72 Change Log

Last modified: February 8, 2023


  • Fixed case CPANEL-6541: Implemented swap IPv6 for transfers, dedicated IPv6 not handled.
  • Fixed case CPANEL-18848: Make incremental backups respect the global cpbackup-exclude.conf.
  • Fixed case CPANEL-19702: Filter AAAA on transfer if destination doesn’t use IPv6.
  • Fixed case CPANEL-19910: Update MySQL55 to 5.5.60-1.cp1162.
  • Fixed case CPANEL-19911: Update MySQL56 to 5.6.40-1.cp1162.
  • Fixed case CPANEL-20387: Add support for SSE arguments via URL path.
  • Fixed case CPANEL-20490: Launch terminal with CageFS for CloudLinux users.
  • Fixed case CPANEL-20544: Keep specific file handles open when daemonizing a process.
  • Fixed case CPANEL-20552: Added local symlinks for the event source polyfill.
  • Fixed case CPANEL-20797: Add option to skip EasyApache YUM repo setup during initial install.
  • Fixed case CPANEL-20927: Remove unneeded regex check for the SSE module name.
  • Fixed case CPANEL-20947: Add a NotFound cpsrvd style exception class.
  • Fixed case CPANEL-21186: Add an authentication and application verification system to SSE.
  • Fixed case CPANEL-21573: Populate empty password columns when updating to MariaDB.
  • Fixed case CPANEL-21592: Update cpanel-phpmyadmin to 4.7.7-4.cp1166.


  • Fixed case CPANEL-21431: Fix mysqlconnectioncheck for systems running MariaDB.
  • Fixed case CPANEL-21469: Customer using litespeed were considered as SOLO.
  • Fixed case CPANEL-21902: Minimal support for LTS to LTS to support upgrades directly to 78
  • Fixed case CPANEL-22048: Provide a cpanel-version RPM


  • [security] Fixed case SEC-367: Stored-XSS in WHM File Restoration interface.
  • [security] Fixed case SEC-416: Apache configuration injection due to document root variable interpolation.
  • [security] Fixed case SEC-418: Insecure storage of phpMyAdmin session files.
  • [security] Fixed case SEC-420: SQL injection during database backups.
  • [security] Fixed case SEC-424: File modification as root via faulty HTTP authentication.
  • [security] Fixed case SEC-425: Limited file read via password file caching.
  • [security] Fixed case SEC-426: Arbitrary zonefile modifications allowed during record edits.
  • [security] Fixed case SEC-436: Arbitrary file read during File Restoration.
  • [security] Fixed case SEC-439: Arbitrary zonefile modifications due to faulty CAA record handling.
  • [security] Fixed case SEC-442: File rename vulnerability during account renames.
  • [security] Fixed case SEC-443: Website contents accessible to local attackers through git repos.


  • Fixed case CPANEL-19596: Resolve a spurious warning when the userdata queue is already processed.
  • Fixed case CPANEL-19866: Add info about mysql_upgrade possibly outputting errors.
  • Fixed case CPANEL-19893: Manage Mysql Profiles: Clear the “Activation In Progress” growl after activation.
  • Fixed case CPANEL-20695: Use Email::Address::XS for email validation in Market Provider Manager.
  • Fixed case CPANEL-20728: Upgrade Email::Address::XS to 1.03.
  • Fixed case CPANEL-20839: Ensure creating the subdomain “l” works
  • Fixed case CPANEL-20963: Update cpanel-perl-526-Email-Sender to 1.300031-3.cp1170.
  • Fixed case CPANEL-21210: Fix link to spam page from BoxTrapper.
  • Fixed case CPANEL-21249: Added cloudlinux.com and imunify360.com to common domains.


  • Fixed case CPANEL-19544: Add a new tweak setting to configure eximstats_spam_check.
  • Fixed case CPANEL-19571: Add hookability for AutoSSL installs.
  • Fixed case CPANEL-20782: Fixquotas: properly modify quotas on EFI CloudLinux systems.
  • Fixed case CPANEL-20849: Don’t attempt restart of PHP-FPM pools that don’t exist.


  • Fixed case CPANEL-20113: Resolve performance regression when determing zone for a domain.
  • Fixed case CPANEL-20729: Filter out duplicate domains from AutoSSL orders.
  • Fixed case CPANEL-21180: Allow administrators to disable WHM’s “Terminal” UI via a touch file.


