84 Release Notes


Upgrade blockers

None.

New features

Upgraded cPanel (cpsrvd) PHP version to PHP 7.3

In cPanel & WHM version 84, we upgraded the PHP version in cPanel & WHM from PHP 7.2 to PHP 7.3. For more information, read our cPanel PHP Upgrade from PHP 7.2 to PHP 7.3 documentation.

New UAPI modules to replace deprecated cPanel API 1 modules 

In cPanel & WHM version 84, we added the following UAPI modules:

These modules replace the following cPanel API 1 modules:

We previously deprecated cPanel API 1 and plan to remove these functions in a future release.

For more information about the functions in these new modules, read the New UAPI functions section below.

DNSSEC in a DNS cluster

In cPanel & WHM verison 84, we added support for DNS Security Extensions (DNSSEC) in DNS clusters. PowerDNS servers with domains that have DNSSEC configured can configure DNS clusters.

Updates to the DNS Cluster interface

In cPanel & WHM version 84, we added the ability to change a DNS server’s nameserver software to PowerDNS from WHM’s  DNS Cluster interface (WHM >> Home >> Clusters >> DNS Cluster). To change a DNS server’s nameserver software to PowerDNS, click the Upgrade link in the Status column of the Servers in your DNS Cluster table.

We also added the Synchronize Zones Immediately checkbox. This option automatically synchronizes any new or updated nameservers with the other servers in your DNS cluster.

New WHM feature block emails by country or domain

We added two new interfaces to WHM. You can now block emails that originate from certain countries or domains. To block these email messages, use the following interfaces:

Updated features

PowerDNS installs by default on new installations

As of cPanel & WHM version 84, the system enables the PowerDNS nameserver software on new installations of cPanel & WHM. For more information about PowerDNS, read our  Nameserver Selection documentation.

Force global DCV rewrite rules

Starting in cPanel & WHM version 84, all installations will use global DCV mod_rewrite exclusions. The global DCV rewrite setting is more reliable than the older, per-user mod_rewrite exclusions. It is also less likely to conflict with users’ mod_rewrite rules.

  • This update also removes the Use a Global DCV rewrite exclude instead of .htaccess modification setting in the Domains section of WHM’s Tweak Settings interface(WHM >> Home >> Server Configuration >> Tweak Settings).

    • If you disabled this option on your server, the system will rebuild the httpd configuration during the upgrade.
    • For servers with this option enabled, there is no change.
  • This update also removes the global_dcv_rewrite_exclude setting from the /var/cpanel/cpanel.config file.

Process all users’ local DNS DCVs at one time

We changed the  AutoSSL feature’s Domain Control Validation (DCV) processing order. This change will significantly improve AutoSSL’s DCV execution time. Now, AutoSSL performs HTTP-based DCVs for each user first. Then, any DNS changes for users’ DNS-based DCVs occur in a single DNS update.

Before this change, AutoSSL would separately process each user’s local DCVs. This process resulted in separate DNS updates for each user requiring a DNS-based DCV.

Replace DNS resolver

cPanel & WHM now uses Unbound for recursive DNS resolution. Unbound allows cPanel & WHM to execute multiple DNS queries concurrently. Services that rely on DNS queries will gain speed improvements. For example, AutoSSL now runs more quickly.

Errors interface now displays last 300 lines in an error log

In cPanel & WHM version 84, we updated cPanel’s  Errors interface (cPanel >> Home >> Metrics >> Errors) to display the last 300 lines of the following log files:

  • /usr/local/apache/logs/suexec_log
  • /usr/local/apache/logs/error_log

The interface now displays the following information:

  • Error log entries from the user’s home directory.
  • Entries from the /usr/local/apache/logs/suexec_log file that include the username for the account.

Updates to the Let’s Encrypt plugin

In cPanel & WHM version 84, we updated the Let’s Encrypt™ plugin to use Let’s Encrypt’s new API in anticipation of the original API’s end of life.

  • This will allow us to continue to support our users who rely on this plugin. This also allows us to accommodate the plugin for Let’s Encrypt’s rate limit changes. The rate limit is now 300 certificate orders every three hours. 

  • This update also allows the plugin to support wildcard domains.

  • The system backup file will now include all Let’s Encrypt registrations. This backup preserves all Let’s Encrypt registrations in the event of a server failure.

