124 Change Log
Last modified: December 10, 2024
124.0.21
2024-12-10
- [SECURITY] - TSR-2024-0002
124.0.20
2024-12-04
- Fixed RE-744: Bump rpm.versions for cpanel-munin update to 2.0.30-4.
- Fixed RE-746: Move the script responsible for upgrading the PowerDNS configuration file out of cPanel releases and into the PowerDNS package.
124.0.17
2024-11-25
- Fixed RE-986: Bump rpm.versions for cpanel-php 8.3.14.
-
- (Single byte overread with convert.quoted-printable-decode filter). (CVE-2024-11233)
-
- (Configuring a proxy in a stream context might allow for CRLF injection in URIs). (CVE-2024-11234)
-
- (Integer overflow in the dblib quoter causing OOB writes). (CVE-2024-11236)
-
- (Integer overflow in the firebird quoter causing OOB writes). (CVE-2024-11236)
-
- (Leak partial content of the heap through heap buffer over-read). (CVE-2024-8929)
-
- (OOB access in ldap_escape). (CVE-2024-8932)
124.0.14
2024-11-21
- Fixed DUCKS-1455: Include agent360 in reserved usernames list.
- Fixed RE-476: Fix detection of dual use of ClamAV and ImunifyAV in the Imunify360 assessor of the Security Advisor.
- Fixed RE-868: Fix an exception when shutting down socket connections in Cpanel::Server::Connection::SSL.
- Fixed ZC-12322: Fix check_mysql false positives on MariaDB 11.4.
- Case WPX-4529: Make sure we do not restart the
cpanel-onboot
service while running scripts/find_outdated_services.
124.0.10
2024-11-04
- Fixed case RE-927: Update Cpanel::JSON::XS to 4.38 to address CVE-2022-48623
- Fixed case RE-884: Optimize get_account_function in UIAnalytics template plugin.
- Fixed case RE-935: Guard against bad userdata in cpkeyclt
124.0.9
2024-10-31
- Fixed RE-875: Report better errors in the Processes assessor of the Security Advisor.
- Fixed RE-884: Optimize load of Koality cpanel template plugin.
- Fixed RE-913: Update cpanel-php83 to v8.3.13.
- Fixed RE-919: Update cpanel-pure-ftpd to 1.0.52 which addresses CVE-2024-48208.
124.0.8
2024-10-24
- Fixed RE-769: Assure Imunify360/AVPlus install happens exclusively.
- Implemented DUCKS-930: Enable the cpanel-monitoring-plugin for WHM.
124.0.7
2024-10-23
- Fixed RE-882: Update cpanel-pdns to 4.9.2.
- Fixed RE-896: Fix corruption of home directory paths during quota cache handling introduced with TSR-2024-0001.
- Fixed WPX-4516: Add a global exception handler the checkallsslcerts.
124.0.6
2024-10-17
- Fixed MOON-1480: Delete components.d.ts.
- Fixed RE-819: Remove "additional-from-cache" line from BIND config for BIND versions 9.16 and above.
- Fixed RE-842: Update cpanel-exim to 4.98.
124.0.4
2024-10-15
- [Security] TSR-2024-0001
- Case RE-480 via TSR-503: Remove . from @INC for bin/cpanm.
- Case TSR-192, RE-778: Prevent an unlink() from running as root.
- Case RE-776 via TSR-562: Encoding issue in cPanel login_log.
- Case TSR-417: Information disclosure issue via login page caching.
124.0.3
2024-10-09
- Fixed HB-7933: Update cpanel-roundcubemail to v1.6.9.0-1.
- Fixed HB-7966: Fix issue that was preventing calendar invites from being sent.
- Fixed RE-726: Fixed the "SSH Password Authorization Tweak" for cases where the sshd configuration file has an include directory.
- Fixed RE-848: Update cpanel-php83 to v8.3.12 which addresses: CVE-2024-9026, CVE-2024-8925, CVE-2024-8926, & CVE-2024-8927.
- Fixed RE-873: Update cpanel-unbound to 1.21.1-1.cp110 (fixes CVE-2024-8508).
124.0.1
2024-10-01
- Fixed CPANEL-44101: Fix bug post login where additional get params were not passed along when goto_uri was active.
- Fixed CPANEL-45637: Update GeoIP to 122.0-2.cp122.
- Fixed CPANEL-45638: Update cpanel-geoipfree-data to 124.0-1.cp124.
- Fixed CPANEL-45860: Stop requiring iptables package to be installed on RHEL9 variants.
- Fixed CPPX-18627: phpMyAdmin and phpPgAdmin open their own tab.
- Fixed DUCKS-69: Install the cpanel-plugin-monitoring-campaigns.
- Fixed DUCKS-847: Sitejet will not throw 400 after Transfer Tool process.
- Fixed HB-7223: Allow correct customization of TRANSP and VALARM for calendar events.
- Fixed HB-7581: Remove vestigial logic for calendar_crypt_key in pre/post snapshot scripts.
- Fixed HB-7584: Add DAV client directory.
- Fixed HB-7675: The “Advanced Zone Editor” ACL is enabled by default on fresh installs.
- Fixed HB-7697: Make ‘Integration Links’ a configurable option for backups and transfers.
- Fixed HB-7707: Enhance handling of calendar files with extremely long filenames.
- Fixed HB-7745: Silence locale string format warnings during backups.
- Fixed HB-7764: bump rpm.versions for cpanel-roundcubemail-plugins-cpanel: 1.1.8-3.cp120.
