54 Change Log


54.0.36


2017-01-16
  • [security] Fixed case SEC-196: Fixed password used for Munin MySQL test account.
  • [security] Fixed case SEC-197: Self-XSS in paper_lantern password change screen.
  • [security] Fixed case SEC-199: Self-XSS in webmail Password and Security page.
  • [security] Fixed case SEC-204: Exim piped filters ran as wrong user when delivering to a system user.
  • [security] Fixed case SEC-205: Leech Protect did not protect certain directories.
  • [security] Fixed case SEC-206: Exim transports could be run as the nobody user.
  • [security] Fixed case SEC-207: Improper ACL checks in xml-api for Rearrange Account.
  • [security] Fixed case SEC-209: SSL certificate generation in WHM uses an unreserved email address.
  • [security] Fixed case SEC-210: Account ownership not enforced by has_mycnf_for_cpuser WHM API call.
  • [security] Fixed case SEC-211: Stored XSS Vulnerability in WHM Account Suspension List interface.
  • [security] Fixed case SEC-212: Format string injection vulnerability in cgiemail.
  • [security] Fixed case SEC-214: Open redirect vulnerability in cgiemail.
  • [security] Fixed case SEC-215: HTTP header injection vulnerability in cgiemail.
  • [security] Fixed case SEC-216: Reflected XSS vulnerability in cgiemail addendum handling.

54.0.34


2017-01-11
  • Fixed case CPANEL-7823: Fix the is_upcp_running() check in ChkServd.
  • Fixed case CPANEL-10545: Update exim to 4.86.1-3.cp1154.

54.0.33


2016-11-21
  • [security] Fixed case SEC-158: Arbitrary file overwrite when account domain is modified.
  • [security] Fixed case SEC-159: Stored XSS in WHM Repair Mailbox Permissions interface.
  • [security] Fixed case SEC-160: Stored XSS Vulnerability in the WHM Manage cPAddons interface.
  • [security] Fixed case SEC-161: File overwrite during preparation for MySQL upgrades.
  • [security] Fixed case SEC-162: Open redirect via /cgi-sys/FormMail-clone.cgi.
  • [security] Fixed case SEC-164: Arbitrary file overwrites when updating Roundcube.
  • [security] Fixed case SEC-165: File create and chmod via ModSecurity Audit logfile processing.
  • [security] Fixed case SEC-168: Enforce feature list restrictions when calling the multilang adminbin.
  • [security] Fixed case SEC-173: Arbitrary file chown via reassign_post_terminate_cruft.
  • [security] Fixed case SEC-174: Stored XSS in homedir removal during WHM Account termination.
  • [security] Fixed case SEC-175: Stored XSS in MySQL database names during WHM Account termination.
  • [security] Fixed case SEC-176: Stored XSS in perlinstaller directory removal in WHM Account Termination.
  • [security] Fixed case SEC-177: Self-XSS Vulnerability in WHM Tweak Settings for autodiscover_host.
  • [security] Fixed case SEC-178: Self-Stored XSS Vulnerability in listftpstable API.
  • [security] Fixed case SEC-179: Stored XSS in api1_listautoresponders.
  • [security] Fixed case SEC-180: Self-XSS Vulnerability in UI_confirm API.
  • [security] Fixed case SEC-180: Stored XSS Vulnerability in ftp_sessions API.
  • [security] Fixed case SEC-181: Self-Stored XSS in postgres API1 listdbs.
  • [security] Fixed case SEC-182: Self-Stored XSS in SSL_listkeys.
  • [security] Fixed case SEC-184: Self-XSS in alias upload interface.
  • [security] Fixed case SEC-185: Sensitive file contents revealed during file copy operations.
  • [security] Fixed case SEC-186: Apache SSL keys readable by the nobody group.
  • [security] Fixed case SEC-187: Host Access Control improperly handles action-less host.deny entries.
  • [security] Fixed case SEC-188: Arbitrary code execution via Maketext in PostgreSQL adminbin.
  • [security] Fixed case SEC-191: Code execution via cpsrvd 403 response handler.
  • [security] Fixed case SEC-192: HTTP POST to listinput.cpanel.net does not use TLS.

54.0.32


2016-11-17
  • Fixed case CPANEL-9827: Update cpanel-perl-514-Compress-Raw-Lzma to 2.068-2.cp1146.

54.0.30


2016-10-18
  • Fixed case CPANEL-8673: Fix spurious error message about Mailman archive permissions.
  • Fixed case CPANEL-8993: Update MySQL55 to 5.5.52-1.cp1148.

54.0.29


2016-09-19
  • [security] Fixed case SEC-141: Code execution as other accounts via mailman list archives.
  • [security] Fixed case SEC-152: Arbitrary code execution due to faulty shebang in Mail::SPF scripts.
  • [security] Fixed case SEC-154: Arbitrary file read due to multipart form processing error.
  • [security] Fixed case SEC-156: Stored XSS Vulnerability in WHM tail_upcp2.cgi interface.

54.0.28


2016-07-28
  • Fixed case CPANEL-7692: Update cpanel-perl-514 to 5.14.4-8.cp1146.

54.0.27


2016-07-25
  • Fixed case CPANEL-7633: Patch perl dual life modules for CVE-2016-1238.

54.0.26


2016-07-18
  • [security] Fixed case SEC-130: Apache logfiles start with loose permissions.
  • [security] Fixed case SEC-137: Set the pear tmp directory during php install.
  • [security] Fixed case SEC-139: Improper session handling for shared users.
  • [security] Fixed case SEC-142: Code execution as other user accounts through the PHP CGI handler.

54.0.25


2016-06-07
  • Fixed case CPANEL-4350: Don’t treat version file as a Perl module.
  • Fixed case CPANEL-4625: Don’t generate fatal when attempting to package a non-existent locale.
  • Fixed case CPANEL-5694: Improve support for Amazon Linux AMI.
  • Fixed case CPANEL-6346: Fix Firefox bug in transfer tool.
  • Fixed case CPANEL-6397: Test Amazon package changes on RHEL compatibility version 5, not version 2015.

54.0.24


2016-05-16
  • [security] Fixed case SEC-58: SQLite journal allowed for arbitrary file overwrite during Horde Restore.
  • [security] Fixed case SEC-109: Demo account arbitrary code execution via ajax_maketext_syntax_util.pl.
  • [security] Fixed case SEC-110: Self XSS Vulnerability in Paper Lantern Landing Page.
  • [security] Fixed case SEC-112: Limited denial of service via /scripts/killpvhost.
  • [security] Fixed case SEC-113: /scripts/addpop and /scripts/delpop exposed TTY’s.
  • [security] Fixed case SEC-114: /scripts/checkinfopages exposed TTY to unprivileged process.
  • [security] Fixed case SEC-115: /scripts/maildir_converter exposed TTY to unprivileged process.
  • [security] Fixed case SEC-116: /scripts/unsuspendacct exposed TTY’s.
  • [security] Fixed case SEC-117: /scripts/enablefileprotect exposed TTY’s.
  • [security] Fixed case SEC-118: Self-XSS in ftp account creation under addon domains.
  • [security] Fixed case SEC-119: Demo restriction breakout via show_template.stor.
  • [security] Fixed case SEC-120: Arbitrary file read for Webmail accounts via Branding APIs.
  • [security] Fixed case SEC-121: Webmail account arbitrary code execution through forwarders.
  • [security] Fixed case SEC-122: SSL certificate not verified during license updates.
  • [security] Fixed case SEC-123: SQL Injection via ModSecurity TailWatch log file.
  • [security] Fixed case SEC-125: User log files become world-readable when rotated by cpanellogd.

54.0.23


2016-05-04
  • [security] Fixed case CPANEL-5973: Update cpanel-ImageMagick to 6.9.0-4.cp1154.

54.0.22


2016-04-22
  • Fixed case CPANEL-2330: Fixed time zone detection for CentOS 7 systems.
  • Fixed case CPANEL-3251: Improve nscd recommendation message.
  • Fixed case CPANEL-4304: Implement an aggressive reconnect strategy for php-fpm.
  • Fixed case CPANEL-4421: Update dovecot to 2.2.23.
  • Fixed case CPANEL-4439: Fixed terminal detection for manual /scripts/upcp runs.
  • Fixed case CPANEL-4494: UAPI locale text is in HTML context via JSON.
  • Fixed case CPANEL-4662: Ensure the CONF value in templates loads data properly.
  • Fixed case CPANEL-4928: Update Git to 2.7.4.
  • Fixed case CPANEL-5019: Manage MySQL Profiles: Ensure that the script output is emitted as API output.
  • Implemented case CPANEL-5692: Prevent clearing the cache during dovecot-auth.

54.0.21


2016-03-22
  • Fixed case CPANEL-5023: Fix redaemonization of cphulk when resuming from dormant mode.

