Page tree
Skip to end of metadata
Go to start of metadata

11.40.1.22


2014-10-27

  • Fixed case 109725: Add a warning message to MySQL Upgrade UI to update cPanel/WHM first.
  • Fixed case 110525: Fixed maketext inconsistencies.
  • Fixed case 110793: Adjust version in MySQL Upgrade warning.
  • [security] Fixed case 124993: Add an interface to modify SSL/TLS versions for cpsrvd and cpdavd.
  • [security] Fixed case 124993: Deduplicate cpsrvd and cpdavd SSL configuration.
  • Fixed case 125317: Add an option to configure SSL/TLS protocols for Exim.
  • Fixed case 125369: Fix Courier SSL protocol selection options.
  • Fixed case 126225: Add SSL protocol configuration for Dovecot.
  • Implemented case 106213: Removed the MySQL 5.0 upgrade blocker.
  • Implemented case 109773: Sync MySQL upgrade warning message for 11.42 to match documentation.
  • Implemented case 125289: Update Apache configuration to allow specifying SSL protocols.

11.40.1.21


2014-09-08
  • [security] Fixed case 109009: Stored XSS Vulnerability in WHM Cluster Trust Settings.
  • [security] Fixed case 109029: Self-Stored XSS vulnerability in WHM basic_exim_editor interface.
  • [security] Fixed case 109037: Self-Stored XSS vulnerability in spamdconf.
  • [security] Fixed case 109045: Stored XSS Vulnerability in WHM Server Status.
  • [security] Fixed case 109049: Arbitrary file overwrite in /scripts/synccpaddonswithsqlhost.
  • [security] Fixed case 109469: Bypass of email and webdav access during account suspension.
  • [security] Fixed case 109789: Bypass of account suspension lock via account rename.
  • [security] Fixed case 109797: Bypass of locks for account unsuspension in scripts/remote_unsuspend.
  • [security] Fixed case 110177: Stored-XSS vulnerability in WHM List Accounts Interface.
  • [security] Fixed case 112041: Arbitrary file overwrite in checkstunnel script.
  • [security] Fixed case 112361: Arbitrary file overwrite via Tailwatch cPBandwd driver.
  • [security] Fixed case 113101: Arbitrary code execution as shared webmail accounts.
  • [security] Fixed case 113477: Arbitrary code execution as cpanel-horde user via cache file poisoning.

11.40.1.20


2014-08-04
  • [security] Fixed case 108965: Bypass of account suspension via mod_userdir.

11.40.1.19


2014-07-22
  • [security] Fixed case 105465: Update Exim to 4.82-4.cp1136 for CVE-2014-2972.

11.40.1.18


2014-07-21
  • [security] Fixed case 93321: Limited arbitrary file modification via LeechProtect subsystem.
  • [security] Fixed case 98125: Process locking based on 'ps' vulnerable to attack by local users.
  • [security] Fixed case 98253: Insecure permissions on eximstats SQL password file.
  • [security] Fixed case 99353: Self-stored XSS vulnerability in WHM SSH key management interface.
  • [security] Fixed case 99637: Stored XSS vulnerability in WHM listaccts interface.
  • [security] Fixed case 99749: Bypass of account ownership restrictions during account creation.
  • [security] Fixed case 99861: Update analysis logs sent without proper SSL certificate validation.
  • [security] Fixed case 100669: Self-Stored XSS Vulnerability in WHM Manage Custom RBLs.
  • [security] Fixed case 100677: Arbitrary file unlink via fixwebalizer script.
  • [security] Fixed case 100685: Stored XSS Vulnerability in WHM Email All Users.
  • [security] Fixed case 100957: Arbitrary YAML file read via import_old_support_cfg script.
  • [security] Fixed case 101013: Self-stored XSS Vulnerability in WHM Disk Usage.
  • [security] Fixed case 102105: Bypass of account suspension via mail filters.
  • [security] Fixed case 102401: Limited SQL injection vulnerability in LeechProtect.
  • [security] Fixed case 102853: Self XSS Vulnerability in WHM EasyApache Launcher.
  • [security] Fixed case 102877: Self XSS Vulnerability in WHM Legacy Language File Upload.
  • [security] Fixed case 104101: Self-stored XSS vulnerability in view_cert.tt.
  • [security] Fixed case 104105: Self-stored XSS vulnerability in view_key.tt.
  • [security] Fixed case 105273: Self-stored XSS vulnerability in view_csr.tt.
  • [security] Fixed case 105345: Arbitrary file read via Exim virtual aliases.
  • [security] Fixed case 105469: Bypass of commondomains and hostname restrictions in WHM Add DNS interface.

11.40.1.17


2014-07-16
  • Fixed case 107105: Initial install of cPanel w/ Apache MPM ITK properly sets up suEXEC.
  • Implemented case 94577: Prevent user from enabling suEXEC when Apache MPM Itk is installed.

11.40.1.16


2014-07-01
  • Fixed case 103305: Disable mod_userdir when Apache MPM ITK is installed.

11.40.1.15


2014-06-12
  • [security] Fixed case 89109: Backport fix for Horde-Webmail CVE-2014-1691.
  • Fixed case 95449: Fetch in-WHM change logs from atom.cpanel.net.
  • Fixed case 101609: Update /scripts/enablefileprotect with Apache MPM ITK support.

11.40.1.14


2014-05-19
  • TSR-2014-0004

11.40.1.13


2014-03-24
  • [security] Fixed case 85329: Sensitive information disclosed via multiple log files.
  • [security] Fixed case 86337: Injection of arbitrary DNS zonefile contents via cPanel DNS zone editors.
  • [security] Fixed case 87205: Open redirect vulnerability in FormMail -clone.
  • [security] Fixed case 87873: Multiple format string vulnerabilities in Cpanel::API::Fileman.
  • [security] Fixed case 88577: Arbitrary file overwrite via trackupload parameter.
  • [security] Fixed case 88793: External XML entity injection in WHM locale upload interface.
  • [security] Fixed case 89009: Arbitrary code execution for ACL limited resellers via WHM Activate Remote Nameservers interface.
  • [security] Fixed case 89057: Fix self-XSS vulnerability on reseller branding download page.
  • [security] Fixed case 89133: Fix self-stored XSS vulnerability in WHM Backup Configuration.
  • [security] Fixed case 89137: Fix self-XSS vulnerability in WHM Local XML Upload.
  • [security] Fixed case 89377: Arbitrary code execution for ACL limited resellers via WHM objcache.
  • [security] Fixed case 89729: Insufficient ACL checks in WHM Modify Account interface.
  • [security] Fixed case 89733: Injection of arbitrary data into cpuser configuration files via wwwacct.
  • [security] Fixed case 89789: Arbitrary code execution for ACL limited resellers via batch API.
  • [security] Fixed case 90001: Sensitive information disclosed via update-analysis tarballs.
  • [security] Fixed case 90213: Self XSS vulnerability in WHM MySQL Root Password interface.
  • [security] Fixed case 90225: Multiple self XSS vulnerabilities in CloudLinux LVE Manager.
  • [security] Fixed case 90249: Self XSS vulnerability in WHM Xferlog Tail.
  • [security] Fixed case 90257: Self XSS vulnerability in WHM Edit System Mail Preferences.
  • [security] Fixed case 90261: Stored XSS Vulnerability in WHM SSH Check.
  • [security] Fixed case 90265: Open mail relay via injection of FormMail -clone parameters.
  • [security] Fixed case 90289: Self XSS vulnerability in WHM Zone Editor.
  • [security] Fixed case 90757: Self XSS vulnerability in Mailing Lists Admin Privledges Delegation.
  • [security] Fixed case 90773: Self-stored XSS vulnerability in cPanel Hotlink Protection.
  • [security] Fixed case 90777: Self-stored XSS vulnerability in Web Disk Accounts.
  • [security] Fixed case 90817: Self XSS vulnerability in listfmfiles.json.
  • [security] Fixed case 90837: Self-stored XSS vulnerability in Redirects.
  • [security] Fixed case 91253: Stored XSS vulnerability in cPAddons Moderation Requests.
  • [security] Fixed case 91457: Self XSS vulnerability in cPanel PHP Test.
  • [security] Fixed case 91461: Self XSS vulnerability in Entropy Banner Upload.
  • [security] Fixed case 91633: Self XSS vulnerability in Fetch Mail Archive.
  • [security] Fixed case 91677: Self-stored XSS vulnerability in cPanel Image Manager Scaler.
  • [security] Fixed case 91681: Self-stored XSS vulnerability in cPanel Image Manager Thumbnailer.
  • [security] Fixed case 91717: Self-XSS vulnerabilities in BoxTrapper _getaccountinfo/BoxTrapper_getemaildirs.
  • [security] Fixed case 91741: Arbitrary code execution via backup excludes.
  • [security] Fixed case 91973: Self XSS vulnerability in cPanel Image Manager Scaler.
  • [security] Fixed case 91977: Self XSS vulnerability in cPanel Image Manager Format Converter.
  • [security] Fixed case 91981: XSS Vulnerabilities in cPanel Image Manager Thumbnailer.
  • [security] Fixed case 92133: Self XSS vulnerability in Delete Private SSH Key.
  • [security] Fixed case 92157: Stored XSS vulnerability in FrontPage Install/Uninstall.
  • [security] Fixed case 92421: Self XSS vulnerability in Mail Settings Container AJAX.
  • [security] Fixed case 92489: SSH private key disclosure during key import process.
  • [security] Fixed case 92593: Reflected XSS vulnerability in Entropy Search.
  • [security] Fixed case 92601: User .my.cnf files set to world readable during upcp.
  • [security] Fixed case 93089: Self XSS Vulnerability in Redirect Removal Confirm.
  • [security] Fixed case 93125: Self XSS Vulnerability in Default Website Page.
  • [security] Fixed case 94201: Insufficient validation allows password reset of arbitrary users.

