84 Change Log

Last modified: February 8, 2023


  • [security] Fixed case SEC-505: Bandwidth suspensions can be triggered remote via mail log strings.
  • [security] Fixed case SEC-540: Cpanel account backup leaks access to current working directory.



Fixed case CPANEL-31124: Update rpm.versions for cpanel-phpmyadmin Fixes CVE-2020-5504.


  • [security] Fixed case SEC-515: Self-XSS Vulnerability via temporary character set specification.
  • [security] Fixed case SEC-535: Self-stored XSS vulnerability in HTML file editor.
  • [security] Fixed case SEC-537: Arbitrary code execution as root via dnsadmin when using PowerDNS.
  • [security] Fixed case SEC-541: Feature and demo restrictions not enforced for WebDisk UAPI calls.
  • [security] Fixed case SEC-542: Demo checks enforced incorrectly in Market UAPI namespace.
  • [security] Fixed case SEC-543: Demo account file modifications through Branding API calls.
  • [security] Fixed case SEC-544: Demo account remote code execution via cpsrvd rsync shell.
  • [security] Fixed case SEC-545: Root remote code execution for resellers via cpsrvd rsync shell.
  • [security] Fixed case SEC-546: Demo account code execution via PassengerApps APIs.
  • [security] Fixed case SEC-547: Arbitrary file deletion for Webmail and Demo accounts.


  • Fixed case CPANEL-30811: Give a better error message when GetNameservers can’t get TLD NS IPs.
  • Fixed case CPANEL-30812: Make libunbound workaround detection logic use a reliable query.
  • Fixed case CPANEL-30858: Update rpm.versions for cpanel-perl-528-DNS-Unbound 0.14-3.cp1180.
  • Fixed case CPANEL-30935: Send pending queries after libunbound query timeout.
  • Fixed case CPANEL-31008: Update rpm.versions for cpanel-clamav 0.101.5-1.cp1180.


  • [security] Fixed case CPANEL-30815: Update rpm.versions for cpanel-perl-528-Mail-SpamAssassin 3.004003-1.cp1178. Fixes CVE-2019-12420, CVE-2018-11805.


  • Fixed case CPANEL-30191: Do not register new standardized hook scripts that are a duplicate of an existing hook script via symlink.
  • Fixed case CPANEL-30472: Accommodate account-owned TLDs in DNS query logic.
  • Fixed case CPANEL-30549: Fix an issue where nameserver IPs for a zone could not be determined when the namerservers were a on different gTLD from the zone under consideration.


  • Fixed case CPANEL-30230: Fix EA4 install on CloudLinux.
  • Fixed case CPANEL-30247: Prevent unnecessary logged warnings in some instances when performing DNSSEC operations.
  • Fixed case CPANEL-30268: Fix issue where the wrong error was returned when nameservers cannot be determined for the domain you attempt to add in cPanel.
  • Fixed case CPANEL-30344: Restore v82 behavior of domain addition validator to consider SOA records as being equivalent to NS for establishing authority to create domains on the local machine.
  • Fixed case CPANEL-30359: Improve handling of last webmail username character in loose validator.
  • Fixed case CPANEL-30396: Create IPv6 subdomain on addon domains for IPv6 enabled accounts.
  • Fixed case CPANEL-30434: Apply dns resolver workarounds immediately after update.
  • Fixed case CPANEL-30435: Prevent dcpumon from scanning dovecot processes.
  • Fixed case CPANEL-30436: Improve broken/disabled ipv6 detection for unbound.
  • Fixed case CPANEL-30437: Permit no-data responses when checking for registered domains.
  • Implemented case CPANEL-30447: Make AutoSSL detect & report nonfunctional loopback (“hairpin”) NAT.


  • Fixed case CPANEL-30212: Fix hook deletion via WHM and WHM API.
  • Fixed case CPANEL-30330: Use the DNSSEC cache instead of pdnsutil during the removal of zones when using PowerDNS.
  • Fixed case CPANEL-30364: Throttle libunbound queries to avoid timeouts.
  • Fixed case CPANEL-30371: Handle the LTS tier correctly and update help text in the Update Preferences interface.
  • Fixed case CPANEL-30372: Update rpm.versions for cpanel-roundcubemail 1.3.8-16.cp1184.
  • Fixed case CPANEL-30376: Specify major target version in deferred upgrade blocker message.


  • Fixed case CPANEL-29163: Use API tokens rather than access hashes when establishing reverse trust with cluster peers.
  • Fixed case CPANEL-30213: Fix OS arch detection for Amazon Linux 2018.03.
  • Fixed case CPANEL-30241: Update rpm.versions for cpanel-php73 7.3.6-5.cp1184.
  • Fixed case CPANEL-30269: Prevent issuing an erroneous warning about cluster members needing PowerDNS for DNSSEC when the cluster master does not support DNSSEC.
  • Fixed case CPANEL-30296: Ensure database backup restoration functions with legacy MySQL systems.
  • Fixed case CPANEL-30314: Fix bug in WebMail homepage where ‘Open my inbox’ did not respect the ‘url’ parameter in custom webmail applications’ yaml configuration files.
  • Fixed case CPANEL-30315: Remove duplicate rpm_is_working rpms to fix rpm db corruption.
  • Fixed case CPANEL-30266: Workaround many network or firewall configs that break DNS resolution.
  • Fixed case CPANEL-30332: Fix filtering of WHM API v1 emailtrack_user_stats().
  • Fixed case CPANEL-30334: Assure updatenow fails early if needed sysup packages are not available.
  • Fixed case CPANEL-30340: Fix “Invalid username” warnings emitted from scripts/fix_addon_permissions.


  • Fixed case CPANEL-30391: Support password and shadow file lookups with windows line endings.


  • Fixed case CPANEL-30388: Fix cPanel file editor escaping.


