54 Release Notes


New features

New scripts

/scripts/restartsrv_cpipv6

External authentication

In cPanel & WHM version 54, we added External Authentication, which allows system administrators to grant WHM, cPanel, and Webmail users the ability to use external methods of server authentication.

System administrators can select and configure the providers in WHM’s Manage External Authentications interface (Home >> Security Center >> Manage External Authentications). System administrators can also use this interface to revoke the credentials of users.

cPanel and Webmail users can link their accounts to accounts at the external provider through the External Authentication section of cPanel’s Password & Security interface (Home >> Password & Security) or from the service’s login interface.

WHM users can link their accounts through the WHM login interface.

If the user is currently authenticated to an external provider that they’ve linked to their account, they can click on the provider’s button on the login interface to automatically log in.

Currently, the service allows WHM, Webmail, and cPanel users the ability to authenticate with their cPanelID credentials, which they can register and manage at cPanel’s Manage2 portal, cPanel Store, or our Ticket system.

Your server will automatically configure cPanelID and populate that provider with the necessary Client ID and Client Secret from the license server when you perform a cPanel Update (upcp).

We include several additional sample authentication provider modules as examples for developers.

You can also add your own authentication provider to the list. For information about how to add your authentication provider, read our Guide to External Authentication in the SDK.

Warning:

If your server uses a firewall, you must allow traffic over ports 2083, 2087, and 2096 for External Authentication to function. You cannot currently link an external account to multiple cPanel accounts, WHM accounts, or Webmail accounts. However, you can link an external account to a cPanel account, a WHM account, and a Webmail account. Also, you can link multiple external accounts to the same cPanel, WHM, or Webmail account. We expect to expand this functionality in a future release. Notes:

  • The system will automatically disable missing or misconfigured provider modules.
  • Most providers allow you to register for an account as part of the authentication process.
  • If you change your server’s hostname, you must update the Redirection URI settings in the configuration settings at the external authentication provider’s site to reflect the new hostname.
  • Only system accounts use the system’s Two-Factor Authentication. Users who log in to cPanel, WHM, and Webmail through External Authentication will use whichever methods that the external authentication service includes.

The Call method for API privilege escalation

In cPanel & WHM version 54, we introduced the Call method for API privilege escalation, which allows you to run specific functions in your code as the root user. This new method is much easier to use than the send_cpwrapd_request method, and we strongly recommend that you use it for Perl modules.

Note:

We strongly recommend that you set the mode in your application’s configuration file to full, unless your application requires simple mode.

PHP-FPM

In cPanel & WHM version 54, we added the PHP-FPM implementation to the cpservd daemon’s configuration. This will improve performance of PHP-based internal applications that ship with cPanel, such as:

  • phpMyAdmin
  • phpPgAdmin
  • Roundcube
  • Horde
  • SquirrelMail
  • And any third-party PHP application installed for the user.

This service logs errors and unusually slow script performance in the following locations:

  • /usr/local/cpanel/logs/php-fpm/error.log — The main error log file for the PHP-FPM implementation.
  • /var/cpanel/php-fpm/$user/logs/slow.log — The log file for scripts that run unusually slow for a user, where $user represents the cPanel account name.
  • /var/cpanel/php-fpm/$user/logs/error.log — The error log file for a user, where $user represents the cPanel account name. To manage the service and monitoring of the service, use the FPM Service for cPanel Daemons settings in WHM’s Service Manager interface (Home >> Service Configuration >> Service Manager).

Note:

This service will accelerate a maximum of concurrent 10 processes per user.

Suspend and unsuspend email accounts

In cPanel & WHM version 54, cPanel account owners and WHM users can suspend and unsuspend email accounts. Suspension prevents logins and access to a mail account, and it rejects any incoming mail to the account. Before, if a user was compromised or sent spam, a system administrator or reseller could only suspend an entire cPanel account.

Management of email suspension is available in cPanel’s Email Accounts interface (Home >> Email >> Email Accounts).

Notes:

  • When you suspend an email account, the system also suspends any aliases or forwarders that redirect email to the account.
  • If you suspend an email account for outbound spam, we strongly recommend that you check the mail queue with WHM’s Mail Queue Manager interface (Home >> Email >> Mail Queue Manager) to confirm there is no additional outbound traffic from that account.

New subdomain tweak settings

We changed the Allow domain parking across accounts setting to Allow cPanel users to create subdomains across accounts in WHM’s Tweak Settings - Domains interface (Home >> Server Configuration >> Tweak Settings).

