Last updated June 3 2013
These Release Notes detail feature updates in EasyApache version 3.18
We have added Apache 2.4 to the list of versions available in EasyApache on cPanel & WHM 11.36 and later.
There are several important changes to Apache 2.4 of which you should be aware:
- Incompatible modules
- Changes to module names
- Changes to directive names
- Changes to the Mutex directive
- Server Side Include Expression Parser compatibility issues
More information about these changes is available in our Critical Changes in Apache 2.4 documentation.
Modified or Updated Features
We have improved the documentation for EasyApache. EasyApache documentation will now be in its own section at EasyApache.
The documentation has been updated to use the term "raw opts" instead of "custom configure flags."
Perl dependency update
In 11.36, cPanel will ship with a distribution of Perl 5.14.3. We have changed the shebang in all cPanel-developed scripts that wrap around Apache and PHP modules in order to run properly.
Also, EasyApache will install any necessary modules into the system Perl as required by your profile selections.
More information about how cPanel handles Perl is available on our blog post Prepare Your Perl Scripts for 11.36.
CRIME attack protection
We have updated both Apache 2.2 and Apache 2.4 to defend them against CRIME attacks.
More information is available in our Apache Patched To Prevent CRIME Attacks documentation.
LibXML version 2.9.0
We have upgraded LibXML to version 2.9.0 for all supported versions of PHP.
PHP MailHeaders defaults to Off
We have set the default behavior of MailHeaders in PHP to Off to remove the session ID from the
X-PHP-Script mail header.
Due to conflicts with Rule IDs in use by third-party rulesets, we have changed the number that EasyApache starts with when it automatically adds IDs to rules without ID numbers. EasyApache will now start at 1,234,123,380.
There was an error in how EasyApache imported and processed rules without Rule IDs. In ModSecurity rules without options, EasyApache mistakenly appended the Rule ID to the rule statement. Instead, the Rule ID should be appended within a separate set of quotes. We have corrected the error.
ModSecurity is not compatible with
Finally, we have updated ModSecurity to Version 2.7.1. EasyApache will change configuration directives and options to use the new term "Encryption" instead of "Hash."
For more information, visit our ModSecurity documentation.
We have updated ModHostinglimits to version 1.0.8. We have also configured ModHostinglimits to use a single configuration file
More information is available in our ModHostingLimits documentation
Sablotron XSLT removed
We have removed the Sablotron XSLT module for PHP from EasyApache. Sablotron XSLT was intended for use with PHP 4. However, PHP 4 is no longer supported by cPanel.
We have removed the ModFastinclude module from EasyApache. Customers who wish to install Attracta can use the third-party installer.
The documentation has been updated to use the term “opt mods” alongside “custom modules.” We have also cleaned up ambiguity between “script hooks” and “hook scripts.”
SourceGuardian version 9.0.4
We have upgraded SourceGuardian to version 9.0.4 for all supported versions of PHP 5.4.
ModSecurity version 2.7.2
We have upgraded ModSecurity to version 2.7.2 for all supported versions of Apache 2.X.
EasyApache 3.18.1 also contains a patch to properly parse and append missing rule IDs in chained rules that contain comments and empty lines.
We have added the
mod_socache_shmcb module to Apache 2.4 to support development of OCSP stapling in cPanel. The
mod_socache_shmcb module is installed by default and is always on.
We have updated the Apache 2.2 branch to version 2.2.23 and the Apache 2.4 branch to version 2.4.4.
Apache 2.4 failed to build on 64-bit CentOS 5.X systems with both the 32-bit and 64-bit versions of OpenSSL. We have patched Apache 2.4 to use the correct version of the SSL library.
Symlink Race Condition Protection
We have added the option to patch Apache to prevent a race condition vulnerability through symlinks.
More information is available on our Symlink Race Condition Protection documentation.
FrontPage on CentOS 6.x
The standard version of expat that is shipped with current versions of CentOS is incompatible with FrontPage. We have installed the compat-expat1 package to make the library compatible.
We have also corrected dependencies to allow FrontPage to function, and updated both the 32- and 64-bit libraries.
Apache 2.4 rawopts file
Apache 2.4 incorrectly used the Apache 2.2 rawopts file. We have corrected this error, and Apache 2.4 now uses the correct rawopts file.
ModSecurity version 2.7.3
We have upgraded ModSecurity to version 2.7.3 for all supported versions of Apache 2.X. This version includes new directives for
This version also includes the
--enable-htaccess-config configure option, but we have disabled that functionality at this time for further review.
For more information, visit our ModSecurity documentation.
ModRuid2 compatibility issues with POSIX and PHP extensions
Due to security issues, if you enable
mod_ruid2, the POSIX PHP extension will be disabled.
Also, if you enable
mod_ruid2, you will be unable to install the
eio PHP extensions.
If you already have the
eio PHP extensions installed on your server and you install mod_ruid2:
cPanel & WHM version 11.36 and later —
eio will be uninstalled. cPanel & WHM version 11.34 and earlier —
eio will be commented out from
For more information, visit our ModRuid2 documentation.
Fix CVE-2013-1862 for Apache 2.2 and 2.4
CVE-2013-1862 uncovered a vulnerability in how
mod_rewrite processes non-graphical characters in Apache 2.2.24. We have implemented the patch from Apache upstream development for Apache 2.2 and adapted the patch to work with Apache 2.4.
For more information about this vulnerability, read the Bugzilla report at the Apache website.
Recalculate optmod ordering after profile changes are applied
In previous versions of EasyApache, optmod ordering was determined by the initial state of the profile instead of the final state of the profile after all fixes were applied.
We have corrected this issue, and EasyApache now installs optmods in the correct order.