New notifications about Extended Validation (EV) and Organization-Validated (OV) SSL certificates

We now send notifications to cPanel users when they can expedite their SSL order. This update will decrease the time it takes to issue EV and OV SSL certificate orders. For example, a cPanel user can click a URL to schedule a phone call with their certificate provider.

DNSSEC improvements

In cPanel & WHM version 84, we improved the DNSSEC section of cPanel’s Zone Editor interface (cPanel >> Home >> Domains >> Zone Editor). Users will be able to import and manage DNSSEC key more easily. Also, we have added help text to guide users through the process.

New options in the Transfer Tool interface and the cpconftool script

We added the following service configuration options to WHM’s Transfer Tool interface (WHM >> Home >> Transfers >> Transfer Tool):

  • AutoSSL
  • GreyList
  • Hulk
  • ModSecurity

We also added the equivalent modules to the /usr/local/cpanel/bin/cpconftool script:

  • cpanel::ssl::autossl
  • cpanel::system::greylist
  • cpanel::security::cphulk
  • cpanel::system::modsecurity

Use these options to transfer your settings from one server to another server. You can also use the script to create backup and restoration files on your local server.

Apache configuration file changes

In cPanel & WHM version 84, we created the /etc/cpanel/ea4/ea4.conf file. This file consolidates all of your webserver’s options into a single JSON file. This file replaces the /var/cpanel/conf/apache/local and /var/cpanel/conf/apache/main files. The system will back up the current contents of these files to the root-home-dir/legacy_ea3_distiller_files-timestamp.tar.gz file, where root-home-dir represents the root user’s home directory and timestamp represents a timestamp. 

The WHM interface provides several ways to customize your Apache configuration: 

  • cPanel & WHM sets several Apache directives by default. These directives affect the whole server. To change these directives, use the Global Configuration section of WHM’s  Apache Configuration interface (WHM >> Home >> Service Configuration >> Apache Configuration).

  • To modify the Apache configuration’s include files through WHM, use the Include Editor section of WHM’s Apache Configuration interface (WHM >> Home  >> Service Configuration >> Apache Configuration).

We provide several other methods to customize your system. You can use one of the following methods to create custom configurations:

For more information, read our Advanced Apache Configuration documentation.

Support for the DNS Node server profile license

In cPanel & WHM version 84, we added support for the cPanel DNS Node server license. The DNS Node server profile lets you assign a server that provides only Domain Name System (DNS) services.

For more information about server profiles, read our How to Use Server Profiles documentation.

Improved DNS server reload capabilities

In cPanel & WHM version 84, we lowered the maximum value of the DNS server reload deferral time setting to 300 seconds in WHM’s Tweak Settings interface (WHM >> Home >> Server Configuration >> Tweak Settings). This change takes advantage of the DNS cluster performance improvements we made in cPanel & WHM version 82. We recommend that users set this value to 5 seconds.

Important:
When you update to cPanel & WHM version 84, the system will set the DNS server reload deferral time value to 300 if it is higher than this value.

AutoSSL pre-verification now includes Certificate Authority (CA) authorization

AutoSSL now verifies a CA’s authorization via Certificate Authority Authorization (CAA) records. Without verification, AutoSSL would order certificates that the CA did not have the authority to secure.

Application Manager interface updates

We have updated cPanel’s Application Manager interface (cPanel >> Home >> Software >> Application Manager) for clarity and usability. It now includes better help text, error messages, and setting names.

Webmail user interface updates

In cPanel & WHM version 84, we have updated the look and feel, as well as the workflow, of the Webmail interface. The updated Webmail Home interface allows users to more perform the following actions:

  • Open their inbox upon login — Users can select to open their email’s inbox every time they log in to Webmail. To do so, select the Open my inbox when I log in checkbox.

  • Change their Webmail client — Users can click any logo under the Change your webmail client header to change their Webmail client.

  • Set up email on a device — Users can email configuration instructions to a device. They will need access to their inbox from the device. 

  • Access Webmail functions — Users will find Webmail functions to configure their settings in this interface.  

For more information, read our Webmail documentation.

sshd daemon UseDNS setting disabled in the installer

The cPanel & WHM installer now disables the secure shell daemon’s (sshd) UseDNS setting. This prevents faulty logging of client IP addresses in the cPHulk service.

Deprecated and removed items

Deprecation of PHP versions 5.6 and 7.0

We have deprecated PHP 5.6 and PHP 7.0 and will remove support for them in a future version.

