WP Squared Changelog

2026-05

138.1.2

released on 2026-05-27

Fixed Case(s):
- WPX-10517: Prevent the system from provisioning a second temporary domain when the first-time WordPress import flow fails and the customer retries.
- WPX-10592: Reject cross-tenant CDN admin calls.
- WPX-10687: Ensure Cpanel::OS considers Imunify360 to be supported on WP Squared.
- WPX-10729: Fix a UI error when verifying two-factor authentication codes on the WP Squared security policy page in certain server configurations.
Implemented Case(s):
- WPX-10021: Ensure the system installs Imunify360 on every upcp via a recurring sanity check.
- WPX-10532: Add ignore_invalid_cert to WP::import_website and WP::create_import_session.

138.1.1

released on 2026-05-21

Fixed Case(s):
- Fixed CPANEL-53485: Update cpanel-unbound to 1.25.1. Fixes: CVE-2026-33278, CVE-2026-42944, CVE-2026-42959, CVE-2026-32792, CVE-2026-40622, CVE-2026-41292, CVE-2026-42534, CVE-2026-42923, CVE-2026-42960, CVE-2026-44390, and CVE-2026-44608.

138.1.0

released on 2026-05-20

Fixed Case(s):
- WPX-5194: The system no longer attempts to load two-factor authentication settings when the feature is disabled.
- WPX-6297: Convert AutoDomains subdomain and zone template record configuration from hardcoded is_wp_squared() checks to ProductConfig-driven values.
- WPX-7760: The get_user_email_forward_destination and set_user_email_forward_destination WHM API functions no longer require the Receive Mail role.
- WPX-8981: Fixed an issue where notification emails sent for WP Squared sites on temporary preview domains (*.wpsquared.site) had an undeliverable sender address. Email notifications from temporary domains now use the system hostname as the sender domain.
- WPX-9366: Add security questions support to the WP Squared security policy interface.
- WPX-9699: PHP-FPM is now correctly enabled on ‘2 GB’ cloud instances that report less than 2048 MB of RAM.
- WPX-9945: Prevent reuse of a stale SSL certificate when a domain is deleted and recreated with preview links enabled.
- WPX-9945: Avoid unwanted stack traces from preview readiness check warnings in the error log.
- WPX-9945: Disable preview domains before deleting their associated TLS certificate files from disk to prevent broken NGINX configuration.
- WPX-9945: Fix SSL certificate handling during account recreation when the same domain’s certificate was still pending deletion.
- WPX-9998: Fix temporary domain creation failing when the system user owns the IP-based root domain.
- WPX-10230: Fix AutoSSL problem reporting so that domains blocked before DCV (e.g., unresolvable domains) now appear in get_autossl_problems.
- WPX-10484,WPX-10485,WPX-10486: Fix spurious warnings during fresh installs related to TweakSettings post_action callbacks, DNS status code passthrough, and DKIM setup guard.
- WPX-10505: Reset import website loading steps on new-domain flow.
- WPX-10509: Update wp-toolkit-cpanel to 6.10.1-10341.
- WPX-10516: Clear AccelerateWP and Redis caches after website import.
- WPX-10518: Fix the walkthrough website creation flow so the loading screen, install request, and first-time state stay in sync.
- WPX-10520: Fix cPanel configuration changes not being visible inside CageFS environments until a manual update.
- WPX-10545: Add locale fallback chains for da_dk, nb_no, and sv_se.
- WPX-10590: Tighten input contract for modify_primary_domain.
- WPX-10662: Fix clone of a WordPress instance to a temporary sub-domain failing with “domain does not belong to the user”.
Implemented Case(s):
- WPX-9493: Set CloudLinux pmem lower bound to 256M on WP Squared servers during post-reboot setup, ensuring adequate memory limits for WordPress PHP processes.
- WPX-9702: Add per-domain logging for website preview domains.
- WPX-9920: Add Danish (da_dk) as a supported locale for WP Squared.
- WPX-9922: Add Latin American Spanish (es_419) as a supported locale for WP Squared.
- WPX-10164: Add Swedish (sv_se) as a supported locale for WP Squared.
- WPX-10166: Add Norwegian (nb_no) as a supported locale for WP Squared.
- WPX-10242: Allow WP2 task-queue and backup binaries to call admin modules.