11.40.1.11


2014-02-04
  • Fixed case 83093: Make Munin and ClamAV always authorized in AppConfig.
  • Fixed case 83681: Allow MySQL upgrades even if mysql is disabled.
  • Fixed case 86489: Fix display of details for blocked updates in WHM.
  • Fixed case 87065: Add SRV support to Softlayer dnsadmin module.
  • Fixed case 88369: Run make rpm.versions on autobuild server.
  • Fixed case 88389: Update MySQL55 to 5.5.35-1.cp1136.
  • Fixed cases 88697,88085: Ensure that we drop privs to read users' .my.cnf files.
  • Fixed case 89825: Fix parking a domain through WHM.
  • Implemented case 84481: Update ioncube loader to 4.5.0.

11.40.1.10


2014-02-03
  • [security] Fixed case 84385: Arbitrary code execution as cpanel-horde user via cache file poisioning.
  • [security] Fixed case 84633: Fix multiple self XSS vulnerabilities in Cpanel::Htaccess.
  • [security] Fixed case 84877: Fix self XSS vulnerability in Initial Setup Wizard.
  • [security] Fixed case 84881: Fix stored XSS vulnerability in Set Default Address.
  • [security] Fixed case 84885: Fix XSS vulnerability in /x3/mail/filters/editfilter.html.
  • [security] Fixed case 84893: Fix XSS vulnerabilities in BoxTrapper Configuration.
  • [security] Fixed case 84897: Fix self XSS vulnerabilities in HTTP Bandwidth View.
  • [security] Fixed case 84901: Fix stored XSS vulnerability in Image Thumbnailer.
  • [security] Fixed case 85029: Fix self XSS vulnerability in Import Addresses/Forwarders.
  • [security] Fixed case 85133: Fix stored XSS vulnerability in File Editor.
  • [security] Fixed case 85177: Fix multiple self XSS vulnerabilities in CGI Center.
  • [security] Fixed case 85229: Fix multiple self XSS vulnerabilities in PostgreSQL database deletion.
  • [security] Fixed case 85249: Fix XSS vulnerability in Add Postgres User to DB.
  • [security] Fixed case 85273: Fix self-XSS vulnerability in Hotlink Protection.
  • [security] Fixed case 85457: Fix self XSS vulnerability in BoxTrapper Verification.
  • [security] Fixed case 85461: Fix multiple self XSS vulnerabilities in Cpanel::Boxtrapper.
  • [security] Fixed case 85589: Fix XSS vulnerability in Tweak Settings.
  • [security] Fixed case 85981: Fix XSS vulnerability in WHM Add A Package interface.
  • [security] Fixed case 86017: Fix XSS vulnerability in Security Questions interfaces.
  • [security] Fixed case 86329: Fix stored XSS vulnerability in Edit MX Entry.
  • [security] Fixed case 86341: Arbitrary file read as root during cPanel account creation for ACL limited resellers.
  • [security] Fixed case 86381: Disclosure of root's accesshash to ACL limited resellers via WHM xml-api.
  • [security] Fixed case 86453: Injection of arbitrary settings into cpuser files via account creation.
  • [security] Fixed case 86461: Overwriting of trusted inputs to third party hooks scripts.
  • [security] Fixed case 86857: Limited arbitrary file overwrite for ACL limited resellers via domain parking.
  • [security] Fixed case 87081: Fix self-XSS vulnerability in Redirects.
  • [security] Fixed case 87317: Arbitrary code execution as root for ACL limited resellers via cluster configuration interfaces.
  • [security] Fixed case 87421: Fix XSS vulnerability in code editor.
  • [security] Fixed case 87433: Injection of arbitrary settings into cpuser files via mxcheck setting.
  • [security] Fixed case 87437: ACL limited resellers allowed to disable digest authentication for arbitrary accounts.
  • [security] Fixed case 87457: Fix self-XSS vulnerability in cPAddons Feature Manager.
  • [security] Fixed case 87625: ACL limited resellers allowed to restore backups for the accounts they control.
  • [security] Fixed case 88061: Mis-assignment of IP addresses for ACL limited resellers via createacct.
  • [security] Fixed case 88093: Fix XSS vulnerability in Full Backup.
  • [security] Fixed case 88097: Fix XSS vulnerability in Restore Files.
  • [security] Fixed case 88129: Fix XSS vulnerability in Restore a MySQL Backup.
  • [security] Fixed case 88133: Fix XSS vulnerability in Restore Email Filters.
  • [security] Fixed case 88137: Fix XSS vulnerability in Full Backup.
  • [security] Fixed case 88141: Fix XSS vulnerability in IP Deny Manager.
  • [security] Fixed case 88145: Fix XSS vulnerability in IP Deny Manager.
  • [security] Fixed case 88149: Fix XSS vulnerability in IP Deny Manager index page.
  • [security] Fixed case 88153: Fix XSS vulnerability in Image Tools.
  • [security] Fixed case 88157: Fix XSS vulnerability in various pages that save files.
  • [security] Fixed case 88165: Fix XSS vulnerability in Legacy File Manager file extraction.
  • [security] Fixed case 88173: Fix XSS vulnerability in Legacy File Manager viewer.
  • [security] Fixed case 88181: Fix XSS vulnerability in FrontPage status listing.
  • [security] Fixed case 88209: Fix multiple XSS vulnerabilities in Cpanel::LeechProtect.
  • [security] Fixed case 88213: Fix XSS vulnerability in Network Tools.
  • [security] Fixed case 88229: Fix XSS vulnerability in Parked Domains.
  • [security] Fixed case 88253: Fix XSS vulnerability in PostgreSQL user removal.
  • [security] Fixed case 88257: Fix XSS vulnerability in Analog log viewer.
  • [security] Fixed case 88261: Fix XSS vulnerability in subdomain redirects.
  • [security] Fixed case 88265: Fix XSS vulnerability in adding a subdomain.
  • [security] Fixed case 88269: Fix stored XSS vulnerability in cPAddons.
  • [security] Fixed case 88277: Fix XSS vulnerability in MySQL APIs.
  • [security] Fixed case 88281: Fix multiple XSS vulnerabilities in BoxTrapper queue search.
  • [security] Fixed case 88285: Fix XSS vulnerability in BoxTrapper::changestatus.
  • [security] Fixed case 88289: Fix XSS vulnerability in BoxTrapper::editmsg.
  • [security] Fixed case 88293: Fix XSS vulnerability in BoxTrapper::listmsgs.
  • [security] Fixed case 88297: Fix XSS vulnerability in BoxTrapper::messageaction.
  • [security] Fixed case 88301: Fix XSS vulnerability in BoxTrapper::resetmsg.
  • [security] Fixed case 88305: Fix stored XSS vulnerability in BoxTrapper::showemails.
  • [security] Fixed case 88309: Fix XSS vulnerability in BoxTrapper::showlog.
  • [security] Fixed case 88313: Fix XSS vulnerability in BoxTrapper::showmsg.
  • [security] Fixed case 88321: Fix XSS vulnerability in BoxTrapper::getboxconfdir.
  • [security] Fixed case 88325: Fix multiple XSS vulnerability in BoxTrapper.
  • [security] Fixed case 88341: Arbitrary code execution for ACL limited resellers during account creation.

11.40.1.9


2014-01-06
  • Fixed case 82549: Ensure clamav directory is given correct ownership and permissions.
  • Fixed case 85317: Improve CA Bundle parsing, etc.
  • Fixed case 86169: Fixes issue where MySQL spinner was not properly hiding.

11.40.1.8


2013-12-23
  • Fixed case 86349: Segfault in cpsrvd.so on some CentOS 5 systems.

11.40.1.7


2013-12-20
  • [security] Fixed case 84681: Arbitrary file read for ACL limited reseller accounts via XML-API.

11.40.0.31


2013-12-20
  • [security] Fixed case 84681: Arbitrary file read for ACL limited reseller accounts via XML-API.

11.40.1.5


2013-12-19
  • Fixed case 84937: Update cpanel-php53-PEAR to latest version.

11.40.1.4


2013-12-18
  • Fixed case 75681: Make appconfig only email if it is a new registration.
  • Fixed case 82261: Update dovecot to 2.2.9-2.cp1140.
  • Fixed case 84085: Restart cpsrvd when resetting a SSL cert.
  • Fixed case 84173: Patch ruby for RHEL/CentOS 6.5 openssl support.
  • Fixed case 84393: Mount directories rw so mailman can function under jail.
  • Fixed case 85005: Save access hash of remote server with correct key.
  • Implemented case 84585: Jail_safe_passwd should fallback to /usr/bin/passwd for non-cPanel users.