  • Fixed case CPANEL-20741: Backup Metadata: avoid over-encoded HTML.
  • Fixed case CPANEL-21254: Ensure saving named tiers in update preferences doesn’t misconfigure update settings.
  • Fixed case CPANEL-21260: Ensure update preferences UI reflects currently configured settings.


  • Fixed case CPANEL-17528: Remove unneeded SQLite DBH check.
  • Fixed case CPANEL-18958: Do not include remote MySQL hosts for cpsess temp user grants.
  • Fixed case CPANEL-19390: Fix race condition in restartsrv_apache_php_fpm.
  • Fixed case CPANEL-19580: Update cpanel-git to 2.17.1-2.cp1170.
  • Fixed case CPANEL-19907: Make rpmup aware of UPDATES=manual for EasyApache 4.
  • Fixed case CPANEL-20326: Avoid webmail login rejection when quota is greater than 8796093022207MB.
  • Fixed case CPANEL-20615: File Restoration: ensure backup feature is not required.
  • Fixed case CPANEL-20633: Rebuild Exim configuration and restart Exim on upgrade.
  • Fixed case CPANEL-20670: Modify Account: avoid failure with previously used domain.
  • Fixed case CPANEL-20715: Fix bin/backup bug where metadata pruning fails due to being disabled.
  • Fixed case CPANEL-20725: Setting up PHP-FPM on addon domains did not work correctly.
  • Fixed case CPANEL-20765: Ensure remote dns clusters load zones added via SYNCZONES.
  • Fixed case CPANEL-20776: Update cpanel-mailman to 2.1.26-4.cp1162.
  • Fixed case CPANEL-20777: Fix corrupted .htaccess files from pkgacct.
  • Fixed case CPANEL-20832: Avoid use of Cpanel::JSON::LoadTagged.
  • Fixed case CPANEL-20909: Better handle packages which exceed the allowed MAX_DEFER_FAIL_PERCENTAGE.
  • Fixed case CPANEL-20915: Fix logic for getting LTS versions in update preferences page.
  • Fixed case CPANEL-20968: Assure HttpRequest.pm does not leave open file handles, blocking updatenow.
  • Fixed case CPANEL-20980: Update dovecot to 2.2.36-2.cp1162.


  • Fixed case CPANEL-18506: Fix backup destination showing system backup option when system backups disabled.
  • Fixed case CPANEL-19045: Update cpanel-perl-526-Net-Google-Drive-Simple to 0.13-4.cp1170.
  • Fixed case CPANEL-19808: AutoSSL runs will no longer continue notifying beyond seven days post-expiry.
  • Fixed case CPANEL-19848: Avoid displaying startup log entries twice when restarting service.
  • Fixed case CPANEL-19943: Ensure WordPress install via API works.
  • Fixed case CPANEL-20006: Update cpanel-awstats to 7.6-3.cp1168.
  • Fixed case CPANEL-20042: Ensure submit button is enabled when selection is made on WHM Edit DNS Zone.
  • Fixed case CPANEL-20076: Fix MAX_DEFER_FAIL_PERCENTAGE issues with account creation.
  • Fixed case CPANEL-20221: Render HTML output correctly in EA4 Recommendation.
  • Fixed case CPANEL-20240: Statistics Configuration: ensure page renders fully.
  • Fixed case CPANEL-20331: Avoid transient error when installing exim.pl.local.
  • Fixed case CPANEL-20336: Don’t assign dedicated IPs during account creation unless instructed to.
  • Fixed case CPANEL-20409: Make ResourceUsage handle exponent notation for maximum values.
  • Fixed case CPANEL-20411: cpuser notification prefs now are populated if empty.
  • Fixed case CPANEL-20412: Make contactinfo->cpuser sync not clobber existing cpuser setting.
  • Fixed case CPANEL-20449: Ignore empty zones when returning zone fetch results.
  • Fixed case CPANEL-20499: Transfers fail when Copy Home Directory is deselected.
  • Fixed case CPANEL-20518: Restored functionality where users could empty all spam folders.
  • Fixed case CPANEL-20535: Fix adding MX records to subdomains.
  • Fixed case CPANEL-20540: File Restoration: control using correct feature.
  • Fixed case CPANEL-20542: Explicitly disable SMTPUTF8.
  • Fixed case CPANEL-20560: Avoid exception on invalid whois data.
  • Fixed case CPANEL-20561: Restore functionality of VPS.NET DNS clustering.
  • Fixed case CPANEL-20562: Update cpanel-perl-526-Net-Whois-IANA to 0.41-2.cp1170.
  • Fixed case CPANEL-20564: Ensure weekly and monthly backups can be downloaded in cPanel.
  • Fixed case CPANEL-20564: Fix cPanel backup downloads when backup dir has trailing slash.
  • Fixed case CPANEL-20565: Ensure REMOTE_ADDR is passed through to dnsadmin.
  • Fixed case CPANEL-20566: Transfer Tool: disable API use over unencrypted connection.
  • Fixed case CPANEL-20566: Use correct path for pkgacct.
  • Fixed case CPANEL-20577: Work around MariaDB authn bug MDEV-16238.
  • Fixed case CPANEL-20601: Fix undefined user warning when using want arg of listaccts API.
  • Fixed case CPANEL-20614: Fix zone parsing with empty leading names.
  • Fixed case CPANEL-20651: Resolve performance regression with Whostmgr::DNS::MX.
  • Fixed case CPANEL-20732: Update Git to version 2.17.1.


