Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

70.0.23

...

2018-03-19

  • TSR-2018-0002
  • [security] Fixed case SEC-338: Arbitrary file chmod during legacy incremental backups.
  • [security] Fixed case SEC-357: Self-XSS in WHM cPAddons showsecurity Interface.
  • [security] Fixed case SEC-359: Code execution via '.' in @INC during perl syntax check of cpaddonsup.
  • [security] Fixed case SEC-362: Demo account code execution via awstats.
  • [security] Fixed case SEC-364: Root accesshash revealed by WHM /cgi/trustclustermaster.cgi.
  • [security] Fixed case SEC-368: OpenID providers can inject arbitrary data into cPanel session files.
  • [security] Fixed case SEC-369: Stored XSS in WHM Edit DNS Zone.
  • [security] Fixed case SEC-370: Stored XSS in WHM Edit MX Entry.
  • [security] Fixed case SEC-371: Any user is able to shut down Solr.
  • [security] Fixed case SEC-372: Remote Stored XSS in WHM DNS Cluster.
  • [security] Fixed case SEC-373: Remote Stored XSS in WHM Create Account.
  • [security] Fixed case SEC-374: Remote Stored XSS in WHM Edit DNS Zone.
  • [security] Fixed case SEC-375: Remote Stored XSS in WHM Delete a DNS Zone.
  • [security] Fixed case SEC-376: Remote Stored XSS in WHM DNS Cleanup.
  • [security] Fixed case SEC-377: Remote Stored XSS in WHM Synchronize DNS Records.
  • [security] Fixed case SEC-378: Arbitrary file read and unlink via WHM style uploads.
  • [security] Fixed case SEC-379: Local privilege escalation via WHM Legacy Language File Upload interface.
  • [security] Fixed case SEC-380: Local privilege escalation via WHM Locale XML Upload interface.
  • [security] Fixed case SEC-382: Jailshell breakout via incorrect crontab parsing.
  • [security] Fixed case SEC-391: Remote Stored XSS in cpaddons vendor interface.
  • [security] Fixed case SEC-392: Open redirect via /unprotected/redirect.html endpoint.
  • [security] Fixed case SEC-401: Htaccess restrictions bypass when "Htaccess Optimization" enabled.
  • [security] Fixed case SEC-405: Demo account code execution via cPanel Landing Page.
  • [security] Fixed case SEC-406: Apache logs exposed by creation of certain domains.
  • [security] Fixed case SEC-410: Stored XSS in WHM Edit DNS Zone.
  • [security] Fixed case SEC-411: Email account suspensions can be applied to unowned accounts.
  • [security] Fixed case SEC-412: Stored XSS in WHM Reset a DNS Zone.

70.0.18

...

2018-02-27

  • Fixed case CPANEL-10163: Remove needless dismount of virtfs for quota check.
  • Fixed case CPANEL-18392: Remove progress overly to hang when there is an error creating an account.
  • Fixed case CPANEL-18415: Fix typo in KAM SpamAssassin ruleset.
  • Fixed case CPANEL-18764: Pkgacct: don't fail when unprivileged.
  • Fixed case CPANEL-18764: Pkgacct: properly store quota when unprivileged.
  • Fixed case CPANEL-18769: Update call to create metadata v3.0 for backups.
  • Fixed case CPANEL-18772: Remove cpanel-perl-526-Mojo-Pg when coming from 72.
  • Fixed case CPANEL-18777: Update dovecot to 2.2.33.2-4.cp1162.

...