11.40.1.3


2013-12-16
  • [security] Fixed case 63541: Arbitrary code execution via user supplied translatable phrases.
  • [security] Fixed case 69517: World-writable Counter directory allowed arbitrary code execution.
  • [security] Fixed case 73125: After multiple security token failures, session credentials were not invalidated.
  • [security] Fixed case 73193: Unsafe disclosure of security token during session based login.
  • [security] Fixed case 78045: Stored XSS vulnerability in WHM Daily Process Log screen.
  • [security] Fixed case 78089: Password disclosure during forced cPAddons upgrade.
  • [security] Fixed case 79277: Arbitrary file read vulnerability in WHM Edit DNS Zone interface.
  • [security] Fixed case 80633: Arbitrary file write via X3 countedit.cgi.
  • [security] Fixed case 81373: Bandmin passwd file stored with world-readable permissions.
  • [security] Fixed case 81377: Multiple XSS vulnerabilities found in Bandmin.
  • [security] Fixed case 81429: URL filtering flaws allowed access to restricted resources.
  • [security] Fixed case 81641: Path traversal flaw allows arbitrary code execution for restricted cPanel accounts.
  • [security] Fixed case 81885: Multiple self-XSS vulnerabilities found in cPanel.
  • [security] Fixed case 82309: Insecure storage of Logaholic session files was found.
  • [security] Fixed case 80133: cPHulk injection via crafted SSH connections.
  • [security] Fixed case 82725: XSS vulnerability found in YUI 2.
  • [security] Fixed case 82733: Database grant files stored with world-readable permissions.
  • [security] Fixed case 83929: A cross-account XSRF attack against reseller override logins was possible via goto_uri.
  • Fixed case 83501: Disallow \g in MySQL GRANT statements during account restores.

11.40.0.29


2013-12-16
  • [security] Fixed case 63541: Arbitrary code execution via user supplied translatable phrases.
  • [security] Fixed case 69517: World-writable Counter directory allowed arbitrary code execution.
  • [security] Fixed case 73125: After multiple security token failures, session credentials were not invalidated.
  • [security] Fixed case 73193: Unsafe disclosure of security token during session based login.
  • [security] Fixed case 78045: Stored XSS vulnerability in WHM Daily Process Log screen.
  • [security] Fixed case 78089: Password disclosure during forced cPAddons upgrade.
  • [security] Fixed case 79277: Arbitrary file read vulnerability in WHM Edit DNS Zone interface.
  • [security] Fixed case 80633: Arbitrary file write via X3 countedit.cgi.
  • [security] Fixed case 81373: Bandmin passwd file stored with world-readable permissions.
  • [security] Fixed case 81377: Multiple XSS vulnerabilities found in Bandmin.
  • [security] Fixed case 81429: URL filtering flaws allowed access to restricted resources.
  • [security] Fixed case 81641: Path traversal flaw allows arbitrary code execution for restricted cPanel accounts.
  • [security] Fixed case 81885: Multiple self-XSS vulnerabilities found in cPanel.
  • [security] Fixed case 82309: Insecure storage of Logaholic session files was found.
  • [security] Fixed case 80133: cPHulk injection via crafted SSH connections.
  • [security] Fixed case 82725: XSS vulnerability found in YUI 2.
  • [security] Fixed case 82733: Database grant files stored with world-readable permissions.
  • [security] Fixed case 83929: A cross-account XSRF attack against reseller override logins was possible via goto_uri.
  • Fixed case 83501: Disallow \g in MySQL GRANT statements during account restores.

11.40.1.1


2013-12-09
  • Fixed case 77165: Skip adding ipv6 to vhost if userdata invalid.
  • Fixed case 82249: Fixed WHM to work with the Chrome LastPass extension.
  • Fixed case 83237: Prevent "clamd.rpmorig" & "clamd.rpmsave" being included in WHM Service Manager.
  • Fixed case 83765: Allow mailman to work properly under mod_ruid2.
  • Fixed case 84445: SSO sessions getting killed off on account creation.