We also added the Allow WHM users to create subdomains across accounts setting to that interface.

Both settings default to Off.

Batch UAPI commands

In cPanel & WHM version 54, we added the Batch::strict function which allows you to combine multiple UAPI calls into a single call.

Remote package account for transfers

In cPanel & WHM version 54, we added the WHM API 1 start_background_pkgacct function. This function calls the /scripts/pkgacct script as a background process with user-selected arguments.

WHM’s Transfer Tool interface (Home >> Transfers >> Transfer Tool) uses this function to remotely back up the accounts on the source server that you wish to transfer to the target server.

After the target server cals the function and triggers the backup process, it calls the /usr/local/cpanel/whostmgr/docroot/cgi/ live_tail_log.cgi script on the source server in order to stream results to the target server’s transfer log.

Previously, the target server would initiate an SSH session and run the pkgacct script on the remote server through that session. The target server monitored the progress of the backup processes through the SSH session. If the session encountered an error or failed, the pkgacct script would fail.

Notes:

  • Both the source and target servers must run cPanel & WHM version 54 or later in order for this function to run. Otherwise, the target server uses the legacy SSH session behavior.
  • If the target server fails to stream the log data for the remote package account five times concurrently or 50 times total from the source server, the target server will revert to the legacy SSH session connection behavior.
  • Do not directly call the live_tail_log.cgi script.

SRS (Sender Rewriting Scheme) support

In cPanel & WHM version 54, we added Sender Rewriting Scheme (SRS) functionality to Exim. This fixes issues with email forwarding in Sender Policy Framework (SPF).

To use SRS, enable the Enable Sender Rewriting Scheme (SRS) Support option in WHM’s Exim Configuration Manager - Basic Editor interface (Home >> Service Configuration >> Exim Configuration Manager).

For more information about SRS, read the Wikipedia article.

Note:

This setting uses the default configuration for SRS. If you wish to customize the SRS configuration, use the Advanced Editor interface.

New notification templates

In cPanel & WHM version 54, we converted more notifications to the new system. The following alerts are now available in cPanel’s Contact Information interface (Home >> Contact Information):

  • An external account is linked to my account for authentication. The following alerts are now available in WHM’s Contact Manager interface (Home >> Server Contacts >> Contact Manager):

  • Unmonitored Services For the full list of available alerts, read our Contact Manager and Notification Templates documentation.

Important:

We strongly recommend that you review your Contact Manager settings to ensure that you will receive important server notices.

Error IDs

In cPanel & WHM version 54, we added error IDs to most error messages that users encounter. All error IDs begin with the string XID and a space character.

When a user reports an error ID to their system administrator or cPanel Technical Support, the troubleshooter can filter the server’s log files with it and diagnose the issue more quickly.

FastUpdate touch file

To disable FastUpdate on your server, log in to your server via SSH and run the following command as the root user:

touch /var/cpanel/never_ever_use_fast_update_not_even_a_check To reenable FastUpdate on your server, run the following command as the root user:

rm /var/cpanel/never_ever_use_fast_update_not_even_a_check

MySQL temporary user issue

In earlier versions of cPanel & WHM, the system created temporary MySQL®/MariaDB users whenever a user logged in to cPanel via external session creation instead of password authentication. This caused high load and performance issues on systems with frequent logins.

As of cPanel & WHM version 54, we no longer created temporary users for external session logins until a script or user accessed the phpMyAdmin feature or the backup functionality.

Third-party plugins that require access to temporary MySQL users (found in $ENV{‘REMOTE_DBOWNER’}) will now need to call the Session::create_temp_user function in order to create the temporary users before they are available. This function is available in cPanel & WHM version 54.0.16 and later.

Important:

If you cannot update your system for whatever reason, the workaround is to update your scripts to call cPanel API 1 Functions - Cgi::phpmyadminlink , which will create a temporary user session for you.

TLS 1.2 support

cPanel & WHM now supports TLS 1.2, as well as the encryption protocols contained within it. CentOS 6.0 through 6.4 systems cannot upgrade to version 54 until they update to a version of OpenSSL that supports TLS 1.2 or higher. If the CentOS system does not meet these requirements, cPanel & WHM blocks them.

General EasyApache 4 improvements

We added the Testing and Unsupported repositories to the httpupdate mirrors.

