For cPanel & WHM 11.48
This page was last updated on:
Page info | ||||
---|---|---|---|---|
|
Toc no bullet | ||
---|---|---|
|
Upgrade blockers
Staging Directory
Version 11.48.2.1 introduces the Staging Directory. The system notifies you if there is insufficient space available to complete the upgrade and allows you to select a new location for the Staging Directory.
New features
MariaDB® support
In cPanel & WHM version 11.48, the transfer and restore system now uses rsync
to copy files from the source server to the destination server.
Apache SpamAssassin now filters forwarded mail
In cPanel & WHM version 11.48, we have added two options to the Exim Configuration Manager interface (Home >> Service Configuration >> Exim Configuration Manager).
Do not forward email to external recipients if it matches or exceeds the Apache SpamAssassin™ internal spam_score setting.
- Do not forward email to external recipients based on the defined Apache SpamAssassin™ score.
These two options allow you to prevent spam from being forwarded to external recipients.
Restore package script incorporated into new transfer and restore system
In cPanel & WHM version 11.48, the restore package script (/scripts/restorepkg
) is now a part of the new transfer and restore system.
The package script now performs the following steps:
Adds the package to the
AccountLocal
queue.Starts the restoration process.
Tails the log file after the restoration process for the account begins.
For more information about the restore package script, read our Restore Package Script and Transfer Tool documentation.
Updated Apache memory usage limitations
You can now enter a value for the Apache RLimitsMEM, and optionally restart Apache.
cPHulk improvements
Furthermore, cPHulk will not consider a user at an IP address who uses the same username and password combination repeatedly to be a brute force attacker. This often happens when a user has not yet updated their email password on a handheld device.
New cPHulk settings
- The lookback period for counting failed logins against a user
- Command to run when an IP triggers brute force protection
- Command to run when an IP is blocked for a one day period
- Block IPs that trigger brute force protection at the firewall level
- Block IPs that match the criteria for a one day block at the firewall level
Note | ||
---|---|---|
| ||
The Block IPs that trigger brute force protection at the firewall level and Block IPs that match the criteria for a one-day block at the firewall level options are not available on Virtuozzo. |
For more information about these new settings, read our cPHulk Brute Force Protection documentation.
Improved Login/Brute History Report for CPHulk
We have expanded the Login/Brute History Report tab in WHM's cPHulk Brute Force Protection interface (Home > Security Center > cPHulk Brute Force Protection) to include the following four tables:
Failed Logins
Blocked Users
Blocked IP Addresses
Blocked IP Addresses with Excessive Login Failures
We have also expanded the columns within each table to show the time that remains in the lockout or block period.
Improved UI for cPHulk
We redesigned the user interface for cPHulk to improve navigation and functionality. The tables for whitelist and blacklist entries now include comments and the ability to sort. You can also add your IP address to the whitelist by clicking the button on the warning notification.
ModSecurity Reports
In cPanel & WHM version 11.48, we have added the ability to report a issue with a vendor provided ModSecurity rule in the ModSecurity Tools interface (Home >> Security Center >> ModSecurity Tools).
Notification centralization
In cPanel & WHM version 11.48, we have moved management of cPanel & WHM contact address changes and notification settings changes to theiContact
module. The system logs the changes in the /var/cpanel/user_notifications/username
file, where username
represents the cPanel account name. This provides better performance and consistent contact management.Notification settings alert via email
Note | ||
---|---|---|
| ||
If the user has modified their IP address, the IP address in the notification email may not be accurate. |
Login notification
In cPanel & WHM version 11.48, users may request a notification when someone authenticates to any service that uses cPanel & WHM's authentication scheme. The system will also notify users when the notification settings change.
In order to prevent unnecessary messages, the system will halt notifications for 24 hours after a successful login for a specific service, user, and IP address combination.
Note | ||
---|---|---|
| ||
ProFTP does not currently use the cPanel & WHM authentication scheme. |
ChkServd added to Contact Manager
In cPanel & WHM version 11.48, we have added the Service interruptions option to the Contact Manager interface (Home >> Server Contacts >> Contact Manager). This allows you to customize the notifications that your server sends when a service fails, restarts, or times out.