11.40.1.0


2013-12-03
  • Fixed case 51473: Unsuspend .htaccess after transfer of a suspended user.
  • Fixed case 60836: Prevent unexpected error when creating addon domain whose name contains "error".
  • Fixed case 67081: Update Mail::SpamAssassin to 3.003002-3.cp1136.
  • Fixed case 68097: Update jshint to 2.3.0.
  • Fixed case 71021: Add hostname to new app_config email.
  • Fixed case 72181: Fix xferpoint argument problem on express transfers.
  • Fixed case 74349: Do not load extras information when trying to get PHP version.
  • Fixed case 74789: Update MySQL 5.5 to remove stale PID files.
  • Fixed case 76857: Allow suspending MySQL users with old-style passwords.
  • Fixed case 76921: Create temporary files in mail tmp directory when clamscan checks mail directories.
  • Fixed case 77073: Handle ftp server restart when the service is disabled.
  • Fixed case 77445: Copy the phpmyadmin landing page logic to phppgadmin.
  • Fixed case 77689: Make Config Cron in WHM save correct paths.
  • Fixed case 77757: Show validation messages for security questions.
  • Fixed case 77913: Improve wording of "Submit a Support Request".
  • Fixed case 78017: Restart service after installing service SSL certificate.
  • Fixed case 78097: Fix double-encoding in Update Contact Info.
  • Fixed case 78101: Fix HTML encoding on Security Questions page.
  • Fixed case 78217: Fix broken symlinks in /usr/local/cpanel/3rdparty/bin.
  • Fixed case 78225: Skip old PHP Config options in PHP.
  • Fixed case 78273: Enable horde webmail notifications by supporting wav file downloads.
  • Fixed case 78361: Add a how-to to cpanel_initial_install.
  • Fixed case 78365: Fix improper usage of grep in scripts/initquotas.
  • Fixed case 78385: Removed a period to fix locale string from being displayed.
  • Fixed case 78413: Add remote server to connection info when restoring mysql backups.
  • Fixed case 78509: RTL Workflow and alignment fixes for the UI.
  • Fixed case 78573: Improve the way the duration of upcp is obtained.
  • Fixed case 78597: Emailtrack_user_stats api fails to pass sender and leaves __chunked in metadata.
  • Fixed case 78721: Do not die when Cpanel::HttpUtils::SSL tries to get domain IP.
  • Fixed case 78769: Perl 5.6 JSON::XS fails with a number literal.
  • Fixed case 78817: Don't allow overly short email passwords.
  • Fixed case 78861: Fixed issues with recovering mailman permissions.
  • Fixed case 78897: Remove arguments to emailtrack_stats that do not do anything.
  • Fixed case 79041: Adjust IP usage in DNSONLY to not use httpd.conf.
  • Fixed case 79049: Fix zombie children being left behind in jailshell.
  • Fixed case 79081: Update cpanel-angularjs to 1.2.0rc1-2.cp1140.
  • Fixed case 79097: Update cairo to add copyright file.
  • Fixed case 79101: Update cpanel-ckeditor to 4.2-3.cp1140.
  • Fixed case 79105: Update cpanel-elfinder to 2.0.rc1-3.cp1140.
  • Fixed case 79109: Update jquery to 1.10.2-2.cp1140.
  • Fixed case 79113: Update cpanel-jquery-ui to cpanel-jquery-ui-1.8.18-1.8.18-3.cp1140.
  • Fixed case 79117: Update cpanel-jquery-ui-themes-1.8.18 to 1.8.18-1.8.18-3.cp1140.
  • Fixed case 79145: Fix Backup Restoration not loading on bad JSON.
  • Fixed case 79149: Update cpanel-libtidy to 1.0-2.cp1136.
  • Fixed case 79161: Update emacs RPM to include a copyright file.
  • Fixed case 79165: Update spidermonkey (js185) to 1.0.0-2.cp1136.
  • Fixed case 79185: Update webalizer to 2.23_05-2.cp1136.
  • Fixed case 79193: Update pigz to 2.2.5-2.cp1136.
  • Fixed case 79205: Update cpanel-yui to 2.9.0-3.cp1136.
  • Fixed case 79213: Update cpanel-pango to 1.28.0-2.cp1136.
  • Fixed case 79269: Update cpanel-re2c to 0.13.5-2.cp1136.
  • Fixed case 79273: Update cpanel-wwwcount to 2.5-3.cp1136.
  • Fixed case 79281: Update cpanel-libmcrypt to 2.5.8-2.cp1136.
  • Fixed case 79285: Update pcre to 8.31-2.cp1136.
  • Fixed case 79293: Update pixman to 0.24.2-2.cp1136.
  • Fixed case 79297: Update puttygen to 0.62-2.cp1136.
  • Fixed case 79313: Update freetype to 2.4.10-2.cp1136.
  • Fixed case 79321: Update cpanel-ImageMagick to 6.8.0-2.cp1136.
  • Fixed case 79329: Update cpanel-glib to 2.22.5-2.cp1136.
  • Fixed case 79337: Update cpanel-rrdtool to 1.4.7-2.cp1136.
  • Fixed case 79341: Update cpanel-libsrs_alt to 1.0-2.cp1136.
  • Fixed case 79345: Update cpanel-libxml2 to 2.7.7-2.cp1136.
  • Fixed case 79389: Update cpanel-postgresql to 9.0.8-2.cp1136.
  • Fixed case 79405: Add cpanel-common-licenses RPM.
  • Fixed case 79413: Move access-logs on user rename.
  • Fixed case 79417: Update cpanel-analog to 6.0-2.cp1136.
  • Fixed case 79425: Update cpanel-libspf2 to 1.2.9-2.cp1136.
  • Fixed case 79433: Update cpanel-fontconfig to 2.8.0-2.cp1136.
  • Fixed case 79485: Update bandmin to 1.6.1-10.cp1136.
  • Fixed case 79489: Update mydns rpm to add copyright file.
  • Fixed case 79493: Update cpanel-imap to 2007f-2.cp1136.
  • Fixed case 79497: Update proftpd rpm to new version.
  • Fixed case 79501: Update NSD RPM with copyright information.
  • Fixed case 79505: Update cpanel-perl-514-munin to 1.4.7-10.cp1136.
  • Fixed case 79509: Update cpanel-git to 1.8.3.4-3.cp1136.
  • Fixed case 79537: Update courier-authlib to 0.65.0-2.cp1136.
  • Fixed case 79541: Update cpanel-cgiemail to 1.6-2.cp1136.
  • Fixed case 79553: Update pure-ftpd to include copyright.
  • Fixed case 79561: Update dovecot to 2.2.5-3.cp1136.
  • Fixed case 79573: Update cpanel-php53 to 5.3.17-6.cp1136.
  • Fixed case 79593: Update clamav RPM to add copyright file.
  • Fixed case 79605: Update cpanel-php53-ioncube to 4.2.2-2.cp1136.
  • Fixed case 79609: Update cpanel-php53-zendopt to 5.5.0-2.cp1136.
  • Fixed case 79613: Update cpanel-php53-sourceguardian to 8.2-2.cp1136.
  • Fixed case 79677: Update MySQL55 to 5.5.34-2.cp1136.
  • Fixed case 79681: Update MySQL51 to 5.1.70-2.cp1136.
  • Fixed case 79693: Update cplint RPM to 0.061.
  • Fixed case 79697: Update cpanel-common-licenses to add PHP license.
  • Fixed case 79737: Fix calendar validator issue with autoresponders.
  • Fixed case 79749: Return valid data when backup directory has not been configured.
  • Fixed case 79753: Fixed a bug with restoring postgres main user.
  • Fixed case 79813: Rebuild /etc/nameserverips on restorepkg.
  • Fixed case 79825: Update cpanel-common-licenses to 1.0.0-3.cp1136.
  • Fixed case 79853: Update PHP 5.3 PEAR modules.
  • Fixed case 79917: Postgres and MySQL now report errors in the UI.
  • Fixed case 80045: Sshcontrol should stop looking for Permission denied after CRLF.
  • Fixed case 80205: Enable wildcard stats generation.
  • Fixed case 80437: Fix jailshell recursive mount readonly fs problem.
  • Fixed case 80577: Move Security Advisor to a submodule.
  • Fixed case 80585: Strip out <Limit> on .htacceess test on apache 2.4.
  • Fixed case 80689: Use password instead of pass for .my.cnf.
  • Fixed case 80953: Directory for AppConfig icons not created by default.
  • Fixed case 80993: Fix Cpanel::PHPINI and Internal PHP incompatibility.
  • Fixed case 81025: Set correct alarms for backup restore.
  • Fixed case 81069: Process $include directives in zone parser.
  • Fixed case 81077: Make total disk usage and quota limit display correctly in cPanel.
  • Fixed case 81101: Hide 'Allow MySQL Password Change' when no .my.cnf exists.
  • Fixed case 81129: Make cpaddonsup --force actually update the data.
  • Fixed case 81197: Fix user gemrc path on account rename.
  • Fixed case 81257: Html can leak out of realchpass on error when called from wwwacct.
  • Fixed case 81265: Use universal 3-line shebang for unpkgacct.
  • Fixed case 81293: Update exim to 4.82-1.cp1136.
  • Fixed cases 81497,81849: Fix universal redirect for server hostname.
  • Fixed case 81537: Make doc page open in new window.
  • Fixed case 81557: Update stats using Logaholic for wildcard subdomains.
  • Fixed case 81585: Apply validation to numeric rules in email filters.
  • Fixed case 81589: Ruby on Rails Manager should skip suspended accounts.
  • Fixed case 81593: Update cPanel init scripts so they all use consistent settings.
  • Fixed case 81697: Limit the number of rpm calls when fetching the number of altered rpms.
  • Fixed case 81701: Ignore generated files for the es-419 locale.
  • Fixed case 81713: Restore access log file ownership after processing.
  • Fixed case 81717: Correct login page locale selection message.
  • Fixed case 81761: Disallowed octal values in exim filters.
  • Fixed case 81773: Fix benign error in 11.38 to 11.40 update.
  • Fixed case 81789: Fix path to autorepair script for upcp.
  • Fixed case 81797: Improve error handling during lookup of user info.
  • Fixed case 81929: Remove scripts/.htaccess.
  • Fixed case 81945: Improve error catching for removing shared ssl certificates.
  • Fixed case 82021: Improve validation of Ethernet device names.
  • Fixed case 82033: Improve updating of Virtual Hosts in proftpd.conf.
  • Fixed case 82313: Fix Logaholic reporting and permissions.
  • Fixed case 82353: Don't restart upcp when sync requested.
  • Fixed case 82357: Make Exim config backup/restore system handle one more file.
  • Fixed case 82361: Fix validation-related JS error on Email Accounts page.
  • Fixed case 82365: Show proper allowed length of usernames..
  • Fixed case 82397: Fix SNI and stapling detection in non-English locales.
  • Fixed case 82553: Make fixmailinglistperms use the correct permissions.
  • Fixed case 82605: Ignore compiled wrap binaries.
  • Fixed case 82641: Prevent printing new MySQL password on password change.
  • Fixed case 82769: Add trailing slash to mailman mailing list URL.
  • Fixed case 82801: Change maillist html permissions to 664 so mailman can edit them.
  • Fixed case 82825: Improve error message for corrupt backup meta data file.
  • Fixed case 83021: Unregister_appconfig tries to remove wrong file path for CageFS.
  • Fixed case 83573: Offer user ability to restart cpsrvd post new cert.
  • Fixed case 83665: Provide a sorting tool to 'Tidy' rpm.versions files tracked in source.
  • [security] Fixed case 78481: Update MySQL51 to 5.1.72-2.cp1136.
  • [security] Fixed case 80905: Change permissions on existing transfer logs.
  • [security] Fixed case 80749: Increment Logaholic patch level.
  • [security] Fixed case 80813: Update cpanel-node to 0.10.21-1.cp1140.
  • [security] Fixed case 80725: Also allow redirect to shared SSL hosts.
  • [security] Fixed case 80433: Patch mailman CGIs to run setuid mailman.
  • [security] Fixed case 74889: Prevent disclosure of security token through referrer.
  • [security] Fixed case 75373: Prevent jailshell escape through Contact Customer Support.
  • Implemented case 60471: Update pure-ftpd to 1.0.36-10.cp1136.
  • Implemented case 68101: Update cpanel-node-packages to 1.2-1.cp1140.
  • Implemented case 71681: Install screen via sysup.
  • Implemented case 77201: Add option to skip MD5 check when verifying RPM package.
  • Implemented case 78309: Allow Logaholic to function without first requiring password login.
  • Implemented case 78389: Update MySQL to 5.5.34.
  • Implemented case 78521: Stop shipping obsolete autofixer horde_sqmail_current_fix.
  • Implemented case 78713: Added button to update Postgres grants.
  • Implemented case 79525: Update exim to add copyright file.
  • Implemented case 79549: Create a list of file system types for quota to ignore.
  • Implemented case 79637: Update cpanel-clamav to 0.98-1.cp1140.
  • Implemented case 80861: Update Cpanel::CPAN::Locales to upstream v0.30.
  • Implemented case 81173: Update SOAP::Lite to 1.03-1.cp1136.
  • Implemented case 81405: Provides the ability for a single session locale.
  • Implemented case 81765: Add new API2 function DomainLookup::api2_getmaindomain.
  • Implemented case 81937: Allow custom locales to be uploaded and downloaded in XLIFF format.
  • Implemented case 83013: Added support for SVG images in cpanel/webmail.
  • Implemented case 83101: Add logging extra logging dnsadmin failures.

11.40.0.26


2013-11-26
  • Fixed case 82557: Support removal of duplicate RPMs.
  • Fixed case 82793: Improve IPv6 enable/disable handling of zone file.
  • Fixed case 83241: Show list for IP selection during account creation.
  • Fixed case 83417: Enable IMAP namespace advertising in dovecot.
  • Fixed case 83537: Update cpanel-clamav to 0.98-3.cp1140.

11.40.0.24


2013-11-19
  • Fixed case 78649: Fix addhost to use the right grants.
  • Fixed case 79873: Added Relative URL support to HTML Editor.
  • Fixed case 81957: Ensure delayed update does not happen on weekends.
  • Fixed case 82037: Change log notification level on update block.
  • Fixed case 82277: Restore the Quotesafe template plugin.
  • Fixed case 82281: Update exim to 4.82-2.cp1136.
  • Fixed case 82305: Permit /112 ranges to be added for IPv6.
  • Fixed case 82321: Fix Logaholic reporting and permissions.
  • Fixed cases 82393,77077: Fixed namespacing issue with Horde.
  • Fixed case 82417: Expand company name validation.
  • Fixed cases 82449,80933: Make pkgacct work with archives larger than 4GiB.
  • Fixed case 82453: Update cpanel-clamav to 0.98-2.cp1140.
  • Fixed cases 82677,82721: Do not print Content-Type if downloading EA3 logs.
  • Fixed case 82745: Don't kill open connections during AppConfig (un)register.
  • Fixed case 82749: Add yum timeout update blocker.
  • Fixed case 82765: Fix improper feature list update in post sync.
  • Fixed case 82953: Prevent EasyApache duplicate headers.
  • Fixed case 83009: Remove additional Content-Type header from easyapache.pl.
  • Fixed case 83077: Allow files up to 1 MB in file manager HTML editor.

11.40.0.19


2013-11-06
  • Fixed case 78477: Add userdata for CA bundle on SSL installs.

