72 Change Log

72.0.12 2018-08-28

Fixed case CPANEL-6541: Implemented swap IPv6 for transfers, dedicated IPv6 not handled. Fixed case CPANEL-18848: Make incremental backups respect the global cpbackup-exclude.conf. Fixed case CPANEL-19702: Filter AAAA on transfer if destination doesn’t use IPv6. Fixed case CPANEL-19910: Update MySQL55 to 5.5.60-1.cp1162. Fixed case CPANEL-19911: Update MySQL56 to 5.6.40-1.cp1162. Fixed case CPANEL-20387: Add support for SSE arguments via URL path. Fixed case CPANEL-20490: Launch terminal with CageFS for CloudLinux users. Fixed case CPANEL-20544: Keep specific file handles open when daemonizing a process. Fixed case CPANEL-20552: Added local symlinks for the event source polyfill. Fixed case CPANEL-20797: Add option to skip EasyApache YUM repo setup during initial install. Fixed case CPANEL-20927: Remove unneeded regex check for the SSE module name. Fixed case CPANEL-20947: Add a NotFound cpsrvd style exception class. Fixed case CPANEL-21186: Add an authentication and application verification system to SSE. Fixed case CPANEL-21573: Populate empty password columns when updating to MariaDB. Fixed case CPANEL-21592: Update cpanel-phpmyadmin to 4.7.7-4.cp1166. 72.0.11 2018-08-15

Fixed case CPANEL-21431: Fix mysqlconnectioncheck for systems running MariaDB. Fixed case CPANEL-21469: Customer using litespeed were considered as SOLO. Fixed case CPANEL-21902: Minimal support for LTS to LTS to support upgrades directly to 78 Fixed case CPANEL-22048: Provide a cpanel-version RPM 72.0.10 2018-07-16

[security] Fixed case SEC-367: Stored-XSS in WHM File Restoration interface. [security] Fixed case SEC-416: Apache configuration injection due to document root variable interpolation. [security] Fixed case SEC-418: Insecure storage of phpMyAdmin session files. [security] Fixed case SEC-420: SQL injection during database backups. [security] Fixed case SEC-424: File modification as root via faulty HTTP authentication. [security] Fixed case SEC-425: Limited file read via password file caching. [security] Fixed case SEC-426: Arbitrary zonefile modifications allowed during record edits. [security] Fixed case SEC-436: Arbitrary file read during File Restoration. [security] Fixed case SEC-439: Arbitrary zonefile modifications due to faulty CAA record handling. [security] Fixed case SEC-442: File rename vulnerability during account renames. [security] Fixed case SEC-443: Website contents accessible to local attackers through git repos. 72.0.9 2018-07-09

Fixed case CPANEL-19596: Resolve a spurious warning when the userdata queue is already processed. Fixed case CPANEL-19866: Add info about mysql_upgrade possibly outputting errors. Fixed case CPANEL-19893: Manage Mysql Profiles: Clear the “Activation In Progress” growl after activation. Fixed case CPANEL-20695: Use Email::Address::XS for email validation in Market Provider Manager. Fixed case CPANEL-20728: Upgrade Email::Address::XS to 1.03. Fixed case CPANEL-20839: Ensure creating the subdomain “l” works Fixed case CPANEL-20963: Update cpanel-perl-526-Email-Sender to 1.300031-3.cp1170. Fixed case CPANEL-21210: Fix link to spam page from BoxTrapper. Fixed case CPANEL-21249: Added cloudlinux.com and imunify360.com to common domains. 72.0.7 2018-06-27

Fixed case CPANEL-19544: Add a new tweak setting to configure eximstats_spam_check. Fixed case CPANEL-19571: Add hookability for AutoSSL installs. Fixed case CPANEL-20782: Fixquotas: properly modify quotas on EFI CloudLinux systems. Fixed case CPANEL-20849: Don’t attempt restart of PHP-FPM pools that don’t exist. 72.0.5 2018-06-25

Fixed case CPANEL-20113: Resolve performance regression when determing zone for a domain. Fixed case CPANEL-20729: Filter out duplicate domains from AutoSSL orders. Fixed case CPANEL-21180: Allow administrators to disable WHM’s “Terminal” UI via a touch file. 72.0.4 2018-06-18