Fixed Case(s):
- CPANEL-36289: Fixed an issue where accounts could become stuck in a state where they could not be suspended or unsuspended due to inconsistent suspension detection between suspendacct and unsuspendacct.
- CPANEL-43104: Fix incorrect SPF term classification for include mechanisms whose domain ends with the letter ‘a’ or other mechanism keywords.
- CPANEL-44000: scripts/cpdig will now print DNS errors if encountered.
- CPANEL-45602: Fix alignment of search result dropdown from header.
- CPANEL-46119: Fix denial-of-service vulnerability where unauthenticated requests could exhaust system resources by repeatedly loading the cPanel login page.
- CPANEL-48741: Added support for BUILD_USING_NPM_INSTALL=yes in ui/Makefile web-components-node-modules target to allow npm install fallback when package-lock.json is absent.
- CPANEL-49988: Require the force DNS flag when root creates an account using a domain that is a subdomain of another user’s domain.
- CPANEL-50301: Fix bug in Cpanel::RPM::Versions::Pkgr where children of the locker PID would destroy the lockfile out from under a parent on exit.
- CPANEL-50741: Fix WHM app search ranking so shorter app names no longer appear above longer ones when both match the search term equally.
- CPANEL-50812: Add WHM API 1 OpenAPI documentation for disable_mail_sni, enable_mail_sni, and rebuildinstalledssldb.
- CPANEL-50819: Add OpenAPI documentation for the Branding::include UAPI endpoint.
- CPANEL-50820: Add OpenAPI documentation for the DNS::fetch_cpanel_generated_domains UAPI endpoint.
- CPANEL-50822: Add OpenAPI documentation for the Market UAPI functions create_shopping_cart_non_ssl, get_build_cart_url, get_completion_url, get_license_info, and get_product_info.
- CPANEL-51089: Fix a crash in listaccts when hosting package files are invalid or corrupt.
- CPANEL-51729: Fix npm security vulnerabilities in web-components.
- CPANEL-51799: WHM pages for PFILE groups now always include the docs breadcrumb navigation element, even when a dedicated menu template is absent.
- CPANEL-51799: Fix docs-link in WHM when a group template file is missing.
- CPANEL-52003: Fix spurious Failed to read PID smaps emails.
- CPANEL-52014: Don’t update securetmp unnecessarily in TweakSettings.
- CPANEL-52152: Set up MySQL yumrepos to use the 2025 GPG signing key, as that is not expired.
- CPANEL-52185: The MultiPHP Manager outdated PHP banner now includes a description explaining that outdated PHP versions no longer receive security updates and recommends PHP ELS. The More Info link is positioned inline with the description instead of pushed to the far right.
- CPANEL-52282: Fix initial setup wizard crash when analytics system_id file is missing.
- CPANEL-52359: Fix ‘Use of uninitialized value in exit’ warning in scripts/apachelimits.
- CPANEL-52412: Fix ‘Apply DMARC Policy’ so it no longer overwrites existing DMARC records, and ensure it uses the server’s configured default policy rather than the hardcoded fallback.
- CPANEL-52466: Suppress PHP ‘Outdated’ and ‘Secured’ status labels on CloudLinux and Imunify360 servers where the vendor still hardens PHP packages.
- CPANEL-52502: Add flag for managing SSL controls in the unified SSL interface.
- CPANEL-52514: Fix spurious ‘uninitialized value’ warning in in-product survey new-user check when Leika newuser config keys are absent.
- CPANEL-52608: Fix PHP-FPM service management on CloudLinux to start, stop, restart, and monitor alt-php FPM services alongside EA4.
- CPANEL-52610: Update cpanel-php84 to 8.4.20.
- CPANEL-52623: Use atomic writes when creating the Exim virgin config and the repquota cache to prevent truncated files if the process is interrupted.
- CPANEL-52787: Fix issue where the system did not automatically include the www with the parent domain in Let’s Encrypt Certificate requests from TLS Wizard interface.
- CPANEL-53017: Include missing package names in update blocker message.
- DUCKS-5434: Fix feature-list rule validation for the default feature list to properly expand sparse entries and delegate to the shared validation module.
- DUCKS-5951: Fix UAPI DNS::ensure_domains_reside_only_locally returning false success on sandbox installs.
Implemented Case(s):
- CPANEL-47230: cPanel & WHM now uses HTTPS when syncing updates from a host that supports SSL.
- CPANEL-52298: Update SVCB API Specs for Existing Go Links.
- CPANEL-52538: Display the server’s IPv4 and IPv6 addresses in the Statistics section on the WHM home page.

136.1.16

released on 2026-05-20

Fixed Case(s):
- [Security] Targeted Security Release

136.1.15

released on 2026-05-14

Fixed Case(s):
- [Security] Targeted Security Release

136.1.13

released on 2026-05-13

Fixed Case(s):
- WPX-10537: Fixed a site import failure for single-site package WPSquared users.

136.1.12

released on 2026-05-13

Fixed Case(s):
- [Security] Targeted Security Release

136.1.11

released on 2026-05-08

Fixed Case(s):
- WPX-10603: Updated a filter that incorrectly checked for runtime-only packages at compile time.