11.40.0.18


2013-11-06
  • Fixed case 81073: Ensure mailman startup has perms to create jail flag file.
  • Fixed case 81845: Allow installing a previous certificate as root.

11.40.0.17


2013-11-06
  • Fixed case 74949: Add content type to EasyApache cgi script.
  • Fixed case 81093: cpses_tool is too verbose and does not properly disconnect from sql servers.
  • Fixed case 81153: Check ownership of all files before mailman update.
  • Fixed case 81325: Fixed problem with hooks not being triggered on account modify.
  • [security] Fixed case 81409: Update Roundcube to 0.9.5.
  • Fixed case 81705: Make EasyApache error message visually appealing.

11.40.0.16


2013-10-29
  • Fixed case 80225: Ensure that new accounts are setup with correct ip.
  • Fixed case 80257: Update exim to prefer IPv4 over IPv6.
  • Fixed case 80409: Grant roles to database users on account restore.
  • Fixed case 80441: Horde: Use INBOX namespace for new folders by default.
  • Fixed case 80445: Enforce apache build options for ipv6.
  • Fixed case 80625: Postgres and MySQL now report errors in the UI.
  • Fixed case 80729: Suppress erroneous error messages in logaholic.
  • Fixed case 80841: Fix horde subfolder creation namespace problem.
  • Fixed case 80877: Mailman does not function inside jailshellfs.
  • Fixed case 81125: Allow redirect to installed SSL hosts for wildcard certs.
  • Fixed case 81169: Send the upcp failure message when a postinstall task fails.
  • Fixed case 81301: Generate DKIM private keys as 0640.
  • Fixed case 81333: Fix compile error with Perl 5.6.
  • Fixed case 81425: Fix link to IPv6 Ranges page.
  • Implemented case 81217: Alert users that using our tool will likely overwrite their custom IPV6 configs.

11.40.0.12


2013-10-23
  • [security] Fixed case 69513: Create Logaholic directories with 700 permissions.
  • [security] Fixed case 74525: Prevent leaking of security token in Manage SSL Hosts interface.
  • [security] Fixed case 74565: Restrict custom contact programs to the same shell as the reseller.
  • [security] Fixed case 76085: Prevent virtual email accounts owned by a reseller from manipulating translations.
  • [security] Fixed case 76541: Remove only the temporary file when deleting unused file uploads.
  • [security] Fixed case 76549: Sanitize multipart POST data to prevent fake file uploads.
  • [security] Fixed case 76789: Create transfer logs with 0600 permissions.
  • [security] Fixed case 76869: Update Dovecot handling of checkpassword authentication for CVE-2013-6171.
  • [security] Fixed case 76941: Fix Cpanel::LogMeIn session expiration.
  • [security] Fixed case 77837: Sanitize logaholic_lang cookie before use.
  • [security] Fixed case 78177: Patch mailman CGIs to run setuid mailman.
  • [security] Fixed case 78253: Fix WHM mod_userdir tweak compatibility with mod_ruid2.
  • [security] Fixed case 79133: Sanitize whitespace in SSL certificates before installation.
  • Implemented case 80245: Add cpanel-common-licenses RPM.

11.40.0.9


2013-10-16
  • Fixed case 80477: MySQL old passwords breaks on 32 bit systems on 11.40
  • Fixed case 80497: Update Archive::Tar::Builder should not fail on bad permissions
  • Fixed case 80465: Improve error handling for pkgacct tar/gzip

11.40.0.8


2013-10-16
  • Fixed case 80049: Fix broken Enable Digest Authentication page.

11.40.0.7


2013-10-16
  • Fixed case 78249: Make sure that logahoic profile schema updates correctly on upgrade.
  • Fixed case 78909: Update phpMyAdmin to 4.0.8.
  • Fixed case 78957: Adjust display & grammar of API Shell.
  • Fixed case 79721: Minor style problem found with package edit submit button.
  • Fixed case 79733: Remove Old Security Policy Installs.
  • Fixed case 79737: Fix calendar validator issue with autoresponders.
  • Fixed case 79753: Fixed a bug with restoring postgres main user.
  • Fixed case 79777: Fix security advisor in IE.
  • Fixed case 79797: Terminate account was leaving pgsql db roles.
  • Fixed case 79861: Identify symlinks as symlinks in Fileman API.
  • Fixed case 79865: Old MySQL password compatibility.
  • Fixed case 79869: Update postgres user password when restoring an account.
  • Fixed case 79889: Fix Horde sent mail folder prefix.

11.40.0.6


2013-10-09
  • Fixed case 79729: Fix broken reference to find_pg_dump in PostgresAdmin.pm.

11.40.0.5


2013-10-09
  • Fixed case 79713: Resolve account transfer error from PostgresAdmin.pm.

11.40.0.4


2013-10-09
  • Fixed case 78333: Validation errors outside the viewport are not seen.
  • Fixed case 79029: Respect cpnat IP in Reset a DNS Zone.
  • Fixed case 79617: Make Fileman report an error when can not change directory.

11.40.0.3


2013-10-08
  • Fixed case 76817: Update git to 1.8.3.4-2.cp1136.
  • Fixed case 77737: Corrected CSS specificity of ul in structure.less.
  • Fixed case 77829: Support missing package extensions in edit user/package.
  • Fixed case 77989: Mailman archives fail to function with mod_ruid2.
  • Fixed case 78057: Fixed webalizer ftp log handling in cpanellogd.
  • Fixed case 78137: Stop clobbering old cPaddons moderation requests.
  • Fixed case 78213: Update clamav to 0.97.8-2.cp1140.
  • Fixed case 78513: Remove unexpected sub-package rpms from srpm_versions in etc/rpm.versions file.
  • Fixed case 78529: Only check branding files if directory exists.
  • Fixed case 78545: Reworked available IPv6 ranges check to handle strings and simplified template.
  • Fixed case 78633: Update phpMyAdmin to 4.0.7.
  • Fixed case 78701: Fixed issue where API shell errors were being dumped into log.
  • Fixed case 78709: Mailman excluded from experimental header re-write.
  • Fixed case 78749: Explicitly create domain log file to ensure correct ownership/protection.
  • Fixed case 78801: Fix reference to /etc/trusted_mail_users.
  • Fixed case 78809: Restored the default location for FTP log files.
  • Fixed case 78825: Clean out generated js scripts when removing a locale.
  • Fixed case 78833: Recovering mailman permissions fails because lchown on a fh fails.
  • Fixed case 78865: Update clamav RPMs to avoid missing file errors.
  • Fixed case 79449: Ensure all style previews show properly.