Paper Lantern
The Paper Lantern theme is still in development in cPanel & WHM version 11.48. Eventually, Paper Lantern will become the default theme for cPanel.
Customize Paper Lantern interface improvements
In cPanel & WHM version 11.48, you can view the favicon and logo that you previously uploaded in WHM's Customize Paper Lantern interface (Home >> cPanel >> Customize Paper Lantern). You can also delete and upload new items in this interface.
Webmail interface improvements
In cPanel & WHM version 11.48, we restyled the Webmail interface to match the Paper Lantern theme. For more information, read our Webmail documentation.
Retro Style for Paper Lantern
Paper Lantern now ships with the Retro style. To change your interface to the Retro style, navigate to cPanel's Change Style interface (Home >> User Settings >> Change Style).
Plugin File Generator improvements
In cPanel & WHM version 11.48, WHM's cPanel Plugin File Generator interface (Home >> Development >> cPanel Plugin File Generator) is now compatible with the Paper Lantern theme. This interface generates an installation file for a cPanel plugin. The plugin file that you generate can contain one or more items.
Authentication improvements
In cPanel & WHM version 11.48, passwords and passphrases throughout cPanel and WHM may now contain spaces. Also, the system rejects any leading and trailing spaces in passphrases during GPG key creation.
Finally, GPG keys that you create without passphrases through the Gpg::genkey()
function in cPanel API 1 now process correctly.
Note | ||
---|---|---|
| ||
The cPanel interface requires that GPG keys contain passphrases. |
Backup restoration logs
In cPanel & WHM version 11.48, we have changed the Backup Restoration feature so that it uses the restoration functionality in the new Transfer and Restore system.
We have also added the View Log option to WHM's Backup Restoration interface (Home >> Backups >> Backup Restoration).
Improved Mail Delivery Reports (eximstats) performance
In cPanel & WHM version 11.48, we have improved the performance and speed of WHM's Mail Delivery Reports interface (Home >> Email >> Mail Delivery Reports).
Verbose flag for the /etc/init/startcpsrvd script
In previous versions of cPanel & WHM, the /etc/init/startcpsrvd
script was verbose by default.
In cPanel & WHM version 11.48 and later, you must explicitly include the --verbose
flag when you run the script in order to receive verbose output.
Improved IPv6 validation and formatting
cPanel & WHM now provides compliant IPv6 address validation in WHM's Advanced DNS Zone Editor interface (Home >> Domains >> Advanced DNS Zone Editor). We also now reformat AAAA records to their most compact representation.
Updated cpsrvd
daemon
We have updated the cpsrvd
daemon to log X-Forward-For
header data in the access log.
BASH history timestamps
New installations of cPanel & WHM version 11.48 include timestamps in the BASH history.
Updated bandwidth notification emails
We have updated the email notification that the system sends when a user reaches a bandwidth limit threshold. These emails now include predictive warnings that indicate when the user will exceed the account's bandwidth limits.
Rebuilt RPMs
We have rebuilt the following cPanel-provided RPMs:
courier-authlib
courier-imap
cpanel-angular-ui-bootstrap
dovecot
exim
MySQL50
MySQL51
MySQL55
MySQL56
compat-MySQL50-shared
compat-MySQL51-shared
For more information about cPanel RPMs, read The rpm.versions System documentation.
For a list of cPanel-provided third-party software, read our Third-Party Software documentation.
RPM installation conflict
In cPanel & WHM version 11.48, due to a conflict with the Exim RPM, you cannot install the following RPMs:
postfix
sendmail
sendmail-cf
Updates to default monitored services
New cPanel & WHM installations will now monitor the following services by default:
cpanellogd
queueprocd
cpsrvd
cpdavd
crond
exim
httpd
ipaliases
mysql
pop
rsyslogd
spamd
sshd
New cPanel DNSONLY installations will now monitor the following services by default:
cpsrvd
crond
mysql
named
queueprocd
sshd
WHM users can view a list of monitored services in WHM's Service Status interface (Home >> Server Status >> Service Status).