To help alert cPanel users, cPanel’s  MultiPHP Manager interface (cPanel >> Home >> Software >> MultiPHP Manager) now displays PHP version warnings.

These warnings are similar to the warnings in WHM’s  MultiPHP Manager interface (WHM >> Home >> Software >> MultiPHP Manager).

Removed the /usr/local/cpanel/bin/apache_conf_distiller script

In cPanel & WHM version 84, we removed the /usr/local/cpanel/bin/apache_conf_distiller script.

The /var/cpanel/conf/apache/main and /var/cpanel/conf/apache/local files

In cPanel & WHM version 84, we removed the /var/cpanel/conf/apache/main and /var/cpanel/conf/apache/local files. The system now combines the contents of these files in the /etc/cpanel/ea4/ea4.conf file.

Appendix A: New and modified API functions

New UAPI functions

New WHM API 1 functions

Modified UAPI functions

  • DNSSEC::enable_dnssec— We added the algo_num, key_setup, and active parameters.
  • DNSSEC::fetch_ds_records — We added the key_id parameter and key_type return.
  • Restore::directory_listing — This function now requires the FileStorage role.
  • Restore::get_users — This function now requires the FileStorage role.
  • Restore::query_file_info — This function now requires the FileStorage role.
  • Restore::restore_file — This function now requires the FileStorage role.
  • SSL::add_autossl_excluded_domains — This function now requires either the CalendarContact, MailReceive, WebDisk, Webmail, or WebServer role.
  • SSL::add_autossl_excluded_domains — This function now requires either the CalendarContact, MailReceive, WebDisk, Webmail, or WebServer role. — This function now requires either the CalendarContact, MailReceive, WebDisk, Webmail, or WebServer role.
  • SSL::delete_cert — This function now requires either the CalendarContact, MailReceive, WebDisk, Webmail, or WebServer role.
  • SSL::delete_csr — This function now requires either the CalendarContact, MailReceive, WebDisk, Webmail, or WebServer role.
  • SSL::delete_key — This function now requires either the CalendarContact, MailReceive, WebDisk, Webmail, or WebServer role.
  • SSL::delete_ssl — This function now requires either the CalendarContact, MailReceive, WebDisk, Webmail, or WebServer role.
  • SSL::enable_mail_sni (case for cleaning up the wall of warnings) — This function now requires either the CalendarContact, MailReceive, WebDisk, Webmail, or WebServer role.
  • SSL::fetch_cert_info — This function now requires either the CalendarContact, MailReceive, WebDisk, Webmail, or WebServer role.
  • SSL::generate_cert — This function now requires either the CalendarContact, MailReceive, WebDisk, Webmail, or WebServer role.
  • SSL::generate_csr — This function now requires either the CalendarContact, MailReceive, WebDisk, Webmail, or WebServer role.
  • SSL::generate_key — This function now requires either the CalendarContact, MailReceive, WebDisk, Webmail, or WebServer role.
  • SSL::get_autossl_pending_queue — This function now requires either the CalendarContact, MailReceive, WebDisk, Webmail, or WebServer role.
  • SSL::get_autossl_problems — This function now requires either the CalendarContact, MailReceive, WebDisk, Webmail, or WebServer role.
  • SSL::get_cabundle — This function now requires either the CalendarContact, MailReceive, WebDisk, Webmail, or WebServer role.
  • SSL::install_ssl  — This function now requires either the CalendarContact, MailReceive, WebDisk, Webmail, or WebServer role.
  • SSL::installed_host — This function now requires either the CalendarContact, MailReceive, WebDisk, Webmail, or WebServer role.
  • SSL::installed_hosts — This function now requires either the CalendarContact, MailReceive, WebDisk, Webmail, or WebServer role.
  • SSL::is_autossl_check_in_progress — This function now requires either the CalendarContact, MailReceive, WebDisk, Webmail, or WebServer role.
  • `SSL::is_mail_sni_supported — This function now requires either the CalendarContact, MailReceive, WebDisk, Webmail, or WebServer role.
  • SSL::is_sni_supported — This function now requires either the CalendarContact, MailReceive, WebDisk, Webmail, or WebServer role.
  • SSL::list_certs — This function now requires either the CalendarContact, MailReceive, WebDisk, Webmail, or WebServer role.
  • SSL::list_csrs — This function now requires either the CalendarContact, MailReceive, WebDisk, Webmail, or WebServer role.
  • SSL::list_keys — This function now requires either the CalendarContact, MailReceive, WebDisk, Webmail, or WebServer role.
  • SSL::list_ssl_items — This function now requires either the CalendarContact, MailReceive, WebDisk, Webmail, or WebServer role.
  • SSL::rebuild_mail_sni_config — This function now requires either the CalendarContact, MailReceive, WebDisk, Webmail, or WebServer role.
  • SSL::remove_autossl_excluded_domains — This function now requires either the CalendarContact, MailReceive, WebDisk, Webmail, or WebServer role.
  • SSL::set_autossl_excluded_domains — This function now requires either the CalendarContact, MailReceive, WebDisk, Webmail, or WebServer role.
  • SSL::set_cert_friendly_name — This function now requires either the CalendarContact, MailReceive, WebDisk, Webmail, or WebServer role.
  • SSL::set_csr_friendly_name — This function now requires either the CalendarContact, MailReceive, WebDisk, Webmail, or WebServer role.
  • SSL::set_key_friendly_name — This function now requires either the CalendarContact, MailReceive, WebDisk, Webmail, or WebServer role.
  • SSL::set_primary_ssl — This function now requires either the CalendarContact, MailReceive, WebDisk, Webmail, or WebServer role.
  • SSL::show_cert — This function now requires either the CalendarContact, MailReceive, WebDisk, Webmail, or WebServer role.
  • SSL::show_csr — This function now requires either the CalendarContact, MailReceive, WebDisk, Webmail, or WebServer role.
  • SSL::show_key — This function now requires either the CalendarContact, MailReceive, WebDisk, Webmail, or WebServer role.
  • SSL::start_autossl_check — This function now requires either the CalendarContact, MailReceive, WebDisk, Webmail, or WebServer role.
  • SSL::upload_cert — This function now requires either the CalendarContact, MailReceive, WebDisk, Webmail, or WebServer role.
  • SSL::upload_key — This function now requires either the CalendarContact, MailReceive, WebDisk, Webmail, or WebServer role.

