124 Change Log

Last modified: December 4, 2024


124.0.20


2024-12-04
  • Fixed RE-744: Bump rpm.versions for cpanel-munin update to 2.0.30-4.
  • Fixed RE-746: Move the script responsible for upgrading the PowerDNS configuration file out of cPanel releases and into the PowerDNS package.

124.0.17


2024-11-25
  • Fixed RE-986: Bump rpm.versions for cpanel-php 8.3.14.
    • (Single byte overread with convert.quoted-printable-decode filter). (CVE-2024-11233)
    • (Configuring a proxy in a stream context might allow for CRLF injection in URIs). (CVE-2024-11234)
    • (Integer overflow in the dblib quoter causing OOB writes). (CVE-2024-11236)
    • (Integer overflow in the firebird quoter causing OOB writes). (CVE-2024-11236)
    • (Leak partial content of the heap through heap buffer over-read). (CVE-2024-8929)
    • (OOB access in ldap_escape). (CVE-2024-8932)

124.0.14


2024-11-21
  • Fixed DUCKS-1455: Include agent360 in reserved usernames list.
  • Fixed RE-476: Fix detection of dual use of ClamAV and ImunifyAV in the Imunify360 assessor of the Security Advisor.
  • Fixed RE-868: Fix an exception when shutting down socket connections in Cpanel::Server::Connection::SSL.
  • Fixed ZC-12322: Fix check_mysql false positives on MariaDB 11.4.
  • Case WPX-4529: Make sure we do not restart the cpanel-onboot service while running scripts/find_outdated_services.

124.0.10


2024-11-04
  • Fixed case RE-927: Update Cpanel::JSON::XS to 4.38 to address CVE-2022-48623
  • Fixed case RE-884: Optimize get_account_function in UIAnalytics template plugin.
  • Fixed case RE-935: Guard against bad userdata in cpkeyclt

124.0.9


2024-10-31
  • Fixed RE-875: Report better errors in the Processes assessor of the Security Advisor.
  • Fixed RE-884: Optimize load of Koality cpanel template plugin.
  • Fixed RE-913: Update cpanel-php83 to v8.3.13.
  • Fixed RE-919: Update cpanel-pure-ftpd to 1.0.52 which addresses CVE-2024-48208.

124.0.8


2024-10-24
  • Fixed RE-769: Assure Imunify360/AVPlus install happens exclusively.
  • Implemented DUCKS-930: Enable the cpanel-monitoring-plugin for WHM.

124.0.7


2024-10-23
  • Fixed RE-882: Update cpanel-pdns to 4.9.2.
  • Fixed RE-896: Fix corruption of home directory paths during quota cache handling introduced with TSR-2024-0001.
  • Fixed WPX-4516: Add a global exception handler the checkallsslcerts.

124.0.6


2024-10-17
  • Fixed MOON-1480: Delete components.d.ts.
  • Fixed RE-819: Remove "additional-from-cache" line from BIND config for BIND versions 9.16 and above.
  • Fixed RE-842: Update cpanel-exim to 4.98.

124.0.4


2024-10-15
  • [Security] TSR-2024-0001
  • Case RE-480 via TSR-503: Remove . from @INC for bin/cpanm.
  • Case TSR-192, RE-778: Prevent an unlink() from running as root.
  • Case RE-776 via TSR-562: Encoding issue in cPanel login_log.
  • Case TSR-417: Information disclosure issue via login page caching.

124.0.3


2024-10-09
  • Fixed HB-7933: Update cpanel-roundcubemail to v1.6.9.0-1.
  • Fixed HB-7966: Fix issue that was preventing calendar invites from being sent.
  • Fixed RE-726: Fixed the "SSH Password Authorization Tweak" for cases where the sshd configuration file has an include directory.
  • Fixed RE-848: Update cpanel-php83 to v8.3.12 which addresses: CVE-2024-9026, CVE-2024-8925, CVE-2024-8926, & CVE-2024-8927.
  • Fixed RE-873: Update cpanel-unbound to 1.21.1-1.cp110 (fixes CVE-2024-8508).