Dovecot compression
In cPanel & WHM version 11.48, Dovecot now uses the COMPRESS extension to IMAP to make IMAP connections more efficient. For more information about IMAP compression, read IETF's IMAP COMPRESS extension article.
New cpanel.config variables
Initial defaults for the following variables now exist in the /var/cpanel/cpanel.config
file:
skipchkservd
skipcpbandwd
skipeximstats
skipjailmanager
skipmailauthoptimizer
skipmodseclog
skiptailwatchd
All of these variables default to 0
.
For more information, read our The cpanel.config File documentation.
Refactored restartsrv_*
scripts
We have refactored cPanel & WHM's /usr/local/cpanel/scripts/restartsrv_*
scripts to provide better coverage to start and stop services. For more information, read our WHM Scripts documentation.
In addition, the following scripts now include improved output:
/usr/local/cpanel/scripts/restartsrv_imap
/usr/local/cpanel/scripts/restartsrv_cpsrvd
/usr/local/cpanel/scripts/restartsrv_mailserver
/usr/local/cpanel/scripts/restartsrv_exim
/usr/local/cpanel/scripts/restartsrv_courier
/usr/local/cpanel/scripts/restartsrv_dovecot
/usr/local/cpanel/scripts/restartsrv_mysql
Additional notes for third-party developers
If your custom applications use a /usr/local/cpanel/scripts/restartsrv_*
script, you may need to update and test your code.
- These scripts are now more robust, and may return errors more visibly than in previous versions of cPanel & WHM.
Update any custom code that touches a
restartsrv
-managed service to use the appropriate/usr/local/cpanel/scripts/restartsrv_*
scripts. Custom code should not call scripts in the/etc/init.d/
directory.
For help to update your custom code, contact integrations@cpanel.net.
API column sorting
In cPanel & WHM version 11.48, we have added column selection and sorting to UAPI, WHM API 1 and cPanel API 2. This allows you to return only the data you need, which reduces system load and increases performance.
For more information, read the following documentation:
Deprecated and removed items
Deprecated Tweak Setting
Removed VPS support
In cPanel & WHM version 11.48, we removed support for the User Mode Linux, FreeVPS, and ServeXchange Virtual Private Server environments.
Removed Cpanel::Config::SaveCpUserFile
module
In cPanel & WHM version 11.48, we removed the Cpanel::Config::SaveCpUserFile
module in favor of the Cpanel::Config::CpUserGuard
module, which avoids race conditions. You can no longer use the Cpanel::Config::SaveCpUserFile
module.
Logaholic removals
The integrated Logaholic application is no longer available in cPanel & WHM. During the upgrade to cPanel & WHM version 11.48, the system automatically removes the integrated Logaholic application from the server. This removal will not affect any Logaholic user data.
Because of these changes, cPanel's Logaholic interface (Home >> Logs >> Logaholic) is no longer available.
For more information, view the Logaholic Web Analytics website.
Removed scripts
We have removed the following scripts:
/scripts/installssl
/bin/installssl
To install SSL certificates, use one of the following methods:
- The WHM API 1
installssl
function. - The UAPI
SSL::install_ssl
function.
- WHM's Install an SSL Certificate on a Domain interface (Home >> SSL/TLS >> Install an SSL Certificate on a Domain).
- cPanel's Activate and Manage SSL on Your Website (HTTPS) interface (Home >> Security >> SSL/TLS Manager >> Manage SSL Hosts).
Appendix A: Provided third-party applications
cPanel & WHM version 11.48 includes the following third-party applications:
Include Page | ||||
---|---|---|---|---|
|
PHP Modules
Expand | ||||||
---|---|---|---|---|---|---|
| ||||||
|
Perl Modules
Expand | ||||||
---|---|---|---|---|---|---|
| ||||||
|
Appendix B: New and modified API calls
New cPanel API 2 Calls
Email::get_default_email_quota
— This function retrieves the system's default email quota.Email::get_max_email_quota
— This function retrieves the system's maximum email quota.