136.1.10

released on 2026-05-08

Fixed Case(s):
- [security] Fixed: An arbitrary file read was found in the feature::LOADFEATUREFILE adminbin call where it does not adequately validate the feature file name. A relative path may be passed as the argument to this call, causing an arbitrary file to be made world-readable. (CVE-2026-29201)
- [security] Fixed: A Perl code injection method was found in the create_user API call, relating to the plugin parameter. (CVE-2026-29202)
- [security] Fixed: An unsafe symlink handling error was found that allows a user to chmod an arbitrary file, allowing for denial of service and possible privilege escalation. (CVE-2026-29203)

136.1.8

released on 2026-05-07

Fixed Case(s):
- CPANEL-53011: Update cpanel-exim to 4.99.2 Fixes: CVE-2026-40684, CVE-2026-40685, CVE-2026-40686, and CVE-2026-40687.

2026-04

136.1.7

released on 2026-04-28

Implemented Case(s):
- WPX-10216: Display an update button on the active theme card when a theme update is available.
- WPX-10242: Allow WP2 task-queue and backup binaries to call admin modules.

Fixed Case(s):
- CPANEL-52908: Fixed issue with login authentication.

136.1.6

released on 2026-04-13

Fixed Case(s):
- WPX-10433: Update wp-toolkit-cpanel to 6.10.0-10331.

Fixed Case(s):
- CPANEL-46159: Fix race condition that allowed a truncated Apache httpd.conf to be published during concurrent AutoSSL and userdata updates, taking all virtual hosts offline. Add pre-publication structural validation and structured log labels to identify which rebuild layer failed.
- CPANEL-49988: Require the force DNS flag when root creates an account using a domain that is a subdomain of another user’s domain.
- CPANEL-51692: Prevent SSL certificates which advertise coverage for names which contain spaces from being expressed in the Dovecot configuration, something which breaks the service.
- CPANEL-51923: Reduce AutoSSL notification spam by sending a single digest email when multiple domains fail certificate renewal, instead of one email per domain.

136.1.5

released on 2026-04-08

Fixed Case(s):
- WPX-6345: Automatically reinstall the imagick PHP extension after ImageMagick library updates to prevent version-mismatch errors.
- WPX-7760: The get_user_email_forward_destination and set_user_email_forward_destination WHM API functions no longer require the Receive Mail role.
- WPX-8471: Fix error handling for WordPress staging site password protection to correctly capture and report errors.
- WPX-8990: Prevent AccelerateWP plugins from being briefly installed on WordPress staging sites during creation.
- WPX-9299: Fix WordPress installation failing to redirect to Extendify when a concurrent WPTK task caused the install task to be deferred.
- WPX-9927: Fix some AutoSSL DCV failures for preview domains by allowing ACME HTTP challenges to bypass the HTTPS redirect.
- WPX-10016: Fix the WP Squared Advanced tab loading indefinitely when SSL or DNS data requests encounter errors.
- WPX-10049: WordPress sites using Extendify onboarding now automatically clear the Nginx cache after launch completes, ensuring visitors see the updated site immediately.
- WPX-10183: Fix preview domain setup hanging indefinitely when the readiness check timeout fires during an in-flight HTTP request.
Implemented Case(s):
- WPX-5166: Add ability to import an existing WordPress website into WP Squared using source site credentials.
- WPX-5968: The system now enables Shell Access by default for new hosting packages and for the default package on fresh servers.
- WPX-6741: Improved performance of AccelerateWP feature status checks by filtering results per domain when the installed accelerate-wp version supports it.
- WPX-7961: Theme and plugin images now display a grey pulsing placeholder during loading and gracefully fall back to a default image on error, eliminating layout shift in the WP² interface.
- WPX-9887: verify_wptk_userdata now auto-registers domains missing from WPTK during repair and preserves wptkid entries by default.
- WPX-10187: Display notification indicator on Plugins and Themes tabs when updates are available or recommended plugins are missing.
- WPX-10238: Prevent creation of domains that are subdomains of auto-domains (e.g., cprapid.com, wp2.host).
- WPX-10321: Added Romanian and Indonesian language support for WordPress Squared.
- WPX-10352: Enable MAx Cache by default on new and existing WP Squared servers to improve WordPress performance.
- WPX-10358: Add ability to toggle the Import My Website feature via WHM Feature Manager and display a Beta badge on the import card.
- WPX-10364: Update wp-toolkit-cpanel to 6.10.0-10297.
- WPX-10205,WPX-10367: Add ability to generate CSR certificates, install custom SSL certificates, and reset to AutoSSL-managed certificates in the WP Squared SSL management interface. Fix the Advanced tab loading indefinitely when the SSL certificate SAN list does not include the website domain.