  • Fixed case CPANEL-6546: Ensure timestamps in Roundcube and SquirrelMail are correct.
  • Fixed case CPANEL-19824: Update GeoIPfree files for 72.
  • Fixed case CPANEL-20179: Make PHP-FPM daemons restart gracefully.
  • Fixed case CPANEL-20179: Fix bug in restartsrv_apache_php_fpm where we never restart it.
  • Fixed case CPANEL-20454: Pkgacct: ensure htaccess files are properly included.
  • [security] Fixed case SEC-393: API tokens retain ACLs that are removed from accounts.
  • [security] Fixed case SEC-394: Stored code execution injections in WHM cPAddons interface.
  • [security] Fixed case SEC-395: Arbitrary file unlink via cPAddons moderation system.
  • [security] Fixed case SEC-396: Email injection in cPAddons moderation.
  • [security] Fixed case SEC-398: Remote-Stored XSS in WHM cPAddons installation interface.
  • [security] Fixed case SEC-399: Remote-stored XSS in YUM autorepair functionality.
  • [security] Fixed case SEC-400: Remote-Stored XSS in WHM Save Theme Interface.
  • [security] Fixed case SEC-408: ClamAV installation reveals the contents of root’s crontab.
  • [security] Fixed case SEC-421: Self-XSS in WHM Backup Configuration interface.
  • [security] Fixed case SEC-427: Cron feature restriction not enforced for API calls.
  • [security] Fixed case SEC-429: Backup feature restriction not enforced for API calls.
  • [security] Fixed case SEC-430: Images feature restriction not enforced for API calls.
  • [security] Fixed case SEC-432: Cpanel Mime::list_hotlinks API feature restriction not enforced.
  • [security] Fixed case SEC-435: Arbitrary file read in pkgacct custom template handling.


  • Fixed case CPANEL-19572: Correctly handle UTF-8 encoding in email address phrase.
  • Fixed case CPANEL-19769: Provide YUM repo RPM for RHEL to install MySQL 7.
  • Fixed case CPANEL-20316: Don’t process backup metadata validation for suspended users.
  • Fixed case CPANEL-20378: Update exim to 4.91-3.cp1170.
  • Fixed case CPANEL-20383: Permit parsing lines with only tabs or spaces in zone files.
  • Fixed case CPANEL-20386: Catch metadata generation errors for users in bin/backup.
  • Fixed case CPANEL-20394: Added custom option to Required Score Spam Filters tab.
  • Fixed case CPANEL-20397: Bandwidth limit set to max int when set larger than 17592186044416M.
  • Fixed case CPANEL-20407: Don’t restart MySQL if timezone differs from server time.
  • Fixed case CPANEL-20408: Fix account creation with extremely large bandwidth limits.
  • Fixed case CPANEL-20421: Don’t warn about missing backup metadata.
  • Fixed case CPANEL-20422: Ensure apache is restart when install best certificate fails.
  • Fixed case CPANEL-20430: Remove call of a non-existant function, causing log noise.
  • Fixed case CPANEL-20440: Email: ensure that changemx API call produces valid data.


  • Fixed case CPANEL-19817: Enable Version Control by default.
  • Fixed case CPANEL-19842: Update cpanel-roundcubemail to 1.3.3-5.cp1164.
  • Fixed case CPANEL-20045: Remove unused system task queue artifacts.
  • Fixed case CPANEL-20122: Fixed issue with view additional details.
  • Implemented case CPANEL-20128: Add directory restoration to WHM and cPanel.

Additional Documentation