MOON

File: //var/cpanel/changelog.cache
pst0

6http://atom.cpanel.net/changelog/cpanel-changelog.atom	all_link_
Version 56subtitlecPanel & WHM Change Log Feedtitle$
production56tagsChange Log for 56.0.52titlee<div xmlns="http://www.w3.org/1999/xhtml"><div><ul><li class="p1">[security] Fixed case SEC-282: Stored XSS Vulnerability in WHM MySQL Password Change Interfaces.</li><li class="p1">[security] Fixed case SEC-283: CPanel backup interface could return a backup with all MySQL databases.</li><li class="p1">[security] Fixed case SEC-284: User account backups could contain all MySQL databases on the server.</li><li class="p1">[security] Fixed case SEC-285: Addon domain conversion can copy all MySQL databases to the new account.</li><li class="p1">[security] Fixed case SEC-296: Account rename can result in Apache logfiles becoming world-readable.</li><li class="p1">[security] Fixed case SEC-299: Backup system overwrites root's home directory when mount disappears.</li><li class="p1">[security] Fixed case SEC-300: Open redirect in /unprotected/redirect.html.</li><li class="p1">[security] Fixed case SEC-302: Code execution as mailman user due to faulty environmental variable filtering.</li><li class="p1">[security] Fixed case SEC-303: Arbitrary file overwrite via Roundcube SQLite schema update.</li></ul></div>
</div>content2017-09-20, 01:30 (UTC)updated2017-09-19, 01:30 (UTC)	publishedChange Log for 56.0.51title
production56tags2017-07-19, 01:30 (UTC)updated2017-07-18, 01:30 (UTC)	published�<div xmlns="http://www.w3.org/1999/xhtml"><div><ul><li class="p1">[security] Fixed case SEC-263: Stored XSS during WHM cPAddons install.</li><li class="p1">[security] Fixed case SEC-264: Stored XSS during WHM cPAddons upgrades.</li><li class="p1">[security] Fixed case SEC-265: Stored XSS during WHM cPAddons file operations.</li><li class="p1">[security] Fixed case SEC-266: Stored XSS during WHM cPAddons uninstallation.</li><li class="p1">[security] Fixed case SEC-267: Stored XSS during WHM cPAddons cron operations.</li><li class="p1">[security] Fixed case SEC-268: Stored XSS during moderated WHM cPAddons installation.</li><li class="p1">[security] Fixed case SEC-269: Stored XSS in WHM cPAddons processing.</li><li class="p1">[security] Fixed case SEC-272: EasyApache 4 conversion sets loose domlog ownership and permissions.</li><li class="p1">[security] Fixed case SEC-273: Domain log files become readable after log processing.</li><li class="p1">[security] Fixed case SEC-280: The cpdavd_error_log can be created with insecure permissions.</li><li class="p1">[security] Fixed case SEC-288: Resellers can read other accounts domain log files.</li><li class="p1">[security] Fixed case SEC-289: Insecure log file permissions after account modification.</li><li class="p1">[security] Fixed case SEC-290: Apache domlogs become temporarily world-readable during log processing.</li><li class="p1">[security] Fixed case SEC-291: Apache SSL domain logs left behind after account termination.</li><li class="p1">[security] Fixed case SEC-294: Corrupted user and group ownership when using 'reassign_post_terminate_cruft'.</li><li class="p1">[security] Fixed case SEC-297: Self XSS Vulnerability in WHM Upload Locale interface.</li></ul></div>
</div>content�<div xmlns="http://www.w3.org/1999/xhtml"><div><ul><li class="p1">Implemented case CPANEL-14441: Accomodate new Comodo DCV format and path.</li></ul></div>
</div>content2017-07-14, 01:30 (UTC)updated2017-07-14, 01:30 (UTC)	publishedChange Log for 56.0.50title
production56tagsChange Log for 56.0.49title
production56tags2017-05-16, 01:30 (UTC)	published2017-05-18, 01:30 (UTC)updated
e<div xmlns="http://www.w3.org/1999/xhtml"><div><ul><li class="p1">[security] Fixed case SEC-234: Horde MySQL to SQLite conversion can leak database password.</li><li class="p1">[security] Fixed case SEC-236: Code execution for webmail and demo accounts with the store_filter API call.</li><li class="p1">[security] Fixed case SEC-237: Code execution as root via SET_VHOST_LANG_PACKAGE multilang adminbin call.</li><li class="p1">[security] Fixed case SEC-238: Demo account code execution with BoxTrapper API.</li><li class="p1">[security] Fixed case SEC-239: Demo account file read vulnerability in Fileman::getfileactions API2 call.</li><li class="p1">[security] Fixed case SEC-240: Webmail account arbitrary code execution via forwarders.</li><li class="p1">[security] Fixed case SEC-241: Webmail arbitrary file write with addforward API call.</li><li class="p1">[security] Fixed case SEC-242: Demo account code execution through Encoding API calls.</li><li class="p1">[security] Fixed case SEC-243: Demo account code execution via ImageManager_dimensions API call.</li><li class="p1">[security] Fixed case SEC-244: Demo users have access to traceroute via api2.</li><li class="p1">[security] Fixed case SEC-245: Demo accounts able to redirect web traffic.</li><li class="p1">[security] Fixed case SEC-246: Cpanel::SPFUI API commands are available to demo accounts.</li><li class="p1">[security] Fixed case SEC-247: Demo and suspended accounts allowed to port-forward via SSH.