54.0.20


2016-03-21
  • [security] Fixed case SEC-31: Daemons can access their controlling TTY.
  • [security] Fixed case SEC-75: scripts/addpop discloses password in process list.
  • [security] Fixed case SEC-88: Self XSS Vulnerability in X3 Reseller Branding Images.
  • [security] Fixed case SEC-89: MakeText interpolation allows arbitrary code execution as root.
  • [security] Fixed case SEC-90: Unauthenticated arbitrary code execution via DNS NS entry poisoning.
  • [security] Fixed case SEC-92: Bypass Security Policy by faking static documents.
  • [security] Fixed case SEC-93: Bypass Two Factor Authentication with DNS clustering requests.
  • [security] Fixed case SEC-96: Self-Stored-XSS in WHM Edit System Mail Preferences.
  • [security] Fixed case SEC-97: Arbitrary code execution via unsafe @INC path.
  • [security] Fixed case SEC-99: Arbitrary file read due to multipart form processing error.
  • [security] Fixed case SEC-100: ACL bypass for AppConfig applications via magic_revision.
  • [security] Fixed case SEC-101: Force two factor auth check when possessing another account.
  • [security] Fixed case SEC-102: FTP cPHulk bypass via account name munging.
  • [security] Fixed case SEC-104: Username based blocking broken for PRE requests in cPHulkd.
  • [security] Fixed case SEC-105: Account suspension bypass via ftp.
  • [security] Fixed case SEC-107: POP/IMAP cPHulk bypass via account name munging.
  • [security] Fixed case SEC-108: Arbitrary file read when authenticating with caldav.

54.0.19


2016-03-08
  • Fixed case CPANEL-3806: Avoid abort on error when running user-generated backups.
  • Fixed case CPANEL-4151: Fixes scrolling on iOS 9.2.1 Safari for Webmail.
  • Fixed case CPANEL-4395: Ensure transferring into WHM works on Mailing List page.
  • Fixed case CPANEL-4549: Patch perl for CVE-2016-2381.
  • Fixed case CPANEL-4597: Emit cwd=/path/to/caller to logs when exim is called from command line.

54.0.18


2016-03-02
  • Fixed case CPANEL-4236: MultiPHP INI Editor hides asp_tags directive for PHP 7 enabled hosts.
  • Fixed case CPANEL-4406: Fix spelling of “OpenSSL”.
  • Fixed case CPANEL-4441: Retain compatibility with old FTP quota format.
  • Fixed case STS-376: Add support for keep_environment and add_environment to support exim CVE-2016-1531.

54.0.17


2016-02-20
  • Fixed case CPANEL-3948: Ensure PATH is not empty when running adminbins.
  • Fixed case CPANEL-4039: Resellers are unable to create feature lists.
  • Fixed case CPANEL-4112: Add time units to email text when a server is blocked over openssl upgrade.
  • Fixed case CPANEL-4186: Ensure bandwidth pages work with custom locales.

54.0.16


2016-02-16
  • Fixed case CPANEL-4220: Restore webmail auto load functionality.
  • Fixed case CPANEL-4224: Cpsrvd: Ensure Forced Password Reset properly triggers resets.
  • Fixed case CPANEL-4227: Ensure allowwhmparkonothers setting is honored in API.
  • Fixed case CPANEL-4238: Fix parse of OIDC user_info responses with \uXXXX sequences.
  • Fixed case CPANEL-4241: Ensure that symlinks are created properly when using custom STAGING_DIR.
  • Fixed case CPANEL-4262: Correct capitalization of DNS and IP in Hulk error messages.
  • Fixed case CPANEL-4276: Add UAPI Session::create_temp_user call.
  • Fixed case CPANEL-4277: Fix failed backups to NFS/CIFS shares.
  • Fixed case CPANEL-4296: Correct error handling message for Serialized loads of JSON via file handles.
  • Fixed case CPANEL-4303: Pkgacct: leave multiphp .htaccess rules in place.
  • Fixed case CPANEL-4307: Only migrate to paper_lantern one time instead of every update.

54.0.15


2016-02-12
  • Fixed case CPANEL-2885: Fixed Roundcube classic clashes with Paperlantern.
  • Fixed case CPANEL-3189: Changed description and itemdesc for APIShell.
  • Fixed case CPANEL-3984: Turn IPv6 handling off for mailips/mailhelo.
  • Fixed case CPANEL-4140: Require NetworkManager on all C7 systems so network.online precedes multi-user.
  • Fixed case CPANEL-4149: Fix x3/Calendars and Contacts.
  • Fixed case CPANEL-4165: Render system backup download links in Paper Lantern.
  • Fixed case CPANEL-4184: Cphulk: Handle invalid remote ip addresses as local.
  • Fixed case CPANEL-4200: Increase the timeout for HttpRequest to defend against slow mirrors.
  • Fixed case CPANEL-4213: Remove support for Prefer AAAA over A in exim.
  • Fixed case CPANEL-4223: Revert all changes to scripts/updateuserdomains for 11.54 only.

54.0.14


2016-02-09
  • Fixed case CPANEL-3884: Fix paper_lantern display units for MySQL and Mailing lists disk.
  • Fixed case CPANEL-4060: Allow tildes and pluses in MySQL version numbers.
  • Fixed case CPANEL-4081: Show File Usage on the Paper Lantern dashboard.
  • Fixed case CPANEL-4116: CPHulk needs to handle the remote host being sent as 0.0.0.0.
  • Fixed case CPANEL-4124: New upstream release - MySQL 5.5.48.
  • Fixed case CPANEL-4131: New upstream release - MySQL 5.6.29.
  • Fixed case CPANEL-4138: Webmail clients load endlessly when PHP-FPM limits are reached.
  • Fixed case CPANEL-4164: Call ftpupdate only once to clear FTP caches, not once per user.
  • Fixed case CPANEL-3695: CPGreylistd: Use the restartsrv system for service startup.
  • Fixed case CPANEL-3914: Ensure Accept-Language is honored for login templates.
  • Fixed case CPANEL-3916: Fixed webmail scroll issue on mobile devices.
  • Fixed case CPANEL-3972: AdminBin ftp_LISTSTORE caches not invalidated on update to 11.54.
  • Fixed case CPANEL-3993: Fetchmx fails to parse IPv4 from a zone.
  • Fixed case CPANEL-3998: Make sure resold, non-dedicated accounts have correct mailhelo entry.
  • Fixed case CPANEL-4033: Fallback to cpwrap when the system cannot read the maildirsize file.
  • Fixed case CPANEL-4042: Ignore out of context users when logging in via external auth.
  • Fixed case CPANEL-4048: Auto-rebuild corrupt email_accounts.json files.
  • Fixed case CPANEL-4056: Cpsrvd: Set securitycontext properly when authenticating with an accesshash key.
  • Fixed case CPANEL-4077: Reseller Accounts are not able to create subdomain accounts in WHM.
  • Fixed case CPANEL-4080: Roundcube intermittently errors with accept cookies.
  • Fixed case CPANEL-4091: Delpop generates error about cpanel-email.
  • Fixed case CPANEL-4093: Transfer Tool not Installing SSL for Some Addon Domains.
  • Fixed case CPANEL-4101: API2 Email::getmxcheck always returns auto.
  • Fixed case CPANEL-4113: Added media queries to scale custom logos and brand text for mobile.
  • Fixed case CPANEL-4115: Check if mailman is enabled before trying to process stats.

54.0.12


2016-02-02
  • Fixed case CPANEL-3945: Clean up entropychat chkservd files more aggressively.
  • Fixed case CPANEL-3965: Ensure mailips default entry is added to SPF records.
  • Fixed case CPANEL-4000: Unable to Download Webdisk Quick Start Script for Windows.
  • Fixed case CPANEL-4002: WebDisk does not detect El Capitan.
  • Fixed case CPANEL-4007: Accessing WHM via cPanel using root pass transfers to root WHM.
  • Fixed case CPANEL-4015: “Configure Mail Client” option in cPanel downloads a cgi script.
  • Fixed case CPANEL-4029: Transfer tool analyze can timeout with a large number of database users.
  • Fixed case CPANEL-3594: Prevent shared address book error when deleting email account.
  • Fixed case CPANEL-3888: PHP-FPM service will not start if with some usernames.
  • Fixed case CPANEL-3908: Show LTS versions properly that are version 54 and newer.
  • Fixed case CPANEL-3927: Download the correct Change Log file.
  • Fixed case CPANEL-3918: Allow Email Trace when the mysql feature is disabled.
  • Fixed case CPANEL-3923: Paper Lantern: Prevent Default Action on Drag and Drop.
  • Fixed case CPANEL-3928: Make kernel comparisons work with unequal numbers of components.
  • Fixed case CPANEL-3929: Fix missing file for x3mail.
  • Fixed case CPANEL-3949: Raise number of open files for php-fpm.
  • Fixed case CPANEL-3954: OpenID logins need to handle legacy root cpanel users files.
  • Fixed case CPANEL-3974: Hide external auth in Email Accounts when all providers are disabled.
  • Fixed case CPANEL-3976: Ensure the lastlogin file is updated for 54 paper lantern.
  • Fixed case CPANEL-3979: Paper Lantern: Make Drag and Drop work in Internet Explorer.
  • Fixed case CPANEL-3992: Jailshell setup can generate cron email due to race condition in setup.
  • Fixed case CPANEL-4003: Stale cpanel user owner line makes x3 to paper_lantern conversion fail.
  • Fixed case CPANEL-4004: Only update the last login if a username is provided.