124.0.1


2024-10-01
  • Fixed CPANEL-44101: Fix bug post login where additional get params were not passed along when goto_uri was active.
  • Fixed CPANEL-45637: Update GeoIP to 122.0-2.cp122.
  • Fixed CPANEL-45638: Update cpanel-geoipfree-data to 124.0-1.cp124.
  • Fixed CPANEL-45860: Stop requiring iptables package to be installed on RHEL9 variants.
  • Fixed CPPX-18627: phpMyAdmin and phpPgAdmin open their own tab.
  • Fixed DUCKS-69: Install the cpanel-plugin-monitoring-campaigns.
  • Fixed DUCKS-847: Sitejet will not throw 400 after Transfer Tool process.
  • Fixed HB-7223: Allow correct customization of TRANSP and VALARM for calendar events.
  • Fixed HB-7581: Remove vestigial logic for calendar_crypt_key in pre/post snapshot scripts.
  • Fixed HB-7584: Add DAV client directory.
  • Fixed HB-7675: The “Advanced Zone Editor” ACL is enabled by default on fresh installs.
  • Fixed HB-7697: Make ‘Integration Links’ a configurable option for backups and transfers.
  • Fixed HB-7707: Enhance handling of calendar files with extremely long filenames.
  • Fixed HB-7745: Silence locale string format warnings during backups.
  • Fixed HB-7764: bump rpm.versions for cpanel-roundcubemail-plugins-cpanel: 1.1.8-3.cp120.
  • Fixed HB-7768: Add ability to change calendar descriptions using DAV clients.
  • Fixed HB-7784: Increase the max threads limit on account transfers.
  • Fixed HB-7801: Add MariaDB 11.4 support.
  • Fixed HB-7826: Ignore ManualMX changes when mail is hosted on remote exchange.
  • Fixed HB-7835: Update Roundcube to 1.6.8 to address CVE’s (CVE-2024-42008, CVE-2024-42009, CVE-2024-42010).
  • Fixed HB-7843: Added disallowed extension blacklist to ACL_SMTP_MIME.
  • Fixed HB-7904: Update Mailman for template-related language fix.
  • Fixed HB-7948: Update Roundcube for multiple bugfixes.
  • Fixed HB-7909: Secondary domains get DMARC record upon creation
  • Fixed MOONS-1288: DMARC record installs are now available from the email deliverability interfaces.
  • Fixed MOONS-1576: Upon webmail user login, collect consent privacy settings if they do not exist.
  • Fixed MOONS-1712: Upon cPanel user login, collect consent and privacy settings if they do not exist.
  • Fixed MOONS-1715: Collect consent privacy settings during initial setup.
  • Fixed MOONS-1800: Fix default webmail app routing when consent modal is shown.
  • Case MOON-385: Updated initial setup consent gathering screens to respect browsers DNT setting.
  • Fixed QUACKEN-14: Add hooks for Server Profile changes.
  • Fixed RE-395: Fixed the ‘License User Limit Exceeded’ banner.
  • Fixed RE-414: Added the ability to read DMI tables on systems running SMBIOS v3.
  • Fixed RE-448: Avoid “Service SSL Certificate Expires Soon” notification by renewing hostname certificates at the 30 day mark.
  • Fixed RE-449: Fix issue where the ipaliases service could sometimes start before the network adapater configured as ETHDEV was ready on systems using NetworkManager.
  • Fixed RE-471: Improve criteria for detecting cgroup containers.
  • Fixed RE-486: Support longer timeouts for download.cgi from jetbackup.
  • Fixed RE-488: Add cpanel-boost-devel to the cpanel-devel target in rpm.versions.
  • Fixed RE-490: Update broken mailbox format help links in WHM » Tweak Settings.
  • Fixed RE-532: Update cpanel-ioncube to 13.3.0-1.cp110 (contains PHP 8.3 loaders).
  • Fixed RE-562: Fix Support Access Request popup in WHM when 2fa is enabled for the administrator’s login.
  • Fixed RE-590: Fixed GZIP environment variable warnings that were emitted into the backup logs.
  • Fixed RE-595: Update phpPgAdmin to 7.13.0-3.cp110 to patch a PHP 8 compatibility issue.
  • Fixed RE-600: Reduce timeouts in DNS Cluster interface by extending peer timeouts from 7->15.
  • Fixed RE-616: Fix bug in Cpanel::NameServer::Conf::BIND where the disk cache was never consulted.
  • Fixed RE-635: Prevent 3rdparty installs from cPanel locking when they try to install things.
  • Fixed RE-643: Fix invalid NFTables configuration after installation on some systems.
  • Fixed RE-645: Update Munin to resolve directory ownership inconsistency.
  • Fixed RE-671: Updated cpanel-unbound to 1.21.0.
  • Fixed RE-677: Update cpanel-dovecot to 2.3.21-1cp108.
  • Fixed RE-683: Provide API calls to facilitate account transfers with 2FA enabled.
  • Fixed RE-736: Default to hiding the password when creating an account via the CLI.
  • Fixed RE-739: Update cpanel-php83 to v8.3.11.
  • Fixed RE-742: Update cpanel-pdns to 4.9.1-2.cp112.
  • Fixed RE-742: Update scripts/migrate-pdns-conf to remove or rename config keys changed since the last update of the PowerDNS package.
  • Fixed RE-774: Perform nightly maintenance even if cPanel fails to update itself.
  • Fixed RE-779: Require oniguruma system package on RHEL systems to preserve existing installs on upgrade.
  • Fixed RE-794: Update cpanel-php-sourceguardian to 15.0.2.
  • Fixed WPX-2878: Convert bin/onboot_handler to cpanel-onboot service.
  • Fixed WPX-3460: Add customizable HTML pages for WHM HTTP errors.
  • Fixed WPX-3537: JetBackup role description update.
  • Fixed WPX-3879: Avoid mailman_password snapshot task failure if mailman is not installed and the password and data dirs are missing.
  • Fixed WPX-3894: Add a role to enable and disable reseller functionality.
  • Fixed WPX-3918: Create WP2 feature list for WHM » Feature Manager and implement checks to display the correct feature list for each product.
  • Fixed WPX-4011: Add a mechanism for customizing the display and behavior of features.
  • Fixed WPX-4110: Fix some UTF-8 character encodings in JS lexicon files which prevented some strings from being translated in the UI.
  • Fixed WPX-4188: Add Simple::Accessor to fix-cpanel-perl.
  • Fixed WPX-4225: When building a CA Bundle from the CA Issuer URI chain, don’t stop at the first self-signed cert encountered in a P7C bundle.
  • Fixed ZC-11762: Remove error when activating/inactivating a ModSecurity Vendor include file which is already active/inactive.
  • Fixed ZC-11958: WHMAPI and UAPI compatability for experimental/unsupported non-standard ALIAS records.
  • Implemented QUACKEN-359: Angular apps and plugin localization.
  • Implemented QUACKEN-359: Update French translations focusing on Sitejet.

Additional Documentation