</li><li class="p1">[security] Fixed case SEC-248: Cpanel SSH API commands are allowed for Demo accounts.</li><li class="p1">[security] Fixed case SEC-249: Demo restrictions not enforced in SSL API calls.</li><li class="p1">[security] Fixed case SEC-250: File read and write for demo accounts in SourceIPCheck API.</li><li class="p1">[security] Fixed case SEC-251: Code execution for Demo accounts via ClamScanner_getsocket API.</li><li class="p1">[security] Fixed case SEC-252: Limited file read via Serverinfo_manpage API call.</li><li class="p1">[security] Fixed case SEC-254: Limited file rename as root via scripts/convert_roundcube_mysql2sqlite.</li><li class="p1">[security] Fixed case SEC-255: Limited file chmod in /scripts/convert_roundcube_mysql2sqlite.</li><li class="p1">[security] Fixed case SEC-257: User crontab publicly visible during cPAddon upgrades.</li><li class="p1">[security] Fixed case SEC-259: Code execution via Rails configuration files.</li><li class="p1">[security] Fixed case SEC-260: Supplemental groups lost during account renames.</li><li class="p1">[security] Fixed case SEC-262: Stored XSS in WHM cPAddons install interface.</li></ul></div>
</div>contentChange Log for 56.0.48title
production56tags�<div xmlns="http://www.w3.org/1999/xhtml"><div><ul><li class="p1">Fixed case CPANEL-12508: Update CentOS 5 deprecation notice.</li></ul></div>
</div>content2017-05-11, 17:30 (UTC)	published2017-05-11, 17:30 (UTC)updated
production56tagsChange Log for 56.0.47title2017-04-14, 01:30 (UTC)	published2017-04-14, 01:30 (UTC)updated�<div xmlns="http://www.w3.org/1999/xhtml"><div><ul><li class="p1">Fixed case CPANEL-10931: Disable CGIEmail and CGIEcho on update, and on new installs.</li></ul></div>
</div>contentChange Log for 56.0.46title
production56tags�<div xmlns="http://www.w3.org/1999/xhtml"><div><ul><li class="p1">[security] Fixed case SEC-208: Addon domain conversion did not require a package for resellers.</li><li class="p1">[security] Fixed case SEC-217: Self XSS Vulnerability in WHM cPAddons 'showsecurity' interface.</li><li class="p1">[security] Fixed case SEC-219: File overwrite when renaming an account.</li><li class="p1">[security] Fixed case SEC-220: Arbitrary code execution during account modification.</li><li class="p1">[security] Fixed case SEC-223: Security policy questions were not transfered during account rename.</li><li class="p1">[security] Fixed case SEC-224: CPHulk one day ban bypass when IP based protection enabled.</li><li class="p1">[security] Fixed case SEC-225: Code execution as root via overlong document root path settings.</li><li class="p1">[security] Fixed case SEC-226: Arbitrary file overwrite via WHM Zone Template editor.</li><li class="p1">[security] Fixed case SEC-227: Expand list of reserved usernames.</li><li class="p1">[security] Fixed case SEC-228: Adding parked domains to mail config did not respect domain ownership.</li><li class="p1">[security] Fixed case SEC-229: URL filtering flaw allowed access to restricted resources.</li><li class="p1">[security] Fixed case SEC-232: Demo code execution via Htaccess::setphppreference API.</li><li class="p1">[security] Fixed case SEC-233: Arbitrary code execution for demo accounts via NVData_fetchinc API call.</li></ul></div>
</div>content2017-03-21, 01:30 (UTC)	published2017-03-22, 01:30 (UTC)updated
production56tagsChange Log for 56.0.45title2017-03-10, 02:30 (UTC)updated2017-03-10, 02:30 (UTC)	published�<div xmlns="http://www.w3.org/1999/xhtml"><div><ul><li class="p1">Fixed case CPANEL-5908: Repackage X::MarketDisabled for frontend consumption.</li><li class="p1">Fixed case CPANEL-5947: Use correct short url for transfer tool documentation.</li><li class="p1">Fixed case CPANEL-6338: Implemented work around for broken /dev/root symlink during quotacheck.</li><li class="p1">Fixed case CPANEL-6786: Do not incorrectly alter PEAR configuration on EasyApache 4 servers.</li><li class="p1">Fixed case CPANEL-7450: WHM: Fixed sorting by expiration date on the Manage SSL Hosts page.</li><li class="p1">Fixed case CPANEL-7594: Resolve /proc/mounts symlink when fixing missing /dev/root.</li><li class="p1">Fixed case CPANEL-8756: Perform cPanel YUM calls with EPEL disabled.</li><li class="p1">Fixed case CPANEL-9173: Add p0f to yum excludes.</li><li class="p1">Fixed case CPANEL-11219: Add Comodo to cPanel trusted root store.</li></ul></div>
</div>content
production56tagsChange Log for 56.0.43title2017-01-17, 02:30 (UTC)	published2017-01-18, 02:30 (UTC)updated�<div xmlns="http://www.w3.org/1999/xhtml"><div><ul><li class="p1">[security] Fixed case SEC-196: Fixed password used for Munin MySQL test account.</li><li class="p1">[security] Fixed case SEC-197: Self-XSS in paper_lantern password change screen.</li><li class="p1">[security] Fixed case SEC-198: Reflected XSS in reset password interfaces.</li><li class="p1">[security] Fixed case SEC-199: Self-XSS in webmail Password and Security page.</li><li class="p1">[security] Fixed case SEC-204: Exim piped filters ran as wrong user when delivering to a system user.</li><li class="p1">[security] Fixed case SEC-205: Leech Protect did not protect certain directories.