54.0.8


2016-01-27
  • Fixed case CPANEL-3872: Disable monitoring of removed entropychat on upgrade.
  • Fixed case CPANEL-3881: cPHulk: Repair bad configuration values which block WHM logins.
  • Fixed case CPANEL-3842: Fix misspelling of “compatibility” in Pure-FTPD config.
  • Fixed case CPANEL-3870: 2FA: Fix documentation link in paper_lantern interface.

54.0.7


2016-01-25
  • Fixed case CPANEL-3844: Avoid switching accounts with custom root default branding to paper lantern.
  • Fixed case CPANEL-3846: Update servers need to be skipped on SHA mismatch.
  • Fixed case CPANEL-3828: FPM cannot be used for phppgadmin when bindp is needed.
  • Fixed case CPANEL-3843: X3 Greylisting: Ensure that the service status is detected properly.
  • Fixed case CPANEL-3640: Gather-update-logs: fix sending existing tarballs.

54.0.6


2016-01-24
  • Fixed case CPANEL-3425: Jailshell: Mount additional ca-certificates path on Centos 7 systems.
  • Fixed case CPANEL-3807: Mailperm: fix permissions of unreadable files.
  • Fixed case CPANEL-3840: Adjust PHP-FPM to work for roundcube with existing horde changes.

54.0.5


2016-01-22
  • Fixed case CPANEL-3335: Fix Horde mbox export.
  • Fixed case CPANEL-3618: Demo mode triggers in error in cpsrvd.
  • Fixed case CPANEL-3621: Update WHMCS ODIC Docs URL.
  • Fixed case CPANEL-3626: Do not add domains into mailhelo or mailips using the shared addresses.
  • Fixed case CPANEL-3632: Don’t die when a yum python script exits uncleanly.
  • Fixed case CPANEL-3634: Added retries to Cpanel::Update::get_remote_tiers_info.
  • Fixed case CPANEL-3665: PHP-FPM for cpsrvd needs to set session values as admin values.
  • Fixed case CPANEL-3666: Improve handling of invalid http headers.
  • Fixed case CPANEL-3691: Use cPanel perl when adding default cPanel users during install.
  • Fixed case CPANEL-3692: Fix MySQL version parser for Percona server versions.
  • Fixed case CPANEL-3708: Remove starting newline from scripts/ssl_migration.
  • Fixed case CPANEL-3721: Jailfs now supports EasyApache 4 MultiPHP.
  • Fixed case CPANEL-3739: DAV: fix download of files ≤ 16 KiB in size.
  • Fixed case CPANEL-3750: Handle the mysql pid file changing locations between restarts.
  • Fixed case CPANEL-3755: Increase openid connect timeout to avoid random failures.
  • Fixed case CPANEL-3757: Increase HttpRequest default timeout to 180s.
  • Fixed case CPANEL-3759: Ignore “/” as a given goto_uri for an AJAX login.
  • Fixed case CPANEL-3769: Add missing library to scripts/suphpup.
  • Fixed case CPANEL-3772: Created Cpanel::PublicAPI as a wrapper for cPanel::PublicAPI.
  • Fixed case CPANEL-3774: Restore previous behavior in Cpanel::SocketIP for DNS clustering.
  • Fixed case CPANEL-3785: User Manager: Fix handling of dismissed service accounts.

54.0.4


2016-01-18
  • [security] Fixed case SEC-46: Arbitrary code execution via unsafe @INC path.
  • [security] Fixed case SEC-70: Arbitrary file read via bin/fmq script.
  • [security] Fixed case SEC-71: SQL injection vulnerability in bin/horde_update_usernames.
  • [security] Fixed case SEC-72: Arbitrary code execution vulnerability during locale duplication.
  • [security] Fixed case SEC-73: Password hashes revealed by bin/mkvhostspasswd script.
  • [security] Fixed case SEC-74: Limited arbitrary file read in bin/setup_global_spam_filter.pl
  • [security] Fixed case SEC-76: Code execution as shared users via JSON-API.
  • [security] Fixed case SEC-77: Password hash revealed by chcpass script.
  • [security] Fixed case SEC-78: Arbitrary file overwrite in scripts/check_system_storable.
  • [security] Fixed case SEC-79: Arbitrary file chown/chmod during Roundcube database conversions.
  • [security] Fixed case SEC-80: Arbitrary file read and write via scripts/fixmailboxpath.
  • [security] Fixed case SEC-81: Arbitrary file overwrite in scripts/quotacheck.
  • [security] Fixed case SEC-82: Limited arbitrary file chmod in scripts/secureit.
  • [security] Fixed case SEC-83: Arbitrary code execution via scripts/synccpaddonswithsqlhost.
  • [security] Fixed case SEC-84: Self-XSS in WHM PHP Configuration editor interface.
  • [security] Fixed case SEC-85: Missing ACL enforcement in AppConfig subsystem.
  • [security] Fixed case SEC-86: Stored XSS in WHM Feature Manager interface.
  • [security] Fixed case SEC-87: Self-XSS in X3 Entropy Banner interface.
  • [security] Fixed case SEC-91: Unauthenticated arbitrary code execution via cpsrvd.

54.0.1


2016-01-09
  • Fixed case CPANEL-3496: Security Questions error when logged in as reseller with root privs.
  • Fixed case CPANEL-3518: Cpmove files in / cannot be restored with restorepkg.
  • Fixed case CPANEL-3541: Cpanel::HttpRequest does not handle all http errors.
  • Fixed case CPANEL-3558: Print debug information on RPM hash mismatch.
  • Fixed case CPANEL-3581: Retry downloading RPMs when there is a digest mismatch.
  • Fixed case CPANEL-3593: Print IP address when sync fails due to bad digest.
  • Fixed case CPANEL-3545: Ext Auth must show webmail providers for email accounts if disabled for cpaneld.
  • Fixed case CPANEL-3547: Do not block upgrades for Amazon Linux.
  • Fixed case CPANEL-3551: Dynamicui Loader validation is too strict for third party plugins.
  • Fixed case CPANEL-3555: Failure to update bandwidth during account changes results in partial changes.
  • Fixed case CPANEL-3561: Allow .htm files in webmail.
  • Fixed case CPANEL-3570: CustomEventHandler cannot load non-cPanel modules.
  • Fixed case CPANEL-3571: Cpsrvd sends status 307 when it should send status 302.
  • Fixed case CPANEL-3585: Handle a user named global in php-fpm config.
  • Fixed case CPANEL-3591: Address javascript error in EA4 WHM UI.
  • Fixed case CPANEL-3596: Hide the Two-Factor Authentication options in WHM by default.
  • Fixed case CPANEL-3609: Glob ea-* packages correctly.