  • [security] Fixed case SEC-499: Authentication bypass due to variations in webmail username handling.
  • [security] Fixed case SEC-508: Account suspension bypass via virtual mail accounts.
  • [security] Fixed case SEC-516: Authentication bypass due to faulty password file format parsing.
  • [security] Fixed case SEC-520: Self-XSS due to faulty JSON string escaping.
  • [security] Fixed case SEC-525: Cpanel::Rand::Get can produce predictable output.
  • [security] Fixed case SEC-531: MySQL dump streaming allowed reading all databases.
  • [security] Fixed case SEC-532: Root chown on arbitrary paths in cPanel log processing.
  • [security] Fixed case SEC-533: Stored-XSS Vulnerability in WHM Backup Restoration.
  • [security] Fixed case SEC-534: WebDAV authentication bypass due to faulty connection sharing logic.


  • Fixed case CPANEL-30130: Optimize ordering in reserved subdomain check.
  • Fixed case CPANEL-30156: Ensure transfer tool is able to work with servers older than v55.
  • Fixed case CPANEL-30194: Change some errors on WHM’s DNS Cluster page into warnings. Reverse Trust, DNSSEC and server status messages are now warnings rather than errors.
  • Fixed case CPANEL-30211: Fix the ability to disable hooks.
  • Fixed case CPANEL-30251: Ensure rpm install sets error on rpm exit status failure.


  • Fixed case CPANEL-29663: Prevent systemd crashes when updating MariaDB.
  • Fixed case CPANEL-30158: Avoid blocking email from loopback/internal when using “Unknown Region”.
  • Fixed case CPANEL-30253: Only set PHP limits from the getting started wizard during the initial server setup.


  • Fixed case CPANEL-26439: Update rpm.versions for dovecot
  • Fixed case CPANEL-29888: Fix bug in hook execution when escalateprivs is true.
  • Fixed case CPANEL-29965: Update rpm.versions for cpanel-php72 7.2.7-11.cp1184.
  • Fixed case CPANEL-30012: Queue zone synchronizations done as a part of DNS cluster member additions from WHM as a background task instead of holding up the browser.
  • Fixed case CPANEL-30012: Fix issue where the “Sync Zones Immediately” check box did not work on initial cluster member add in WHM’s DNS Cluster page.
  • Fixed case CPANEL-30016: Make all self-signed certificates support Server Authentication.
  • Fixed case CPANEL-30061: Remove Webmail configuration options for EOL macOS versions.
  • Fixed case CPANEL-30082: Cosmetic: Fix autossl_check.pl’s user count logic.
  • Fixed case CPANEL-30098: Fix UPCP errors on CentOS 6 when YUM debug level has been raised.
  • Fixed case CPANEL-30111: Update rpm.versions for cpanel-php73 7.3.6-4.cp1184.
  • Fixed case CPANEL-30122: Switch Cpanel::DNS::Unbound to an inactivity timeout.
  • Fixed case CPANEL-30183: Fix UAPI MIME::add_redirect when subdomain is entered with upper-case characters.


  • Fixed case CPANEL-30166: Update rpm.versions for dovecot


  • Fixed case CPANEL-26439: Update rpm.versions for dovecot
  • Fixed case CPANEL-30014: Fix uninitialized value warning in bin/whm_xfer_download-ssl.pl during some account transfers.
  • Fixed case CPANEL-30017: Gracefully handle benchmark results from yum debugging.
  • Fixed case CPANEL-30025: Properly handle MaxRequestWorkers and ServerLimit for threaded MPMs.
  • Fixed case CPANEL-30036: Restore dns cluster performance.
  • Fixed case CPANEL-30037: Restore vhost creation performance.
  • Fixed case CPANEL-30046: Better Handle LetsEncrypt Errors in AutoSSL interface.
  • Fixed case CPANEL-30080: Fixed broken module dependency in MultiPHP INI Editor.


  • Fixed case CPANEL-29565: Fix bug in finding the installed cPanel internal PHP version when not root.
  • [security] Fixed case CPANEL-29790: Update cpanel-unbound and DNS::Unbound. Fixes CVE-2019-16866.
  • Fixed case CPANEL-29830: Correct misleading ACL error message in WHM clusterstatus for pre 11.84 servers in DNS clusters.
  • Fixed case CPANEL-29865: Allow bin/update-roundcube-sqlite-db to continue working after it encounters an error with a user database.
  • Fixed case CPANEL-29881: Only invalidate quota status cache if the needed reboot is due to quota.
  • Fixed case CPANEL-29887: Update rpm.versions for cpanel-php-ioncube 10.3.9-1.cp1184.
  • Fixed case CPANEL-29899: Fix error notifications in list.pm admin module.
  • Fixed case CPANEL-29902: Make all self-signed certificates & CSRs contain a SAN extension.
  • Fixed case CPANEL-29938: Tolerate install/upgrade of an already-upgraded plugin.
  • Fixed case CPANEL-29959: Fix account creation on Solo-licensed servers.
  • Fixed case CPANEL-29978: Fix javascript parsing of serverNeedsReboot variable.
  • Fixed case CPANEL-29985: Fix PHP-FPM restarts with large number of pools.


  • Fixed case CPANEL-29710: Fix timing out when setting large number of domain PHP versions via cPanel.
  • Fixed case CPANEL-29739: Fix issue where WHMAPI1 set_nameserver could time out in certain situations.
  • Fixed case CPANEL-29784: Ensure make rpm.versions exists non-zero on failure.
  • Fixed case CPANEL-29810: Update rpm.versions for MySQL56 5.6.45-2.cp1178.
  • Fixed case CPANEL-29844: Update documentation links in cPanel Spam Filter pages.
  • Fixed case CPANEL-29859: Update rpm.versions for cpanel-perl-528-Archive-Tar-Builder 2.5005-1.cp1180.
  • Fixed case CPANEL-29866: Resolve error related to SSLInstall.pm on transfer modules page.
  • Fixed case CPANEL-29876: Fix issue where headers for DNS clustering CGI scripts were not printed in some contexts, resulting in incomplete page renders.