</li><li class="p1">[security] Fixed case SEC-206: Exim transports could be run as the nobody user.</li><li class="p1">[security] Fixed case SEC-207: Improper ACL checks in xml-api for Rearrange Account.</li><li class="p1">[security] Fixed case SEC-209: SSL certificate generation in WHM uses an unreserved email address.</li><li class="p1">[security] Fixed case SEC-210: Account ownership not enforced by has_mycnf_for_cpuser WHM API call.</li><li class="p1">[security] Fixed case SEC-211: Stored XSS Vulnerability in WHM Account Suspension List interface.</li><li class="p1">[security] Fixed case SEC-212: Format string injection vulnerability in cgiemail.</li><li class="p1">[security] Fixed case SEC-213: WHM 'enqueue_transfer_item' API allowed resellers to queue non rearrange modules.</li><li class="p1">[security] Fixed case SEC-214: Open redirect vulnerability in cgiemail.</li><li class="p1">[security] Fixed case SEC-215: HTTP header injection vulnerability in cgiemail.</li><li class="p1">[security] Fixed case SEC-216: Reflected XSS vulnerability in cgiemail addendum handling.</li></ul></div>
</div>content2017-01-10, 02:30 (UTC)updated2017-01-10, 02:30 (UTC)	published�<div xmlns="http://www.w3.org/1999/xhtml"><div><ul><li class="p1">Fixed case CPANEL-7518: Show maximum and minimum values for applicable fields on WHM Basic Setup page.</li><li class="p1">Fixed case CPANEL-7823: Fix the is_upcp_running() check in ChkServd.</li><li class="p1">Fixed case CPANEL-9510: BoxTrapper: fix JavaScript on review queue page.</li><li class="p1">Fixed case CPANEL-10542: Update exim to 4.87-7.cp1156.</li></ul></div>
</div>content
production56tagsChange Log for 56.0.41title
production56tagsChange Log for 56.0.39title2016-11-22, 02:30 (UTC)	published2016-11-23, 02:30 (UTC)updatedd<div xmlns="http://www.w3.org/1999/xhtml"><div><ul><li class="p1">[security] Fixed case SEC-158: Arbitrary file overwrite when account domain is modified.</li><li class="p1">[security] Fixed case SEC-159: Stored XSS in WHM Repair Mailbox Permissions interface.</li><li class="p1">[security] Fixed case SEC-160: Stored XSS Vulnerability in the WHM Manage cPAddons interface.</li><li class="p1">[security] Fixed case SEC-161: File overwrite during preparation for MySQL upgrades.</li><li class="p1">[security] Fixed case SEC-162: Open redirect via /cgi-sys/FormMail-clone.cgi.</li><li class="p1">[security] Fixed case SEC-164: Arbitrary file overwrites when updating Roundcube.</li><li class="p1">[security] Fixed case SEC-165: File create and chmod via ModSecurity Audit logfile processing.</li><li class="p1">[security] Fixed case SEC-168: Enforce feature list restrictions when calling the multilang adminbin.</li><li class="p1">[security] Fixed case SEC-169: Arbitrary code execution for ACL limited resellers during account creation.</li><li class="p1">[security] Fixed case SEC-173: Arbitrary file chown via reassign_post_terminate_cruft.</li><li class="p1">[security] Fixed case SEC-174: Stored XSS in homedir removal during WHM Account termination.</li><li class="p1">[security] Fixed case SEC-175: Stored XSS in MySQL database names during WHM Account termination.</li><li class="p1">[security] Fixed case SEC-176: Stored XSS in perlinstaller directory removal in WHM Account Termination.</li><li class="p1">[security] Fixed case SEC-177: Self-XSS Vulnerability in WHM Tweak Settings for autodiscover_host.</li><li class="p1">[security] Fixed case SEC-178: Self-Stored XSS Vulnerability in listftpstable API.</li><li class="p1">[security] Fixed case SEC-179: Stored XSS in api1_listautoresponders.</li><li class="p1">[security] Fixed case SEC-180: Self-XSS Vulnerability in UI_confirm API.</li><li class="p1">[security] Fixed case SEC-180: Stored XSS Vulnerability in ftp_sessions API.</li><li class="p1">[security] Fixed case SEC-181: Self-Stored XSS in postgres API1 listdbs.</li><li class="p1">[security] Fixed case SEC-182: Self-Stored XSS in SSL_listkeys.</li><li class="p1">[security] Fixed case SEC-184: Self-XSS in alias upload interface.</li><li class="p1">[security] Fixed case SEC-185: Sensitive file contents revealed during file copy operations.</li><li class="p1">[security] Fixed case SEC-186: Apache SSL keys readable by the nobody group.</li><li class="p1">[security] Fixed case SEC-187: Host Access Control improperly handles action-less host.deny entries.</li><li class="p1">[security] Fixed case SEC-188: Arbitrary code execution via Maketext in PostgreSQL adminbin.</li><li class="p1">[security] Fixed case SEC-191: Code execution via cpsrvd 403 response handler.</li><li class="p1">[security] Fixed case SEC-192: HTTP POST to listinput.cpanel.net does not use TLS.</li></ul></div>
</div>content
production56tagsChange Log for 56.0.38title<div xmlns="http://www.w3.org/1999/xhtml"><div><ul><li class="p1">Fixed case CPANEL-5005: Stop warning about the lack of CDB_File.</li><li class="p1">Fixed case CPANEL-5886: Allow Pushbullet API tokens with periods.</li><li class="p1">Fixed case CPANEL-7454: Fallback to RtNetlink if if_list fails.</li><li class="p1">Fixed case CPANEL-8455: Adjust hostname cert renewal to T-25, start warnings at T-20.</li><li class="p1">Fixed case CPANEL-8478: Replace broken 2FA go links.</li><li class="p1">Fixed case CPANEL-8794: Addon Domain: Prompt to remove FTP accounts when removing domain.</li><li class="p1">Fixed case CPANEL-9701: Increase apache restart timeout to handle many SSL certs.</li><li class="p1">Fixed case CPANEL-9824: Update Compress::Raw::Lzma to avoid segfault.</li></ul></div>