- Fixed HB-7768: Add ability to change calendar descriptions using DAV clients.
- Fixed HB-7784: Increase the max threads limit on account transfers.
- Fixed HB-7801: Add MariaDB 11.4 support.
- Fixed HB-7826: Ignore ManualMX changes when mail is hosted on remote exchange.
- Fixed HB-7835: Update Roundcube to 1.6.8 to address CVE’s (CVE-2024-42008, CVE-2024-42009, CVE-2024-42010).
- Fixed HB-7843: Added disallowed extension blacklist to ACL_SMTP_MIME.
- Fixed HB-7904: Update Mailman for template-related language fix.
- Fixed HB-7948: Update Roundcube for multiple bugfixes.
- Fixed HB-7909: Secondary domains get DMARC record upon creation
- Fixed MOONS-1288: DMARC record installs are now available from the email deliverability interfaces.
- Fixed MOONS-1576: Upon webmail user login, collect consent privacy settings if they do not exist.
- Fixed MOONS-1712: Upon cPanel user login, collect consent and privacy settings if they do not exist.
- Fixed MOONS-1715: Collect consent privacy settings during initial setup.
- Fixed MOONS-1800: Fix default webmail app routing when consent modal is shown.
- Case MOON-385: Updated initial setup consent gathering screens to respect browsers DNT setting.
- Fixed QUACKEN-14: Add hooks for Server Profile changes.
- Fixed RE-395: Fixed the ‘License User Limit Exceeded’ banner.
- Fixed RE-414: Added the ability to read DMI tables on systems running SMBIOS v3.
- Fixed RE-448: Avoid “Service SSL Certificate Expires Soon” notification by renewing hostname certificates at the 30 day mark.
- Fixed RE-449: Fix issue where the ipaliases service could sometimes start before the network adapater configured as ETHDEV was ready on systems using NetworkManager.
- Fixed RE-471: Improve criteria for detecting cgroup containers.
- Fixed RE-486: Support longer timeouts for download.cgi from jetbackup.
- Fixed RE-488: Add cpanel-boost-devel to the cpanel-devel target in rpm.versions.
- Fixed RE-490: Update broken mailbox format help links in WHM » Tweak Settings.
- Fixed RE-532: Update cpanel-ioncube to 13.3.0-1.cp110 (contains PHP 8.3 loaders).
- Fixed RE-562: Fix Support Access Request popup in WHM when 2fa is enabled for the administrator’s login.
- Fixed RE-590: Fixed GZIP environment variable warnings that were emitted into the backup logs.
- Fixed RE-595: Update phpPgAdmin to 7.13.0-3.cp110 to patch a PHP 8 compatibility issue.
- Fixed RE-600: Reduce timeouts in DNS Cluster interface by extending peer timeouts from 7->15.
- Fixed RE-616: Fix bug in Cpanel::NameServer::Conf::BIND where the disk cache was never consulted.
- Fixed RE-635: Prevent 3rdparty installs from cPanel locking when they try to install things.
- Fixed RE-643: Fix invalid NFTables configuration after installation on some systems.
- Fixed RE-645: Update Munin to resolve directory ownership inconsistency.
- Fixed RE-671: Updated cpanel-unbound to 1.21.0.
- Fixed RE-677: Update cpanel-dovecot to 2.3.21-1cp108.
- Fixed RE-683: Provide API calls to facilitate account transfers with 2FA enabled.
- Fixed RE-736: Default to hiding the password when creating an account via the CLI.
- Fixed RE-739: Update cpanel-php83 to v8.3.11.
- Fixed RE-742: Update cpanel-pdns to 4.9.1-2.cp112.
- Fixed RE-742: Update scripts/migrate-pdns-conf to remove or rename config keys changed since the last update of the PowerDNS package.
- Fixed RE-774: Perform nightly maintenance even if cPanel fails to update itself.
- Fixed RE-779: Require oniguruma system package on RHEL systems to preserve existing installs on upgrade.
- Fixed RE-794: Update cpanel-php-sourceguardian to 15.0.2.
- Fixed WPX-2878: Convert bin/onboot_handler to cpanel-onboot service.
- Fixed WPX-3460: Add customizable HTML pages for WHM HTTP errors.
- Fixed WPX-3537: JetBackup role description update.
- Fixed WPX-3879: Avoid mailman_password snapshot task failure if mailman is not installed and the password and data dirs are missing.
- Fixed WPX-3894: Add a role to enable and disable reseller functionality.
- Fixed WPX-3918: Create WP2 feature list for WHM » Feature Manager and implement checks to display the correct feature list for each product.
- Fixed WPX-4011: Add a mechanism for customizing the display and behavior of features.
- Fixed WPX-4110: Fix some UTF-8 character encodings in JS lexicon files which prevented some strings from being translated in the UI.
- Fixed WPX-4188: Add Simple::Accessor to fix-cpanel-perl.
- Fixed WPX-4225: When building a CA Bundle from the CA Issuer URI chain, don’t stop at the first self-signed cert encountered in a P7C bundle.
- Fixed ZC-11762: Remove error when activating/inactivating a ModSecurity Vendor include file which is already active/inactive.
- Fixed ZC-11958: WHMAPI and UAPI compatability for experimental/unsupported non-standard ALIAS records.
- Implemented QUACKEN-359: Angular apps and plugin localization.
- Implemented QUACKEN-359: Update French translations focusing on Sitejet.