11.40.0.2


2013-09-23
  • Fixed case 51450: Changed SPF default from "?all" to "~all".
  • Fixed case 56437: Use Linux Netlink to find SMTP connection uids.
  • Fixed case 61497: Ensure correct number of moderation requests is shown.
  • Fixed case 63973: Report remote MySQL database disk usage.
  • Fixed case 64259: Allow creation of proxy subdomains without autodiscover.
  • Fixed case 65709: Forbid uppercase letters in postgres db name.
  • Fixed case 66713: Jailshell prevents usage of crontab without /usr/bin mounted suid.
  • Fixed case 69529: Fix hung process when running "whostmgr2 --updatetweaksettings" in DNSONLY.
  • Fixed case 70149: Fix account transfers with an empty tarroot.
  • Fixed case 71041: Update Archive::Tar::Builder to 1.3-1.cp1136.
  • Fixed case 71829: Update Softlayer DNS module to work with DKIM and SPF records.
  • Fixed case 72089: Make "Always redirect to SSL" exclude other redirect config.
  • Fixed case 72709: Update Roundcube to 0.9.2.
  • Fixed case 73093: Rename SSL functionality in cPanel to match changes made in 11.36.
  • Fixed case 73357: Update ckeditor to the latest version.
  • Fixed case 73697: Populate reseller list properly in locale edit screen.
  • Fixed case 74405: API Shell does not handle a umask other then 0022.
  • Fixed case 74657: Don't clean out summary.log from updatelogs directory.
  • Fixed case 74673: Allow an SSL host for the hostname to be installed on any ip on the server.
  • Fixed case 74745: Warn when MySQL user can't be deleted.
  • Fixed case 74813: Remove unused cPanelRPM.pm from /scripts.
  • Fixed case 74857: Remove checkoldperl.
  • Fixed case 74917: Remove unused module Cpanel/cPServices.pm.
  • Fixed case 74985: Added warning text for API Shell.
  • Fixed case 74993: Added further text to clarify API Shell purpose.
  • Fixed case 75017: Update phpMyAdmin from version #4.0.4.2 to version #4.0.5.
  • Fixed case 75021: Pretty-print XLIFF data.
  • Fixed case 75053: Changed messages in API Shell to use warning style.
  • Fixed case 75065: Fix quota checking delay related to NFS.
  • Fixed case 75077: Log session creation and destruction.
  • Fixed case 75081: Give meaningful file manager errors in demo mode.
  • Fixed case 75097: Don't install modules to cPanel perl using perlinstaller.
  • Fixed case 75101: Not all domains displayed when generating csrs and certs.
  • Fixed case 75141: Allow usage of either "password=" or "pass=" in MySQL ".my.cnf" file.
  • Fixed case 75153: Modify basic WHM setup to allow VLAN tagging.
  • Fixed case 75249: Default & disabled feature files added in install.
  • Fixed case 75285: Collapse RR records that are not TXT for SoftLayer.
  • Fixed case 75321: Fix error message in Mail Queue Manager.
  • Fixed case 75329: Restore the ability to disable security tokens.
  • Fixed case 75337: Fix DisplayBinaryAsHex in phpMyAdmin.
  • Fixed case 75345: Don't change /etc/pam.d permissions.
  • Fixed case 75365: Improve error checking in ClamScan module.
  • Fixed case 75385: Properly restore mail by default on package restoration.
  • Fixed case 75405: Limit check_cpanel_rpms to only RPMs installed by cPanel.
  • Fixed case 75409: Update proftpd to not include /etc/pam.d.
  • Fixed case 75449: Fix import from SQL query form in phpMyAdmin.
  • Fixed case 75469: Make updatenow.static work without external modules.
  • Fixed case 75525: Improve sanitization of SHELL lines for jailshell crontab.
  • Fixed case 75537: Fix @INC filtering in two adminbins.
  • Fixed case 75545: Update adminbins to use getpwnam homedir.
  • Fixed case 75549: Add missing cron.conf file for cron adminbin.
  • Fixed case 75561: Log pam_cpses errors to ERROR instead of ALERT.
  • Fixed case 75565: Ensure samerole is used for postgres SSO.
  • Fixed case 75593: Adding a mailing list fails due to invalid cPanel tags.
  • Fixed case 75609: Prevent NUL injection in temporary user names.
  • Fixed case 75621: Do not allow parking of a subdomain of an account on remote server.
  • Fixed case 75693: Update dovecot to 2.2.5-2.cp1140.
  • Fixed case 75709: The autoconfig service showed the wrong port when pop3 was provided.
  • Fixed case 75717: New log files should be set up for rotation.
  • Fixed case 75729: Prevent integrated items that are no longer a plugin from being checked by --updateaddons.
  • Fixed case 75745: Get rid of undefined pid warning from Cpanel::SafeFile.
  • Fixed case 75753: Fix MySQL users missing grants.
  • Fixed case 75829: Fix selectrow_arrayref, selectrow_hashref in Cpanel::MysqlUtils::NetMySQL.
  • Fixed case 75933: Correct ClamAV notification during initial upgrade to 11.40.
  • Fixed case 75937: Make proxy subdomains work with SSL and Apache 2.4.
  • Fixed case 75989: Dovecot strict permissions prevent deleting or renaming IMAP folders.
  • [security] Fixed case 76029: Update RoundCube to 0.9.3.
  • Fixed case 76081: Determine correct WebDAV ports in Getting Started wizard.
  • Fixed case 76097: Improve the reliability of the branding dynamicui cache.
  • Fixed case 76165: Added CPANEL.util.byte_length to check string byte length.
  • Fixed case 76189: Fixed typo: "recieve" -> "receive".
  • Fixed case 76197: Normalize the display of error messages for postgres adduser.
  • Fixed case 76205: Remove buttons to add and edit users through phpMyAdmin.
  • Fixed case 76221: Remove leading space.
  • Fixed case 76309: Update jquery-ui to the latest version.
  • Fixed case 76365: Update jquery-ui-themes to the latest version.
  • Fixed case 76393: Create webalizer logs in a separate directory for addon domains.
  • Fixed case 76397: cPanel Update slave should not die on SIGHUP.
  • Fixed case 76445: Removed deprecated module usage in updateuserdomains.
  • Fixed case 76449: Handle YAML files better, particularly lexicon files.
  • Fixed case 76477: Modified API Shell to use Combo Boxes.
  • Fixed case 76517: Add path so setupvirtfs can load modules at run time.
  • Fixed case 76561: Update cpdavd for OO Cpanel::Session.
  • Fixed case 76565: Silence warnings about empty session origin fields.
  • Fixed case 76585: Fix JS errors in response handling and WHM API v1 batch mode.
  • Fixed case 76593: Jail_safe_crontab does not pass back crontab errors gracefully.
  • Fixed case 76609: Remove bare variables from ipv6 phrases.
  • Fixed case 76625: Apply phpMyAdmin patch for large table export problem.
  • Fixed case 76653: Stage minified x3 js under x3, not cpanel.
  • Fixed case 76693: Note that jailshell users can escape with full /proc.
  • Fixed case 76701: Remove default from new 11.40 rpm.versions file url strings to reduce confusion.
  • Fixed case 76733: Modified the request timeout to take the number of users into consideration.
  • Fixed case 76737: Add symlinks for angularjs and jquery.
  • Fixed case 76741: Change strings for the range page and added quotes to the enable messages.
  • Fixed case 76777: Remove symlinks from editor RPMs.
  • Fixed case 76809: Added back code that was lost in a commit.
  • Fixed case 76813: The webmail UI should not display lists for the main cPanel user.
  • Fixed case 76861: Fix filter by filetype with multiple types.
  • Fixed case 76933: Add support for MPM itk in Apache.
  • Fixed case 76937: Add additional ports to the default IPv6 firewall.
  • Fixed case 77009: Allow jail_safe_crontab to work with pid namespaces.
  • Fixed case 77025: Remove all references to pam group.
  • Fixed case 77029: SIGHUP crashes cpsrvd due to typo in handle_sigHUP.
  • Fixed case 77033: Fix API shell when $function =~ m/^:|:$/.
  • Fixed case 77037: Fix incorrect entities in legacy locale files; change '&quot:' to '&quot;'.
  • Fixed case 77049: Fix URL display as hash value on "WHM >> Development >> Manage Hooks" page.
  • Fixed case 77065: Update security advisor from upstream.
  • Fixed case 77069: Generate correct paths for FTP accounts.
  • Fixed case 77077: Make Horde save sent mail by default with Dovecot.
  • Fixed case 77081: Adding a parked domain fails if deferred restarts are enabled in bind.
  • Fixed case 77089: Mailman Configuration Cleanup.
  • Fixed case 77105: Remove reference to script that no longer exists.
  • Fixed case 77121: scripts/maintenance should not globally destruct on exec failure.
  • Fixed case 77145: Make Manage cPAddons work with $Cpanel::homedir changes.
  • Fixed case 77169: Correctly report the success stats for upload_files.
  • Fixed case 77197: Fix error when bin/cpses_pam_ctl not detected /lib[64]/security/pam_cpses.so.
  • Fixed case 77209: Fix refactoring error in dbstoregrants causing double quoting.
  • Fixed case 77221: Make whm-server-status allow connections from ::1.
  • Fixed case 77265: Pass lock and unlock arguments through to /usr/bin/passwd.
  • Fixed case 77313: Update version to 11.40.
  • Fixed case 77333: Remove Privileges link from phpMyAdmin.
  • Fixed case 77337: Upstream Security Advisor 1.02.
  • Fixed case 77341: Don't warn when starting jailshell with missing LOCALE.
  • Fixed case 77393: Jailshell: Don't fail if /usr/local is a partition.
  • Fixed case 77401: Update ftp passwords after changing anonymous ftp setting.
  • Fixed case 77417: Logaholic: Move creation of lastused column in Profiles table.
  • Fixed case 77505: Make ApiInfo's module loading safer.
  • Fixed case 77529: Fix misalignment between Filter Accounts and account list areas on IPv6 page.
  • Fixed case 77549: Fix attempt to validate issing pkgname element.
  • Fixed case 77593: Update to Security Advisor 1.03.
  • Fixed case 77617: Set correct mail directory permissions on account creation.
  • Fixed case 77629: Allow removing the last item in Background Process Killer.
  • Fixed case 77637: Fix tweak setting for disallowing third-party cPAddons.
  • Fixed case 77641: Report all lines in the MySQL check/repair output.
  • Fixed case 77701: Fixed form submission issue when only one package extension on system.
  • Fixed case 77709: Properly restrict ClamAV scans.
  • Fixed case 77761: Fix handling of security questions.
  • Fixed case 77869: Prevent reseller without privileges from creating account using hostname domain.
  • Fixed case 77889: Correct tweaksetting logic for determining requirements.
  • Fixed case 77917: Skip ipv6.domain.com in bin/update_userdata.
  • Fixed case 77985: Don't restart ipalias if promote_secondaries is 1.
  • Fixed case 78025: Exit 0 on success for appconfig utilities.
  • Fixed case 78029: Fix creation of Logaholic tables.
  • Fixed case 78033: Fix bug where resellers were not able to create accounts.
  • Fixed case 78069: Use maxemailsperhour setting as default for new accounts.
  • Implemented case 7498: Enable mysqli extension for phpMyAdmin.
  • Implemented case 10334: IPv6 support for website content.
  • Implemented case 47515: Drop use of pkgacct.static for transfers from cPanel 11.18 or earlier.
  • Implemented case 55333: Replace WYSIWYGPro with CKEditor and elFinder.
  • Implemented case 59140: Forwarder tracking.
  • Implemented case 69029: Update git to 1.8.3.4.
  • Implemented case 73049: Single signon / Session generator for cPanel.
  • Implemented case 74325: Ship ClamAV as an RPM.
  • Implemented case 74493: Add a warning message about deleting virtfs directories.
  • Implemented case 74533: Make update-analysis code use HTTPS.
  • Implemented case 75269: Remove un-necessary legacy scripts.
  • Implemented case 75313: MySQL and Postgresql quoting normalization.
  • Implemented case 75445: Added multi-build support to EasyApache.
  • Implemented cases 75713,76389: Fixed minor issue with internal merge tool.
  • Implemented case 75965: Allow testing info to be kept in /var/tmp/ when merge_request dies unexpectedly.
  • Implemented case 76225: Cause make perlstatic to fail if non-core modules are detected during build.
  • Implemented case 76233: Add new items to server analytics program.
  • Implemented case 76301: Update elfinder to the latest version.
  • Implemented case 76317: Update jquery-1.7.2 to the latest version.
  • Implemented case 76321: Correct inconsistencies between package and account create/edit forms.
  • Implemented case 76409: Mailman Single sign on and admin delegation.
  • Implemented case 76417: Integrate cPanel Security Advisor.
  • Implemented case 76485: Add hooks to Cpanel::ParkAdmin functions (WHM).
  • Implemented case 76657: Make cPanel plugin file generator a page within WHM.
  • Implemented case 76665: Replacement system passwd binary that is cPanel aware.
  • Implemented case 76669: Provide display of the list admin and access type in the cPanel list UI.
  • Implemented case 76841: Add support for MPM itk in Apache.
  • Implemented case 76909: Make elfinder show only directories and images.
  • Implemented case 77273: Logaholic 4.1.4 integration.
  • Implemented case 77725: Remove the "semi-private" mailing list category, and fix subscribe_policy logic.
  • Implemented case 78021: Update roundcube to 0.9.4.