</div>content2016-11-16, 18:30 (UTC)updated2016-11-16, 18:30 (UTC)	published<div xmlns="http://www.w3.org/1999/xhtml"><div><ul><li class="p1">Fixed case CPANEL-6052: Missing use statement creating suspend account errors.</li><li class="p1">Fixed case CPANEL-7649: Keep default-character-set setting in migrations to MySQL 5.6.</li></ul></div>
</div>content2016-11-02, 17:30 (UTC)updated2016-11-02, 17:30 (UTC)	publishedChange Log for 56.0.36title
production56tagsJ<div xmlns="http://www.w3.org/1999/xhtml"><div><ul><li class="p1">Fixed case CPANEL-8673: Fix spurious error message about Mailman archive permissions.</li><li class="p1">Fixed case CPANEL-8434: Update MySQL56 to 5.6.33-1.cp1156.</li><li class="p1">Fixed case CPANEL-8432: Update MySQL55 to 5.5.52-1.cp1156.</li></ul></div>
</div>content2016-10-04, 01:30 (UTC)updated2016-10-04, 01:30 (UTC)	published
production56tagsChange Log for 56.0.35title<div xmlns="http://www.w3.org/1999/xhtml"><div><ul><li class="p1">[security] Fixed case SEC-141: Code execution as other accounts via mailman list archives.</li><li class="p1">[security] Fixed case SEC-152: Arbitrary code execution due to faulty shebang in Mail::SPF scripts.</li><li class="p1">[security] Fixed case SEC-154: Arbitrary file read due to multipart form processing error.</li><li class="p1">[security] Fixed case SEC-156: Stored XSS Vulnerability in WHM tail_upcp2.cgi interface.</li></ul></div>
</div>content2016-09-20, 01:30 (UTC)	published2016-09-21, 01:30 (UTC)updatedChange Log for 56.0.34title
production56tags
production56tagsChange Log for 56.0.33title2016-08-18, 05:30 (UTC)updated2016-08-18, 01:30 (UTC)	published�<div xmlns="http://www.w3.org/1999/xhtml"><div><ul><li class="p1">Fixed case CPANEL-7677: Don't replace an expiring cert with another expiring cert.</li><li class="p1">Fixed case CPANEL-7708: Add directory permissions validation to bin/rebuild-templates.</li><li class="p1">Fixed case CPANEL-7858: Hardcode suexec patch version to 2.0 when cloudlinux is detected.</li></ul></div>
</div>content
production56tagsChange Log for 56.0.32title2016-08-12, 01:30 (UTC)	published2016-08-12, 05:30 (UTC)updatede<div xmlns="http://www.w3.org/1999/xhtml"><div><ul><li class="p1">Fixed case CPANEL-7526: Provide more useful DCV error reporting.</li><li class="p1">Fixed case CPANEL-7661: Update bandmin to 1.6.1-3.cp1156.</li><li class="p1">Fixed case CPANEL-7678: Update cpanel-perl-522 to 5.22.1-10.cp1156.</li><li class="p1">Fixed case CPANEL-7761: Pass the error message from the find_leaf method.</li><li class="p1">Fixed case CPANEL-7817: Don't display pipe filter option for webmail users.</li><li class="p1">Fixed case CPANEL-7959: Modify whostmgr10 to correctly handle multiline update blockers.</li></ul></div>
</div>content2016-08-01, 17:30 (UTC)updated2016-08-01, 17:30 (UTC)	published�<div xmlns="http://www.w3.org/1999/xhtml"><div><ul><li class="p1">Fixed case CPANEL-7661: Update bandmin to 1.6.1-3.cp1156.</li><li class="p1">Fixed case CPANEL-7678: Update cpanel-perl-522 to 5.22.1-10.cp1156.</li></ul></div>
</div>content
production56tagsChange Log for 56.0.29title2016-07-19, 17:30 (UTC)updated2016-07-19, 17:30 (UTC)	published�<div xmlns="http://www.w3.org/1999/xhtml"><div><ul><li class="p1">Fixed case CPANEL-7161: Paper Lantern: Address layout issues with Feature Showcase.</li><li class="p1">Fixed case CPANEL-7312: Account for newly available db engines in the db map.</li><li class="p1">Fixed case CPANEL-7349: Leave suphp setuid.</li><li class="p1">Fixed case CPANEL-7478: Update bandmin to 1.6.1-2.cp1156.</li></ul></div>
</div>contentChange Log for 56.0.28title
production56tagsChange Log for 56.0.27title
production56tags1<div xmlns="http://www.w3.org/1999/xhtml"><div><ul><li class="p1">[security] Fixed case SEC-130: Apache logfiles start with loose permissions.</li><li class="p1">[security] Fixed case SEC-133: WHM 'Purchase and Install an SSL Certificate' page lists all server domains.</li><li class="p1">[security] Fixed case SEC-134: File ownership change to 'nobody' via rearrangeacct.</li><li class="p1">[security] Fixed case SEC-137: Set the pear tmp directory during php install.</li><li class="p1">[security] Fixed case SEC-138: Demo mode breakout via Site Templates and Boxtrapper API calls.</li><li class="p1">[security] Fixed case SEC-139: Improper session handling for shared users.</li><li class="p1">[security] Fixed case SEC-142: Code execution as other user accounts through the PHP CGI handler.</li></ul></div>
