We have a new documentation site for cPanel & WHM! You can find our new documentation site at docs.cpanel.net.

We will continue to maintain our API documentation on this server.

Page tree
Skip to end of metadata
Go to start of metadata



  • Fixed case CPANEL-6541: Implemented swap IPv6 for transfers, dedicated IPv6 not handled.
  • Fixed case CPANEL-18848: Make incremental backups respect the global cpbackup-exclude.conf.
  • Fixed case CPANEL-19702: Filter AAAA on transfer if destination doesn't use IPv6.
  • Fixed case CPANEL-19910: Update MySQL55 to 5.5.60-1.cp1162.
  • Fixed case CPANEL-19911: Update MySQL56 to 5.6.40-1.cp1162.
  • Fixed case CPANEL-20387: Add support for SSE arguments via URL path.
  • Fixed case CPANEL-20490: Launch terminal with CageFS for CloudLinux users.
  • Fixed case CPANEL-20544: Keep specific file handles open when daemonizing a process.
  • Fixed case CPANEL-20552: Added local symlinks for the event source polyfill.
  • Fixed case CPANEL-20797: Add option to skip EasyApache YUM repo setup during initial install.
  • Fixed case CPANEL-20927: Remove unneeded regex check for the SSE module name.
  • Fixed case CPANEL-20947: Add a NotFound cpsrvd style exception class.
  • Fixed case CPANEL-21186: Add an authentication and application verification system to SSE.
  • Fixed case CPANEL-21573: Populate empty password columns when updating to MariaDB.
  • Fixed case CPANEL-21592: Update cpanel-phpmyadmin to 4.7.7-4.cp1166.



  • Fixed case CPANEL-21431: Fix mysqlconnectioncheck for systems running MariaDB.
  • Fixed case CPANEL-21469: Customer using litespeed were considered as SOLO.
  • Fixed case CPANEL-21902: Minimal support for LTS to LTS to support upgrades directly to 78
  • Fixed case CPANEL-22048: Provide a cpanel-version RPM



  • [security] Fixed case SEC-367: Stored-XSS in WHM File Restoration interface.
  • [security] Fixed case SEC-416: Apache configuration injection due to document root variable interpolation.
  • [security] Fixed case SEC-418: Insecure storage of phpMyAdmin session files.
  • [security] Fixed case SEC-420: SQL injection during database backups.
  • [security] Fixed case SEC-424: File modification as root via faulty HTTP authentication.
  • [security] Fixed case SEC-425: Limited file read via password file caching.
  • [security] Fixed case SEC-426: Arbitrary zonefile modifications allowed during record edits.
  • [security] Fixed case SEC-436: Arbitrary file read during File Restoration.
  • [security] Fixed case SEC-439: Arbitrary zonefile modifications due to faulty CAA record handling.
  • [security] Fixed case SEC-442: File rename vulnerability during account renames.
  • [security] Fixed case SEC-443: Website contents accessible to local attackers through git repos.



  • Fixed case CPANEL-19596: Resolve a spurious warning when the userdata queue is already processed.
  • Fixed case CPANEL-19866: Add info about mysql_upgrade possibly outputting errors.
  • Fixed case CPANEL-19893: Manage Mysql Profiles: Clear the "Activation In Progress" growl after activation.
  • Fixed case CPANEL-20695: Use Email::Address::XS for email validation in Market Provider Manager.
  • Fixed case CPANEL-20728: Upgrade Email::Address::XS to 1.03.
  • Fixed case CPANEL-20839: Ensure creating the subdomain "l" works
  • Fixed case CPANEL-20963: Update cpanel-perl-526-Email-Sender to 1.300031-3.cp1170.
  • Fixed case CPANEL-21210: Fix link to spam page from BoxTrapper.
  • Fixed case CPANEL-21249: Added cloudlinux.com and imunify360.com to common domains.



  • Fixed case CPANEL-19544: Add a new tweak setting to configure eximstats_spam_check.
  • Fixed case CPANEL-19571: Add hookability for AutoSSL installs.
  • Fixed case CPANEL-20782: Fixquotas: properly modify quotas on EFI CloudLinux systems.
  • Fixed case CPANEL-20849: Don't attempt restart of PHP-FPM pools that don't exist.



  • Fixed case CPANEL-20113: Resolve performance regression when determing zone for a domain.
  • Fixed case CPANEL-20729: Filter out duplicate domains from AutoSSL orders.
  • Fixed case CPANEL-21180: Allow administrators to disable WHM’s “Terminal” UI via a touch file.