54.0.0


2016-01-04
  • Fixed case CPANEL-3287: PHP DSO handler packages are removed if EA4 Apache is using a threaded MPM.
  • Fixed case CPANEL-3300: Domains won’t be shown suspended when searched.
  • Fixed case CPANEL-3336: Add PHP7 support to the Cpanel::ProgLang interface.
  • Fixed case CPANEL-3337: The EA4 MultiPHP ‘none’ handler now updates a domain’s .htaccess file.
  • Fixed case CPANEL-3418: ModSecurity settings are now migrated when moving from EA3 to EA4.
  • Fixed case CPANEL-3418: Fix existing locale phrases in the EA3 to EA4 migration script.
  • Fixed case CPANEL-3418: EasyApache 4 now sends notification during ModSecurity 2 migration.
  • Fixed case CPANEL-3418: EA3 to EA4 migrate script updated for easier development.
  • Fixed case CPANEL-3439: Use the CentOS YUM repos for Amazon Linux when installing mariadb.
  • Fixed case CPANEL-3440: Ensure Content-Length is sent for empty files.
  • Fixed case CPANEL-3458: MySQL/MariaDB cannot be upgraded if it is broken or missing.
  • Fixed case CPANEL-3488: Update copyright on security policy pages.
  • Fixed case CPANEL-3489: Change ERR->XID for exception message IDs.
  • Fixed case CPANEL-3490: Always prefer the email as the human readable username when linking openid.
  • Fixed case CPANEL-3492: If OIDC logins fail due to an invalid token reattempts result in a loop.
  • Fixed case CPANEL-3495: MySQL/MariaDB upgrades fail if mysqld and the version cache are both missing.
  • Fixed case CPANEL-3502: User Manager: Populate email quota field on edit.
  • Implemented case CPANEL-3411: Promoted EA4 from Tech Preview to Beta phase.
  • Fixed case CPANEL-2844: Allow API shell for logins with create_user_session.
  • Fixed case CPANEL-3095: Suppress spurious unmonitored notification for cpanel_php_fpm.
  • Fixed case CPANEL-3119: Update Dovecot to 2.2.21 from upstream sources.
  • Fixed case CPANEL-3120: Fix bugs related to editing webdisk digest auth using User Manager.
  • Fixed case CPANEL-3127: Make root bandwidth DB loads more fail-safe.
  • Fixed case CPANEL-3166: Allow WHM users to create subdomains across accounts when enabled.
  • Fixed case CPANEL-3188: Ensure kmod can be updated on CentOS 7.
  • Fixed case CPANEL-3197: Paper Lantern: Fix JS errors on the Module Installers page.
  • Fixed case CPANEL-3240: Paper Lantern: Fix JS errors on Address Importer Step 4 page.
  • Fixed case CPANEL-3242: Paper Lantern: Fix JS errors on Virus Scanner dodisinfect page.
  • Fixed case CPANEL-3244: Fix DB prefixing for DB user in Paper Lantern’s MySQL wizard.
  • Fixed case CPANEL-3248: Make Password & Security external authn link login again.
  • Fixed case CPANEL-3257: Fix Horde contact restoration coming from Plesk backups.
  • Fixed case CPANEL-3258: Fixed Feature Search for WHM in Paper lantern.
  • Fixed case CPANEL-3260: SECURITY: Accommodate default /u/l/c perms in UAPI Batch.
  • Fixed case CPANEL-3265: Fix MariaDB/MySQL version fetching when the server is not running.
  • Fixed case CPANEL-3276: Session password shielding is not sufficiently random.
  • Fixed case CPANEL-3278: SECURITY: Plug an arbitrary file-read hole via PHP-FPM logs.
  • Fixed case CPANEL-3290: Assure cpsrvd does license checks even if it’s never idle.
  • Fixed case CPANEL-3294: Update icons for cPanel Retro style.
  • Fixed case CPANEL-3295: Send linked accts to passwd & sec page if started there.
  • Fixed case CPANEL-3297: Remove replaced links from user.db files.
  • Fixed case CPANEL-3299: If an EA3 system has any php selected when migrating give all versions of php.
  • Fixed case CPANEL-3306: Do not try to show postgres statistics if postgres is not installed.
  • Fixed case CPANEL-3310: Restrict display of external auth links to accounts the user can modify.
  • Fixed case CPANEL-3313: Correct icon for two-factore authentication in cPanel retro style.
  • Fixed case CPANEL-3314: User Manager: Mark required fields with asterisk.
  • Fixed case CPANEL-3320: Remove “Calculated sha for” lines from updatenow output.
  • Fixed case CPANEL-3330: DnsRoots resolvenameserver behavior restored to 11.52 behavior.
  • Fixed case CPANEL-3331: Evaluate all loaded security policies for violations in a single pass.
  • Fixed case CPANEL-3339: User Manager: Hide hypothetical user after deleting candidates.
  • Fixed case CPANEL-3344: Paper Lantern: Use whole numbers for quotas on the editquota page.
  • Fixed case CPANEL-3344: X3: Use whole numbers for quotas on the editquota page.
  • Fixed case CPANEL-3348: Install_locallib_loginprofile hangs if mirrorsearch hits a bad cpan mirror.
  • Fixed case CPANEL-3353: Optimize Template-Toolkit when there are a large amount of template includes.
  • Fixed case CPANEL-3359: User Manager: Disable cache, and fix ProFTPD-related warning.
  • Fixed case CPANEL-3361: Dest_uri, redirect_uri, & goto_uri renamed goto_uri.
  • Fixed case CPANEL-3362: Fix missing external auth icons in WHM.
  • Fixed case CPANEL-3365: Remove external auth from legacy noJS email password change screen.
  • Fixed case CPANEL-3369: Fix MagicRevision in securitypolicy.
  • Fixed case CPANEL-3378: Restore Manage External Auth to x3 webmail.
  • Fixed case CPANEL-3392: Paper lantern sprite generation must happen on deployment.
  • Fixed case CPANEL-3393: Tailwatch can never restart mysql if it was started with a bad TMPDIR.
  • Fixed case CPANEL-3395: Allow account linking to continue if the incorrect password is entered.
  • Fixed case CPANEL-3396: Remove useless triggerpostun from XML::SAX family of perl 5.14 modules.
  • Fixed case CPANEL-3401: Trial license triggers fatal error in WHM after completion of GSW.
  • Fixed case CPANEL-3427: Listaccts locks cpanel.config once per account after 2FA.
  • Fixed case CPANEL-3436: Ensure cpsrvd releases the cork before closing the connection.
  • Fixed case CPANEL-3437: Live cPanel pages need to send headers before processing.
  • Fixed case CPANEL-3363: Present error when using an external account linked to a webmail user for cpanel.
  • Fixed case CPANEL-3374: Transfer tool loops forever on exception during new in a transfer item.
  • Fixed case CPANEL-1524: Prevent spurious warning about “cannot update cache”.
  • Fixed case CPANEL-2981: Minor UI changes and bug fixes to EA4 interface.
  • Fixed case CPANEL-3068: Improve MultiPHP invalid domain name handling.
  • Fixed case CPANEL-3072: Added full URL to display config links to fix OIDC in proxy subdomains.
  • Fixed case CPANEL-3074: Remove Gzip page compression Tweak Setting as it is now auto discovered.
  • Fixed case CPANEL-3092: Ensure NSCD logging is disabled.
  • Fixed case CPANEL-3102: Fix icon locale text - added new way to get locale obj.
  • Fixed case CPANEL-3115: Fix incorrect values for MINIMUM and REFRESH TTLs in the SOA.
  • Fixed case CPANEL-3117: Fix broken retro icons that cause inconsistent sprite map generation.
  • Fixed case CPANEL-3122: Improve logging when commiting sync v2 fails.
  • Fixed case CPANEL-3125: Fix relative urls on paper lantern landing page.
  • Fixed case CPANEL-3126: Avoid to remove cpanelsync.nodecompress during updates.
  • Fixed case CPANEL-3128: User Manager: Prevent bad password hash from being stored by AdminBin.
  • Fixed case CPANEL-3134: Suppress spurious used only once warnings in cPanel installer.
  • Fixed case CPANEL-3140: Switch paper lantern home icon to match name and avoid duplication.
  • Fixed case CPANEL-3153: Made Cpanel::Mysql::DiskUsage ensure the path to the file.
  • Fixed case CPANEL-3156: Fixed issue with inpage warning styles from API.
  • Fixed case CPANEL-3158: Terminate an Account does not always remove MySQL databases.
  • Fixed case CPANEL-3160: SECURITY: Add authz for Cpanel::Mysql::listprivs.
  • Fixed case CPANEL-3161: Log from pl_update_users script should use quant.
  • Fixed case CPANEL-3163: Fix invalid error message when adding a package with invalid characters.
  • Fixed case CPANEL-3168: Improve failure mode behaviours of Cpanel::IP::Convert.
  • Fixed case CPANEL-3170: Fix xml-api acl name for openid configuration.
  • Fixed case CPANEL-3176: Executing the /bin/ip program needs absolute path specificed when called from whostmgr binaries.
  • Fixed case CPANEL-3177: Update_neighbor_netblocks hangs forever with a large number of ips.
  • Fixed case CPANEL-3179: Ensure root can always xfer to accounts they own.
  • Fixed case CPANEL-3181: CPHulk: Do not count good login as hits.
  • Fixed case CPANEL-3182: Fixed issue with WebMail templates on Horde Resize.
  • Fixed case CPANEL-3187: Update cPanel disabled icon in WHM to match new style.
  • Fixed case CPANEL-3196: Fixed quota setting on account creation.
  • Fixed case CPANEL-3203: Remove calls to nonexistent functions.
  • Fixed case CPANEL-3210: User Manager: Create subaccount storage with correct file mode.