</div>content2016-07-20, 01:30 (UTC)updated2016-07-19, 01:30 (UTC)	published2016-07-15, 01:30 (UTC)updated2016-07-01, 01:30 (UTC)	published<div xmlns="http://www.w3.org/1999/xhtml"><div><ul><li class="p1">Fixed case CPANEL-5018: Updated JS validation for MySQL database names.</li><li class="p1">Fixed case CPANEL-5848: Improve ftpquotacheck output.</li><li class="p1">Fixed case CPANEL-5963: During migration, prompt w/ details when ea3 PHP version isn't in ea4.</li><li class="p1">Fixed case CPANEL-5984: Find PHP version as part of EA 4 migration.</li><li class="p1">Fixed case CPANEL-6193: Initquotas fails if the disk label cannot be resolved by mount.</li><li class="p1">Fixed case CPANEL-6334: Use the cPanel pg_restore to restore databases.</li><li class="p1">Fixed case CPANEL-6344: Remove obsolete <a class="external-link" href="http://modsecparse.pl" rel="nofollow">modsecparse.pl</a> script on upgrade.</li><li class="p1">Fixed case CPANEL-6431: Ensure subdomains of the maindomain get updated on IP change.</li><li class="p1">Fixed case CPANEL-6448: Ensure the cPanel bandwidth cache directory exists.</li><li class="p1">Fixed case CPANEL-7197: Improve error handling in Cpanel::Backup::restored.</li><li class="p1">Fixed case CPANEL-7232: Make buildeximconf not always modify sa's init.pre.</li><li class="p1">Implemented case CPANEL-6484: Cpanel::Output::Multi indent changes need to propagate to its objects.</li></ul></div>
</div>contentChange Log for 56.0.25title
production56tags
<div xmlns="http://www.w3.org/1999/xhtml"><div><ul><li class="p1">Fixed case CPANEL-6218: Ensure SpamAssassin body rules get recompiled on update.</li><li class="p1">Fixed case CPANEL-6306: Fix setting preferred_username in link_user_authn_provider.</li><li class="p1">Fixed case CPANEL-6346: Fix firefox bug in transfer tool.</li><li class="p1">Fixed case CPANEL-6408: The docroot cache cannot handle multiple users.</li><li class="p1">Fixed case CPANEL-6475: Ensure atomic replaces can handle files with special characters.</li><li class="p1">Fixed case CPANEL-6480: Prevent resellers from destroying the openid link cache.</li><li class="p1">Fixed case CPANEL-6515: Update MySQL55 to 5.5.50-1.cp1156.</li><li class="p1">Fixed case CPANEL-6544: Fix permissions on squirrelmail configuration post 56 upgrade.</li><li class="p1">Implemented case CPANEL-6572: Honor the timezone field for locale datetime calls.</li><li class="p1">Implemented case CPANEL-6600: Disable exiscan support if /etc/exiscandisable exists.</li></ul></div>
</div>content2016-06-07, 17:30 (UTC)	published2016-10-04, 01:30 (UTC)updatedChange Log for 56.0.24title
production56tagsChange Log for 56.0.22title
production56tags2016-05-27, 05:30 (UTC)updated2016-05-27, 05:30 (UTC)	published<div xmlns="http://www.w3.org/1999/xhtml"><div><ul><li class="p1">Fixed case CPANEL-5694: Improve support for Amazon Linux AMI.</li><li class="p1">Fixed case CPANEL-5996: Check local IP *before* doing DCV preflight on NAT.</li><li class="p1">Fixed case CPANEL-6115: Fix several small bugs with the Cpanel::PageRequst module.</li><li class="p1">Fixed case CPANEL-6352: Update exim to 4.87-5.cp1156.</li><li class="p1">Fixed case CPANEL-6363: Remove append-only attribute from logfiles in Makefile.</li></ul></div>
</div>content
production56tagsChange Log for 56.0.21title2016-05-24, 05:30 (UTC)	published2016-06-14, 17:30 (UTC)updatedi<div xmlns="http://www.w3.org/1999/xhtml"><div><ul><li class="p1">Fixed case CPANEL-5806: Tolerate missing suspend and hold mail listings.</li><li class="p1">Fixed case CPANEL-6292: Update cpanel-git to 2.8.3-1.cp1156.</li><li class="p1">Fixed case CPANEL-6295: Update cpanel-php54 to 5.4.31-3.cp1156.</li><li class="p1">Fixed case CPANEL-6308: SSHControl must report unknown errors and suppress tty errors.</li><li class="p1">Fixed case CPANEL-6323: Add Lets Encrypt OCSP servers to list that need newer openssl.</li><li class="p1">Fixed case CPANEL-6326: Avoid tar 1.16 -- file list workaround on tar 1.15 and before.</li><li class="p1">Implemented case CPANEL-6120: TLS Wiz: Accommodate cases where cert is installed before “confirmed”.</li><li class="p1">Implemented case CPANEL-6307: Prevent JSON and XML api from returning HTML locale text.</li></ul></div>
</div>content
production56tagsChange Log for 56.0.20title<div xmlns="http://www.w3.org/1999/xhtml"><div><ul><li class="p1">Fixed case CPANEL-6009: Fix SFTP configuration file download.</li><li class="p1">Fixed case CPANEL-6144: Restore rearrange account functionality as a granted privilege.</li><li class="p1">Fixed case CPANEL-6177: Password Reset: fix check for password strength.</li><li class="p1">Fixed case CPANEL-6220: Regenerate the cPanel PHP-FPM config during account rearrange.</li><li class="p1">Fixed case CPANEL-6240: Detect looping CNAME records.</li></ul></div>
</div>content2016-05-20, 01:30 (UTC)	published2016-05-20, 01:30 (UTC)updated
production56tagsChange Log for 56.0.18title2016-05-18, 17:30 (UTC)updated2016-05-18, 17:30 (UTC)	published�<div xmlns="http://www.w3.org/1999/xhtml"><div><ul><li class="p1">Fixed case CPANEL-6134: Make pg_dump work on CentOS 5.</li><li class="p1">Fixed case CPANEL-6165: Resolve a deadlock when rsyncing with Interconnect.</li><li class="p1">Fixed case CPANEL-6189: Normalize the return values from Quota::query on XFS.</li><li class="p1">Fixed case CPANEL-6208: Improve timeout handling when downloading files.</li></ul></div>
</div>content