Modified cPanel API 2 Calls
CustInfo::displaycontactinfo
— This function now includes new parameters for notification types.CustInfo::savecontactinfo
— This function now includes new parameters for notification types.ZoneEdit::edit_zone_record
— This function now supports CNAME flattening for root domains.
Removed cPanel API 2 Calls
Note | ||
---|---|---|
| ||
If you attempt to call these functions in cPanel & WHM version 11.48 and later, they will not produce any output. |
Logaholic::adduser
Logaholic::addiuserprofile
Logaholic::deleteuser
Logaholic::deleteuserprofile
Logaholic::edituser
Logaholic::fetchuser
Logaholic::listuserprofiles
Logaholic::logaholiclink
Logaholic::processstats
New UAPI Calls
Email::get_default_email_quota
— This function retrieves the system's default email quota.Email::get_max_email_quota
— This function retrieves the system's maximum email quota.Webmailapps::listwebmailapps
— This function lists an account's available webmail clients.SSL::disable_mail_sni
— This function disables mail SNI for an account.SSL::enable_mail_sni
— This function enables mail SNI for an account.SSL::is_mail_sni_supported
— This function checks whether thesslinstall
feature is enabled.SSL::mail_sni_status
— This function retrieves the status of the domain's SNI mail services.SSL::rebuild_mail_sni_config
— This function rebuilds the SNI configuration files.
Modified UAPI Calls
modifyacct
— This function now includes new parameters to list password change failures.
New WHM API Calls
start_background_mysql_upgrade
— This function upgrades MySQL or MariaDB in the background.background_mysql_upgrade_status
— This function retrieves the status of a background MySQL or MariaDB upgrade.installable_mysql_versions
— This function lists all available versions of MySQL and MariaDB.current_mysql_version
— This function retrieves the server's version of MySQL or MariaDB.latest_available_mysql_version —
modsec_add_vendor
— This function adds a new ModSecurity™ vendor rule set to the server.- modsec_check_rule — This function checks a ModSecurity™ rule's validity.
modsec_clone_rule
— This function copies a ModSecurity rule with a new rule ID.modsec_deploy_all_rule_changes
— This function deploys the staged changes for all of the ModSecurity configuration files into the live configuration files.modsec_disable_vendor
— This function disables a ModSecurity vendor rule set.modsec_disable_vendor_configs
— This function disables all the configuration files owned by a ModSecurity vendor.modsec_disable_vendor_updates
— This function disables automatic updates for a ModSecurity vendor.modsec_discard_all_rule_changes
— This function discards the staged rule changes, if present, for all of the configuration files.modsec_enable_vendor
— This function enables a ModSecurity vendor rule set.modsec_enable_vendor_configs
— This function enables all the configuration files owned by a ModSecurity™ vendor.modsec_enable_vendor_updates
— This function enables automatic updates for a ModSecurity™ vendor.modsec_get_vendors
— This function returns a list of configured ModSecurity™ vendors.modsec_preview_vendor
— This function returns the metadata of a ModSecurity™ vendor rule set.modsec_remove_vendor
— This function removes all of a ModSecurity™ vendor's includes, disablement directives, configuration files, and the metadata file.modsec_report_rule
— This function submits ModSecurity™ rule error reports to a remote receiver.modsec_update_vendor
— This function updates a vendor with the current version of the rule set available at the specified URL.cphulk_status
— This function returns the status of the cPHulk service.enable_cphulk
— This function enables cPHulk.disable_cphulk
— This function disables cPHulk.create_cphulk_record
— This function creates a record in the cPHulk whitelist or blacklist.read_cphulk_records
— This function returns the records in the cPHulk whitelist or blacklist.delete_cphulk_record
— This function deletes records from the cPHulk whitelist or blacklist.load_cphulk_config
— This function lists cPHulk's current configuration settings.save_cphulk_config
— This function modifies cPHulk's configuration settings.get_cphulk_brutes
— This function lists the records for brute attacks in the cPHulk database.get_cphulk_excessive_brutes
— This function lists the records for excessive brute attacks in the cPHulk database.get_cphulk_failed_logins
— This function lists the records for failed login attempts in the cPHulk database.flush_cphulk_login_history
— This function clears the login history from the cPHulk database.remove_logo
— This function removes an existing logo or favicon.editzonerecord
— This function now supports CNAME flattening for root domains.