  • Fixed case CPANEL-20741: Backup Metadata: avoid over-encoded HTML.
  • Fixed case CPANEL-21254: Ensure saving named tiers in update preferences doesn't misconfigure update settings.
  • Fixed case CPANEL-21260: Ensure update preferences UI reflects currently configured settings.



  • Fixed case CPANEL-17528: Remove unneeded SQLite DBH check.
  • Fixed case CPANEL-18958: Do not include remote MySQL hosts for cpsess temp user grants.
  • Fixed case CPANEL-19390: Fix race condition in restartsrv_apache_php_fpm.
  • Fixed case CPANEL-19580: Update cpanel-git to 2.17.1-2.cp1170.
  • Fixed case CPANEL-19907: Make rpmup aware of UPDATES=manual for EasyApache 4.
  • Fixed case CPANEL-20326: Avoid webmail login rejection when quota is greater than 8796093022207MB.
  • Fixed case CPANEL-20615: File Restoration: ensure backup feature is not required.
  • Fixed case CPANEL-20633: Rebuild Exim configuration and restart Exim on upgrade.
  • Fixed case CPANEL-20670: Modify Account: avoid failure with previously used domain.
  • Fixed case CPANEL-20715: Fix bin/backup bug where metadata pruning fails due to being disabled.
  • Fixed case CPANEL-20725: Setting up PHP-FPM on addon domains did not work correctly.
  • Fixed case CPANEL-20765: Ensure remote dns clusters load zones added via SYNCZONES.
  • Fixed case CPANEL-20776: Update cpanel-mailman to 2.1.26-4.cp1162.
  • Fixed case CPANEL-20777: Fix corrupted .htaccess files from pkgacct.
  • Fixed case CPANEL-20832: Avoid use of Cpanel::JSON::LoadTagged.
  • Fixed case CPANEL-20909: Better handle packages which exceed the allowed MAX_DEFER_FAIL_PERCENTAGE.
  • Fixed case CPANEL-20915: Fix logic for getting LTS versions in update preferences page.
  • Fixed case CPANEL-20968: Assure HttpRequest.pm does not leave open file handles, blocking updatenow.
  • Fixed case CPANEL-20980: Update dovecot to 2.2.36-2.cp1162.



  • Fixed case CPANEL-18506: Fix backup destination showing system backup option when system backups disabled.
  • Fixed case CPANEL-19045: Update cpanel-perl-526-Net-Google-Drive-Simple to 0.13-4.cp1170.
  • Fixed case CPANEL-19808: AutoSSL runs will no longer continue notifying beyond seven days post-expiry.
  • Fixed case CPANEL-19848: Avoid displaying startup log entries twice when restarting service.
  • Fixed case CPANEL-19943: Ensure WordPress install via API works.
  • Fixed case CPANEL-20006: Update cpanel-awstats to 7.6-3.cp1168.
  • Fixed case CPANEL-20042: Ensure submit button is enabled when selection is made on WHM Edit DNS Zone.
  • Fixed case CPANEL-20076: Fix MAX_DEFER_FAIL_PERCENTAGE issues with account creation.
  • Fixed case CPANEL-20221: Render HTML output correctly in EA4 Recommendation.
  • Fixed case CPANEL-20240: Statistics Configuration: ensure page renders fully.
  • Fixed case CPANEL-20331: Avoid transient error when installing exim.pl.local.
  • Fixed case CPANEL-20336: Don't assign dedicated IPs during account creation unless instructed to.
  • Fixed case CPANEL-20409: Make ResourceUsage handle exponent notation for maximum values.
  • Fixed case CPANEL-20411: cpuser notification prefs now are populated if empty.
  • Fixed case CPANEL-20412: Make contactinfo->cpuser sync not clobber existing cpuser setting.
  • Fixed case CPANEL-20449: Ignore empty zones when returning zone fetch results.
  • Fixed case CPANEL-20499: Transfers fail when Copy Home Directory is deselected.
  • Fixed case CPANEL-20518: Restored functionality where users could empty all spam folders.
  • Fixed case CPANEL-20535: Fix adding MX records to subdomains.
  • Fixed case CPANEL-20540: File Restoration: control using correct feature.
  • Fixed case CPANEL-20542: Explicitly disable SMTPUTF8.
  • Fixed case CPANEL-20560: Avoid exception on invalid whois data.
  • Fixed case CPANEL-20561: Restore functionality of VPS.NET DNS clustering.
  • Fixed case CPANEL-20562: Update cpanel-perl-526-Net-Whois-IANA to 0.41-2.cp1170.
  • Fixed case CPANEL-20564: Ensure weekly and monthly backups can be downloaded in cPanel.
  • Fixed case CPANEL-20564: Fix cPanel backup downloads when backup dir has trailing slash.
  • Fixed case CPANEL-20565: Ensure REMOTE_ADDR is passed through to dnsadmin.
  • Fixed case CPANEL-20566: Transfer Tool: disable API use over unencrypted connection.
  • Fixed case CPANEL-20566: Use correct path for pkgacct.
  • Fixed case CPANEL-20577: Work around MariaDB authn bug MDEV-16238.
  • Fixed case CPANEL-20601: Fix undefined user warning when using 'want' arg of listaccts API.
  • Fixed case CPANEL-20614: Fix zone parsing with empty leading names.
  • Fixed case CPANEL-20651: Resolve performance regression with Whostmgr::DNS::MX.
  • Fixed case CPANEL-20732: Update Git to version 2.17.1.