production56tagsChange Log for 56.0.17title2016-05-18, 01:30 (UTC)updated2016-05-18, 01:30 (UTC)	published<div xmlns="http://www.w3.org/1999/xhtml"><div><ul><li class="p1">Fixed case CPANEL-6197: Resolve JS error on paper_lantern cron page.</li><li class="p1">Implemented case CPANEL-6097: 'code' parameter now clears on redirect to wizard.</li></ul></div>
</div>contentChange Log for 56.0.16title
production56tags�<div xmlns="http://www.w3.org/1999/xhtml"><div><ul><li class="p1">Fixed case CPANEL-5556: Honor security policy settings for 2FA with API calls.</li><li class="p1">Fixed case CPANEL-5556: Use API for DNS cluster setup.</li><li class="p1">Fixed case CPANEL-5637: Fix broken validation of ModSecurity param.</li><li class="p1">Fixed case CPANEL-5726: Restart dnsadmin after update to 56.</li><li class="p1">Fixed case CPANEL-5774: URL Parameter cruft is now removed when navigating to SSL purchase.</li><li class="p1">Fixed case CPANEL-6003: Have pkg resolution parser handle single and double line pkg entries.</li><li class="p1">Fixed case CPANEL-6031: Ensure Cpanel::cPQuota loads Cpanel::Quota::Fileys.</li><li class="p1">Fixed case CPANEL-6038: Don't complain about permissions of crontab binary.</li><li class="p1">Fixed case CPANEL-6038: Fix check for proper crontab permissions.</li><li class="p1">Fixed case CPANEL-6041: Avoid OCSP calls to ocsp2.globalsign.com if openssl is too old.</li><li class="p1">Fixed case CPANEL-6053: Security Advisor should only trigger iContact for WARN or higher.</li><li class="p1">Fixed case CPANEL-6054: Ensure crontab_perms checks the system crontab binary.</li><li class="p1">Fixed case CPANEL-6073: Revert SHA-1 certificates weakness check until Dec 28th 2016Z.</li><li class="p1">Fixed case CPANEL-6089: Update pure-ftpd to 1.0.42-5.cp1156.</li><li class="p1">Fixed case CPANEL-6095: Cpanel::DnsRoots::Resolver fails if nat loopback is not enabled.</li><li class="p1">Fixed case CPANEL-6107: Update cpanel-perl-522-CryptX to 0.034-1.cp.</li><li class="p1">Fixed case CPANEL-6114: HttpRequest: don't time out unless we stop making progress.</li><li class="p1">Implemented case CPANEL-6005: Communicate “order not found” from cP Market to UI.</li><li class="p1">Implemented case CPANEL-6078: Added a catch for undefined steps to prevent getting stuck at checkout.</li><li class="p1">Implemented case CPANEL-6080: Update tooltip in TLS Wiz for DNS -&gt; DCV change.</li></ul></div>
</div>content2016-05-17, 01:30 (UTC)	published2016-10-04, 01:30 (UTC)updated<div xmlns="http://www.w3.org/1999/xhtml"><div><ul><li class="p1">[security] Fixed case SEC-58: SQLite journal allowed for arbitrary file overwrite during Horde Restore.</li><li class="p1">[security] Fixed case SEC-109: Demo account arbitrary code execution via ajax_maketext_syntax_util.pl.</li><li class="p1">[security] Fixed case SEC-110: Self XSS Vulnerability in Paper Lantern Landing Page.</li><li class="p1">[security] Fixed case SEC-112: Limited denial of service via /scripts/killpvhost.</li><li class="p1">[security] Fixed case SEC-113: /scripts/addpop and /scripts/delpop exposed TTY's.</li><li class="p1">[security] Fixed case SEC-114: /scripts/checkinfopages exposed TTY to unprivileged process.</li><li class="p1">[security] Fixed case SEC-115: /scripts/maildir_converter exposed TTY to unprivileged process.</li><li class="p1">[security] Fixed case SEC-116: /scripts/unsuspendacct exposed TTY's.</li><li class="p1">[security] Fixed case SEC-117: /scripts/enablefileprotect exposed TTY's.</li><li class="p1">[security] Fixed case SEC-118: Self-XSS in ftp account creation under addon domains.</li><li class="p1">[security] Fixed case SEC-119: Demo restriction breakout via show_template.stor.</li><li class="p1">[security] Fixed case SEC-120: Arbitrary file read for Webmail accounts via Branding APIs.</li><li class="p1">[security] Fixed case SEC-121: Webmail account arbitrary code execution through forwarders.</li><li class="p1">[security] Fixed case SEC-123: SQL Injection via ModSecurity TailWatch log file.</li><li class="p1">[security] Fixed case SEC-124: Logfile permissions not set correctly in dnsadmin-startup and spamd-startup.</li><li class="p1">[security] Fixed case SEC-125: User log files become world-readable when rotated by cpanellogd.</li></ul></div>
</div>content2016-05-18, 01:30 (UTC)updated2016-05-17, 01:30 (UTC)	published
production56tagsChange Log for 56.0.15title2016-06-14, 17:30 (UTC)updated2016-05-06, 17:30 (UTC)	published�<div xmlns="http://www.w3.org/1999/xhtml"><div><ul><li class="p1">Fixed case CPANEL-5479: Autofix the system binary crontab permissions if they are incorrect.</li><li class="p1">Fixed case CPANEL-5975: Update Crypt::JWT to 0.013 (for Let’s Encrypt plugin).</li><li class="p1">Fixed case CPANEL-6013: Improve robustness of the php-fpm wedged restart check.</li><li class="p1">Implemented case CPANEL-5972: Fix English in error message about failure to start polling (TLS Wiz).</li></ul></div>
</div>contentChange Log for 56.0.14title