  • Fixed case CPANEL-29735: Fix performance regression in Cpanel::Binaries::thirdparty_binary_locations.
  • Fixed case CPANEL-29749: Fix validation in optimizews API1 call.
  • Fixed case CPANEL-29754: Properly update an account .htaccess files even when the account is over quota.
  • Fixed case CPANEL-29818: Fix an issue where resellers and their users could not add or remove domains when inheriting DNS clustering from the root user.
  • Fixed case CPANEL-29822: Fix bug where UAPI events were only executed when a custom event handler perl module existed instead of when hooks exist.


  • Fixed case CPANEL-28810: Avoid cphulk successful response when ip list lookup fails.
  • Fixed case CPANEL-29441: Enable monitoring for new services enabled by a server profile change.


  • Fixed case CPANEL-27667: Prevent cPHulk from blocking same IP multiple times at once.
  • Fixed case CPANEL-28977: Fix cross-user mangling of subdomain docroots in account restorations.
  • Fixed case CPANEL-29004: Update rpm.versions for cpanel-roundcubemail 1.3.8-15.cp1184.
  • Fixed case CPANEL-29510: Improve display of associated subdomain in Domains UI.
  • Fixed case CPANEL-29519: Restore Splittability of DKIM records to E. Deliverability.
  • Fixed case CPANEL-29520: Fix mail “Manage Disk Usage”, APICatcher HTML escaping, and quote split.
  • Fixed case CPANEL-29523: Make root SSL installs forgo the IP address parity check with non-SSL.
  • Fixed case CPANEL-29595: Ensure rpmup is run when using WHM > Update Server Software.
  • Fixed case CPANEL-29607: Validate that the pop account exists when checking disk usage.
  • Fixed case CPANEL-29622: Resolve performance degradation from DNSNODEs use of ServerRoles.
  • Fixed case CPANEL-29629: Updated authentication error for VPS.net login failures.
  • Fixed case CPANEL-29632: Load Cpanel::Binaries before chrooting in cpdavd.
  • Fixed case CPANEL-29639: Notification is now given in the DNS Cluster UI that a cluster peer has monitoring disabled for their DNS server.
  • Fixed case CPANEL-29656: Fix silent-breakage failure to set up the YUM plugins repo.
  • Fixed case CPANEL-29658: Fix inappropriate role restrictions in several WHM v0 API calls.
  • Implemented case CPANEL-29601: Add container tags to facilitate future projects.
  • Implemented case CPANEL-29731: Block cP API 2 DiskUsage methods when FileStorage role is disabled.


  • [security] Fixed case CPANEL-29669: Updated Exim for CVE-2019-16928.
  • Fixed case CPANEL-29590: Update rpm.versions for cpanel-perl-528-Template-Toolkit 2.27-7.cp1178.
  • Fixed case CPANEL-23520: Ensure long words do not break the layout of alerts in CJT2.
  • Fixed case CPANEL-29331: Update rpm.versions for cpanel-mydns
  • Fixed case CPANEL-29454: Domains UI: Make docroot change propagate to the side info bar.
  • Fixed case CPANEL-29463: Switch SELinux-context-setting logic to use “chcon”.
  • Fixed case CPANEL-29471: Domains UI: HTML-escape the document root correctly in success notice.
  • Fixed case CPANEL-29494: Disable SSHD’s “UseDNS” on initial cPanel & WHM installation.
  • Fixed case CPANEL-29506: DomainInfo domains_data will now return correctly.
  • Fixed case CPANEL-29529: Remove DNSSEC keys when domains are removed.
  • Fixed case CPANEL-29532: Disable and hide user-level SSL functionality based on disabled roles.
  • Fixed case CPANEL-29534: DNS Node: Suppress Terminal & various backup/restore components.
  • Fixed case CPANEL-29573: Make cpsrvd start soon enough on DNSNODE installs to get signed ssl.
  • Fixed case CPANEL-29575: Ensure /root/.my.cnf is generated on new MySQL installs.
  • Fixed case CPANEL-29579: Fix failure to load cpdavd due to Banned module being imported to the daemon’s working set.
  • Implemented case CPANEL-29576: Make MySQL an optional role for Mail Node.