  • Fixed case CPANEL-3211: Clean temporary sprite files from bin/sprite_generator.
  • Fixed case CPANEL-3214: Reset environment for each batched UAPI call.
  • Fixed case CPANEL-3223: Generate sprite images consistently.
  • Fixed case CPANEL-3227: Fix link to Tweak Settings from List Accounts.
  • Implemented case CPANEL-3222: Skip authn links if they’re missing on account rename.
  • Fixed case CPANEL-2322: Prevent building locale js on build servers.
  • Fixed case CPANEL-3006: New upstream release Git 2.6.4-1.cp1154.
  • Fixed case CPANEL-3018: User Manager: Miscellaneous bug fixes.
  • Fixed case CPANEL-3053: Cpanelsync should not fail when not downloading files.
  • Fixed case CPANEL-3054: Allow total, unconditional suppression of fast_update usage.
  • Fixed case CPANEL-3063: Fix group indexing in sea of icons.
  • Fixed case CPANEL-3073: Ensure locale JS files are put in the proper cpanelsync source.
  • Fixed case CPANEL-3096: Do not die when a cpanelsync staged file commit fails to move into place.
  • Fixed case CPANEL-3101: Do not produce compressed js/css files for cpsrvd during build.
  • Fixed case CPANEL-3105: Change Features in sidebar back to Home.
  • Fixed case CPANEL-3116: Adjusted CSS for pagination input width and button placement.
  • Fixed case CPANEL-3118: Fail builds if theme cpanelsync targets exist in the cpanel cpanelsync tree.
  • Fixed case CPANEL-772: Add error reporting and race lock workaround to js locale build.
  • Fixed case CPANEL-901: Fixed isdedicatedip() results when performing set_reseller_mainip().
  • Fixed case CPANEL-1572: Generate DKIM headers if sender address has capitals.
  • Fixed case CPANEL-1730: Gather-update-logs: avoid stating many files unnecessarily.
  • Fixed case CPANEL-2037: Maildir Migrations: Handle unknown subscription prefixes properly.
  • Fixed case CPANEL-2124: Fixed alignment of columns on Paper Lantern Email Accounts.
  • Fixed case CPANEL-2187: Preserve UI functionality in Paper Lantern when over quota.
  • Fixed case CPANEL-2232: X3 Statsbar: Raise AJAX timeout to 15 seconds.
  • Fixed case CPANEL-2276: Fixed issue with feature lists containing special characters.
  • Fixed case CPANEL-2359: Include the php-fpm error log in the restartsrv output on failure.
  • Fixed case CPANEL-2402: Allow system accounts with reseller privileges to login to WHM.
  • Fixed case CPANEL-2497: CPHulk: Do username-based protection when IP-based is off.
  • Fixed case CPANEL-2571: PostgresAdmin warns when the user has no databases.
  • Fixed case CPANEL-2581: Suppressed log noise from NSCD by sending it to /dev/null.
  • Fixed case CPANEL-2598: Set Hostname: Remove lock when an invalid hostname is specified.
  • Fixed case CPANEL-2705: Allow the login page to function when an OIDC provider is broken.
  • Fixed case CPANEL-2711: Ensure mailips and mailhelo files are built on conf change.
  • Fixed case CPANEL-2749: Ensure SMTP restrictions can be enabled in non-English locales.
  • Fixed case CPANEL-2767: Pkgacct leaves packaging dir behind.
  • Fixed case CPANEL-2795: Ensure apitool has the proper dependencies loaded.
  • Fixed case CPANEL-2795: Allow use of enable_monitor_all_enabled_services API call on DNSONLY.
  • Fixed case CPANEL-2820: Remove redundant rpm_locations entries from etc/rpm.versions.
  • Fixed case CPANEL-2820: Remove all obsolete rpms which were obsolete in 11.52.
  • Fixed case CPANEL-2820: Add lowest_cpanel_version_supported to url_templates. Simplifies rpm.versions.
  • Fixed case CPANEL-2838: Gather-update-logs: fix version check for new version numbers.
  • Fixed case CPANEL-2838: Gather-update-logs: fix warnings in test script.
  • Fixed case CPANEL-2838: Gather-update-logs: correctly detect when services are down.
  • Fixed case CPANEL-2838: Gather-update-logs: check up-to-date list of binaries.
  • Fixed case CPANEL-2842: Fix splitlogs when using wildcard domains.
  • Fixed case CPANEL-2847: Many changes to EA4 UI and bug fixes.
  • Fixed case CPANEL-2848: Teach cpsrvd to look for index.html.tt in addition to index.html.
  • Fixed case CPANEL-2856: Add localips to recently auth mail ips ignore list.
  • Fixed case CPANEL-2857: Update cpanel-perl-514-Mail-SpamAssassin to 3.004001-3.cp1146.
  • Fixed case CPANEL-2860: Fix typo in Exim configuration help text.
  • Fixed case CPANEL-2870: Add ‘oauth’ and ‘oidc’ to command2 search.
  • Fixed case CPANEL-2871: FTP Accounts: Use whole numbers for quotas.
  • Fixed case CPANEL-2873: Scroll bars are mismatched sizes in webkit browsers in the Transfer Tool.
  • Fixed case CPANEL-2874: Exim logs a spurious maildirsizefile warning when reading the file manually.
  • Fixed case CPANEL-2882: Suppress spurious warning from cpsrvd when the user password cache is not built.
  • Fixed case CPANEL-2883: Set_hostname: exit 0 on success.
  • Fixed case CPANEL-2886: Prevent API1 calls from writing directly to the socket.
  • Fixed case CPANEL-2893: Fix dead upcp-log tailer in WHM UI.
  • Fixed case CPANEL-2896: Assure scripts/redhat5_pathtools_fixer only operates against /usr/bin/perl.
  • Fixed case CPANEL-2898: Avoid calls of CGI::param in array context.
  • Fixed case CPANEL-2913: Remove code to disable EntropyChat.
  • Fixed case CPANEL-2922: Suspended email users should invalidate their current sessions.
  • Fixed case CPANEL-2925: Fix UAPI Ftp::list_ftp_with_disk to show anonymous quota.
  • Fixed case CPANEL-2932: Altered color in svg logos to match the brand guidelines.
  • Fixed case CPANEL-2936: Resolve forward merge conflict with cPanel Post Install.
  • Fixed case CPANEL-2938: New upstream release MySQL 5.5.47-1.cp1148.
  • Fixed case CPANEL-2950: Pkgacct: provide error message when missing user.
  • Fixed case CPANEL-2953: Update Geo::IPfree data files.
  • Fixed case CPANEL-2961: New upstream release MySQL 5.6.28-1.cp1148.
  • Fixed case CPANEL-2968: Paper Lantern: Display unlimited quotas for FTP accounts properly.
  • Fixed case CPANEL-2969: Fix URI munging in dodoc_webmaild() in cpsrvd.
  • Fixed case CPANEL-2983: Modify OpenSSL Blocker to deal with other languages.
  • Fixed case CPANEL-2990: Adjusted wrap min-height calculation to fix unnecessary scroll.
  • Fixed case CPANEL-2995: Race condition prevents some JS locales from being built (rot.
  • Fixed case CPANEL-2996: Paper Lantern Webmail: Embed CSS files from css2-min correctly.
  • Fixed case CPANEL-2999: Revert to CSS background for ext auth provider logos.
  • Fixed case CPANEL-3003: Fix dovecot RPM to require Unix::Sysexits before install.
  • Fixed case CPANEL-3009: Setupmailserver: don’t try to look up Courier certs.
  • Fixed case CPANEL-3013: Fix multi-user select on WHM’s Assign IPv6 page.
  • Fixed case CPANEL-3014: Repair IPv6 Javascript validators.
  • Fixed case CPANEL-3023: Hide the cPHulk Feature Showcase item if cPHulk is disabled on the server.
  • Fixed case CPANEL-3025: /etc/cpanel/ea4/php.conf can be updated when PHP isn’t installed.
  • Fixed case EA-3931: Added Opcache to EA3 -> EA4 Mapping.
  • Implemented case CPANEL-2645: Audit UTF8 roundtrip when using JSON::XS.
  • Implemented case CPANEL-2722: NVData cache is never regenerated if corrupt.
  • Implemented case CPANEL-2726: Show external auth link errors to user.
  • Implemented case CPANEL-2739: CPHulk Config: Use default values for empty keys.
  • Implemented case CPANEL-2739: CPHulk: Allow Username-based Protection against local IPs only.
  • Implemented case CPANEL-2739: CPHulk: Showcase local IP Username-based Protection.
  • Implemented case CPANEL-2746: Implement SRS support for the Basic Exim Config editor.
  • Implemented case CPANEL-2773: Block CentOS 6 from upgrading to 11.54 if OpenSSL does not support TLSv1.2.
  • Implemented case CPANEL-2791: Suspend incoming mail for email account, plus batch UAPI.
  • Implemented case CPANEL-2823: User Manager Project - Release 3.
  • Implemented case CPANEL-2839: Enable IPv6 listen on named when shared IPv6 is configured.
  • Implemented case CPANEL-2840: Implemented HTML5 drag and drop behavior in angular app list.
  • Implemented case CPANEL-2841: IPv6 validation and expansion refactoring.
  • Implemented case CPANEL-2846: Resolver configuration supports IPv6 and multiple IPv6 account selection.
  • Implemented case CPANEL-2849: Set cPanel and external authn provider logos to SVG.
  • Implemented case CPANEL-2850: Use AJAX call for getting notifications count.
  • Implemented case CPANEL-2878: Frontend/THEME without a slash is a redirect loop.
  • Implemented case CPANEL-2889: Improve logging of Security Policy violations.
  • Implemented case CPANEL-2889: 2FA: Issuer field should not ignore leading/trailing white-space.
  • Implemented case CPANEL-2890: Open ID Login support for webmail and WHM.
  • Implemented case CPANEL-2892: EA4 PHP Handler and MultiPHP Refactor.