production56tags2016-10-04, 01:30 (UTC)updated2016-05-04, 17:30 (UTC)	published�<div xmlns="http://www.w3.org/1999/xhtml"><div><ul><li class="p1">Fixed case CPANEL-3540: Handle yum replacing the crontab symlink on CentOS 7.</li><li class="p1">Fixed case CPANEL-4662: Ensure the CONF value in templates loads data properly.</li><li class="p1">Fixed case CPANEL-4877: Update go links for Service Transfer Tool.</li><li class="p1">Fixed case CPANEL-4918: Remove confusing transfer tool "success" color.</li><li class="p1">Fixed case CPANEL-5128: Webmail: Fix scrolling on mobile view.</li><li class="p1">Fixed case CPANEL-5146: Remove LoadModule dependencies from Cpanel::Exception.</li><li class="p1">Fixed case CPANEL-5180: Disable false warnings 'Failed to unlink' on install.</li><li class="p1">Fixed case CPANEL-5231: Remove unused WHM SSH key interface.</li><li class="p1">Fixed case CPANEL-5404: Properly display version numbers in Transfer Tool.</li><li class="p1">Fixed case CPANEL-5562: Folder browse no longer overlaps the branding version element.</li><li class="p1">Fixed case CPANEL-5658: EA4: Combine UI and migrate script MOTD.</li><li class="p1">Fixed case CPANEL-5659: Ignore -cpanelsync and .rpmorig file while loading chkservd drivers.</li><li class="p1">Fixed case CPANEL-5719: Check_mysql: detach from terminal.</li><li class="p1">Fixed case CPANEL-5731: Avoid killing stunnel when accessing TLS ports without nativessl.</li><li class="p1">Fixed case CPANEL-5744: Authorize support access should send the contact email.</li><li class="p1">Fixed case CPANEL-5749: Gracefully handle known exception for SpamAssassin during Perl update.</li><li class="p1">Fixed case CPANEL-5815: Avoid update checks if the user does not have permission to update.</li><li class="p1">Fixed case CPANEL-5843: CPanelID is missing in the FeatureShowcase for v56.</li><li class="p1">Fixed case CPANEL-5846: Ignore blank groups in branding instead of failing.</li><li class="p1">Fixed case CPANEL-5849: Updates block is /var/run/yum.pid exists with a dead yum pid.</li><li class="p1">Fixed case CPANEL-5863: DnsRoots must query the parent ns when it has the SOA for a subdomain.</li><li class="p1">Fixed case CPANEL-5867: Workaround Firefox 46.0 no longer doing RFC2616 8.2.4.</li><li class="p1">Fixed case CPANEL-5878: Bring in Crypt::JWT and CryptX in 56.</li><li class="p1">Fixed case CPANEL-5883: Cachedcommand should not cache empty data.</li><li class="p1">Fixed case CPANEL-5890: Rearrange account must restore mail and fileprotect perms.</li><li class="p1">Fixed case CPANEL-5894: Ensure the mailman archive path uses a trailing slash.</li><li class="p1">Fixed case CPANEL-5899: Cpanel::FileUtils::Modify does not preserve group ownership.</li><li class="p1">Fixed case CPANEL-5906: Update cpanel-git to 2.8.2-1.cp1156.</li><li class="p1">Fixed case CPANEL-5912: Quota::getmntent does not fetch all filesystems with quota support.</li><li class="p1">Fixed case CPANEL-5914: Cronjobs cannot be added on CentOS7 if the cron file is missing.</li><li class="p1">Fixed case CPANEL-5951: /var/cpanel/ssl/disable_service_certificate_management disables checkallsslcerts.</li><li class="p1">Fixed case CPANEL-5953: Update CryptX to 0.031 for the Let’s Encrypt plugin.</li><li class="p1">Fixed case CPANEL-5956: Create_user_session should not require 2FA since its already authenticated.</li><li class="p1">[security] Fixed case CPANEL-5973: Update cpanel-ImageMagick to 6.9.0-4.cp1154.</li><li class="p1">Implemented case CPANEL-5818: Restartsrv can now recover from failed cpanel_php_fpm graceful restarts.</li><li class="p1">Implemented case CPANEL-5842: Rebuild the dovecot config if the service fails four times.</li><li class="p1">Implemented case CPANEL-5844: Supress BoxTrapper UI warning for messages with an empty subject.</li><li class="p1">Implemented case CPANEL-5897: Autoreconnect in php-fpm in cpsrvd is not effective.</li><li class="p1">Implemented case CPANEL-5950: Fix the catch block that was accidentally changed.</li></ul></div>
</div>content
production56tagsChange Log for 56.0.13title�<div xmlns="http://www.w3.org/1999/xhtml"><div><ul><li class="p1">Fixed case CPANEL-4625: Don't generate fatal when attempting to package a non-existent locale.</li><li class="p1">Fixed case CPANEL-5646: Fixed locking issues while mounting backup disk on demand.</li><li class="p1">Implemented case CPANEL-5841: Wildcard certs that do not match the hostname should not be replaced.</li></ul></div>
</div>content2016-04-28, 17:30 (UTC)	published2016-04-28, 17:30 (UTC)updated
production56tagsChange Log for 56.0.9title
