- Fixed case PH-20388: Bump angular-ng packages version in rpm.versions.
- Fixed case PH-20388: Update EULA and privacy policy for WHM and cPanel.
- Fixed case PH-20492: track page origination of sitejet index page access.
- [security] Fixed case SEC-680: Update cpanel-perl-536 to 5.36.0-4.cp108.
- Fixed case WPX-1262: Remove legacy Locale::Maketext::Utils::MarkPhrase.
- Fixed case WPX-1763: Teach post_api hooks success/failure messages.
- Fixed case WPX-1806: Add optional vhost to LangPHP::php_get_vhost_versions API.
- Fixed case WPX-2144: Clean user cache on quota updates.
- Fixed case ZC-11327: Correctly parse APT repository list options on Ubuntu.
- Fixed case ZC-11329: Allow for Python 3 variants.
- Fixed case ZC-11344: Repair named.conf when using newer versions of BIND.
- Implemented case ZC-11174: Initial experimental Ubuntu 22 support.