11.39.0.15


2013-08-28
  • [security] Fixed case 68205: Update cPAddon configuration as the user.
  • [security] Fixed case 71265: Prevent shell execution in autorespond.
  • [security] Fixed case 71701: Fix arbitrary module load in cpaddons.pl.
  • [security] Fixed case 71705: Don't write corrupt data to cPAddons configuration.
  • [security] Fixed case 71709: Prevent HTML injection in cPAddons.
  • [security] Fixed case 71721: Fix several security issues with cPAddons.
  • [security] Fixed case 71725: Sanitize input when loading modules.
  • [security] Fixed case 71733: Prevent users from installing cPAddons as other users.
  • [security] Fixed case 73565: Save cpmove files with proper permissions.
  • [security] Fixed case 73585: Prevent corruption of httpd.conf through DocumentRoot.
  • [security] Fixed case 73609: Improve safety of account rearrange.
  • [security] Fixed case 73777: Encode user passwords in session files.
  • [security] Fixed case 74609: Prevent path traversal when reading nvdata.
  • Fixed case 74625: Fix locale XML reseller privilege escalation.
  • [security] Fixed case 75113: Only allow root to use the "stor" nvset paramater.
  • [security] Fixed case 75169: Sanitize module names before loading in cPAddons.
  • [security] Fixed case 75413: Don't let non-root users run cpaddons.pl.
  • [security] Fixed case 75417: Prevent an XSS attack in cpaddons_report.pl.
  • [security] Fixed case 75573: Prevent file manipulation when unsuspending account.
  • [security] Fixed case 75605: Prevent jailshell escape with two-arg open.
  • Fixed case 76137: Preserve random cookie when invalid security token used.
  • [security] Fixed case 76157: Prevent infinite loop in password encoding/decoding.
  • [security] Fixed case 76161: Don't use additional cookie for session file password encoding.

11.39.0.12


2013-08-13
  • Fixed case 63436: addzonerecord API1 support for SRV records.
  • Fixed case 74481: Removing trailing slash from security token no longer causes an error.
  • Fixed case 74661: Remove code for the holdback system.
  • Fixed case 74793: Fix additional phpMyAdmin 4 integration issues.
  • Fixed case 74817: Generate valid proftpd config when modifying users.
  • Fixed case 74893: Only update roundcube user password for the originating host.
  • Fixed case 74961: Update Archive::Tar::Builder to 1.2.
  • Fixed case 74781: Packages: Fix trailing slash added to long file names.
  • Fixed case 74517: Packages: Correct handling of member names in LongLink blocks.
  • Implemented case 74785: Add sandbox tag to the iframes on the redirect page.

11.39.0.11


2013-08-13
  • Fixed case 58845: Complete removal of neomail from cPanel.
  • Fixed case 62489: Make PHP homeloader work with newer PHPs.
  • Fixed case 66121: Update munin to 1.4.7-9.cp1136.
  • Fixed case 71685: JSON::XS and SSL certificate encoding decoding failures.
  • Fixed case 72109: Update virtfs for jailed user when jailapache is turned on.
  • Fixed case 72241: Remove useless @import of nonexistent file.
  • Fixed case 72349: Adjust configuration parsing.
  • Fixed case 73005: Fix Cpanel::DnsUtils::updatemasterips when using multiple IPs.
  • Fixed case 73145: Remove long button, moved content from Advanced Settings.
  • Fixed case 73289: Clarify allowed characters in name of new database during MySQL create.
  • Fixed case 73389: Change table option for MySQL engine specification to "ENGINE" instead of "TYPE".
  • Fixed case 73425: Fix typo in Cpanel::MailAuth that prevented courier auth.
  • Fixed case 73481: Fix Russian encoding errors.
  • Fixed case 73525: Prevent SQL error and command run when leechprotectpass contains apostrophe.
  • Fixed case 73661: Update nsd to 3.2.16-1.cp1136.
  • Fixed case 73689: Re-locate 3rdparty/mysqltuner/mysqltuner.pl into /ULC/bin/.
  • Fixed case 73845: Only remove cronconfig plugin if it's installed.
  • Fixed case 73953: Remove bracket notation from attr-only string (tmp fix).
  • Fixed case 73969: Improve reseller permissions loading.
  • Fixed case 74049: Fix phpMyAdmin 4 database renames.
  • Fixed case 74109: Fix cPanel security token reuse in cpsrvd.
  • Fixed case 74177: Gracefully handle when MySQL server is down in setupdbmap.
  • [security] Fixed case 74209: Update phpMyAdmin 4 to 4.0.4.2.
  • Fixed case 74285: Update pure-ftpd to 1.0.36-8.cp1136.
  • Fixed case 74293: Remove unused module Cpanel::SSHUtils.
  • Fixed case 74301: Deliver mail from cron normally under jailshell.
  • Fixed case 74337: Fix bugs/omissions/inconsistencies from API Shell initial merge.
  • Fixed case 74361: Test the return before trying to use the object.
  • Fixed case 74397: Fix errors from $locale->maketext() call when $locale is undef.
  • Fixed case 74417: Pass --rsyncable to gzip/pigz when supported.
  • Fixed case 74457: Remove -x option breaking perltidy on pm files.
  • Fixed case 74509: Fix task queuing error in Feature Showcase.
  • Fixed case 74585: Create /var/cpanel/features/default with proper permissions.
  • Fixed case 74589: Display domain name when generating a certificate.
  • Fixed case 74597: Fix failure to install Perl module in cPanel.
  • Fixed case 74693: Rebuild httpd.conf after editing includes.
  • Fixed case 74861: Fix taskrun with the new Cpanel::Update::Logger.
  • Implemented case 49529: Remove broken futex checks from cPanel.
  • Implemented case 56329: Include error output on "Configure PHP and suEXEC" page.
  • Implemented case 71921: Delay cPanel upgrades if run from cron and moving to release/stable.
  • Implemented case 73833: API Shell.
  • Implemented case 73841: Enhance UI for upcp to re-attach when already running.
  • Implemented case 74009: Fresh installs of FTP should disable Anonymous FTP by default.
  • Implemented case 74281: Display FTP icons in cPanel only if a cPanel FTP RPM is installed.
  • Implemented case 74297: Update proftpd to 1.3.5rc1-4.cp1136.
  • Implemented case 74477: Remove cpanelcc and cpanelccp.
  • Implemented case 74613: Upgrade NTYProf to 5.05.
  • Implemented case 74777: Update dovecot to 2.2.5-1.cp1140.

11.39.0.10


2013-08-06
  • Fixed case 61499: Wait to start RoR until after cpsrvd is started.
  • Fixed case 61909: Keep only one entry for each version in cp_schema_version table.
  • Fixed case 63490: Remove check_cpscripts from source code.
  • Fixed case 64356: List RPMs in distro format (- not .) when reporting missing / extra RPMs.
  • Fixed case 71213: Fix running exim under jailexec on CentOS 6.
  • Fixed case 71901: Do not apply rlimits on pigz, and improve error reporting.
  • Fixed case 72705: Detect Tomcat 7 when modifying an account.
  • Fixed case 73185: Respect setting of /etc/rrdtooldisable.
  • Fixed case 73521: Add missing Cpanel::SSLInfo to scripts/ssl_crt_status.
  • Fixed case 73693: Fix another race condition in updateleechprotect.
  • Fixed case 73817: Add the correct database name to look for roundcube.
  • Fixed case 73837: Only remove spamd plugin if it's installed.
  • Fixed case 73857: Add line break to prevent concatenation of unrelated domain output messages.
  • Fixed case 73869: Fix ssl_crt_status detection of domains without certs.
  • Fixed case 73901: Fix pkgacct error handling problem.
  • Fixed case 73977: Security Token Missing prevents login with HTTP Authentication.
  • Fixed case 74093: Detect CLONE_NEWPID success or failure using getppid.
  • Implemented case 73013: Remove code support for MySQL 5.0.
  • Implemented case 73897: Remove migrate-attracta.