Modified cPanel API 2 functions

  • Bandwidth::addhttpbandwidth — This function now requires the FileStorage, MailReceiveand WebServer role.
  • DiskUsage::buildcache — This function now requires the FileStorage role.
  • DiskUsage::clearcache — This function now requires the FileStorage role.
  • DiskUsage::fetch_raw_disk_usage — This function now requires the FileStorage role.
  • DiskUsage::fetchdiskusage — This function now requires the FileStorage role.
  • DiskUsage::fetchdiskusagewithextras — This function now requires the FileStorage role.
  • SSL::fetchcabundle — This function now requires either the CalendarContact, MailReceive, WebDisk, Webmail, or WebServer role.
  • SSL::fetchinfo — This function now requires either the CalendarContact, MailReceive, WebDisk, Webmail, or WebServer role.
  • SSL::gencrt — This function now requires either the CalendarContact, MailReceive, WebDisk, Webmail, or WebServer role.
  • SSL::gencsr — This function now requires either the CalendarContact, MailReceive, WebDisk, Webmail, or WebServer role.
  • SSL::genkey — This function now requires either the CalendarContact, MailReceive, WebDisk, Webmail, or WebServer role.
  • SSL::installssl — This function now requires either the CalendarContact, MailReceive, WebDisk, Webmail, or WebServer role.
  • SSL::listcrts — This function now requires either the CalendarContact, MailReceive, WebDisk, Webmail, or WebServer role.
  • SSL::listcsrs — This function now requires either the CalendarContact, MailReceive, WebDisk, Webmail, or WebServer role.
  • SSL::listkeys — This function now requires either the CalendarContact, MailReceive, WebDisk, Webmail, or WebServer role.
  • SSL::listsslitems — This function now requires either the CalendarContact, MailReceive, WebDisk, Webmail, or WebServer role.
  • SSL::uploadcrt — This function now requires either the CalendarContact, MailReceive, WebDisk, Webmail, or WebServer role.
  • SSL::uploadkey — This function now requires either the CalendarContact, MailReceive, WebDisk, Webmail, or WebServer role.

Modified WHM API 1 functions

  • edit_hook — This function edits a script hook. We added the check, exectype, hook, rollback, stage, and weight parameters.

Deprecated UAPI Functions

None.