User Manager

In cPanel & WHM version 54, we added the User Manager interface (Home >> User Preferences >> User Manager). cPanel account users can use this interface to add, manage, and delete subaccounts. cPanel account users can also merge their current email, FTP, and Web Disk accounts into a subaccount. The User Manager interface allows you to create a subaccount with email, FTP, and Web Disk access on a single page. This interface includes the option to add the subaccount user’s name and an alternate email address. It also allows cPanel users to edit a subaccount user’s FTP and Web Disk home directory. The User Manager interface contains advanced filtering options that allows a cPanel account user to search for subaccounts by services and issues, and it’s search box uses incremental search.

Subaccounts

In cPanel & WHM version 54, we have introduced subaccounts. cPanel account users can create subaccounts that use the same login and password information for email, FTP, and Web Disk services. The system maintains password synchronization between each of the subaccount user’s allowed services. cPanel account users can add and remove a subaccount’s email, FTP, and Web Disk services without updating the subaccount’s password.

Accounts automatically update to Paper Lantern theme

As of cPanel & WHM version 54, when you upgrade your system, cPanel accounts on the x3 and x3mail themes will automatically update to the Paper Lantern theme with the Retro style. For more information, read our x3 deprecation schedule.

New interfaces for the Paper Lantern theme

As of cPanel & WHM version 54, the Paper Lantern theme is reconfigured with a sidebar, the Dashboard interface, the Statistics interface, and the Notifications interface. For more information, read our cPanel Interface documentation.

jQuery requirements for custom interfaces

In cPanel & WHM version 54, we reduced the cPanel interface’s jQuery needs to use only one version of jQuery, and modified the way in which the cPanel interface loads jQuery. Due to these changes, third-party developers must update their custom interface code to handle jQuery properly. For more information, read our Guide to cPanel Interface Customization - jQuery documentation.

Two-Factor Authentication

In cPanel & WHM version 54, we added the Two-Factor Authentication interface (Home >> Security >> Two-Factor Authentication).

This function allows you to configure two-factor authentication (2FA), an improved security measure for the login interface of cPanel & WHM. Two-factor authentication requires two forms of identification: your password and a generated security code. With 2FA enabled, an application on your smartphone uses a Time-based One-time Password (TOTP) algorithm to supply a code that you must enter with your password to log in. Without the security code, you cannot log in.

To enable the Two Factor Authentication UI on your system, enter the following command:

touch /var/cpanel/enable_twofactor_ui && /usr/local/cpanel/whostmgr/docroot/themes/x/rebuildtmpl This may cause some third-party applications to break significantly and cause applications to improperly store data

API Access

If two-factor authentication is enabled, some API calls will be blocked. The system does not allow basic HTTP auth API calls when authenticated as a user with 2FA configured. You must establish a session and include the session’s security token when making the API calls. For more information, read our Guide to API Authentication documentation.

This feature is one of the most highly requested features on features.cpanel.net. We at cPanel worked hard to bring this in cPanel & WHM version 54. When the new feature hit the EDGE release tier, some of our third-party integrators grew concerned about the changes made to the API system.

Updated features

Improved IPv6 support

Shared IPv6 address support

cPanel & WHM now includes a setting that specifies the server’s shared IPv6 address. You can configure this setting through the following methods:

  • Modify the ADDR6 value in the /etc/wwwacct.conf file before you install cPanel & WHM.
  • Modify the new The IPv6 address (only one address) to use to set up shared IPv6 virtual hosts. setting in WHM’s Basic cPanel & WHM Setup interface (Home >> Server Configuration >> Basic cPanel & WHM Setup). When you configure this setting, BIND automatically begins to listen for DNS requests via IPv6.

New Listen on IPv6 Addresses Tweak Setting

We added the Listen on IPv6 Addresses setting to the System section of WHM’s Tweak Settings interface (Home >> Server Configuration >> Tweak Settings).

Use this setting to determine whether the cpsrvd daemon listens on IPv6. This setting defaults to Off.

Updated Assign IPv6 Address interface

In cPanel & WHM version 54, WHM’s Enable IPv6 interface (Home >> IP Functions >> Enable IPv6) is now the Assign IPv6 Address interface (Home >> IP Functions >> Assign IPv6 Address).

We also improved this interface to allow you to assign the server’s IPv6 address to accounts as a shared IP address.

