The information in this post is about a project in motion. The final delivery may differ from what is discussed here, especially as we consider the feedback you have.
Update: the changes discussed in this article are delayed until a future version of cPanel & WHM. They are not in version 11.34.
Our last article discussed changing from compile-on-demand to delivery of pre-compiled binary packages, using the RPM format. A primary driver behind this was our use of perl. To deliver perl via pre-built RPM packages required a number of changes to the product.
For many years installing and using cPanel & WHM has involved compiling software on-demand. Want Apache and PHP? Run /scripts/easyapache, which builds those and all dependencies from source. Want perl installed? Download and run the perl installer from httpupdate.cpanel.net, which installs perl from source. While compiling from source has its benefits, it also has its drawbacks.
With cPanel & WHM 11.28 the ability for server owners to provide custom webmail applications was introduced. To demonstrate this feature we introduced the Atmail Open plugin.
Recently Atmail Inc., the creators of Atmail Open, decided to no longer provide the open source version of their product. Due to this change, cPanel will no longer distribute, or provide, the Atmail Open plugin via our Plugin service. The last update, 1.0.5, of the plugin was released in early May 2012. If you have not already, please verify your version of the plugin has been updated. The Atmail Open 1.0.5 release addresses some security issues. Continue reading
The following disclosure covers the Targeted Security Release 2012-05-31. Each vulnerability is assigned an internal case number which is reflected below.
Information regarding cPanel’s Security Level rankings can be found here:http://go.cpanel.net/securitylevels Continue reading
cPanel is pleased to announce the release of cPanel & WHM 188.8.131.52 to the RELEASE tier. This monumental release comes from a new development style; focusing on delivering resolution to cases as soon as possible instead of waiting for the next major version. This release addresses over 200 cases that will provide numerous bug fixes and updates.
Due to the volume of resolved cases, there is no overall theme to the update. Updates of note include: Continue reading
cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system. If your deployed cPanel & WHM servers are configured to automatically update when new releases are available, then no action is required. Your systems will update automatically. If you have disabled automatic updates, then you are highly encouraged to update your cPanel & WHM installs at your earliest convenience. Continue reading
cPanel is very excited about the HostingCon debut of cPanel University! cPanel University is a cPanel Certification that you can use to brag about how much you know about cPanel & WHM. That is if you can pass. We don’t just hand these things out like swag you find at a booth. This is a legitimately hard test that only 20% of people pass the first level of the tech certification. And no one has passed the last level of the test. Continue reading
cPanel & WHM servers using the default cPanel PHP CGI configuration are not vulnerable to the command line switch vulnerability.
A recently disclosed flaw in PHP’s CGI implementation allows malicious users to remotely view and execute source code. The exploit was documented by the Eindbazen team and documented as CVE-2012-1823.
cPanel & WHM servers are not affected by this, thanks in part to a wrapper script used by cPanel & WHM when Apache is configured to use CGI for the PHP handler. This wrapper script does not pass through any command line options.
Server administrators are encouraged to verify their PHP configuration.
When configured to use CGI or FCGI, cPanel & WHM instructs Apache to use the following wrapper script /usr/local/cpanel/cgi-sys/php5 or /usr/local/cpanel/cgi-sys/php4 (The number after “php” is based upon the current major version of PHP.) The unmodified version of the wrapper script looks like the following:
The $binary placeholder will contain /usr/bin/php or /usr/php4/bin/php By default, no command line parameters are included.
# If you customize the contents of this wrapper script, place
# a copy at /var/cpanel/conf/apache/wrappers/php$php_version
# so that it will be reinstalled when Apache is updated or the
# PHP handler configuration is changed
EasyApache 3.12 improves CloudLinux’s modhostinglimits, modmono compatibility on CentOS 4, and mod_ruid2 to suPHP support
We are excited to announce the release of EasyApache 3.12. The latest version provides numerous updates.
- CloudLinux’s mod_hostinglimits has been updated to 0.9-5. This will impact all of those who use CloudLinux.
- The issues caused by the glib2 update when building mod_mono on CentOS4 have been resolved.
- Switching between mod_ruid2+DSO to suPHP will no longer cause permission errors that can cause PHP sites to no longer function.
- PHP will now use the system time zone database rather than the one built into PHP, which will ensure PHP applications receive timely updates to time zone changes
We strongly recommend that all server administrators rebuild their EasyApache profile immediately.
To rebuild the EasyApache profile:
- Log in to WHM as the root user.
- Click on the EasyApache (Apache Update) link in the left menu.
- If you wish to keep the same configuration, simply click Build Profile.
Houston, TX — cPanel & WHM version 11.32, which released today to the RELEASE tier, offers numerous updates, including enhancements to mail functionality and login screens. It also officially supports DKIM and includes the Logaholic web analytics application. This latest release features 202 bug fixes and case implementations since going to the EDGE tier on February 15, 2012.
Learn more about 11.32 updates and enhancements: