68 Release Notes


Upgrade blockers LiteSpeed update required to maintain SSL functionality If LiteSpeed exists on your server, you must upgrade to LiteSpeed version 5.2.1 build 2 or later before you upgrade to cPanel & WHM version 68. Otherwise, websites will not provide the entire certificate chain and browsers may display an SSL error. For more information about how to upgrade LiteSpeed, read LiteSpeed’s cPanel Plugin documentation. View the /usr/local/lsws/autoupdate/build file to verify your LiteSpeed version information.

Note:

If your server does not contain the /usr/local/lsws/ directory, LiteSpeed likely does not exist on your server.

The ea-apache24-config-runtime package You must upgrade the ea-apache24-config-runtime package to version 1.0-113 or later.

New features New access privileges In cPanel & WHM version 68, we added the following access privileges to WHM’s Edit Reseller Nameservers and Privileges interface (WHM >> Home >> Resellers >> Edit Reseller and Nameserver Privileges):

Account Summary Allow CORS Proxy Requests Basic WHM Functions Create User Session Digest Authentication Generate Email Configuration Manage cPanel Integration Links. Manage OpenID Connect Manage Styles MySQL® Information SSL Information Manage API Tokens Manage DNS Records Nameserver Configuration List Packages Track Email Basic System Information For more information about these new ACL privileges, read the following documentation:

Edit Reseller Nameservers and Privileges Guide to WHM Plugins - ACL Reference Chart Default access privileges As of cPanel & WHM version 68, the system assigns the following access privileges to newly-created reseller accounts by default:

Important:

You cannot assign or unassign these access privileges.

Account Summary Basic System Information Basic WHM Functions Allow CORS HTTP Requests Perform cPanel API and UAPI functions through the WHM API Manage cPanel Integration Links Create User Session Digest Authentication Generate Mobile Email Configurations List Packages Manage API Tokens Manage DNS Records Manage OpenID Connect Manage Styles Nameserver Configuration Perform cPanel API and UAPI functions through the WHM API SSL Information Track Email For more information, read our Edit Reseller Nameservers and Privileges documentation.

The /usr/local/cpanel/scripts/fix_reseller_acls script In cPanel & WHM version 68, we added the /usr/local/cpanel/scripts/fix_reseller_acls script. The system executes this script when it upgrades your server to cPanel & WHM version 68. This script assigns the access privileges that we added in cPanel & WHM version 68 to existing reseller accounts.

Support for Virtuozzo 7 In cPanel & WHM version 68, we added support for Virtuozzo 7. For more information about Virtuozzo, read their documentation.

Large Amount of Outbound Email Detected notification In cPanel & WHM version 68, we added the Large Amount of Outbound Email Detected notification to WHM’s Contact Manager interface (WHM >> Home >> Server Contacts >> Contract Manager). The system counts every user’s outbound messages every 15 minutes. It will send a notification when a mail user exceeds the preconfigured threshold of 500 unique outbound messages over the previous hour (excluding mailing lists). This will help the administrator detect potential spammers or compromised accounts.

Notes:

This notification defaults to disabled on existing systems and enabled for new installations. We do not currently offer the option to configure the threshold. New notification templates In cPanel & WHM version 68, we added notifications to WHM’s Contact Manager interface (WHM >> Home >> Server Contacts >> Contact Manager):

Cgiemail Cleanup Script — The system ran the /usr/local/cpanel/scripts/clean_cgiemail script on your server. This script removes the cgiemail RPM and copies of the cgiemail/cgiecho scripts from users’ cgi-bin directories. Maximum Hourly Emails Exceeded — A domain exceeded the threshold for the maximum number of sent emails in an hour. SSL certificates expiring — An account’s SSL certificate expires soon. Update Blocker - System Cannot Install RPMs — The system detected an unstable RPM database and cannot install any RPMs, so the upcp script cannot proceed. Large Amount of Outbound Email Detected — A mail user exceeded the preconfigured threshold of 500 unique outbound messages over the previous hour (excludes mailing lists).

For the full list of available alerts, read our Contact Manager and Notification Templates documentation.

SSL and AutoSSL certificate renewal, expiry, failure, and success notifications In cPanel & WHM version 68, by default, the system automatically sends users notifications about the status of SSL and AutoSSL certificates. These notifications include useful information and URLs users can access to correct a problem. You can enable or disable the following notifications:

In WHM’s Contact Manager interface (WHM >> Home >> Server Contacts >> Contact Manager):

AutoSSL certificates expiring — An account’s AutoSSL certificate expires soon. Installation of AutoSSL certificates — AutoSSL installed an SSL certificate. Installation of purchased SSL certificates — The system installed SSL certificates that a user purchased through the cPanel Market. SSL Certificate Expiration — A service-level SSL certificate has expired. SSL Certificate Expires Soon — An account’s SSL certificate expires soon. SSL certificates expiring — An account’s SSL certificate expires soon. In cPanel’s Contact Information interface (cPanel >> Home >> Preferences >> Contact Information):

AutoSSL has renewed a certificate — AutoSSL successfully completed a certificate renewal. AutoSSL certificate expiry — An AutoSSL certificate will expire soon. SSL certificate expiry — A non-AutoSSL certificate will expire soon. AutoSSL certificate error status In cPanel & WHM version 68, we added messages about each domain’s AutoSSL status, if such information exists, to cPanel’s SSL/TLS Status interface (cPanel >> Home >> Security >> SSL/TLS Status). For example, these messages include information about pending orders, validation problems, or changes to the domains on a certificate for certificate renewal. Users can view the inline information message next to each domain in this interface.

phpMyAdmin performance setting In cPanel & WHM version 68, we added the Enable phpMyAdmin information schema searches setting to the Software section of WHM’s Tweak Settings interface (WHM >> Home >> Server Configuration >> Tweak Settings). If you disable this setting, the system disables information schema searches by phpMyAdmin in MySQL. This may improve phpMyAdmin performance.

EasyApache 4 and http2 EasyApache 4 now supports mod_http2 .

New individual file restoration from a backup cPanel & WHM version 68 provides backup restoration for individual files.

WHM users can restore files for cPanel user accounts through the new File Restoration interface (WHM >> Home >> Backup >> File Restoration). cPanel users can restore individual files through the new File Restoration interface (cPanel >> Home >> Files >> File Restoration). Note:

For these restoration features to work appropriately in cPanel & WHM, system administrators must enable account file backups through WHM’s Backup Configuration interface (WHM >> Home >> Backup >> Backup Configuration).

Warnings:

We strongly recommend that you use unique filepaths when you store multiple-server backup files in a shared filesystem. This action prevents backup file conflicts. When you terminate an account, you must remove the account’s backup files manually or move the backups to another server. This action prevents an account collision if you add a new account with a previous account’s username. Public Contact information In cPanel & WHM version 68, resellers now control their company’s public contact information. A user who contacts cPanel & WHM Customer Service or Technical Support will see the reseller’s custom contact information instead of one of the resellers’ provider’s information. We strongly recommend that resellers use this feature to protect their brand. For more information about how to enter your default public contact information, read our Customization documentation.

Important:

All of the information that you provide in this tab will be publicly available. We strongly recommend that server owners provide this contact information, otherwise, customers may discover the hosting provider’s contact information. This could negatively affect the server owner’s brand. This interface will not reveal the company name that you enter in the Customize Branding tab to the public. Notes:

If you own your own account, the domain that the server owner used to create your account presents your contact information. If you do not own your own account, the domain presents the server owner’s information instead. In future versions, we plan to add this contact information to the Account Suspended and Default Webpage pages, and anywhere a user searches for their hosting provider’s contact information. Set SSL/TLS via the command line In cPanel & WHM version 68, we added the /usr/local/cpanel/bin/set-tls-settings script. This script allows you to set your SSL and TLS cipher suites, and your SSL and TLS protocols via the command line. For more information, read our The set-tls-settings Script documentation.

Updated features Updated cPanel icons cPanel & WHM version 66 replaces the cPanel interface’s feature icons with new .svg icons.

Note:

For a complete list of icons and their filenames, read our Guide to cPanel Interface Customization - Appkeys documentation.

WHM plugin interfaces in PHP WHM plugin developers can now use PHP to render the WHM interface’s chrome.

The new /usr/local/cpanel/scripts/rebuild_whm_chrome script generates the PHP version of this cache. For more information and use examples, read our Guide to WHM Plugins and Tutorial - Create a New WHM Interface in PHP documentation. Renamed privileges In cPanel & WHM version 68, we renamed the following privileges:

Create Create Account Terminate Terminate Account (Un)Suspend Suspend/Unsuspend Upgrade/Downgrade Upgrade/Downgrade Accounts SSL Certificate Purchase Purchase SSL Certificates SSL CSR/CRT SSL/CSR Certificate Generator Add Add DNS Zones Remove Remove DNS Zones Edit Edit DNS Zones Park Park DNS Zones Allow the reseller to use all global packages (global packages are any packages without a “_” in them) Use Root Packages Allow Creation of Packages with Addon Domains Create Packages with Addon Domains Allow Creation of Packages with Parked Domains Create Packages with Parked Domains Allow Creation of Packages with a Dedicated IP Create Packages with a Dedicated IP Address Allow Creation of Packages with Shell Access Create packages with Shell Access Allow Creation of Packages with Unlimited Features (ie. unlimited pop accounts) Create Packages with Unlimited Features Allow Creation of Packages with non-default Email Limits Create Packages with Custom Email Limits Allow Creation of Packages with Unlimited Diskspace Create Packages with Unlimited Disk Usage Allow Creation of Packages with Unlimited Bandwidth Create Packages with Unlimited Bandwidth Prevent Accounts from being created with shell access Forbid Account Creation with Shell Access Allow modification of existing locales and creation of new locales Modify & Create Locales For more information about these renamed ACL privileges, read our Edit Reseller Nameservers and Privileges documentation.

Locales interface restriction As of cPanel & WHM version 68, resellers must possess the Modify and Create Locales access privilege in order to access WHM’s View Available Locales interface (WHM >> Home >> Locales >> View Available Locales).

Limit API tokens to specific privileges As of cPanel & WHM version 68, you can perform the following actions in WHM’s Manage API Tokens interface (WHM >> Home >> Development >> Manage API Tokens):

Create API tokens with specific privileges. This is useful, for example, to limit API tokens to specific functions, which improves your system’s security. Update an API token’s name and privileges. Assign or unassign third-party privileges to your users Additionally, users who create API tokens on cPanel DNSONLY systems can assign the following access privileges to the API token:

All Features Add DNS Zones Basic System Information Basic WHM Functions Change Password Create User Session DNS Clustering Manage API Tokens Manage DNS Records Manage Styles Nameserver Configuration Remove DNS Zones Restart Services SSL Information SSL Site Management View Server Information View Server Status For more information, read our cPanel DNSONLY documentation.

Improved package extensions management through API In cPanel & WHM version 68, we added the add_package_extension and delete_package_extension WHM API 1 functions to better manage extensions on packages. We also deprecated the _PACKAGE_EXTENSIONS parameters from the addpkg and modifypkg WHM API 1 functions.

We strongly recommend that you modify any scripts that create or manage package extensions to call these new WHM API 1 functions.

If you need to edit a package extension setting, use WHM API 1’s addpkgext function with the same package extension name and desired settings.

EasyApache displays php (DSO) properly In EasyApache 4, the interface now displays php (DSO) instead of php in the list of Apache packages under each version of PHP.

upcp script’s preflight check of RPM database In cPanel & WHM version 68, if the system cannot install an RPM and detects a corrupted RPM database, it does not run the upcp script.

Added zlib.output_compression setting to MultiPHP INI Editor In cPanel & WHM version 68, we added the zlib.output_compression setting to cPanel’s MultiPHP INI Editor interface (cPanel >> Home >> Software >> MultiPHP INI Editor) and WHM’s MultiPHP INI Editor interface (WHM >> Home >> Software >> MultiPHP INI Editor). This setting allows the server to transparently compress pages if the browser sends an Accept-Encoding: gzip or deflate header.

This setting defaults to Disabled.

PHP compression note on cPanel’s Optimize Website interface In cPanel & WHM version 68, we added a note to cPanel’s Optimize Website interface (cPanel >> Home >> Software >> Optimize Website) which indicates that you can enable PHP compression in the cPanel’s MultiPHP INI Editor interface (cPanel >> Home >> Software >> MultiPHP INI Editor). If the system administrator has disabled the MultiPHP INI Editor feature for the account, the note will advise that the user should contact their system administrator.

EasyApache 4 interface We made several updates to WHM’s EasyApache 4 interface (WHM >> Home >> Software >> EasyApache 4).

We updated the interface to allow you to upload a custom profile from a URL.
We updated the interface to allow you to search descriptions. WHM’s MultiPHP INI Editor You can now manage your custom PHP INI directives in the Editor Mode of WHM’s MultiPHP INI Editor interface (WHM >> Home >> Software >> MultiPHP INI Editor). For more information about custom PHP INI Directives, read our Create Custom PHP Directives documentation. We added the post_max_size PHP directive. cPanel’s MultiPHP INI Editor cPanel’s MultiPHP INI Editor interface (cPanel >> Home >> Software >> MultiPHP INI Editor) now only shows directives that you can change. We added the post_max_size PHP directive. Authentication update for Amazon S3 version 4 We updated our Amazon S3™ module in cPanel & WHM version 68. The new module uses Amazon S3 version 4 authentication, which supports all S3 locations.

EasyApache 4 RPM update In cPanel & WHM version 68, we modified the /usr/local/cpanel/scripts/sysup script to automatically update the EasyApache 4 RPMs. This ensures that older RPMs do not break rebuilds of the httpd.conf file.

Important:

This update occurs regardless of your local configuration. The following settings will not prevent an automatic update:

The RPMUP variable set to never in the /etc/cpupdate.conf file. The Operating System Package set to Never Update in WHM’s Update Preferences interface (WHM >> Home >> Server Configuration >> Update Preferences). TLS changes In cPanel & WHM version 68, the system enables Transport Layer Security (TLS) protocol version 1.2 on new installations of cPanel & WHM.

We only support applications that use TLSv1.2, such as IMAP, POP, FTP, and SMTP. However, you can use TLSv1.1 or TLSv1.2 to manage your Pure-FTPd server.

Additionally, the OpenSSL cipher settings now default to Mozilla’s modern cipher suite settings, which pass PCI compliance scans:

ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256 You must reset your current systems’ configuration settings and security protocol settings in order to apply the new default settings.

When you upgrade your system from cPanel & WHM version 66 to cPanel & WHM version 68, your system’s cipher suite settings and security protocol settings will not change.

For more information, read the following documentation:

More about TLS and SSL How to Adjust Cipher Protocols PureFTPd and ProFTPd restart failure and configuration file In cPanel & WHM version 68, we improved how we interact with Pure-FTPd and ProFTPD. The system rebuilds the FTP configuration file (either the /etc/pure-ftpd.conf or the /etc/proftpd.conf file) if an FTP service fails to restart. The system replaces Pure-FTPd’s or ProFTPD’s configuration file with cPanel’s default configuration file if any of the following circumstances exist:

The configuration file fails any current checks. The configuration file fails a validity check. The file does not exist.

Notes:

If the rebuild logic replaces the configuration file, the system preserves and renames the original configuration file. The new filename includes a timestamp and the reason that the system replaced the file. Do not rely on the system to replace your configuration files under normal circumstances. Instead, we strongly recommend that you use the FTP Server Configuration interface (WHM >> Home >> Service Configuration >> FTP Server Configuration). SSL storage modification In cPanel & WHM version 68, we redesigned the datastore for Apache’s SSL certificates and converted the database to SQLite. The new system dramatically increases the speed of SSL management and Apache-restart-times on servers that host large numbers of SSL certificates.

This update could potentially break the following two operations:

Custom Apache virtual host templates no longer receive the vhost.sslcertificatekeyfile variable or the vhost.sslcertificatefile variable. Instead, custom templates load all resources via the vhost.sslcertificatefile variable. The contents of a virtual host’s YAML file in the /var/cpanel/userdata/ directory no longer determine the location of a virtual host’s SSL certificate. The system ignores any custom SSL path values in these files. Custom SSL template configuration In cPanel & WHM version 68, we disable any .local file templates that are incompatible with the new SSL certificate-loading logic. We rename these files during the upgrade.

Warnings:

We strongly recommend that you back up any .local template customizations before you upgrade to cPanel & WHM version 68. If you use the /var/cpanel/templates/apache2_4/ssl_vhost.local file to override the default SSL configuration template, you must merge the changes back into the /var/cpanel/templates/apache2_4/ssl_vhost.local file after you upgrade. If you do not merge the changes, you will lose all of your customizations. For more information, read our Custom Templates documentation. Deprecated and removed items Removed RPM targets cPanel & WHM version 68 removes the MySQL50 and MySQL51 targets from the rpm.versions system. We removed support for MySQL versions 5.0 and 5.1 in cPanel & WHM version 60.

Note:

The upgrade process from cPanel & WHM version 60 to cPanel & WHM version 62 requires MySQL version 5.5 or higher. For this reason, this removal should not impact most servers. For more information, read our Upgrade Blockers documentation.

Removed privileges In cPanel & WHM version 68, we removed the Demo and Any ACLs from WHM’s Edit Reseller Nameservers and Privileges interface (WHM >> Home >> Resellers >> Edit Reseller and Nameserver Privileges).

Removed cPanel Feature Spotlight In cPanel & WHM version 68, we removed the cPanel interface’s feature spotlight and the associated cPanel Spotlight feature in WHM’s Feature Manager interface (WHM >> Home >> Packages >> Feature Manager).

Removed WHM API 1 function In cPanel & WHM version 68, we removed the WHM API 1 getlongtermsupport function.

Removed cgiemail and cgiecho cPanel & WHM version 68 removes cgiemail and cgiecho. For more infromation, read our Removal of cgiemail and cgiecho documentation.

Deprecated hardened-kernel update In cPanel & WHM version 68, we deprecated the cPanel-provided hardened-kernel update. We strongly recommend that you use the KernelCare “Extra” Patchset from CloudLinux™. For more information about this update, contact CloudLinux.

Removed Recently Uploaded CGI Script Mail notification In cPanel & WHM version 68, we removed the Recently Uploaded CGI Script Mail notification option from WHM’s Contact Manager interface (WHM >> Home >> Server Contacts >> Contact Manager). To better counteract the abilities of email spammers, we replaced the legacy system with the new outbound email tracking system. To monitor potential spammers, you must now use the Large Amount of Outbound Email Detected and Maximum Hourly Emails Exceeded notifications instead. We strongly recommend that you enable both of these settings.