cPanel & WHM no longer develops or updates EasyApache 3. We deprecated EasyApache 3 on December 31, 2018. We removed support for EasyApache 3 in cPanel & WHM version 78.
EasyApache 3.18 Release Notes - EasyApache - cPanel Documentation
Page tree
Skip to end of metadata
Go to start of metadata

Last updated June 3 2013

These Release Notes detail feature updates in EasyApache version 3.18

New Features

Apache 2.4

We have added Apache 2.4 to the list of versions available in EasyApache on cPanel & WHM 11.36 and later.

There are several important changes to Apache 2.4 of which you should be aware:

  • Incompatible modules
  • Changes to module names
  • Changes to directive names
  • Changes to the Mutex directive
  • Server Side Include Expression Parser compatibility issues

More information about these changes is available in our Critical Changes in Apache 2.4 documentation.

Modified or Updated Features

Documentation improvements

We have improved the documentation for EasyApache. EasyApache documentation will now be in its own section at EasyApache.

Raw opts

The documentation has been updated to use the term "raw opts" instead of "custom configure flags."

Perl dependency update

In 11.36, cPanel will ship with a distribution of Perl 5.14.3. We have changed the shebang in all cPanel-developed scripts that wrap around Apache and PHP modules in order to run properly.

Also, EasyApache will install any necessary modules into the system Perl as required by your profile selections.

More information about how cPanel handles Perl is available on our blog post Prepare Your Perl Scripts for 11.36.

CRIME attack protection

We have updated both Apache 2.2 and Apache 2.4 to defend them against CRIME attacks.

More information is available in our Apache Patched To Prevent CRIME Attacks documentation.

LibXML version 2.9.0

We have upgraded LibXML to version 2.9.0 for all supported versions of PHP.

PHP MailHeaders defaults to Off

We have set the default behavior of MailHeaders in PHP to Off to remove the session ID from the X-PHP-Script mail header.

Modules

ModSecurity changes

Due to conflicts with Rule IDs in use by third-party rulesets, we have changed the number that EasyApache starts with when it automatically adds IDs to rules without ID numbers. EasyApache will now start at 1,234,123,380.

There was an error in how EasyApache imported and processed rules without Rule IDs. In ModSecurity rules without options, EasyApache mistakenly appended the Rule ID to the rule statement. Instead, the Rule ID should be appended within a separate set of quotes. We have corrected the error.

ModSecurity is not compatible with mod_ruid2.

Finally, we have updated ModSecurity to Version 2.7.1. EasyApache will change configuration directives and options to use the new term "Encryption" instead of "Hash."

For more information, visit our ModSecurity documentation.

ModHostinglimits changes

We have updated ModHostinglimits to version 1.0.8. We have also configured ModHostinglimits to use a single configuration file /usr/local/apache/conf/modhostinglimits.conf

More information is available in our ModHostingLimits documentation

Removed Features

Sablotron XSLT removed

We have removed the Sablotron XSLT module for PHP from EasyApache. Sablotron XSLT was intended for use with PHP 4. However, PHP 4 is no longer supported by cPanel.

ModFastinclude removed

We have removed the ModFastinclude module from EasyApache. Customers who wish to install Attracta can use the third-party installer.

Appendix A

Documentation Improvements

The documentation has been updated to use the term “opt mods” alongside “custom modules.” We have also cleaned up ambiguity between “script hooks” and “hook scripts.”

SourceGuardian version 9.0.4

We have upgraded SourceGuardian to version 9.0.4 for all supported versions of PHP 5.4.

ModSecurity version 2.7.2

We have upgraded ModSecurity to version 2.7.2 for all supported versions of Apache 2.X.

EasyApache 3.18.1 also contains a patch to properly parse and append missing rule IDs in chained rules that contain comments and empty lines.

Appendix B

mod_socache_shmcb added

We have added the mod_socache_shmcb module to Apache 2.4 to support development of OCSP stapling in cPanel. The mod_socache_shmcb module is installed by default and is always on.

Apache updates

Version updates

We have updated the Apache 2.2 branch to version 2.2.23 and the Apache 2.4 branch to version 2.4.4.

64-bit pkgconfig

Apache 2.4 failed to build on 64-bit CentOS 5.X systems with both the 32-bit and 64-bit versions of OpenSSL. We have patched Apache 2.4 to use the correct version of the SSL library.

Symlink Race Condition Protection

We have added the option to patch Apache to prevent a race condition vulnerability through symlinks.

More information is available on our Symlink Race Condition Protection documentation.

Appendix C

FrontPage on CentOS 6.x

The standard version of expat that is shipped with current versions of CentOS is incompatible with FrontPage. We have installed the compat-expat1 package to make the library compatible.

We have also corrected dependencies to allow FrontPage to function, and updated both the 32- and 64-bit libraries.

Apache 2.4 rawopts file

Apache 2.4 incorrectly used the Apache 2.2 rawopts file. We have corrected this error, and Apache 2.4 now uses the correct rawopts file.

Appendix D

ModSecurity version 2.7.3

We have upgraded ModSecurity to version 2.7.3 for all supported versions of Apache 2.X. This version includes new directives for MULTIPART and SecXmlExternalEntity.

This version also includes the --enable-htaccess-config configure option, but we have disabled that functionality at this time for further review.

For more information, visit our ModSecurity documentation.

Appendix E

ModRuid2 compatibility issues with POSIX and PHP extensions

Due to security issues, if you enable mod_ruid2, the POSIX PHP extension will be disabled.

Also, if you enable mod_ruid2, you will be unable to install the dio and eio PHP extensions.

If you already have the dio and eio PHP extensions installed on your server and you install mod_ruid2:

cPanel & WHM version 11.36 and later — dio and eio will be uninstalled. cPanel & WHM version 11.34 and earlier — dio and eio will be commented out from php.ini.

For more information, visit our ModRuid2 documentation.

Appendix F

Fix CVE-2013-1862 for Apache 2.2 and 2.4

CVE-2013-1862 uncovered a vulnerability in how mod_rewrite processes non-graphical characters in Apache 2.2.24. We have implemented the patch from Apache upstream development for Apache 2.2 and adapted the patch to work with Apache 2.4.

For more information about this vulnerability, read the Bugzilla report at the Apache website.

Appendix G

Recalculate optmod ordering after profile changes are applied

In previous versions of EasyApache, optmod ordering was determined by the initial state of the profile instead of the final state of the profile after all fixes were applied.

We have corrected this issue, and EasyApache now installs optmods in the correct order.