New builds for all public update tiers have been released by the cPanel team. These updates provide specific changes to several security concerns found with cPanel/WHM. All Nuagerie servers are automatically updated to reflect these changes, however, these builds are available to all customers through the standard updating system. If you have disabled automatic updates in your cPanel system, then it is strongly encouraged to update at your earliest convenience.
cPanel has rated these updates as having CVSSv3 scores ranging from 4.7 - 7.8. To learn more about cPanel’s security ratings, please visit https://go.cpanel.net/securitylevels.
The following cPanel & WHM versions address all known vulnerabilities:
The latest public releases of cPanel & WHM for all update tiers are available at http://httpupdate.cpanel.net.
The security issues have been found and resolved by the cPanel Security Team. Since they believe these vulnerabilities were not made public, cPanel will only release limited information about the vulnerabilities at this time.
Once enough time has passed to allow cPanel & WHM systems to automatically update to the new versions, cPanel will release additional information about the nature of the security issues. This Targeted Security Release addresses 9 vulnerabilities in cPanel & WHM software versions 76, 74, and 70.
If you want to learn more about the release process for cPanel/WHM, make sure to read their documentation at https://go.cpanel.net/versionformat