  • Fixed case CPANEL-6546: Ensure timestamps in Roundcube and SquirrelMail are correct.
  • Fixed case CPANEL-19824: Update GeoIPfree files for 72.
  • Fixed case CPANEL-20179: Make PHP-FPM daemons restart gracefully.
  • Fixed case CPANEL-20179: Fix bug in restartsrv_apache_php_fpm where we never restart it.
  • Fixed case CPANEL-20454: Pkgacct: ensure htaccess files are properly included.
  • [security] Fixed case SEC-393: API tokens retain ACLs that are removed from accounts.
  • [security] Fixed case SEC-394: Stored code execution injections in WHM cPAddons interface.
  • [security] Fixed case SEC-395: Arbitrary file unlink via cPAddons moderation system.
  • [security] Fixed case SEC-396: Email injection in cPAddons moderation.
  • [security] Fixed case SEC-398: Remote-Stored XSS in WHM cPAddons installation interface.
  • [security] Fixed case SEC-399: Remote-stored XSS in YUM autorepair functionality.
  • [security] Fixed case SEC-400: Remote-Stored XSS in WHM Save Theme Interface.
  • [security] Fixed case SEC-408: ClamAV installation reveals the contents of root's crontab.
  • [security] Fixed case SEC-421: Self-XSS in WHM Backup Configuration interface.
  • [security] Fixed case SEC-427: Cron feature restriction not enforced for API calls.
  • [security] Fixed case SEC-429: Backup feature restriction not enforced for API calls.
  • [security] Fixed case SEC-430: Images feature restriction not enforced for API calls.
  • [security] Fixed case SEC-432: Cpanel Mime::list_hotlinks API feature restriction not enforced.
  • [security] Fixed case SEC-435: Arbitrary file read in pkgacct custom template handling.



  • Fixed case CPANEL-19572: Correctly handle UTF-8 encoding in email address phrase.
  • Fixed case CPANEL-19769: Provide YUM repo RPM for RHEL to install MySQL 7.
  • Fixed case CPANEL-20316: Don't process backup metadata validation for suspended users.
  • Fixed case CPANEL-20378: Update exim to 4.91-3.cp1170.
  • Fixed case CPANEL-20383: Permit parsing lines with only tabs or spaces in zone files.
  • Fixed case CPANEL-20386: Catch metadata generation errors for users in bin/backup.
  • Fixed case CPANEL-20394: Added custom option to Required Score Spam Filters tab.
  • Fixed case CPANEL-20397: Bandwidth limit set to max int when set larger than 17592186044416M.
  • Fixed case CPANEL-20407: Don't restart MySQL if timezone differs from server time.
  • Fixed case CPANEL-20408: Fix account creation with extremely large bandwidth limits.
  • Fixed case CPANEL-20421: Don't warn about missing backup metadata.
  • Fixed case CPANEL-20422: Ensure apache is restart when install best certificate fails.
  • Fixed case CPANEL-20430: Remove call of a non-existant function, causing log noise.
  • Fixed case CPANEL-20440: Email: ensure that changemx API call produces valid data.



  • Fixed case CPANEL-19817: Enable Version Control by default.
  • Fixed case CPANEL-19842: Update cpanel-roundcubemail to 1.3.3-5.cp1164.
  • Fixed case CPANEL-20045: Remove unused system task queue artifacts.
  • Fixed case CPANEL-20122: Fixed issue with view additional details.
  • Implemented case CPANEL-20128: Add directory restoration to WHM and cPanel.
  • No labels