Fixed case CPANEL-20741: Backup Metadata: avoid over-encoded HTML. Fixed case CPANEL-21254: Ensure saving named tiers in update preferences doesn’t misconfigure update settings. Fixed case CPANEL-21260: Ensure update preferences UI reflects currently configured settings. 72.0.3 2018-06-11

Fixed case CPANEL-17528: Remove unneeded SQLite DBH check. Fixed case CPANEL-18958: Do not include remote MySQL hosts for cpsess temp user grants. Fixed case CPANEL-19390: Fix race condition in restartsrv_apache_php_fpm. Fixed case CPANEL-19580: Update cpanel-git to 2.17.1-2.cp1170. Fixed case CPANEL-19907: Make rpmup aware of UPDATES=manual for EasyApache 4. Fixed case CPANEL-20326: Avoid webmail login rejection when quota is greater than 8796093022207MB. Fixed case CPANEL-20615: File Restoration: ensure backup feature is not required. Fixed case CPANEL-20633: Rebuild Exim configuration and restart Exim on upgrade. Fixed case CPANEL-20670: Modify Account: avoid failure with previously used domain. Fixed case CPANEL-20715: Fix bin/backup bug where metadata pruning fails due to being disabled. Fixed case CPANEL-20725: Setting up PHP-FPM on addon domains did not work correctly. Fixed case CPANEL-20765: Ensure remote dns clusters load zones added via SYNCZONES. Fixed case CPANEL-20776: Update cpanel-mailman to 2.1.26-4.cp1162. Fixed case CPANEL-20777: Fix corrupted .htaccess files from pkgacct. Fixed case CPANEL-20832: Avoid use of Cpanel::JSON::LoadTagged. Fixed case CPANEL-20909: Better handle packages which exceed the allowed MAX_DEFER_FAIL_PERCENTAGE. Fixed case CPANEL-20915: Fix logic for getting LTS versions in update preferences page. Fixed case CPANEL-20968: Assure HttpRequest.pm does not leave open file handles, blocking updatenow. Fixed case CPANEL-20980: Update dovecot to 2.2.36-2.cp1162. 71.9980.45 2018-05-31

Fixed case CPANEL-18506: Fix backup destination showing system backup option when system backups disabled. Fixed case CPANEL-19045: Update cpanel-perl-526-Net-Google-Drive-Simple to 0.13-4.cp1170. Fixed case CPANEL-19808: AutoSSL runs will no longer continue notifying beyond seven days post-expiry. Fixed case CPANEL-19848: Avoid displaying startup log entries twice when restarting service. Fixed case CPANEL-19943: Ensure WordPress install via API works. Fixed case CPANEL-20006: Update cpanel-awstats to 7.6-3.cp1168. Fixed case CPANEL-20042: Ensure submit button is enabled when selection is made on WHM Edit DNS Zone. Fixed case CPANEL-20076: Fix MAX_DEFER_FAIL_PERCENTAGE issues with account creation. Fixed case CPANEL-20221: Render HTML output correctly in EA4 Recommendation. Fixed case CPANEL-20240: Statistics Configuration: ensure page renders fully. Fixed case CPANEL-20331: Avoid transient error when installing exim.pl.local. Fixed case CPANEL-20336: Don’t assign dedicated IPs during account creation unless instructed to. Fixed case CPANEL-20409: Make ResourceUsage handle exponent notation for maximum values. Fixed case CPANEL-20411: cpuser notification prefs now are populated if empty. Fixed case CPANEL-20412: Make contactinfo->cpuser sync not clobber existing cpuser setting. Fixed case CPANEL-20449: Ignore empty zones when returning zone fetch results. Fixed case CPANEL-20499: Transfers fail when Copy Home Directory is deselected. Fixed case CPANEL-20518: Restored functionality where users could empty all spam folders. Fixed case CPANEL-20535: Fix adding MX records to subdomains. Fixed case CPANEL-20540: File Restoration: control using correct feature. Fixed case CPANEL-20542: Explicitly disable SMTPUTF8. Fixed case CPANEL-20560: Avoid exception on invalid whois data. Fixed case CPANEL-20561: Restore functionality of VPS.NET DNS clustering. Fixed case CPANEL-20562: Update cpanel-perl-526-Net-Whois-IANA to 0.41-2.cp1170. Fixed case CPANEL-20564: Ensure weekly and monthly backups can be downloaded in cPanel. Fixed case CPANEL-20564: Fix cPanel backup downloads when backup dir has trailing slash. Fixed case CPANEL-20565: Ensure REMOTE_ADDR is passed through to dnsadmin. Fixed case CPANEL-20566: Transfer Tool: disable API use over unencrypted connection. Fixed case CPANEL-20566: Use correct path for pkgacct. Fixed case CPANEL-20577: Work around MariaDB authn bug MDEV-16238. Fixed case CPANEL-20601: Fix undefined user warning when using ‘want’ arg of listaccts API. Fixed case CPANEL-20614: Fix zone parsing with empty leading names. Fixed case CPANEL-20651: Resolve performance regression with Whostmgr::DNS::MX. Fixed case CPANEL-20732: Update Git to version 2.17.1. 71.9980.37 2018-05-21