Fixed Case(s):
- CPANEL-43136: Fix Security Advisor to properly detect Imunify360, ImunifyAV, and ImunifyAV+ when market provider is disabled.
- CPANEL-44000: scripts/cpdig now will print DNS errors if encountered.
- CPANEL-45401: Remove remaining ICQ/OSCAR related code from the product.
- CPANEL-46970: Improved error messaging for package max_email_per_hour validation.
- CPANEL-48069: Automatically configure PHP error logging to ~/logs/php.error.log for all newly created domains.
- CPANEL-48069: Allow PHP error logging directives (error_log, log_errors, error_log_mode) to be configured in MultiPHP INI Editor Basic Mode.
- CPANEL-50301: Fix bug in Cpanel::RPM::Versions::Pkgr where children of the locker PID would destroy the lockfile out from under a parent on exit.
- CPANEL-50532: Updated Trademarks pages to reflect WebPros International, L.L.C. ownership with improved layout and current third-party trademark attributions.
- CPANEL-50845: Fix account backup failure when userdata directory contains subdirectories.
- CPANEL-51513: Respect httpd_deferred_restart_time during bulk account removal to avoid redundant Apache PHP-FPM restarts.
- CPANEL-51627: Re-add support for Dovecot to use custom Diffie-Hellman parameters file.
- CPANEL-51680: Fix false-alarm SSL expiry warnings for AutoSSL-managed domains.
- CPANEL-51680: Use less alarming warning text for SSL certificates that are expiring soon but will be auto-renewed.
- CPANEL-51788: Fix chkservd not reading mail service logs, which could cause Eximstats and Track Delivery to stop updating.
- CPANEL-51921: Upgrade Compress::Raw::Zlib to address CVE-2026-3381.
- CPANEL-52006: Update PHP to 8.4.19.
- CPANEL-52028: Show Hostname, Operating System, cPanel Version, and Load Averages in the WHM home Statistics card on mobile-sized viewports.
- CPANEL-52164: Fix uninitialized-value warnings in Cpanel::CachedDataStore when the datastore file disappears between stat calls during disk cache validation.
- CPANEL-52170: Cancel stale CI runs when new commits are pushed to a pull request instead of running both in parallel.
- CPANEL-52182: Bump rpm.versions for update to cpanel-geoipfree-data.
- CPANEL-52224: CPAN updates, addressing CVE-2026-4177, CVE-2006-10002, CVE-2006-10003.
- CPANEL-52244: Improve WHM frontend build performance by filtering minification targets to git-tracked files only.
- CPANEL-52327: Fix Apache rebuild warnings and repeated survey prompts caused by root’s scoped userdata directory.
Implemented Case(s):
- CPANEL-51959: Fix styling of the Cancel button in the outdated PHP version confirmation dialog on the WHM MultiPHP Manager page.
- CPANEL-52298: Update SVCB API Specs for Existing Go Links.

2026-03

136.1.4

released on 2026-03-20

Fixed Case(s):
- WPX-7212: Fix search engine indexing not being disabled for accounts created with temporary domains.
- WPX-7724: Throttle AutoSSL failure notifications to at most once per 24 hours per vhost, notification type, and recipient.
- WPX-8452: Fix Mixpanel debug logging appearing in browser console when debugui is not enabled.
- WPX-8852: Allow "@" as a shortcut for the root domain in the zone editor, matching standard DNS zone file conventions.
- WPX-9384: Fix typo in UAPI Variables get_user_information field name from ‘maximum_w2_sebsites’ to ‘maximum_w2_websites’.
- WPX-9860: Fix double HTML-encoding of the Autoinstall Set tooltip in the WP Squared package extension.
- WPX-9862: AutoSSL now emits a clear error when the configured provider module does not exist on the system.
- WPX-9924: Always create /home/wp-backups during WP2 installation to prevent cagefsctl sanity-check failures on fresh deployments.
- WPX-9949: Add WP::is_nginx_caching_enabled UAPI endpoint.
- WPX-10000: Added the Stats::get_stats_daily UAPI method to retrieve daily AwStats data for a domain.
Implemented Case(s):
- WPX-9311: Allow concurrent WordPress clone and rename operations across different instances.
- WPX-9857: Add clear nginx cache action to the website lister when nginx caching is enabled.
- WPX-9935: Automatically install Imunify360 on WP Squared servers where it was missing due to an installer failure.
- WPX-10104: Redesign disk usage display in websites list with a structured badge and color-coded progress bar.