  • Implemented case CPANEL-2894: Update localized strings for User Manager.
  • Implemented case CPANEL-2915: Allow cPanel users to unlink their webmail users OIDC links.
  • Implemented case CPANEL-2916: Harvested Phrases for COBRA-1578.
  • Implemented case CPANEL-2917: Block OIDC logins when an email user is suspended.
  • Implemented case CPANEL-2919: Added a min-height to prevent link box from overlapping icon.
  • Implemented case CPANEL-2924: Added authn link renaming on changeusername and change domain.
  • Implemented case CPANEL-2927: Resolve conflict with icon_type in the Manage External Auth for email.
  • Implemented case CPANEL-2934: External Auth for mail css not published.
  • Implemented case CPANEL-2952: Made the php-fpm start/restart failures show the log file path.
  • Implemented case CPANEL-2963: MultiPHP Refactor: Clarify/Consistify names.
  • Implemented case CPANEL-2966: Harvest MutliPHP refactor.
  • Fixed case CPANEL-1164: Fixed ProFTPd settings for passive ftp being updated.
  • Fixed case CPANEL-1475: Avoid trying to restart tailwatchd in fresh installations.
  • Fixed case CPANEL-1497: Fix Japanese mistranslation in Aliases page.
  • Fixed case CPANEL-1681: Fix restoration of mailing lists with characters between 128 and 255.
  • Fixed case CPANEL-1788: Don’t flag new options as invalid in Basic Setup.
  • Fixed case CPANEL-1798: Disable EntropyChat upon installation.
  • Fixed case CPANEL-1800: Clean up IPv6 addresses on account removal.
  • Fixed case CPANEL-1900: Restore contact email for transferred accounts.
  • Fixed case CPANEL-1909: Fix issue with vertical scrollbar not going away in Webmail.
  • Fixed case CPANEL-2027: Manage MySQL Profiles: Fixed validation on the Add Profile page.
  • Fixed case CPANEL-2185: Fixed the JS/CSS 404 bugs on the Auto Responders page.
  • Fixed case CPANEL-2282: Paper Lantern: Fix 404 errors on the Track Delivery page.
  • Fixed case CPANEL-2360: Don’t enable nscd by default if there are multiple UID 0 users.
  • Fixed case CPANEL-2362: Convert MAX_EMAIL_QUOTA and DEFAULT_EMAIL_QUOTA constants to numbers.
  • Fixed case CPANEL-2395: Fixed bug with removing users from databases in paper lantern.
  • Fixed case CPANEL-2430: Paper Lantern: Fix 404 errors on the Mail Archive page.
  • Fixed case CPANEL-2487: WHM: Terminate Account should not leave progress dialogs open upon completion.
  • Fixed case CPANEL-2489: Update cPanel::PublicAPI rpm to version 2-1.cp1146.
  • Fixed case CPANEL-2503: Ignore NS records when trying to resolve IP addresses.
  • Fixed case CPANEL-2505: Don’t warn if default kernel version can’t be detected.
  • Fixed case CPANEL-2555: Permit setting email destinations on DNSONLY.
  • Fixed case CPANEL-2564: Restart clamd even if an extraneous init script exists.
  • Fixed case CPANEL-2575: Load Cpanel::Regex quietly from Cpanel::Carp.
  • Fixed case CPANEL-2582: Update sysinfo code to not run rpm as unprivileged user.
  • Fixed case CPANEL-2587: Improve MIME::Type detection for attachment files.
  • Fixed case CPANEL-2605: Improve handling of JSON-encoded number in PL email page.
  • Fixed case CPANEL-2626: Update WHMCS OpenID Provider module.
  • Fixed case CPANEL-2629: Email Accounts: Use whole numbers for quotas.
  • Fixed case CPANEL-2637: Ensure Horde connections can be made when TLSv1.0 is disabled.
  • Fixed case CPANEL-2639: Fixed bug in handling of UTF-8 characters for global filter rules.
  • Fixed case CPANEL-2652: Replace underscore with lodash in more places.
  • Fixed case CPANEL-2654: Fix uninitialized value warnings on User Manager page.
  • Fixed case CPANEL-2658: Fix encoding on login page.
  • Fixed case CPANEL-2660: Paper Lantern Track Delivery: Prevent options from appearing above the header.
  • Fixed case CPANEL-2663: Skip FTP quota check if quota value is not numeric.
  • Fixed case CPANEL-2675: Suppress spurious warnings in cpsrvd.
  • Fixed case CPANEL-2680: Improve performance of CPANEL_LOTS_OF_EMPTY_LINE_HTML SpamAssassin rule.
  • Fixed case CPANEL-2688: Fix URL detection for Bitbucket Server.
  • Fixed case CPANEL-2692: WHM API 1: allow root to operate on its own account.
  • Fixed case CPANEL-2696: Update RPMs for TLS 1.2 and ECC support.
  • Fixed case CPANEL-2724: Add .ptt files to the template cache build process.
  • Fixed case CPANEL-2744: User Manager: Identify and report Web Disk creation errors.
  • Fixed case CPANEL-2747: Ensure SMTP restrictions are restored on CentOS 7.
  • Fixed case CPANEL-2771: cpsrvd: properly update quota cache.
  • Fixed case CPANEL-2815: Improve error reporting for copying an account with user password.
  • Implemented case CPANEL-2467: Inform the user when there’s a backend OIDC problem.
  • Implemented case CPANEL-2519: Paper Lantern Webmail overlay should point to preference drop down.
  • Implemented case CPANEL-2521: User should be able to go to sidebar links from feature search.
  • Implemented case CPANEL-2522: Add padding to the top of the webmail pages.
  • Implemented case CPANEL-2524: Improve system response on “access_denied” OAuth2 response.
  • Implemented case CPANEL-2527: Update, create RPMs for UI work.
  • Implemented case CPANEL-2528: User Manager Project - Release 2.
  • Implemented case CPANEL-2536: Fix escaping for PgSQL DB names with special characters in x3.
  • Implemented case CPANEL-2546: Fix MySQL privs assignment/revocation URI escaping in PL.
  • Implemented case CPANEL-2550: Fix HTML- and URI-escaping for SQL wizards in Paper Lantern.
  • Implemented case CPANEL-2551: HTML Elements in tables in notifications no longer get double encoded.
  • Implemented case CPANEL-2554: Fix API1 Postgres::deluser() error message.
  • Implemented case CPANEL-2560: Add UI include points to cPanel sidebar pages.
  • Implemented case CPANEL-2578: Treat failures to write CDS cache files as non-fatal.
  • Implemented case CPANEL-2586: Disable external auth providers that can’t work.
  • Implemented case CPANEL-2630: Ensure OpenID errors are shown instead of timeout.
  • Implemented case CPANEL-2638: Allow email account suspension and password verification.
  • Implemented case CPANEL-2640: Implement cPanelID for cpaneld.
  • Implemented case CPANEL-2651: Fix OIDC logins when one provider is corrupt.
  • Implemented case CPANEL-2656: Fix error message first time you login.
  • Implemented case CPANEL-2659: Require HTTPS for external authentication in cpsrvd.
  • Implemented case CPANEL-2667: Support passing though security tokens with OIDC.
  • Implemented case CPANEL-2682: Report OIDC “userinfo” failures more usefully.
  • Implemented case CPANEL-2697: Make OIDC well-known config failures not “grow” dest_uri.
  • Implemented case CPANEL-2698: Inform user to click Apply/Save to apply changes.
  • Implemented case CPANEL-2699: Implement Two-Factor Authentication for cPanel and WHM web interfaces.
  • Implemented case CPANEL-2699: CPHulk: Count all bad requests as ‘hits’ when 2FA security policy is enabled.
  • Implemented case CPANEL-2700: Allow for custom RPMs to be signed with third-party vendor keys.
  • Implemented case CPANEL-2709: Added SSH free pkgacct and log streaming to transfers.
  • Implemented case CPANEL-2721: Convert Whostmgr::ACLS::Cache to use JSON caching.
  • Implemented case CPANEL-2740: Create a well known endpoint for cPanelID.
  • Implemented case CPANEL-2745: Remove legacy closefds from uapi.
  • Implemented case CPANEL-2752: File Manager not showing files because of mime load failure.
  • Implemented case CPANEL-2763: Fix padding on token-denied page.
  • Implemented case CPANEL-2766: Prevent HTML entities from going into DynamicUI caches.
  • Fixed case CPANEL-1208: Ensure privileges are dropped to the expected group.
  • Fixed case CPANEL-1271: Fixed upper/lower-case issue with ftp accounts.
  • Fixed case CPANEL-1284: Fixed bug that disallowed creation of 0@domain.com email users.
  • Fixed case CPANEL-1327: Fixed bug in queueprocd causing ready tasks not to run when expected.
  • Fixed case CPANEL-1357: Fix display of feature list names containing + in Edit a Package.
  • Fixed case CPANEL-1361: xfertool: allow odd numbers of nameservers.
  • Fixed case CPANEL-1395: Improve error handling of userdata guard.
  • Fixed case CPANEL-1424: Fix broken locale string.
  • Fixed case CPANEL-1424: Include pending queue when exporting a locale.
  • Fixed case CPANEL-1453: Don’t corrupt non-ASCII subjects when adding spam header.
  • Fixed case CPANEL-1626: Cpanel::Sync::v2 needs to update digest cache from sync children.
  • Fixed case CPANEL-1651: Restore zones added through Add a DNS Zone.
  • Fixed case CPANEL-1978: Restore RSS to Cpanel::ConfigFiles via lazy loading.
  • Fixed case CPANEL-1996: Fixed angular inf-dig loop on List Databases.
  • Fixed case CPANEL-2008: Avoid parsing DirName entries in subjectAltName X.509 extensions.