  • Fixed case CPANEL-4727: Improve support for SSL hostname certificates on DNSONLY.
  • Fixed case CPANEL-25167: Ensure the headers on the WHM Configure Address Records dialog boxes wrap when appropriate.
  • Fixed case CPANEL-25865: Change the Show/Hide Help links to buttons to indicate that they perform an action.
  • Fixed case CPANEL-26814: Make AutoSSL run a CAA record check prior to doing DCV.
  • Fixed case CPANEL-27694: Change the standardized hooks system’s backend datastore so that we can avoid loading all registered hooks every time we wish to hook one event.
  • Fixed case CPANEL-27694: Automatically migrate “legacy” 11.25 Hooks over to the “Standardized Hooks” system and remove old supporting code related to the “legacy” hooks system.
  • Fixed case CPANEL-27850: Ensure the Web Template Editor Upload page has a go back link.
  • Fixed case CPANEL-28856: Retry OCSP HTTP call in event of network error.
  • Fixed case CPANEL-29237: Verify precompiled UI templates are readable before using them.
  • Fixed case CPANEL-29287: When MailReceive role is disabled, do not show forwarders in backup.
  • Fixed case CPANEL-29311: Updated the Trademarks pages to use “cPanel, L.L.C.”.
  • Fixed case CPANEL-29312: Improve Webmail styling when using dark mode.
  • Fixed case CPANEL-29352: Display errors when they occur on the cPanel Error Pages Editor interface.
  • Fixed case CPANEL-29352: Ensure we properly escape content before displaying it on the cPanel Error Pages editor.
  • Fixed case CPANEL-29362: Make cPanel’s “Cron Jobs” UI and APIs require the WebServer role.
  • Fixed case CPANEL-29363: Make cPanel’s “Track Delivery” UI require the MailReceive role.
  • Fixed case CPANEL-29395: Suppress DiskUsage (and API) when !FileStorage.
  • Fixed case CPANEL-29398: Hide web-only controls in the Domains UI when the WebServer role is off.
  • Fixed case CPANEL-29407: Properly handle certain errors from the package manager at the end of the cPanel update process.
  • Fixed case CPANEL-29411: Report errors backing up account MySQL databases.
  • Fixed case CPANEL-29432: Update rpm.versions for cpanel-mailman 2.1.29-1.cp1178.
  • Fixed case CPANEL-29448: MySQL only appears in cPanel Backup when enabled.
  • Fixed case CPANEL-29451: Fix faulty tooltip for associated addon domains in Domains UI.
  • Fixed case CPANEL-29453: Localize subdomain error messages.
  • Fixed case CPANEL-29457: Fix stored-xss in BoxTrapper editmsg interface.
  • Fixed case CPANEL-29459: Fix PostgreSQL interface to support URI unsafe characters.
  • Fixed case CPANEL-29467: Only check DNS trust relationship if API is supported.
  • Fixed case CPANEL-29474: Resolve performance regression caused by loading ServerRoles.
  • Fixed case CPANEL-29476: Update rpm.versions for cpanel-perl-528-Convert-ASCII-Armour 1.4-2.cp1180.
  • Fixed case CPANEL-29487: Hide “www” subdomains in TLS Status when WebServer role is off.
  • Fixed case CPANEL-29495: Fix bad permissions on Hooks DB (was 0644, needed to be 0755).
  • Fixed case CPANEL-29518: Prevent duplication of IP address when updating SPF records during account transfer.
  • Fixed case CPANEL-29530: Remove MailSend role from access control for Bandwidth UI.
  • Fixed case CPANEL-29538: Make the email trace APIs require the MailReceive role.
  • Fixed case CPANEL-29540: Update rpm.versions for cpanel-perl-528-Schedule-Cron-Events 1.95-2.cp1180.
  • Fixed case CPANEL-29547: Updated EULA Version.
  • Implemented case CPANEL-29512: Remove extra white space at top of revised Webmail index page.


  • Fixed case CPANEL-27679: Modify BackBlaze B2 driver to utilize large_file_upload API up to the 10TB file size limitation and stop splitting files after 5GB.
  • Fixed case CPANEL-28998: Prevent changes to WebServer role from trying to change apache_php_fpm.
  • Fixed case CPANEL-28999: Prevent spurious warnings when disabling mailman.
  • Fixed case CPANEL-29183: Ensure pkgacct generates MySQL database data dumps which can be restored to a renamed database.
  • Fixed case CPANEL-29213: Preserve spam score when a host is in skipsmtpcheck_hosts.
  • Fixed case CPANEL-29225: Update rpm.versions for cpanel-roundcubemail 1.3.8-13.cp1184.
  • Fixed case CPANEL-29242: Suppress warnings when fetching nameservers for invalid or test domains.
  • Fixed case CPANEL-29281: Provision market providers on fresh install if enabled.
  • Fixed case CPANEL-29298: Fix enable/disable of External Authentication providers in WHMAPI1.
  • Fixed case CPANEL-29303: Fix RPM test transaction failures on DNSOnly upgrades to v84 again.
  • Fixed case CPANEL-29308: Fix symlink deletion for sbin/cpanel_php_fpm.
  • Fixed case CPANEL-29310: Improve handling special character paths in cPanel Error Pages.
  • Fixed case CPANEL-29328: Update rpm.versions for cpanel-roundcubemail 1.3.8-14.cp1184.
  • Fixed case CPANEL-29329: Update rpm.versions for cpanel-perl-528-Promise-ES6 0.05-1.cp1180.
  • Fixed case CPANEL-29339: Don’t try to process manage2 response on exception.
  • Fixed case CPANEL-29347: Fix exception in Cpanel::SafeRun::Object when running scripts/check_cpanel_rpms and an RPM error occurs.
  • Fixed case CPANEL-29349: Remove Password & Security feature for specific instances.
  • Fixed case CPANEL-29366: Only display “Manage MySQL® Profiles” WHM menu item when the MySQL role is enabled.
  • Fixed case CPANEL-29375: Force enable and disable of roles during profile activation.
  • Fixed case CPANEL-29388: Update rpm.versions for cpanel-php73 7.3.6-3.cp1184.
  • Fixed case CPANEL-29389: Warn users that subdomain document roots cannot contain certain additional characters.
  • [security] TSR-2019-0005