Updated interfaces for IPv6 support

In cPanel & WHM version 54, we updated the following interfaces to correctly handle IPv6 addresses:

  • cPanel’s Advanced Zone Editor interface (Home >> Domains >> Advanced Zone Editor)
  • cPanel’s Authentication interface (Home >> Email >> Authentication)
  • WHM’s Basic cPanel & WHM Setup interface (Home >> Server Configuration >> Basic cPanel & WHM Setup)
  • WHM’s Configure Remote Service IPs interface (Home >> IP Functions >> Configure Remote Service IPs)
  • WHM’s Edit DNS Zone interface (Home >> DNS Functions >> Edit DNS Zone)
  • WHM’s Exim Configuration Manager interface (Home >> Service Configuration >> Exim Configuration Manager)
  • WHM’s IPv6 Ranges interface (Home >> IP Functions >> IPv6 Ranges)
  • WHM’s Resolver Configuration interface (Home >> Networking Setup >> Resolver Configuration)

New Prefer IPv4 over IPv6 for outgoing mail setting

Important:

We have temporarily removed this functionality from cPanel & WHM version 54. Features may continue to display in the cPanel & WHM interface, but do not currently function.

We added the Prefer IPv4 over IPv6 for outgoing mail setting to the Domains and IPs section of the Basic Editor tab in WHM’s Exim Configuration Manager interface (Home >> Service Configuration >> Exim Configuration Manager).

If you enable this setting, cPanel & WHM applies a patch to modify Exim’s behavior to prefer IPv4 addresses over IPv6 addresses when it sends mail. If you disable this setting, the system uses Exim’s default behavior for the order in which it attempts to send mail on IPv4 and IPv6 addresses. In previous versions of cPanel & WHM, we applied this patch without an option to remove it. For this reason, this setting defaults to On to maintain cPanel & WHM’s current behavior. However, as cPanel & WHM moves toward full IPv6 support, we strongly recommend that you disable this setting and allow Exim to use its default behavior.

Change Password interface changed to Password & Security

In cPanel & WHM version 54, we renamed cPanel’s Change Password interface to the Password & Security interface (Home >> Preferences >> Password & Security). Because the interface now manages the account’s password and its External Authentication linkages, we felt that the interface name should reflect this.

MariaDB 10.1

In cPanel & WHM version 54, we upgraded MariaDB to version 10.1.

Warning:

MariaDB’s sql_mode variable now defaults to include the NO_ENGINE_SUBSTITUTION, NO_AUTO_CREATE_USER modes.

  • If you have not set a custom sql_mode variable and your application requires that these modes be off, we strongly recommend that you update your application to either turn these modes off or not to depend on an off state.
  • If you have set a custom sql_mode variable, your system will retain your custom sql_mode modes after the upgrade.

Arguments added to pkgacct script

In cPanel & WHM version 54, we added a large number of arguments to the /scripts/pkgacct command-line script.

Also, we now allow you to separate arguments and values with either a space or an equals sign (=).

For more information, read our /scripts/pkgacct script documentation.

Reseller Center improvements

In cPanel & WHM version 54, we added the option for the root user to log in to cPanel or WHM as a specified reseller to WHM’s Reseller Center interface (Home >> Resellers >> Reseller). This is similar to the function in WHM’s List Accounts interface (Home >> Account Functions >> List Accounts) that allows the root user to log in to a cPanel account.

Dormant services changes

The Dormant services option in Tweak Settings now unloads idle services from memory after two minutes of activity. Previously, the setting unloaded services from memory after five minutes of inactivity.

Database name changes

In cPanel & WHM version 54, we expanded the scope of characters that you may use for database names.

Database names may now use any printable ASCII character, including spaces, except the following characters:

MySQL® — single-quote (‘), double-quote (“), backtick (`), forward slash (/), and backslash ().

PostgreSQL® — single-quote (‘), double-quote (“), backtick (`), and forward slash (/).

Notes:

  • Legacy versions of MySQL do not allow periods (.) in database names. We strongly urge all customers to convert to MariaDB or to upgrade to MySQL 5.6.
  • You cannot use multi-byte UTF-8 characters in MySQL or PostgreSQL database names.

RecentAuthedMailIpTracker now excludes all local IP addresses

The RecentAuthedMailIpTracker driver tracks the IP addresses for recently-authenticated IMAP and POP3 sessions. In cPanel & WHM version 54, this driver now excludes all of the server’s local IP addresses and the loopback address in order to prevent abuse of POP before SMTP authentication. Previously, the driver only excluded the loopback address.

To enable or disable the RecentAuthedMailIpTracker driver, use WHM’s Service Manager interface (Home >> Service Configuration >> Service Manager).

Note:

We strongly recommend that you use SMTP authentication instead of POP before SMTP.

Standardized Hooks - Debug Mode moved

System administrators can now control debug mode for Standardized Hooks with the Standardized Hooks - Debug Mode option in the Development section of WHM’s Tweak Settings interface (Home >> Server Configuration >> Tweak Settings). In previous versions, debug mode was available through direct modification of the /var/cpanel/cpanel.config file.