Fixed Case(s):
- CPANEL-46546: Fix Ticket Assist firewall detection when Imunify360 creates /etc/csf without installing the CSF binary.
- CPANEL-47555: MySQL and MariaDB upgrades now detect and automatically remove version locks when proceeding with the upgrade, preventing database service from being left in a non-functional state.
- CPANEL-49464: Remove custom Net::SSLeay fork in favor of upstream module.
- CPANEL-50811: Add OpenAPI documentation for deprecated FeatureLists API methods.
- CPANEL-50957: Rename “Process Memory Limit: config” in Mailserver Config to “Process Memory Limit for Other Services”, and apply the setting to all internal Dovecot services not otherwise covered by another setting.
- CPANEL-51488: Make EOL PHP/Hardened PHP clearer in EA4 UI output.
- CPANEL-51568: Add ARC signing to SRS forwarded SMTP messages.
- CPANEL-51576: Add WHM API function to report the count of domains using end-of-life PHP versions.
- CPANEL-51581: Update cpanel-php84 to 8.4.18.
- CPANEL-51641: Display PHP outdated version warning in WHM List Accounts page when sites use end-of-life PHP versions.
- CPANEL-51678: Fix FileManager upload popup incorrectly tracking anonymous Mixpanel events regardless of user analytics consent settings.
- CPANEL-51917: Ugrade Net::CIDR to 0.27 to address CVE-2021-4456.
- CPANEL-51919: Upgrade Crypt::URandom for CVE-2026-2474.
- CPANEL-51921: Upgrade Compress::Raw::Zlib to address CVE-2026-3381.
- DUCKS-4995: Improve required extension handling and warning messages in WHM package forms.
Implemented Case(s):
- CPANEL-47921: Added a WHM interface for managing web server log retention settings across cPanel accounts.
- CPANEL-47921: Added WHM API for managing web server log retention settings across accounts.
- CPANEL-47921: Added a new tweak setting to control web server log archive retention and a script to perform automated cleanup.
- CPANEL-48364: Allow third-party backup tools to restore domains on DNS-clustered servers via the force parameter.
- CPANEL-50070: Remove redundant server info rows from the WHM home Statistics sidebar and hide the sidebar when it has no content.
- CPANEL-51639: Change Security Advisor to suggest installing cPanel CSF using cleaner methods.

2026-02

136.1.3

released on 2026-02-25

Fixed Case(s):
- WPX-7389: Update Modify Domain modal text to match design specifications.
- WPX-9563, WPX-9553: Update Angular packages to 20.3.15 to address CVE-2025-66035 and CVE-2025-66412 security vulnerabilities.
- WPX-9823: Improve form validation in the Reset Password and CDN setup flows with better email validation and error messages.
- WPX-9885: Fix duplicate notification IDs causing UI test failures.
- WPX-9954: Fix AWStats statistics display for dates that cross year boundaries.
Implemented Case(s):
- WPX-9033: Queue Object Cache feature reinstalls so login links remain reliable.
- WPX-9842: Implement Italian-language translations.
- WPX-9844: Implement Dutch-language translations.
- WPX-9847: Implement Polish-language translations.
- WPX-9853: Allow administrators to disable preview links by default.

Fixed Case(s):
- CPANEL-43386: Transfer tool now automatically updates PHP handlers in .htaccess files to match the destination server’s available handlers, preventing PHP configuration issues after transfers.
- CPANEL-46584: Harden MySQL upgrade process by setting locale to C defensively.
- CPANEL-47033: Fix MariaDB 10.11+ startup error caused by attempting to load the non-existent auth_socket.so plugin.
- CPANEL-50066: Label outdated and secured PHP versions in MultiPHP Manager and INI Editor.
- CPANEL-50385: Fix 404 errors when granting support access for forked tickets where SSH keys already exist from parent tickets.
- CPANEL-50673: Update ssl_minimum_protocol list for Dovecot 2.4.
- CPANEL-50935: The system now applies the Update DNS Zone setting when you use the Apply to Other Selected Accounts button in the Transfer Tool.
- CPANEL-50967: Improve Jodit to support browsing subdirectories and use relative links when inserting images via the filebrowser.
- CPANEL-51346: Fixed Whostmgr::Quota::setusersquota() condition that confused 0 with unlimited.
Implemented Case(s):
- CPANEL-50441: Updated Security Advisor for CSF.
- CPANEL-50679: Remove libmariadb autofix logic from Sysup.
- CPANEL-50759: Fix EasyApache4 wizard to correctly auto-select PHP extensions when installing ALT PHP versions from CloudLinux.

136.1.2

released on 2026-02-10

Fixed Case(s):
- WPX-7146,WPX-7147: Block cloning to redirect or owned domains.
- WPX-9325: Skip the MailMan install task when disabled.
- WPX-9391: Fix default for Max manual backups per Website in packages.
- WPX-9692: Clear cache after site setup to display the correct content immediately.
- WPX-9714: Improve plugin card last updated text localization handling.
- WPX-9796: Increase timeout for SSL in improved onboarding.
- WPX-9871: Add verify_wptk_userdata script to detect and repair WP Toolkit userdata discrepancies.
- WPX-9882: Improve verify_wptk_userdata with better domain matching and additional validation and options.
Implemented Case(s):
- WPX-8255: Replace page-spinner with Angular Material spinner.
- WPX-9214: Update WP Admin Redirect page to show errors properly.
- WPX-9743: Add Thai language support to WP Squared.