  • Fixed case CPANEL-2066: Don’t fail to backup with remote file systems.
  • Fixed case CPANEL-2137: Prevented duplicate cpanel-all.min.js file from being loaded.
  • Fixed case CPANEL-2150: check_mysql: don’t fail if non-root UID 0 users exist.
  • Fixed case CPANEL-2246: New Tweak: Allow WHM users to create sub domains across accounts.
  • Fixed case CPANEL-2273: Fix/refactor Cpanel::SafeRun::Object::new_or_die()’s signal response.
  • Fixed case CPANEL-2341: Fix mistranslation of “Databases” in German.
  • Fixed case CPANEL-2344: Fix broken CSS when deleting user from MySQL database.
  • Fixed case CPANEL-2347: Deleting cPanel Account does not generate an iContact Notificaton.
  • Fixed case CPANEL-2351: Preserve IP information in eximstats database.
  • Fixed case CPANEL-2351: Improve debuggability of eximstats processing.
  • Fixed case CPANEL-2358: Updated existing docroot install check to check against full dir path.
  • Fixed case CPANEL-2361: Resolved stack trace due to missing Attracta components.
  • Fixed case CPANEL-2366: Remove additional CJT from being loaded on specific pages.
  • Fixed case CPANEL-2371: Implement WHM API 1 listaccts want parameter.
  • Fixed case CPANEL-2375: Invalidate browser cache for JS files loaded via RequireJS on upgrades.
  • Fixed case CPANEL-2388: Backup: add missing dependency on Cpanel::Time::Split.
  • Fixed case CPANEL-2391: Fixed text when no PHP is available.
  • Fixed case CPANEL-2399: Cleanup possible existing PHP-DSO conflicts.
  • Fixed case CPANEL-2400: DNSONLY: stop dnsadmin on upgrade if it is not a daemon.
  • Fixed case CPANEL-2413: Reorder mail filter matching to be more user friendly.
  • Fixed case CPANEL-2417: Resolve regex warning in openidconnect code for perl 5.22.
  • Fixed case CPANEL-2424: Fixed improper invocation of Cpanel::Exception with list in message.
  • Fixed case CPANEL-2443: Allow ability to create email addresses with “0” as the local part.
  • Fixed case CPANEL-2454: Replace uses of Digest::SHA1 with Digest::SHA.
  • Fixed case CPANEL-2483: Fix typo in call to _get_map_reader().
  • Fixed case CPANEL-2485: Ensure Modify Account does not clear jailshell setting.
  • Fixed case CPANEL-2504: Add in missing templates for x3 MySQL pages.
  • Fixed case CPANEL-2513: Improve variable passing in a private function.
  • Fixed case CPANEL-2525: Force popbeforesmtp to off on DNSONLY systems.
  • Fixed case CPANEL-2555: Permit setting email destinations on DNSONLY.
  • Fixed case CPANEL-2557: Webmail: Users with delegation must be able access the Mailing Lists interface.
  • Fixed case CPANEL-2568: Remove extra newline in multiparts iContact emails.
  • [security] Fixed case SEC-29: Sensitive data revealed to subaccounts through comet feeds.
  • [security] Fixed case SEC-60: Email sending limit bypass.
  • [security] Fixed case SEC-64: Unauthenticated arbitrary code execution via DNS NS entry poisoning.
  • [security] Fixed case SEC-65: Unauthorized password changes via Webmail API commands.
  • [security] Fixed case SEC-66: WHM API allows for unauthorized zone modification.
  • Implemented case CPANEL-2107: Improve EA 4 UI to allow MPM and module selection.
  • Implemented case CPANEL-2174: Removed comments when showing directive values in MultiPHP interface.
  • Implemented case CPANEL-2252: Use kernel splice for Cpanel::IO::Tarball, with fallback.
  • Implemented case CPANEL-2300: Adjusted styles on login pages to account for ext auth.
  • Implemented case CPANEL-2310: Properly color External Auth notifications.
  • Implemented case CPANEL-2311: Add php-xml module when converting EA3 profile to EA4.
  • Implemented case CPANEL-2334: Update libmariadb to use /var/lib/mysql/mysql.sock.
  • Implemented case CPANEL-2346: Remove legacy load_userfile_as_root function.
  • Implemented case CPANEL-2372: Ensure warnings are shown in cPanel during api1 calls in template toolkits.
  • Implemented case CPANEL-2373: Added a new output format option for pkgacct and API.
  • Implemented case CPANEL-2374: Support dest_uri for openid connect logins.
  • Implemented case CPANEL-2376: Added passwd to the publish files for paper lantern.
  • Implemented case CPANEL-2379: Basic Settings now allows ADDR6 entry to be empty or emptied.
  • Implemented case CPANEL-2380: Add log rotation for the cpanel_php_fpm logs.
  • Implemented case CPANEL-2381: Exim remote IPs and smarthosts now allow IPv6.
  • Implemented case CPANEL-2383: Fix DB UIs (x3 & Paper Lantern) and APIs for new naming allowances.
  • Implemented case CPANEL-2397: Added Expand/Collapse functionality back to the Sea of Icons.
  • Implemented case CPANEL-2414: Resolved issue where slow connection speeds broke.
  • Implemented case CPANEL-2418: Improve logic for removal of users.
  • Implemented case CPANEL-2419: Resolve logo alignment on the login pages with an LG G4.
  • Implemented case CPANEL-2434: Modernize the reseller center interface.
  • Implemented case CPANEL-2458: Add help and multiple dbbackup options to pkgacct.
  • Implemented case CPANEL-2491: New icons for cPanel.
  • Implemented case CPANEL-2509: Update preview screenshots for cPanel styles.
  • Implemented case CPANEL-2534: Fixed issue with notice displaying twice.
  • Implemented case CPANEL-2552: Resolve invalid html output when license file missing in WHM.
  • Fixed case CPANEL-675: Remove the use of antirelayd from exim.
  • Fixed case CPANEL-708: Dropped deprecated “Old Style Spam system” exim configuration option.
  • Fixed case CPANEL-792: Mark skipantirelayd as dead in 11.54.
  • Fixed case CPANEL-797: Remove ancient entropychat.
  • Fixed case CPANEL-799: Remove pythonup.
  • Fixed case CPANEL-809: Remove taskqueue upgrade code from 11.54.
  • Fixed case CPANEL-817: Remove obsolete Cpanel::Compat::DBI.
  • Fixed case CPANEL-817: Remove obsolete Cpanel::Compat::DBDPg.
  • Fixed case CPANEL-827: Configure /var/log/named in /etc/named.conf.
  • Fixed case CPANEL-843: Revert the use of override Time::Local to the one provided by RPM.
  • Fixed case CPANEL-894: Remove rebuildeximbsd.
  • Fixed case CPANEL-946: Make Cpanel::AdminBin::Call::call() have the namespace as first argument.
  • Fixed case CPANEL-978: Add pre and post hook points to rearrange account.
  • Fixed case CPANEL-990: Don’t handle MySQL/MariaDB upgrades when mysql_governor is installed.
  • Fixed case CPANEL-1008: Reduce the number of stat()s significantly in PsParser.pm.
  • Fixed case CPANEL-1137: Change to use cPanel::PublicAPI from CPAN.
  • Fixed case CPANEL-1141: Fix custom cPanel error pages not being displayed.
  • Fixed case CPANEL-1147: Restore Net::AIM and Net::OSCAR to fix builds.
  • Fixed case CPANEL-1295: Get rid of version-specific Horde empty-db suffix.
  • Fixed case CPANEL-1349: Restore missing titles on Paper Lantern pages on 11.54.
  • Fixed case CPANEL-1362: Adjust SOA record in Zone templates to match recommended TTL values.
  • Fixed case CPANEL-1391: Changed style on Toggle switch to better localize.
  • Fixed case CPANEL-1406: Limit use of chdir in Cpanel::Horde::DB.
  • Fixed case CPANEL-1411: Remove function name as argument to pre_exec_hook() in AdminBin Call base.
  • Fixed case CPANEL-1412: Fix biased output in Cpanel::Rand::Get.
  • Fixed case CPANEL-1417: Fixed select all checkbox on WHM Greylisting Trusted Hosts.
  • Fixed case CPANEL-1441: Use port 587 for outgoing mail from Horde.
  • Fixed case CPANEL-1470: Namespaced CJT Toggle switch to prevent style leak.
  • Fixed case CPANEL-1481: Optimize binary startup time.
  • Fixed case CPANEL-1488: Test for restriction on root bw DB cache.
  • Fixed case CPANEL-1504: Fix biased output in Cpanel::Rand::Get.
  • Fixed case CPANEL-1504: Improve error handling in Cpanel::Rand::Get.
  • Fixed case CPANEL-1532: Remove Attracta support code.
  • Fixed case CPANEL-1534: Fix rendering of DateTime in xml-api.
  • Fixed case CPANEL-1536: Fix logout button alignment in paper lantern.
  • Fixed case CPANEL-1538: WHM Manage MySQL Profiles: Fixed alignment of the Edit icon.
  • Fixed case CPANEL-1541: Fixed expand stats in retro style.
  • Fixed case CPANEL-1580: Consolidate homedir init logic for new cPanel users (real and temp).
  • Fixed case CPANEL-1639: Allow root logins to cpanel to fail gracefully.
  • Fixed case CPANEL-1668: Added localization support for EA4 profile RPMs.
  • Fixed case CPANEL-1677: WHM cPHulk: Added disabled styles to the gear dropdown.
  • Fixed case CPANEL-1686: Highlight Error lines when displaying yum output.
  • Fixed case CPANEL-1728: WHM cPHulk: Sorting by comment includes a secondary sort by IP address.
  • Fixed case CPANEL-1756: Removed ancient pkgfix script.
  • Fixed case CPANEL-1757: Fix Paper Lantern integration icons.
  • Fixed case CPANEL-1767: Fixed text clipping in toggle when using non-en locale in cPHulk and Greylisting.