Add ‘yum update’ user interface to WHM

We updated the System Update interface (Home >> Software >> System Update) in WHM to use the yum interfaces created in EasyApache 4.

EasyApache 4 migration improvements

The new EasyApache 4 inspects the options you select in EasyApache 3, and then installs the appropriate RPM via yum in EasyApache 4. cPanel & WHM also improved the user experience in the EasyApache 4 migration script, which increase the success rate of migration. To accomplish this, the EasyApache 4 migration installs all default packages from EasyApache 3.

EasyApache 4 user interface improvements

We localized the EasyApache 4 profile descriptions into multiple languages and improved the display of error messages within the EasyApache 4 provision stage. This allows for users to select their Apache modules, Apache MPM, PHP version, and PHP extension preferences via the EasyApache 4 user interface. However, this feature is in technical preview. We set a warning to alert users that the EasyApache 4 user interface recommends that the user use yum for the most stable user experience. The system also highlights the user’s active profile for the EasyApache 4 user interface as the first “Current Profile” when it displays the list of available profiles.

FTP accounts

In cPanel & WHM version 54, we added support to create FTP accounts for any domain that the cPanel account owns.

Changes to the Cpanel::PublicAPI module

In cPanel & WHM version 54, we no longer ship the Cpanel::PublicAPI module. Instead, we now ship an RPM of the cPanel::PublicAPI CPAN module.

Note:

The Cpanel::Accounting module is a wrapper for this module.

We also added the ssl_verify_mode parameter to the module. This boolean parameter controls whether the module verifies SSL certificates.

  • This parameter defaults to 1, which causes the module to verify SSL certificates.
  • We strongly recommend that you do not set this value to 0 unless you must use self-signed certificates.
  • Previously, the Cpanel::PublicAPI module did not verify SSL certificates.

Additional cPHulk options

The Configuration Settings section of WHM’s cPHulk Brute Force Protection interface (Home >> Security Center >> cPHulk Brute Force Protection) now includes the option to apply username-based protection to local addresses only. This ensures that a user cannot brute force other accounts on the same server. This option appears in the Username-based Protection section of the Configuration Settings.

The default setting for the Username-based Protection settings is now On. The default setting applies username-based protection to local addresses only.

Updated MultiPHP Manager

We added a PHP Handlers section to WHM’s MultiPHP Manager interface (Home >> Software >> MultiPHP Manager). This allows you to easily change the PHP handlers on your system.

Note:

This feature is only available on systems that run EasyApache 4.

Updated MultiPHPINI Editor

We updated WHM’s MultiPHP INI Editor interface (Home >> Software >> MultiPHP INI Editor) to display Enabled and Disabled rather than 1 and 0 for the PHP defaults.

Updated the /bin/rebuild_phpconf script

We greatly improved this script to allow you to better view and manage their system’s default PHP version and PHP handlers in EasyApache 4.

Note:

These script changes only apply to systems that run EasyApache 4.

###Deprecated and removed items

ProFTPD login without domain

We removed the ability to use the username without a domain for ProFTPD. cPanel did not officially support the ability to log in to ProFTPD without the domain. You must use the full username to log in to FTP services.

Deprecated CGI features

The new default cPanel theme (Paper Lantern) does not include an equivalent to the deprecated x3 theme’s CGI Center interface (Home >> Software and Services >> CGI Center). We do not plan to add one in future versions of cPanel & WHM.

Existing CGI scripts will continue to function, regardless of the cPanel theme.

To add new CGI scripts, you must create them manually.

Removed Old-Style Spam System setting

We removed the previously-deprecated Old-Style Spam System setting from WHM’s Exim Configuration Manager interface (Home >> Service Configuration >> Exim Configuration Manager).

Prelinking support removed

Prelinking is now disabled by default. cPanel does not officially support prelinking. For more information about how to disable prelinking, read our Disable Prelinking documentation.

Courier removed

We removed Courier from cPanel & WHM. During installation, a server administrator who still uses Courier has 29 days to take action: either convert to Dovecot or pin the version to 11.52 LTS without an upgrade. If they take no action after 29 days, we automatically convert the mail servers to Dovecot.

Note:

When the system switches the mailserver from Courier to Dovecot, the SSL certificate used by the POP3 service might change. This is because Courier uses two SSL certificates (IMAP and POP3) and Dovecot only uses one. Dovecot will reuse the existing IMAP SSL certificate.