Fixed Case(s):
- CPANEL-45395: Prevent Live Transfer from modifying custom A records that point to external servers.
- CPANEL-46581: Obfuscate the whm-server-status apache endpoint.
- CPANEL-48930: Always force jailshell for jailed users crontabs.
- CPANEL-49245: Stop stripping 'defaults' from fstab for disks which support usrjquota.
- CPANEL-49693: Additional package prefixes now supported in easyapache UI.
- CPANEL-50565,CPANEL-50567,CPANEL-50665: Add additional File Manager usage analytics.
- CPANEL-50838: Allow php*-php-common namespace.
- CPANEL-50852: Add some DumpFile variants to Cpanel::JSON.
- CPANEL-50875: Fixed race condition viewing restore/transfer sessions.
- CPANEL-50911: Fix various issues in openapi specs.
- CPANEL-50919: Fix masterContainer's data-app-key being set inconsistently in some mysql upgrade 'stage' pages.
- CPANEL-50960: Teach cpkeyclt about the Comet Backup activation code.
- CPANEL-50990: Add Annual survey notification.
- CPANEL-51068: Address 'Use of uninitialized value' errors when saving TweakSettings.
- CPANEL-51163: Update PHP to 8.4.17.
Implemented Case(s):
- CPANEL-50109: Add scripts to view and mass-change PHP versions across all domains.

136.1.1

released on 2026-02-02

Fixed Case(s):
- WPX-9861: Fix initial account creation when .cpanel/logs directory is missing.
- WPX-9868: Fixed an issue where preview domain readiness checks could hang indefinitely during account creation due to missing HTTP request timeouts.

2026-01

136.1.0

released on 2026-01-12

Fixed Case(s):
- WPX-9686: Update npm packages for security updates.
- WPX-9739: Fix broken path to logo image for WP2 » File Manager.
Implemented Case(s):
- WPX-8440: Change Default PHP version to 8.3 on new server installations.
- WPX-8860: Implement AutoSSL button for a WP2 user to manually start the process.
- WPX-9202: Implement Finnish-language translations.

Fixed Case(s):
- CPANEL-46346: Reduce timeouts in DNS Cluster interface by extending peer timeouts from 7->15.
- CPANEL-48418: Make stats program state/requirements clearer.
- CPANEL-49029: Fixed XSS vulnerability when using /viewer/ routes.
- CPANEL-49084: AutoDomain xfer config update will ignore files over 1 MiB.
- CPANEL-49983: Ensure that WHM-managed IPv4 addresses are added after NetworkManager finishes configuring the basic parameters on the interface.
- CPANEL-50064: Update the maintenance script to notify the admin of any long-running rpm/apt locks.
- CPANEL-50065: Block updates if the package manager is actively holding locks.
- CPANEL-50129: Fix redirect issue for search results on the domains page.
- CPANEL-50133: Fix issue where new login sessions were not able to make changes to items created in previous sessions from phpMyAdmin.
- CPANEL-50686: Fix lua-socket for dovecot auth on 7->8 elevated systems.
- CPANEL-50715: Fix bad auth proxying on mail node setups.
- CPANEL-50721: Address missing libmariadb.so on upgrade to 132.
- CPANEL-50725: Fix tailwatch’s AuthedMailIPTracker regexp for changes in strings emitted from Dovecot 2.4 (Login: -> Logged in:).
- CPANEL-50742: Allow the Task Queue system to load the POSIX interface Perl module freely again.
- CPANEL-50746: Adjust the default mail_path for virtual users to prevent permission denied errors before mail_path is overridden in userdb/passdb returns.
- CPANEL-50756: Update cpanel-exim to 4.99.1.
- CPANEL-50784: Fix request parsing fallback logic when integrations to dovecot don’t set a namespace in the auth request.
Implemented Case(s):
- CPANEL-50694: Set dovecot_storage_version to dovecot version for possible compatibility with changes dovecot may or may not have in the future.

2025-12

134.1.3

released on 2025-12-19

Fixed CPANEL-50795: Update PHP to 8.4.16.
Fixed CPANEL-50788: Update cpanel-php to 8.3.29.
- Fixed CVE-2025-14177 (Information Leak of Memory in getimagesize).
- Fixed CVE-2025-14178 (Heap buffer overflow in array_merge()).
- Fixed CVE-2025-14180 (PDO quoting result null deref).