— This function disables mail SNI for an account.disable_mail_sni
— This function enables mail SNI for an account.enable_mail_sni
— This function retrieves the status of the domain's SNI mail services.mail_sni_status
— This function rebuilds the SNI configuration files.rebuild_mail_sni_config
Modified WHM API Calls
modsec_get_configs
— This function now accomodates the ModSecurity Vendors feature.modsec_get_log
— This function now accomodates the ModSecurity Vendors feature.modsec_get_rules
— This function now accomodates the ModSecurity Vendors feature.
Your cPanel & WHM server must use the CentOS 6 or newer operating system to upgrade the database server from MySQL to MariaDB. You cannot upgrade to MariaDB on a server that uses CentOS 5.
We strongly recommend that you back up your database before you upgrade your database or change to MariaDB.
Both
pre
andpost
Standardized Hooks run for major and minor MySQL upgrades. However, the system does not run Standardized Hooks for MariaDB for minor version updates becauseyum
manages minor version changes.For more information, read our MySQL/MariaDB Upgrade documentation.
AutoConfig for iOS
For more information, read our AutoConfig and Autodiscover documentation.
Restricted Restore
In cPanel & WHM version 11.48, we have added Restricted Restore functionality to restoration API calls and the following interfaces:
The Restricted Restore feature performs additional security checks on the backup file in order to mitigate the risk of transfers from unfamiliar sources. If a component of the backup file has an issue (for instance, a MySQL grant table is compromised or a symbolic link attack), the system will not restore that portion of the backup and will add a warning to the log file.
If you do not trust the source of the account backup with
root
access to your server, use the Restricted Restore feature to protect your server.noshell
orjailshell
. If the restored account uses another shell, the system will do the following:jailshell
.noshell
. For more information, read our VirtFS (Jailed Shell) documentation.New scripts
The
/bin/view_transfer
script checks the status of and monitors transfer sessions.Added support for Mail SNI integration
For systems that support SNI, you can now enable SNI for a domain during SSL installation. You can also enable or disable SNI for domains that have SSL certificates already installed.
Increased default size and maximum size for mail quotas
We have increased the default email quota – which is available in cPanel's Email Accounts interface (Home >> Mail >> Email Accounts) – to 1,024 MB. The maximum value is 2,048 MB for 32-bit systems and 4 TB for 64-bit systems.
OWASP Rules for ModSecurity™
In cPanel & WHM version 11.48, we now distribute the OWASP ModSecurity Core Rule Set (CRS). The OWASP ModSecurity CRS is a set of rules for use with the ModSecurity Apache module to help protect your web server from malicious traffic. Through the guidance of OWASP, cPanel now distributes a curated set of these rules. You can install and manage these rules with the WHM ModSecurity applications. For more information about the OWASP ModSecurity CRS, that includes installation pre-requisites and instructions, read our OWASP ModSecurity CRS documentation.
ModSecurity Vendors
In cPanel & WHM version 11.48, we now provide the ability to add ModSecurity rule sets with the ModSecurity Vendors interface (Home >> Security Center >> ModSecurity Vendors). In addition, we have provided the ability to create custom ModSecurity vendors. For more information about how to create a ModSecurity vendor, read our How to Create a ModSecurity Vendor documentation.
New binary hostname update utility
cPanel & WHM version 11.48 introduces the
/usr/local/cpanel/bin/set_hostname
utility. Run this utility as theroot
user to change the server's hostname and automatically perform all of the necessary system updates. This utility is useful if you wish to change the server's hostname during a process that requires you to call the binary (for example, automated cloning processes).For more information, read our The set_hostname Utility documentation.
System improvements
Transfer System uses rsync