11.39.0.8


2013-07-23
  • Fixed case 64209: Fix issue when deleting main MX entry using cPanel.
  • Fixed case 65581: Add a script to sign builds.
  • Fixed case 71685: JSON::XS and SSL certificate encoding decoding failures.
  • Fixed case 71881: Increased timeout for auto generated resellers.
  • Fixed case 71889: Properly display XFS quotas.
  • Fixed case 72201: Improve description of backup directory.
  • Fixed case 72257: Improve file cleanup when both daily and monthly need to run.
  • Fixed case 72693: Prevent zombies from accumulating during backups.
  • Fixed case 72797: Fix quota reporting problem in cPanel.
  • Fixed case 73073: Prevent security token destruction on access to a login url.
  • Fixed case 73209: Fix nested group usage in bracket notation.
  • Fixed case 73269: Report DNS zone save errors during account creation.
  • Fixed case 73281: Make spamdconf ACL checks consistent.
  • Fixed case 73325: Provide better errors and prevent faulty AppConfig registrations.
  • Fixed case 73337: Only present a link if it is accessible through ACL check.
  • [security] Fixed case 73349: Update Ruby to 1.8.7-p374 to address CVE-2013-4073.
  • Fixed case 73365: Making ensure_includes not edit httpd.conf.
  • Fixed case 73385: Prevent a single invalid ssl cert from breaking ssl_migration.
  • Fixed case 73457: Update Archive::Tar::Builder to the latest version.
  • Fixed case 73481: Improve JSON::XS compatibility with perl 5.6.
  • Fixed case 73489: Updated the expected number of arguments.
  • Fixed case 73529: Avoid race condition in updateleechprotect.
  • Implemented case 71285: Update phpMyAdmin to version 4.0.4.

11.39.0.6


2013-07-18
  • Fixed case 70937: Offer to archive logs by default.
  • Fixed case 71177: Catch errors when adding a dns zone matching success in its name.
  • Fixed case 71629: Fix erroneous ENOTTY text in phrase.
  • Fixed case 71669: Failed logins destroy the session before the security token can be saved.
  • Fixed case 71753: Auto activate logaholic when used by default.
  • Fixed case 71773: Do not warn about acceptable LTS tiers.
  • Fixed case 71777: Restore class names to untranslated versions.
  • Fixed case 71817: Fix information disclosure in cPanel's SSL::installed_hosts API call.
  • Fixed case 71833: Prevent lock contention when updating Tweak Settings.
  • Fixed case 72025: Allow customization of AppConfig alert priority.
  • Fixed case 72129: Start stunnel when necessary as part of cpsrvd startup.
  • Fixed case 72205: Make backup destination disabled email high priority.
  • Fixed case 72273: Whostmgr::ACLS::Cache replicates existing storable write code.
  • Fixed case 72353: Force plain context for POP3 label so its use in an attribute is OK.
  • Fixed case 72681: Fix SSL Parser handling the text "key".
  • Fixed case 72837: Fix SSL error message when assigning an IP to a domain that already has one.
  • Fixed case 72849: Fix listips WHM screen to show a more complete list of reasons an IP is in use.
  • Fixed case 73165: Add missing cronconfig icon for new WHM cronconfig screen.
  • Implemented case 66965: Remove logic where Cpanel::DnsUtils::usenewdns() is false.
  • Implemented case 71217: AppConfig in the Feature Showcase.
  • Implemented case 71913: FEATURE: Provide Extensible Account Plans to 3rd party developers.
  • Implemented case 71933: Allow LogMeIn.pm to provide a security token.
  • Implemented case 72197: Cpanellogd optimizations and stability updates.
  • Implemented case 72245: Provide new backup download functionality for cPanel users backup page.
  • Implemented case 72833: FEATURE: Convert spamdconf and cronconfig plugins into standard cPanel screens.

11.39.0.5


2013-07-15
  • [security] Fixed case 71121: Update squirrelmail login_auth plugin.
  • [security] Fixed case 71573: DNSAdmin request check for zone owner.
  • [security] Fixed case 71865: Verify that a reseller owns a domain being modified.
  • [security] Fixed case 71869: Drop privileges before updating order status.
  • [security] Fixed cases 71973,71573: Improve DNS Admin fix.
  • [security] Fixed case 72153: DNSAdmin clean the zones from the query string.
  • [security] Fixed case 72161: Do not update user's files as root when suspending an account.
  • [security] Fixed case 72237: Restore ability to root to update any zones on the system.
  • [security] Fixed case 72253: Do full zone owner lookup in dnsadmin.
  • [security] Fixed case 72357: Limit certain dnsadmin actions to root.
  • [security] Fixed case 72685: Keep system-owned domains in userdomains.
  • [security] Fixed case 72725: Restore some required reseller dnsadmin access.
  • [security] Fixed case 72821: Prohibit "system" as a username.

11.39.0.2


2013-07-11
  • Fixed case 51362: Corrected description of option to reject email for accounts over quota.
  • Fixed case 53370: Remove ancient Java Telnet Application (JTA).
  • Fixed case 64444: Remove legacy uf script.
  • Fixed case 64461: Update Logaholic to the latest version of their code.
  • Fixed case 65025: Fix _gentweakpage.tmpl TT typo from "Update and harvest phrases".
  • Fixed case 65117: Fix ajaxapp.js typo from "Update and harvest phrases".
  • Fixed case 65257: Chmod tmp file to match target file before safecopy to target file.
  • Fixed case 65289: Move a use to string eval and logger die to prevent 5.6 compile error.
  • Fixed case 65309: Fix a broken link on popsinclude.html.
  • Fixed case 65561: Fix WHM Manage Reseller’s IP Delegation.
  • Fixed case 65669: Scripts2/massmodify render failure.
  • Fixed case 65681: Fix template for scripts11/emailstats_search in WHM.
  • Fixed case 65685: Fix emailstats_summary template in WHM.
  • Fixed case 65901: Suppress perlpkg warning about MarkPhrase module.
  • Fixed case 66277: Fix french translation for backup system.
  • Fixed case 66389: Make updatenow.static work during install.
  • Fixed case 66697: Fix Update Preferences screen.
  • Fixed case 66865: Remove erroneous text parser token from statsbar.
  • Fixed case 66921: Make the "did your repo change" check not warn when we're not on repo.
  • [security] Fixed case 67281: Prevent caching of pwdata on read failure.
  • Fixed case 68065: Fix TT syntax error.
  • Fixed case 68693: Fix logaholic 4.0.5 login authentication problem.
  • Fixed case 68905: WHM Transfers: Unable to create /scripts/ directory.
  • Fixed case 68949: Provide a way to bypass the ftp limit check when adding an addon domain.
  • Fixed case 69149: Improve feature showcase error handling.
  • Fixed case 69341: Fix VirtualHost parsing with multiple IPs.
  • Fixed case 69689: Do not restore emails from subdomains when subdomains are not restored.
  • Fixed case 69905: Fix "Internal Death" error from branding module.
  • Fixed case 70241: Build locales in parallel.
  • Fixed case 70513: Allow backups to WebDAV servers with non-DAV root.
  • Fixed case 70689: Don't treat minify_js_css.pl skips as errors.
  • Fixed case 70865: Allow calling safemkdir with an octal number.
  • Fixed case 70917: Fix remaining uses of old-style safemkdir calls.
  • Fixed case 70969: Fix 'restore mail config' option when restoring an account from a legacy backup.
  • Fixed case 70993: Properly unmount deleted mount paths for jailshell.
  • Fixed case 71053: Revert "Mount virtfs bind mounts with MS_REC.".
  • Fixed case 71157: Prevent duplicate virtfs mounts when /home is symlinked.
  • Fixed case 71185: Replaced use of privileged call to user safe call for ftpcount.
  • Fixed case 71205: Specify Options None when no options are enabled.
  • Fixed case 71261: Fix typos in Cpanel/SSL/Domain.pm.
  • Fixed case 71269: Fix RTL and double-HTML-escaping display issues in WHM's Apache SSL install.
  • Fixed case 71337: Fix scripts/runweblogs when processing logaholic stats.
  • Implemented case 42832: Dovecot 2.2.
  • Implemented case 50763: Port cPanel/WHM to cPanel::TaskQueue.
  • Implemented case 52161: Possibility to do not backup manual suspended accounts.
  • Implemented case 60571: Improve cpanellogd performance esp with many accounts.
  • Implemented case 63030: Added ability to inject literal {} in html templates.
  • Implemented case 64307: Ship Razor2::Client::Agent with Mail::Spamassassin.
  • Implemented case 64533: Cannot upgrade to 11.40 with MySQL lower than 5.1.
  • Implemented case 64574: Locale related changes that improve upcoming phrase harvest.
  • Implemented case 65105: Add deferral tags as necessary for TaskProcessors.
  • Implemented case 65193: Remove tautology (11.40 version).
  • Implemented case 65397: Add homedir and homeroot locations to Hook data.
  • Implemented case 66621: Load custom CSS in WHM.
  • Implemented case 66721: Make "output,acronym" bracket notation do HTML 5.
  • Implemented case 66881: Initial implementation of 1:1 NAT support for cPanel.
  • Implemented case 67337: SSL Project Phase 4.
  • Implemented case 68093: Update cpanel-node to the latest version.
  • Implemented case 68521: Final locale tool project changes.
  • Implemented case 68725: Allow api2_autocompletedir list directories without a partial pattern.
  • Implemented case 68757: Allow long usernames when database prefixing is disabled.
  • Implemented case 69133: Revert "Improve logaholic update lock system" for 11.40.
  • Implemented case 69405: SSL Phase 5: Update the service certificate manager in WHM.
  • Implemented case 69645: Add Remote API function for listing locked accounts.
  • Implemented case 69869: Update cpanel-node-packages to 1.1-2.cp1140.
  • Implemented case 70845: Optimize WHM listips for servers with a large number of IPs.
  • Implemented case 71117: Prevent selecting tiers which are downgrades in Update Preferences WHM Screen.

  • No labels