  • Fixed case CPANEL-28686: Ensure cpsrvd can operate when the rpm database is corrupt.
  • Fixed case CPANEL-28886: Properly handle certain errors from the package manager at the end of the cPanel update process.
  • Fixed case CPANEL-28930: Update the Backup page to use the Backup::restore_database UAPI.
  • Fixed case CPANEL-28960: Restore performance of securetmp during install.
  • Fixed case CPANEL-28989: Disable User Manager when none of the managed services is available.
  • Fixed case CPANEL-29009: Avoid checking ssl certificates for services that are not enabled.
  • Fixed case CPANEL-29053: Return all applicable databases in the output of the Mysql::list_databases UAPI call.
  • Fixed case CPANEL-29061: Fix RPM test transaction failures on DNSOnly upgrades to v84.
  • Fixed case CPANEL-29064: Add the ability for cPanel type cluster members to run synczones immediately upon add/edit. Also fix a bug where NAT peers could not correctly setup reverse trust in DNS clustering.
  • Fixed case CPANEL-29064: Add a variety of useful information to WHM’s cluster status page to inform the user of issues with their cluster’s configuration to ease the transition to PowerDNS and DNSSEC. Provides helpful actions to remedy most of these issues found. Also provide similar warnings on the sync zones page.
  • Fixed case CPANEL-29064: Add WHMAPI1 set_nameserver and cluster_member_has_trust_with methods.
  • Fixed case CPANEL-29064: Fix an issue where WHMAPI1 get_application_versions would not return the versions of software with possible alternatives, such as nameservers.
  • Fixed case CPANEL-29067: Create UAPI Stats::get_bandwidth call and update UI to use the call.
  • Fixed case CPANEL-29072: Update rpm.versions for cpanel-roundcubemail 1.3.8-12.cp1184.
  • Fixed case CPANEL-29102: Fix bug in PHP version getting logic that caused ioncube loader’s version to be incorrect.
  • Fixed case CPANEL-29154: Remove references to FileZilla.
  • Fixed case CPANEL-29177: Make Cpanel::DnsUtils::Install::Result dumpable with JSON::XS.
  • Fixed case CPANEL-29202: Update rpm.versions for cpanel-php73-Horde-Core 2.31.8-2.cp1184.
  • Fixed case CPANEL-29204: Allow users to manage their DNSSEC keys via cPanel UI.
  • [security] Fixed case CPANEL-29223: Update rpm.versions for exim 4.92-3.cp1180. Fixes CVE-2019-15846.
  • Fixed case CPANEL-29224: Add Mailing Lists to Webmail feature list.
  • Fixed case CPANEL-29226: Resolve error when accessing delegated mailman lists from webmail.
  • Fixed case CPANEL-29247: Always assume roles are enabled on DNSONLY.
  • Fixed case CPANEL-29263: Deprecate usage of API1 Fileman::printdir in the product.
  • Fixed case CPANEL-29264: Fix UAPI Backup::restore_databases to handle empty archive.
  • Fixed case CPANEL-29286: Update rpm.versions for cpanel-php73-Horde-Core 2.31.8-3.cp1184.
  • Implemented case CPANEL-28904: Reduce duplicate has_service_via_systemd calls.
  • Implemented case CPANEL-29008: Add a New UI to Filter Incoming Emails by Country.
  • Implemented case CPANEL-29245: Add a Feature Showcase Item for Blocked Domains and Countries.
  • Implemented case CPANEL-29260: Update DNS Reload Referral Times.
  • Implemented case CPANEL-29272: The cPanel DNSSEC UI will now sync keys to a cPanel DNS cluster.
  • Implemented case CPANEL-29274: New feature showcase for DNSSEC.
  • Implemented case CPANEL-29275: Notification will be sent to WHM admins if a DNSSEC key sync failure happens.


  • Fixed case CPANEL-27762: Prevent use of home directory as a document root.
  • Fixed case CPANEL-28099: The checkyum script can handle multiline exclude directives.
  • Fixed case CPANEL-28426: Fix logged errors regarding failure to load session files.
  • Fixed case CPANEL-28596: Ensure “Modify Account” and “Addon Domains” respect zone templates.
  • Fixed case CPANEL-28612: Update rpm.versions for cpanel-php-composer 1.8.6-2.cp1184.
  • Fixed case CPANEL-28619: Make AutoSSL treat missing-homedir wildcards as warnings.
  • Fixed case CPANEL-28745: Handle zero or negative available memory on some Viruozzo-based systems more gracefully.
  • Fixed case CPANEL-28762: Fix warnings generated by scripts/ea4_fresh_install.
  • Fixed case CPANEL-28803: Update rpm.versions for cpanel-php73 7.3.6-2.cp1184.
  • Fixed case CPANEL-28843: Update rpm.versions for cpanel-git 2.23.0-2.cp1178.
  • Fixed case CPANEL-28848: Fix communication errors logged by MySQL during normal service status checks.
  • Fixed case CPANEL-28850: Reduce xml-api startup time.
  • Fixed case CPANEL-28865: Enable monitoring for PostgreSQL upon first installation.
  • Fixed case CPANEL-28871: Fix additional missing locale phrases in Domains UI.
  • Fixed case CPANEL-28890: Retire Cpanel::Class in favor of Moo in cPanel code.
  • Fixed case CPANEL-28891: Fix warnings in UAPI EmailAuth::validate_current_dkims.
  • Fixed case CPANEL-28909: Stop unnecessary iptables restarts when modifying an account.
  • Fixed case CPANEL-28932: Eliminate race condition from DB count caching.
  • Fixed case CPANEL-28932: Update cached values when PostgreSQL databases are created or dropped.
  • Fixed case CPANEL-28935: Update File Manager to use API 2 Fileman::fileop chmod.
  • Fixed case CPANEL-28972: Do not configure BIND to start when a non-BIND nameserver is enabled.
  • Fixed case CPANEL-28979: Minor cpsrvd performance improvements.
  • Fixed case CPANEL-28987: Workaround slowdown in perlcc my_curse destruction.
  • Fixed case CPANEL-28994: Remove iframe and Webmail topbar from WebMail client pages.
  • Fixed case CPANEL-28996: Catch errors when sending client configuration via email in the “Webmail » Set Up Mail Client” page.
  • Fixed case CPANEL-28997: Improve responsive design elements on WebMail Index page.
  • Fixed case CPANEL-29005: Allow disabling PHP-FPM for domains when the necessary FPM RPMs are no longer installed on the system.
  • Fixed case CPANEL-29016: Update rpm.versions for cpanel-clamav 0.101.4-1.cp1180.
  • Fixed case CPANEL-29017: Make AutoSSL fail local HTTP DCV checks that use a loopback IP address.
  • Fixed case CPANEL-29044: Try graceful restarts first on product type change to avoid cpsrvd downtime.
  • Fixed case CPANEL-29060: Update rpm.versions for dovecot
  • Fixed case CPANEL-29092: Improve the performance of checkallsslcerts.
  • Fixed case CPANEL-29101: Do not set MySQL default-storage-engine to MyISAM on new installations or if the setting is missing.
  • Fixed case CPANEL-29141: Restore specific error message when password is too weak upon creating a DB user.
  • Fixed case CPANEL-29156: Ensure imap enabled check does not die during initial install.
  • Fixed case CPANEL-29157: Fix revised Webmail page to gracefully handle empty client list.
  • Fixed case CPANEL-29171: Update rpm.versions for cpanel-roundcubemail 1.3.8-11.cp1184.
  • Fixed case CPANEL-29174: Fix Webmail so default client in user menu is updated correctly.
  • Implemented case CPANEL-28842: Add “Manage Mail Blocked Domains” to basic Exim configuration.
  • Implemented case CPANEL-28875: The DnsAdmin action, synczones, will now also sync DNSSEC keys.
  • Implemented case CPANEL-28883: Upgrade LE1 to LE2 directly during upcp.
  • Implemented case CPANEL-28966: Reduce the time needed to render most pages in cPanel.
  • Implemented case CPANEL-29013: Avoid memory increase when enabling 2FA in cpsrvd.
  • Implemented case CPANEL-29019: Reduce memory needed for changing server profiles.
  • Implemented case CPANEL-29039: Improve inline alerts on revised Webmail index page.
  • Implemented case CPANEL-29148: New script dnssec-cluster-keys to manage clustered DNSSEC keys.
  • [test] Fixed case CPANEL-28807: Fix RPMSupport unit test to properly mock calls to yum.