Fixed case CPANEL-6546: Ensure timestamps in Roundcube and SquirrelMail are correct. Fixed case CPANEL-19824: Update GeoIPfree files for 72. Fixed case CPANEL-20179: Make PHP-FPM daemons restart gracefully. Fixed case CPANEL-20179: Fix bug in restartsrv_apache_php_fpm where we never restart it. Fixed case CPANEL-20454: Pkgacct: ensure htaccess files are properly included. [security] Fixed case SEC-393: API tokens retain ACLs that are removed from accounts. [security] Fixed case SEC-394: Stored code execution injections in WHM cPAddons interface. [security] Fixed case SEC-395: Arbitrary file unlink via cPAddons moderation system. [security] Fixed case SEC-396: Email injection in cPAddons moderation. [security] Fixed case SEC-398: Remote-Stored XSS in WHM cPAddons installation interface. [security] Fixed case SEC-399: Remote-stored XSS in YUM autorepair functionality. [security] Fixed case SEC-400: Remote-Stored XSS in WHM Save Theme Interface. [security] Fixed case SEC-408: ClamAV installation reveals the contents of root’s crontab. [security] Fixed case SEC-421: Self-XSS in WHM Backup Configuration interface. [security] Fixed case SEC-427: Cron feature restriction not enforced for API calls. [security] Fixed case SEC-429: Backup feature restriction not enforced for API calls. [security] Fixed case SEC-430: Images feature restriction not enforced for API calls. [security] Fixed case SEC-432: Cpanel Mime::list_hotlinks API feature restriction not enforced. [security] Fixed case SEC-435: Arbitrary file read in pkgacct custom template handling. 71.9980.34 2018-05-15

Fixed case CPANEL-19572: Correctly handle UTF-8 encoding in email address phrase. Fixed case CPANEL-19769: Provide YUM repo RPM for RHEL to install MySQL 7. Fixed case CPANEL-20316: Don’t process backup metadata validation for suspended users. Fixed case CPANEL-20378: Update exim to 4.91-3.cp1170. Fixed case CPANEL-20383: Permit parsing lines with only tabs or spaces in zone files. Fixed case CPANEL-20386: Catch metadata generation errors for users in bin/backup. Fixed case CPANEL-20394: Added custom option to Required Score Spam Filters tab. Fixed case CPANEL-20397: Bandwidth limit set to max int when set larger than 17592186044416M. Fixed case CPANEL-20407: Don’t restart MySQL if timezone differs from server time. Fixed case CPANEL-20408: Fix account creation with extremely large bandwidth limits. Fixed case CPANEL-20421: Don’t warn about missing backup metadata. Fixed case CPANEL-20422: Ensure apache is restart when install best certificate fails. Fixed case CPANEL-20430: Remove call of a non-existant function, causing log noise. Fixed case CPANEL-20440: Email: ensure that changemx API call produces valid data. 71.9980.30 2018-05-10

Fixed case CPANEL-19817: Enable Version Control by default. Fixed case CPANEL-19842: Update cpanel-roundcubemail to 1.3.3-5.cp1164. Fixed case CPANEL-20045: Remove unused system task queue artifacts. Fixed case CPANEL-20122: Fixed issue with view additional details. Implemented case CPANEL-20128: Add directory restoration to WHM and cPanel.