  • Fixed case CPANEL-1768: Report an error if FTP account creation fails with addon domains.
  • Fixed case CPANEL-1786: Convert WebDisk configuration landing page to bootstrap.
  • Fixed case CPANEL-1787: Changed Apache configuration defaults to match PCI recommendations.
  • Fixed case CPANEL-1794: Convert List Parked Domains to boostrap.
  • Fixed case CPANEL-1795: Make DAV SSL port lookup more robust.
  • Fixed case CPANEL-1814: Fix IPv6 DNS resolution with Perl <5.14 when missing dig.
  • Fixed case CPANEL-1828: Add restartsrv_cpipv6 to allow unbinding and rebinding of IPv6 addresses.
  • Fixed case CPANEL-1833: Allow sesellers with the all privilege to use Add to Mail Config feature.
  • Fixed case CPANEL-1868: Exim support for outgoing mail on account’s assigned IPv6 address.
  • Fixed case CPANEL-1915: Improve binary performance and memory usage.
  • Fixed case CPANEL-1955: Update DBD::Pg to 3.5.3.
  • Fixed case CPANEL-2002: Focus to feature search on home and dashboard.
  • Fixed case CPANEL-2003: Fixing padding issues with header in webmail.
  • Fixed case CPANEL-2018: Installer: touch Exim IPv6-related file correctly.
  • Fixed case CPANEL-2022: Fix the base url in WHM MultiPHP apps.
  • Fixed case CPANEL-2024: IPv6 improvements and SPF support.
  • Fixed case CPANEL-2028: Remove italic font styling from placeholder text on login pages.
  • Fixed case CPANEL-2059: User Manager Project - Release 1.
  • Fixed case CPANEL-2123: Backup SpamAssassin configuration during system backup.
  • Fixed case CPANEL-2168: Restore batch call performance in WHM json/xml api.
  • Fixed case CPANEL-2218: Bump Exim from cp1148 to exim-4.86-3.cp1154.
  • Fixed case CPANEL-2225: Major refactor of migrate_ea3_to_ea4.
  • Fixed case CPANEL-2254: Reduce polling requests for service status in WHM cPHulk.
  • Fixed case CPANEL-2254: Reduce polling requests for service status in WHM Greylisting.
  • Fixed case CPANEL-2270: Remove prelinking support.
  • Fixed case CPANEL-2349: Update cpanel-git to 2.6.3-1.cp1150.
  • Fixed case CPANEL-2354: Remove killacct script.
  • Implemented case CPANEL-897: Optimize login process and paper_lantern webmail access.
  • Implemented case CPANEL-909: Compile restartsrv_base to speed up chkservd runs.
  • Implemented case CPANEL-914: Encrypt AIM and ICQ message sending.
  • Implemented case CPANEL-1162: Reuse AIM and ICQ logins to minimize rate limiting.
  • Implemented case CPANEL-1212: Add feature list support to the WebDisk API.
  • Implemented case CPANEL-1296: OpenID Connect support merge.
  • Implemented case CPANEL-1345: Ensure CalDAV/CardDAV work after changing the hostname.
  • Implemented case CPANEL-1352: Allow the cPanel user to enable/disable the global shared addressbook.
  • Implemented case CPANEL-1393: API to create per user cPanel Integration Links.
  • Implemented case CPANEL-1398: Updating new icons for cPanel Paper Lantern.
  • Implemented case CPANEL-1401: Remove unused parameter from backend calls.
  • Implemented case CPANEL-1404: Move the bulk of the DAV config code into its own module.
  • Implemented case CPANEL-1415: UI now has access to upgrade to MariaDB 10.1.
  • Implemented case CPANEL-1416: Hide private shared address book in Horde sidebar.
  • Implemented case CPANEL-1425: Reduce bloat in boxtrapper web UI.
  • Implemented case CPANEL-1433: Avoid loading cpanel.config for simple form parses in Cpanel::Form.
  • Implemented case CPANEL-1451: Display version numbers without 11. in WHM and cPanel.
  • Implemented case CPANEL-1456: Upgrade server config and packages to use Paper Lantern.
  • Implemented case CPANEL-1479: Update IO::Interface to 1.06-2.cp1146.
  • Implemented case CPANEL-1486: PwDiskCache should attempt to use the memory cache before disk reads.
  • Implemented case CPANEL-1489: Change MariaDB 10.1 tag to Release Candidate.
  • Implemented case CPANEL-1494: Remove unused table in the hulk database.
  • Implemented case CPANEL-1499: Adding ability to convert EA3 profiles to EA4 ones.
  • Implemented case CPANEL-1503: Avoid affecting Retro style with dashboard changes.
  • Implemented case CPANEL-1505: Replace all usage of BSD::Resource with Cpanel::Sys::Rlimit.
  • Implemented case CPANEL-1527: Create Cpanel::IO::Mmap to standardize reading mmaped files.
  • Implemented case CPANEL-1540: Added button in WHM to run yum update to update server software.
  • Implemented case CPANEL-1549: Simplify non-cryptographic hash generation in Cpanel::Hash.
  • Implemented case CPANEL-1553: Improve localization in MySQL Upgrade.
  • Implemented case CPANEL-1576: Optimize feature list lookups.
  • Implemented case CPANEL-1591: Add FPM Support.
  • Implemented case CPANEL-1636: WHM Update Preference should show three part version number.
  • Implemented case CPANEL-1637: Bandwidth graphs should not be cut off.
  • Implemented case CPANEL-1696: Add an upgrade blocker to stop servers using Courier from upgrading to 11.54.
  • Implemented case CPANEL-1697: Remove the Courier mailserver from the product.
  • Implemented case CPANEL-1701: Ability to assign shared IPv6 address to accounts.
  • Implemented case CPANEL-1705: Create new icon set for cPanel.
  • Implemented case CPANEL-1708: Implemented main icon screen in AngularJS.
  • Implemented case CPANEL-1724: Sprite Generation does not happen for x3.
  • Implemented case CPANEL-1750: Fix android filename encoding with multi-byte characters.
  • Implemented case CPANEL-1773: Optimize loading of Paper Lantern.
  • Implemented case CPANEL-1811: Improve Disk Status subject line for chkservd iContact message.
  • Implemented case CPANEL-1823: update_horde_config: improve error handling.
  • Implemented case CPANEL-1826: Improve PHP FPM support.
  • Implemented case CPANEL-1873: Further improve PHP FPM.
  • Implemented case CPANEL-1897: Fix lchown-related error messages, and remove unneeded modules.
  • Implemented case CPANEL-1922: Add the ability to restore integration links.
  • Implemented case CPANEL-1935: Migrate users away from x3 and x3mail on upgrade.
  • Implemented case CPANEL-1948: Dashboard for Paper Lantern.
  • Implemented case CPANEL-1956: Allow (almost) any printable ASCII character in a database name.
  • Implemented case CPANEL-1979: Prefer /var/lib/mysql/mysql.sock over /tmp/mysql.sock.
  • Implemented case CPANEL-1990: Added External Authentication (OpenID Connect).
  • Implemented case CPANEL-2000: Improve the speed of listing mailing lists when there are lots of lists.
  • Implemented case CPANEL-2006: Simplify PHP FPM support.
  • Implemented case CPANEL-2015: Resolve conflicts between external auth and PHP FPM.
  • Implemented case CPANEL-2023: Changed ‘Account Security’ to ‘Password & Security’.
  • Implemented case CPANEL-2038: Fixed incorrect exception in restore.
  • Implemented case CPANEL-2052: Replace 10 with On/Off in cPanel&WHM INI Editors.
  • Implemented case CPANEL-2076: Fix issue where Paper Lantern didn’t render proper maketext.
  • Implemented case CPANEL-2100: More PHP FPM improvements.
  • Implemented case CPANEL-2101: More PHP FPM improvements.
  • Implemented case CPANEL-2122: Ensure users stay on x3 with custom branding.
  • Implemented case CPANEL-2127: Updated INI editor to new CJT toggle switches.
  • Implemented case CPANEL-2173: Improve listaccts speed when listing more than 1000 accounts.
  • Implemented case CPANEL-2175: Speed up the ExternalAuthentication login display.
  • Implemented case CPANEL-2186: Do not delay upgrades after a blocker has been ‘auto-resolved’.
  • Implemented case CPANEL-2193: Updated text for MySQL Upgrade.
  • Implemented case CPANEL-2194: Improved External Authn error reporting.
  • Implemented case CPANEL-2196: Provide sample Amazon External Authentication Module.
  • Implemented case CPANEL-2241: Remove external auth buttons in link_account mode.
  • Implemented case CPANEL-2256: Add API Calls to create per user groups in paper_lantern and x3.
  • Implemented case CPANEL-2259: Support WHMCS as an OpenID Provider.
  • Implemented case CPANEL-2269: Improvements to cPanel Interface.
  • Implemented case CPANEL-2278: Allow “5.5.5-10.0.14-MariaDB-log” as a MariaDB/MySQL version string.
  • Implemented case CPANEL-2279: Fix Safari not displaying error messages on login.
  • Implemented case CPANEL-2281: cpsrvd should not die when loading cpuserdata for a non-existant user.
  • Implemented case CPANEL-2284: Defer temp session user creation until phpmy or backups are accessed.
  • Implemented case CPANEL-2288: Accessing /502.shtml on a proxy subdomain generates an error.
  • Implemented case CPANEL-2312: Stop sending notifications if no user is updated.
  • Implemented case CPANEL-2331: Remove names from cPanel versions.
  • Implemented case CPANEL-2337: WebMail Track Delivery fails due to thinking MySQL is down.