  • Fixed case CPANEL-17637: Adjust maximum db user length for MySQL 5.7.
  • Fixed case CPANEL-22444: Ensure pre-4.1-style MySQL® passwords can be disabled in WHM > Tweak Settings.
  • Fixed case CPANEL-25124: Preserve hard links when using rsync during transfers.
  • Fixed case CPANEL-26385: Allow setting of the primary server name on an IP where one is not currently defined.
  • Fixed case CPANEL-26440: Custom kernels are now detected for reboot status updates.
  • Fixed case CPANEL-26861: Add verbose option to scripts/cpdig.
  • Fixed case CPANEL-27087: Improve the accessibility of the cPanel home page.
  • Fixed case CPANEL-27087: Improve accessibility of the Subdomains interface for screen readers.
  • Fixed case CPANEL-27087: Ensure the responsive table styles are more helpful to screen readers.
  • Fixed case CPANEL-27188: Replace cPanel’s custom recursive DNS resolver with libunbound.
  • Fixed case CPANEL-27294: Update help text and field names in cPanel’s Application Manager interface.
  • Fixed case CPANEL-27316: Remove inappropriate “dnsonly” error message that appeared when upgrading to versions 78 and above on CentOS 6.
  • Fixed case CPANEL-27385: Log account suspensions/unsuspensions to the accounting log.
  • Fixed case CPANEL-27451: Update shrink_modsec_ip_database to handle default_SESSION and other ModSecurity databases.
  • Fixed case CPANEL-27461: Domain w/account overquota Virtuozzo, FPM is temp disabled.
  • Fixed case CPANEL-27503: Remove padding and raise width on time fields in Calendar.
  • Fixed case CPANEL-27597: Prevent backups from reporting both success and failure when exceeding disk space limit.
  • Fixed case CPANEL-27644: Optimize the MySQL query to look up the cpuser that owns a dbuser.
  • Fixed case CPANEL-27692: Fix parsing of rsync output when to-chk is used instead of to-check.
  • Fixed case CPANEL-27726: Make Cpanel::PingTest aware of user process limits and avoid returning negative ping times in some situations.
  • Fixed case CPANEL-27748: Allow users of File Manager to download files in directories starting with 3 dots.
  • Fixed case CPANEL-27769: Remove the ability to enable HTTPS redirects in the cPanel domains page via the “select all” button when a domain has invalid SSL, and allow disabling of HTTPS Redirects in the event SSL is no longer valid for a domain.
  • Fixed case CPANEL-27780: Use SENTBEFORE when expunging mailbox data.
  • Fixed case CPANEL-27860: Correctly parse WHMAPI1 filter arguments in emailtrack_user_stats.
  • Fixed case CPANEL-27916: Update notice on Manage Service SSL Certificates interface to be grammatically correct.
  • Fixed case CPANEL-27917: Ensure that the suggested records are updated on Manage SPF.
  • Fixed case CPANEL-27948: Do not throw UI errors when encountering empty compiled templates.
  • Fixed case CPANEL-27984: Make Cpanel::SafeRun::Object reject invalid program calls right away.
  • Fixed case CPANEL-27987: If multiple domains share the same document root, then setting the PHP version for one of the domains will also set the PHP version for all the other domains sharing that document root.
  • Fixed case CPANEL-27991: DNSSEC: Report whether a key is active or not in the fetch_ds_records output.
  • Fixed case CPANEL-27994: Update rpm.versions for cpanel-wrap 80.3-1.cp1180.
  • Fixed case CPANEL-28029: Remove unneeded call to BoxTrapper::getboxconfdiruri on several pages where its not needed.
  • Fixed case CPANEL-28033: Update rpm.versions for cpanel-perl-528-X-Tiny 0.18-1.cp1180.
  • Fixed case CPANEL-28049: Update go links for Email Delivery and Domains UI.
  • Fixed case CPANEL-28058: Generated SOA RNAME must have a local part of 63 characters or less.
  • Fixed case CPANEL-28084: Improve cPHulkd task de-duplication.
  • Fixed case CPANEL-28088: Fix changing the document root of an addon in the Domains interface by determining the correct associated subdomain.
  • Fixed case CPANEL-28104: Ensure the web server starts after all IP aliases have been configured.
  • Fixed case CPANEL-28113: Create UAPI calls to replace API1 LogManager calls.
  • Fixed case CPANEL-28114: Don’t run findphpversion on systems where Apache is not installed.
  • Fixed case CPANEL-28150: Remove additional usage of Autodie More module.
  • Fixed case CPANEL-28165: Display services in WHM Service Status which are temporarily suspended from monitoring as status “pending”.
  • Fixed case CPANEL-28169: Move non-object state out of Whostmgr::Remote.
  • Fixed case CPANEL-28173: Create Whostmgr::Transfers::Session::Constants module.
  • Fixed case CPANEL-28174: Teach Cpanel::APNS to time out on writes.
  • Fixed case CPANEL-28187: Update WHM ModSecurity Tools specification reference URLs.
  • Fixed case CPANEL-28262: Add deprecation warning in cPanel MultiPHP Manager interface if there are any EOL PHP versions installed.
  • Fixed case CPANEL-28284: For account restorations and rearrangement, ignore trailing slashes in HOMEMATCH value in /etc/wwwacct.conf.
  • Fixed case CPANEL-28285: Use the translated search text in the aria-label for the CJT2 search control.
  • Fixed case CPANEL-28293: Fix account creation when apache is not installed.