134.1.2

released on 2025-12-16

Fixed Case(s):
- WPX-9535: Update wp-toolkit-cpanel package to version 6.9.2-9921.
- WPX-9662: Fix issues with Extendify SSL checks and WPTK initial domain setup.
Implemented Case(s):
- WPX-4885: Conditionally display Reseller/Owner column in WHM’s List Accounts.

Fixed Case(s):
- CPANEL-40311: New form field to specify region of S3-compatible backup destinations.
- CPANEL-50064: Update the maintenance script to notify the admin of any long-running rpm/apt locks.
- CPANEL-50126: Harden AWStats by removing use of 2 arg opens.
- CPANEL-50271: Fix ability to set Dovecot ssl.conf settings.
- CPANEL-50376: Update PHP to 8.4.15.
- CPANEL-50422: Address additional net-snmp dependency issues not fixed for CPANEL-50161.
- CPANEL-50422: Address additional net-snmp dependency issues not fixed for CPANEL-50161.
- CPANEL-50429: Add install script to remove unattended-upgrades package on upgrade to 132.
- CPANEL-50463: Update unbound to 1.24.2.
- CPANEL-50612: Fix typo in dovecot.conf template referring to cpdoveauth_domainownerd.sock.
- CPANEL-50614: Change default value for auth_allow_cleartext to yes to improve compatibility with existing client connections.
- CPANEL-50623: Re-build Munin so that munin-node can start when IPv6 is disabled.
- CPANEL-50639: Bump rpm.versions for cpanel-geoipfree-data version 130.3-1.cp130.
- CPANEL-50639: Bump rpm.versions for cpanel-geoipfree-data version 130.3-1.cp130.

134.1.1

released on 2025-12-11

Fixed Case(s):
- WPX-7067: Improve user experience on low-resolution devices.
- WPX-8635: Fix incorrect error messaging when a 5xx error occurs from an API call.
- WPX-9213: Fix account restoration issue when the main website has a temporary domain.
- WPX-9338: Fix task timeout in wpt_extended adminbin which affected create_backup, etc.
- WPX-9466: Fix defect where the rename domain dialog hangs in the interface.
- WPX-9528: Verify the SSL certificate before redirecting to Extendify.
- WPX-9560: Fix the inability for AutoSSL to increase certificate coverage when a preview domain is listed first.
- WPX-9562: Fix issue where max quota website dialog was not showing text.
- WPX-9620: Fix Manage Website SSL status showing incorrect status.
Implemented Case(s):
- WPX-6142: Refactor the core code base to lazy load all views for improved web performance for a WP2 user.

Fixed Case(s):
- CPANEL-47901: Change copyable DMARC record to include _dmarc.
- CPANEL-48012: Reinitialize CardDAV config post-transfer.
- CPANEL-49007: Avoid unnecessary NS lookups for temporary domains.
- CPANEL-49569: Add --stdout-archive to pkgacct.
- CPANEL-49633: Add support for CloudLinux 10 in 134.
- CPANEL-49683: Update awstats pkg for CVE-78/PTT-2025-021.
- CPANEL-49953: Allow skipping of DKIM keys in pkgacct.
- CPANEL-49965: Add missing --disable flags and --from-stdin to restorepkg.
- CPANEL-50088: Change default NSEC3 parameters to match current recommendations (RFC 9276).
- CPANEL-50088: Allow specifying no salt when configuring NSEC3 for DNSSEC-enabled domains using UAPI calls.
- CPANEL-50318: Adjust OS detection for modern distros including CL10.
- CPANEL-50319: Set session.gc_divisor to a non-negative value to avoid PHP warning messages.
Implemented Case(s):
- CPANEL-47230: Allow HTTPS update servers.
- CPANEL-49240: Add support for HTTPS records for PowerDNS.
- CPANEL-49304: Remove some Perl version checks at run-time.
- CPANEL-49395: Indicate that Ubuntu 22 can be upgraded to Ubuntu 24 using ELevate.

2025-11

132.1.9

released on 2025-11-24

Fixed Case(s):
- WPX-8897: Update the WP Squared icon in WHM’s List Accounts table.
- WPX-9062: Disable legacy locale-managing features in WHM.
- WPX-9322: Fix Zone Editor issue with subdomain accounts.
- WPX-9339: Fix defect where ‘Bulk Actions’ selection did not show options in the Account Settings » CDN table.
Implemented Case(s):
- WPX-8073: In the Security tab, show the number of vulnerabilities mitigated in the last year, if available.
- WPX-9432: Update wp-toolkit-cpanel package to version 6.9.1-9852.
- WPX-9484: Update the API spec to clarify the meaning of has_reached_quota values.