production56tagsChange Log for 56.0.8title2016-04-24, 17:30 (UTC)	published2016-04-24, 17:30 (UTC)updated�<div xmlns="http://www.w3.org/1999/xhtml"><div><ul><li class="p1">Fixed case CPANEL-4968: Update pure-ftpd to 1.0.42-4.cp1156.</li><li class="p1">Fixed case CPANEL-5594: When subaccount database is missing, treat this as an empty list.</li><li class="p1">Fixed case CPANEL-5628: Update proftpd to 1.3.5b-1.cp1156.</li><li class="p1">Fixed case CPANEL-5652: Fix fatal error in Limit Bandwidth Usage.</li><li class="p1">Fixed case CPANEL-5662: Improve MySQL version from host.</li><li class="p1">Fixed case CPANEL-5693: Avoid nscd cache clear when services activate from dormancy.</li><li class="p1">Fixed case CPANEL-5742: Forced TLS wizard to check DCV when deep linked from WHM.</li><li class="p1">Fixed case CPANEL-5743: Fix breakage with cjt2 API handler.</li><li class="p1">Implemented case CPANEL-5444: Fixed issue breaking x3 redirect from WHM.</li><li class="p1">Implemented case CPANEL-5657: Checkallsslcerts is missing the key length check.</li><li class="p1">Implemented case CPANEL-5674: TLS Wizard Retro style are now isolated to the app.</li><li class="p1">Implemented case CPANEL-5680: The SSL Install email should show covered domains first.</li><li class="p1">Implemented case CPANEL-5692: Prevent clearing the cache during dovecot-auth.</li><li class="p1">Implemented case CPANEL-5706: Only rely on the DCV check in order to account for CloudFlare.</li><li class="p1">Implemented case CPANEL-5711: Change the DNS check to a DCV check in the TLS Wizard.</li><li class="p1">Implemented case CPANEL-5725: Ensure the email address is sent to the oauth endpoint.</li><li class="p1">Implemented case CPANEL-5739: Reduce number of API calls made to cPStore.</li></ul></div>
</div>content?<div xmlns="http://www.w3.org/1999/xhtml"><div><ul><li class="p1">Fixed case CPANEL-4304: Implement an aggressive reconnect strategy for php-fpm.</li><li class="p1">Fixed case CPANEL-4862: Fixed issue where progress bar goes outside of its div.</li><li class="p1">Fixed case CPANEL-5090: Update cPStore products endpoint.</li><li class="p1">Fixed case CPANEL-5328: HB-1536 - Hide Service Configurations section when in Restricted Mode.</li><li class="p1">Fixed case CPANEL-5565: Allow spaces in the branding groupid.</li><li class="p1">Fixed case CPANEL-5591: Boxtrapper responses must not add ips to recent_recipient_mail_server_ips.</li><li class="p1">Fixed case CPANEL-5599: Convert Addon to Account: Disable Email section only if there is no email data.</li><li class="p1">Fixed case CPANEL-5600: Exclude autoreplied emails from recent_recipient_mail_server_ips.</li><li class="p1">Fixed case CPANEL-5618: Hide Service Configurations in Transfer Tool when server is CentOS 5.</li><li class="p1">Fixed case CPANEL-5634: Accommodate “OrderCanceled” and “OrderItemCanceled”.</li><li class="p1">Fixed case CPANEL-5640: Removed trailing ',' in dynamicui.conf.</li><li class="p1">Fixed case CPANEL-5649: Transfers can fail because of terminal adding CRs.</li><li class="p1">Implemented case CPANEL-5467: Accommodate “interesting” cPStore errors from cert fetch.</li><li class="p1">Implemented case CPANEL-5540: Cached order data no longer interfers with new orders.</li><li class="p1">Implemented case CPANEL-5635: Suppress CSR parse from UAPI pending queue returns.</li></ul></div>
</div>content2016-06-14, 17:30 (UTC)updated2016-04-19, 05:30 (UTC)	published
production56tagsChange Log for 56.0.5title2016-04-13, 01:30 (UTC)	published2016-06-14, 17:30 (UTC)updateda<div xmlns="http://www.w3.org/1999/xhtml"><div><ul><li class="p1">Fixed case CPANEL-4878: Go link for subaccount password reset.</li><li class="p1">Fixed case CPANEL-5441: TLS Wiz: Fix SSL status display after emptying pending queue.</li><li class="p1">Fixed case CPANEL-5505: Cpdavd: add missing dependency on HTTP::Response.</li><li class="p1">Fixed case CPANEL-5515: Update dovecot to 2.2.23-3.cp1156.</li><li class="p1">Fixed case CPANEL-5521: Update MySQL55 to 5.5.49-1.cp1156.</li><li class="p1">Fixed case CPANEL-5527: Update MySQL56 to 5.6.30-1.cp1156.</li><li class="p1">Fixed case CPANEL-5537: Enable nativessl when stunnel is disabled.</li><li class="p1">Fixed case CPANEL-5543: Dnsadmin dormant generates authkeys on startup.</li><li class="p1">[license] Fixed case CPANEL-5544: Correct template when looking up network interface name.</li><li class="p1">Implemented case CPANEL-5455: Improve localization of TLS Wizard checkout template.</li><li class="p1">Implemented case CPANEL-5465: Improve visibility of TLS Wizard growl notifications.</li><li class="p1">Implemented case CPANEL-5484: Changes to required methods for Market Providers.</li><li class="p1">Implemented case CPANEL-5501: Fixed issue with line breaks on small width device.</li><li class="p1">Implemented case CPANEL-5525: Retro styles added to improve tls wizard in retro.</li></ul></div>
</div>contentChange Log for 56.0.3title
production56tags2016-04-12, 01:30 (UTC)	published2016-04-13, 01:30 (UTC)updated�<div xmlns="http://www.w3.org/1999/xhtml"><div><ul><li class="p1">Fixed case CPANEL-4878: Go link for subaccount password reset.</li><li class="p1">Fixed case CPANEL-5474: Cpanel::DnsRoots::Resolver fails if A is not returned with NS.</li><li class="p1">Implemented case CPANEL-5434: TLS Wiz: Success message for post-checkout.</li><li class="p1">Implemented case CPANEL-5450: Check pending certificates now gives more specific feedback.</li><li class="p1">Implemented case CPANEL-5465: Improve visibility of TLS Wizard growl notifications.</li><li class="p1">Implemented case CPANEL-5501: Fixed issue with line breaks on small width device.</li></ul></div>
</div>content
production56tagsChange Log for 56.0.1titleentries

11.56.0.52version_2026-05-05, 17:30 (UTC)updated	Ken Powerauthor
9http://atom.cpanel.net/changelog/cpanel-changelog-56.atomself