  • Fixed case CPANEL-28298: Add dnssec to the search keywords for the cPanel Zone Editor.
  • Fixed case CPANEL-28303: Create UAPI calls to replace API1 BoxTrapper template editor calls.
  • Fixed case CPANEL-28320: Exclude base modules from cpconftool list-modules output.
  • Fixed case CPANEL-28325: Restore Bytes::Random::Secure::Tiny to etc/rpm.versions.
  • Fixed case CPANEL-28336: Deprecate usage of “cpanel” user for ownership of /var/cpanel/user files.
  • Fixed case CPANEL-28348: Preserve hardlinks when performing account packaging and transfer.
  • Fixed case CPANEL-28353: Ensure htaccess updates are completed successfully when transferring accounts with addon domains.
  • Fixed case CPANEL-28358: Reduce convert_addon_to_account binary size.
  • Fixed case CPANEL-28359: Reduce apitool binary size.
  • Fixed case CPANEL-28362: Reduce error log noise when transferring domains that cannot be resolved.
  • Fixed case CPANEL-28365: Reduce sslstorage test run time.
  • Fixed case CPANEL-28370: Remove Frontpage checks from transfer system.
  • Fixed case CPANEL-28374: Update rpm.versions for cpanel-pdns 4.1.10-1.cp1174.
  • Fixed case CPANEL-28390: Fixed typo in error handling of Cpanel::Validate::Integer.
  • Fixed case CPANEL-28391: Improve error message in WHM MySQL/MariaDB Upgrade interface if installed version can not be upgraded.
  • Fixed case CPANEL-28393: Add support for –help to scripts/upcp.
  • Fixed case CPANEL-28397: Correctly return the running state of named when using PowerDNS in the WHMAPI1 servicestatus call.
  • Fixed case CPANEL-28400: Update the cPanel Encryption interface to use the new UAPI calls.
  • Fixed case CPANEL-28449: Address warnings when LangMods API2 calls are invoked without required parameters.
  • Fixed case CPANEL-28450: Better report errors resulting from improper use of CSVImport API2 calls.
  • Fixed case CPANEL-28453: Update rpm.versions for cpanel-git 2.22.0-1.cp1178.
  • Fixed case CPANEL-28466: Reduce time needed to sync files during update.
  • Fixed case CPANEL-28467: Rearrange Account will make sure that any PHP-FPM configuration files are updated.
  • Fixed case CPANEL-28472: Create UAPI Backup restore_databases to replace API 1 restoredb.
  • Fixed case CPANEL-28475: UAPI calls for webalizer, webalizer_ftp and analog.
  • Fixed case CPANEL-28491: Improve the help information in the upcp script.
  • Fixed case CPANEL-28493: Improve post_sync_cleanup logging.
  • Fixed case CPANEL-28502: Limit update_quota_cache to a single active instance.
  • Fixed case CPANEL-28509: Fix status returned from restartsrv_cpipv6.
  • Fixed case CPANEL-28540: Increase the Password Generator minimum characters to 10.
  • Fixed case CPANEL-28541: Update default TLS cipher suite to latest recommendations.
  • Fixed case CPANEL-28575: Allow cPhulkd to restart even when its subprocess has been orphaned.
  • Fixed case CPANEL-28576: UAPI call Stats::get_site_errors.
  • Fixed case CPANEL-28581: Remove the apache conf distiller system.
  • Fixed case CPANEL-28600: Align input validation in cPanel “Contact Information” page.
  • Fixed case CPANEL-28607: Provide a fail-safe for Let’s Encrypt v1 -> v2 migration.
  • Fixed case CPANEL-28609: Use the main public IP address on NAT systems as the Primary IP displayed in iContact notifications.
  • Fixed case CPANEL-28610: Fix bad dependency in rpm.versions for php-composer.
  • Fixed case CPANEL-28615: Report configuration information.
  • Fixed case CPANEL-28617: Update TLS Status Page to treat wildcard domains indifferently.
  • Fixed case CPANEL-28626: Remove superfluous blackhole from Email Trace.
  • Fixed case CPANEL-28628: Fix error fetching binary locations in non-root user contexts.
  • Fixed case CPANEL-28644: Fix WHM MySQL Root Password forced password reset.
  • Fixed case CPANEL-28658: Correct CSS so Process Manager looks the same across browsers.
  • Fixed case CPANEL-28675: Add provider-agnostic wildcard-reduction code for AutoSSL.
  • Fixed case CPANEL-28688: Reduce memory needed for Sub::Quote.
  • Fixed case CPANEL-28689: Update rpm.versions for cpanel-perl-528-Moo 2.003004-2.cp1178.
  • Fixed case CPANEL-28691: UAPI calls for PostgreSQL.
  • Fixed case CPANEL-28697: Update rpm.versions for cpanel-roundcubemail 1.3.8-10.cp1184.
  • Fixed case CPANEL-28700: Enable default size constraints in Password Generator.
  • Fixed case CPANEL-28705: Reduce whmapi memory requirements.
  • Fixed case CPANEL-28708: Update rpm.versions for cpanel-php73-horde 5.2.21-2.cp1184.
  • Fixed case CPANEL-28717: Update rpm.versions for cpanel-perl-528-Sub-Quote 2.006003-2.cp1178.
  • Fixed case CPANEL-28731: Update rpm.versions for dovecot
  • Fixed case CPANEL-28751: Increase default Cpanel::DNS::Unbound timeout 30s.
  • Fixed case CPANEL-28760: Disable user quotas on dedicated MySQL datadir mounts to improve performance and avoid initial MySQL setup failure.
  • Fixed case CPANEL-28783: Update rpm.versions for cpanel-perl-528-Specio 0.42-2.cp1178.
  • Fixed case CPANEL-28783: Update rpm.versions for cpanel-perl-528-Types-DateTime 0.002-2.cp1178.
  • Fixed case CPANEL-28785: Update the Bandwidth page to replace API1’s Stats::bwbar with API2.
  • Fixed case CPANEL-28797: Ensure that MySQL 5.6 dependencies are met during initial system installation.
