1. cPanel & WHM Documentation
  2. Change Logs
  3. Additional Change Logs
  4. ConfigServer Security & Firewall (CSF) Change Log
security

ConfigServer Security & Firewall (CSF) Change Log

Last modified: 2026 March 9

16.11-1

2026-03-06
  • Fix cpanel-csf package upgrade overwriting custom csf-cron entries.

16.10-1

2026-03-02
  • Add csf.cloudflare back to %config(noreplace) to prevent the file from being overwritten during package upgrades.

16.09-1

2026-02-27
  • Ensure PERL5LIB does not influence /usr/sbin/csf.

16.08-1

2026-02-25
  • Fix file conflict on upgrade in /etc/csf/messenger

16.07-1

2026-02-25
  • Fix symlink for /etc/csf/messenger (round 2)

16.06-1

2026-02-25
  • Ensure /etc/csf/messenger is a symlink on RPM-based systems.

16.05-1

2026-02-24
  • Fix issue with symlinks in /etc/ for non-configuration files not being overwritten on first-time install on Debian-based systems.
  • Fix truncated CAPTCHA issues due to line length limit in Messenger.pm

16.04-1

2026-02-24
  • Relocate non-configuration files from /etc/ to /usr/local/csf/ to comply with Ubuntu packaging policies while maintaining backward compatibility via symlinks.

16.03-1

2026-02-24
  • Fixed bug in parsing upper-case time-out duration values.

16.02-1

2026-02-23
  • Update regex to handle log changes to /var/log/secure on AlmaLinux 10.

16.01-1

2026-02-20
  • Update link in x-arf template.

16.00-1

2026-02-05
  • Initial RPM packaging of CSF for cPanel OBS build system.
  • Converted from install.sh to RPM spec file.
  • Modernized entire codebase: switched to cPstrict, added function signatures, enforced perltidy standards, addressed perlcritic warnings.
  • Removed support for non-cPanel platforms (DirectAdmin, Plesk, VestaCP, CWP, InterWorx, CyberPanel, Webmin).
  • Added comprehensive test suite with 100+ test files using Test2 framework.
  • Fixed security vulnerabilities: XSS in web UI modules, proper HTML encoding throughout.
  • Fixed numerous uninitialized variable warnings and potential runtime issues.
  • Removed AUTO_UPDATES functionality (package-managed updates only).
  • Replaced custom implementations with cPanel libraries where available (Cpanel::Encoder::Tiny, Cpanel::JSON::XS).
  • Added CI/CD workflows for automated building and testing.
  • Improved sandbox development environment for easier local testing.
  • Refactored core modules for better testability and maintainability.
  • Added POD documentation to all public module interfaces.
  • Fixed IPv6 handling, timeout validation, and iptables guard conditions.
  • Updated regex patterns to handle AlmaLinux 10 log format changes.
  • Removed deprecated Perl 4 syntax and bareword filehandles throughout.
  • Cleaned up code structure: moved modules to lib/, removed duplicate files.

Additional Documentation