  • Fixed case CPANEL-28826: Ensure that iptables xlock failures trigger a failure state.
  • Fixed case CPANEL-28827: Add Stats::list_stats_by_domain UAPI call to fetch list of available monthly access log reports by domain and ssl/non-ssl requests.
  • Fixed case CPANEL-28844: Reduce xml-api memory requirements.
  • Fixed case CPANEL-28852: Split up SPF module into Cpanel::SPF::String.
  • Fixed case CPANEL-28854: Update some output of scripts/initquotas to avoid ambiguity.
  • Fixed case CPANEL-28874: Fix bug in Webmail’s “User Preferences” dropdown menu where the status of the “default webmail application” was incorrectly being displayed.
  • Fixed case CPANEL-28892: Do securetmp before starting background install processes.
  • Fixed case CPANEL-28933: Ensure system PHP-FPM does not show as enabled when PHP-FPM has been uninstalled.
  • Fixed case CPANEL-28953: Improve build performance for Angular 7 apps by making some performance improvements in webpack configuration.
  • Implemented case CPANEL-27616: Redo cPanel email trace as an API with an HTML renderer.
  • Implemented case CPANEL-27970: Reduce the number of locks and reads needed add to the taskqueue.
  • Implemented case CPANEL-27971: Reduce account creation overhead with lots of existing accounts.
  • Implemented case CPANEL-27972: Reduce entersub overhead when calculating duplicate taskqueue commands.
  • Implemented case CPANEL-27973: Remove Cpanel::Time::TZ startup time regexes.
  • Implemented case CPANEL-27974: Reduce the number of regexes needed to a check a service.
  • Implemented case CPANEL-27975: Improve dnsadmin logging and cache performance.
  • Implemented case CPANEL-28055: Add Cluster Configuration Messaging for Config Module.
  • Implemented case CPANEL-28072: Improve the Transfer Tool UI Layout for Config Discovery.
  • Implemented case CPANEL-28073: Display what’s backed up and restored in cpconftool verbose mode.
  • Implemented case CPANEL-28153: Teach Transfer Tool to transfer Greylisting configuration.
  • Implemented case CPANEL-28200: Add AutoSSL Options configuration transfer to Transfer Tool.
  • Implemented case CPANEL-28224: Add Hulk configurations to transfer tool.
  • Implemented case CPANEL-28236: Add script to correct hostname if DNS records are missing.
  • Implemented case CPANEL-28240: PowerDNS is now the default nameserver for new installs.
  • Implemented case CPANEL-28257: Teach Transfer Tool to transfer ModSecurity configuration.
  • Implemented case CPANEL-28287: Switch to fast accessors for cpsrvd.
  • Implemented case CPANEL-28311: Remove module names from WHM config backup filenames.
  • Implemented case CPANEL-28323: Remove deprecated Fileman::fmpushfile API 1 call from UI.
  • Implemented case CPANEL-28357: Reduce memory required for account modification.
  • Implemented case CPANEL-28375: Update PHP version used internally by cPanel to 7.3
  • Implemented case CPANEL-28406: Update RemoteRoot analysis to check cpconftool only once.
  • Implemented case CPANEL-28427: Send notifications when action is required to complete cert issuance.
  • Implemented case CPANEL-28485: Make AutoSSL support wildcard domains and allow pre-DCV refusal.
  • Implemented case CPANEL-28557: Update the AutoSSL Provider page to provide more information.
  • Implemented case CPANEL-28706: Improve Webmail index page.
  • Implemented case CPANEL-28738: Allow available server profiles to be set by the license.
  • Implemented case CPANEL-28752: Reorder AutoSSL’s workflow to group all DCVs together at the start.
  • Implemented case CPANEL-28759: Make AutoSSL Check domain registrations in parallel.
  • Implemented case CPANEL-28772: Group HTTP DCV requests in order to reduce DNS overhead.
  • Implemented case CPANEL-28796: Give Exim the ability to block incoming mail from countries.
  • Implemented case CPANEL-28799: Make global DCV passthrough always-on.
  • Implemented case CPANEL-28802: DnsAdmin now supports DNSSEC keys in a cPanel DNS cluster.
  • Implemented case CPANEL-28808: Give Exim the ability to block incoming mail from domains.
  • Implemented case CPANEL-28821: Reduce xmlapi memory overhead.
  • Implemented case CPANEL-28831: Improve AutoSSL logging and verification performance.
  • Implemented case CPANEL-28870: Use libunbound in SPF validation.
  • Implemented case CPANEL-28915: Add cpanel-punycodejs-js 1.4.1-1.cp1184.
  • Implemented case CPANEL-28921: Update the Server Profile UI to accommodate the license restrictions.
  • Implemented case CPANEL-28949: Allow multiple args when blocking mail from countries and domains.
  • Implemented case CPANEL-28950: Add more prominent link to open the inbox in WebMail.
  • Implemented case CPANEL-28956: Remove page header from revised Webmail Index page.
  • Implemented case CPANEL-28964: Reduce cpanel and uapi regex overhead.
  • Implemented case CPANEL-28969: Improve accessibility of Webmail index page.
  • Implemented case CPANEL-29006: Reduce memory impact of IP compare code.
  • Implemented case CPANEL-29018: Update to Net::ACME2 0.32.
  • Implemented case CPANEL-29019: Reduce memory needed for changing server profiles.

Additional Documentation