Fixed Case(s):
- CPANEL-49802: Report in Security Advisor when the system erroneously detects that Imunify360 PAM brute-force attack protection is disabled.
- CPANEL-50088: Change default NSEC3 parameters to match current recommendations (RFC 9276).
- CPANEL-50088: Allow specifying no salt when configuring NSEC3 for DNSSEC-enabled domains using UAPI calls.
- CPANEL-50161: Ensure that net-snmp is dependent on system packages instead of a package provided via rpm.versions.
- CPANEL-50170: Abandon RFC 2047 escaping of the SpamAssassin spam report email headers and replace non-ASCII codepoints with underscores.
- CPANEL-50178: Fix issue where builddovecotconf would not migrate the disable_plaintext_auth=no setting to auth_allow_plaintext=yes.
- CPANEL-50201: Ensure Mailscanner dependencies persist through Perl upgrades.
- CPANEL-50339: Allow for Nodejs variants.
Implemented Case(s):
- CPANEL-50028: Update Exim to 4.99.

132.1.7

released on 2025-11-12

Fixed Case(s):
- WPX-5099: Improved visibility for the active tab in website details, making navigation clearer.
- WPX-5104: Update sidebar tooltips.
- WPX-5665: Removed deprecated API code (WP::add_domain and WP::delete_domain).
- WPX-7819: New clones and staging sites now automatically match the PHP version of their source website.
- WPX-8252: Enforce account component overrides at a server level.
- WPX-8615: Fix broken link in Filemanager for navigating back to the WP2 interface.
- WPX-8766: Update wp-toolkit-cpanel package to version 6.9.0-9869.
- WPX-8827: Fixed database upgrade accessibility issue in WHM and resolved a 403 error in Manage Database Profiles.
- WPX-8923: Prevent renaming a primary website to a new one that starts with 'www'.
- WPX-8957: Fixed a segmentation fault in bin/restorepkg occurring in rare cases.
- WPX-8987: Corrected SSL certificate check behavior on the dashboard.
- WPX-9007: Fix broken link display on 404 error page.
- WPX-9212: Fix the handling of WP2 defaults during account creation.
- WPX-9289: Add some mitigation warnings for users nearing their disk quota limit. Add a UAPI call to check if a user has reached their disk quota.
Implemented Case(s):
- WPX-5165: Introduced Preview Links and enhanced onboarding to simplify the WordPress setup experience.
- WPX-7474: Disable 'should vulnerable plugins be automatically deactivated' by default in WP2 >> Website Settings.
- WPX-7975: Update the WP Squared interface to use Angular 20.
- WPX-8496: The Recommended filter now only appears in the plugin install dialog when relevant plugins are available.
- WPX-8694: The CDN and SSL panels now auto-expand when accessed from the website overview page for faster navigation.
- WPX-8833: Clarified EasyApache 4 notice for better understanding.
- WPX-8950: Set new default values for 'memory_limit' and 'max_execution_time' in php.ini.

Fixed Case(s):
- CPANEL-39397: Fixed the terminal inside of cPanel to use the memory limits for the user.
- CPANEL-45613: Permit 0 as a valid value for nsec3_iterations in PDNS.
- CPANEL-46038: Check “/etc/sysconfig/exim” for validity during nightly cPanel maintenance.
- CPANEL-46080: Improve accuracy and performance for what should be 404 requests.
- CPANEL-46582: Add local sudoers group names to reserved usernames.
- CPANEL-46939: Mailman: Add Apache conf to protect against XSS in list archives.
- CPANEL-47114: Transfer system now has support for automatically assigned domains.
- CPANEL-47362: Add panel.ini control to WebPros SSO option.
- CPANEL-47922: Upgrade cpanel-dovecot to 2.41.
- CPANEL-47960: Remove the 'HTML Editor Removal' Notification in WHM.
- CPANEL-47960: Integrate Jodit Editor into File Manager as the new HTML Editor (beta).
- CPANEL-48012: Reinitialize CardDAV config post-transfer.
- CPANEL-48013: Fix bad defaults for auth policy on Ubuntu in Cpanel::Config::Auth.
- CPANEL-48042: Additional validation for temporary domain conversion.
- CPANEL-48241: Update cpanel-perl to 5.42 and related CPAN modules.
- CPANEL-48317: Upgrade AWStats to 8.0.
- CPANEL-48354: Always allow the system to install kernel modules during initial cPanel install.
- CPANEL-48362: Allow cpanel-3rdparty-bin package to handle symlink to /usr/local/cpanel/3rdparty/bin/perl during cPanel update.
- CPANEL-48408: Fixed display of yum/dnf errors during the review stage of provisioning for EasyApache 4.
- CPANEL-48436: Ensure yum-config-manager check is local-setting agnostic.
- CPANEL-48458: Ensure that image preparation scripts find the correct MySQL/MariaDB unit.
- CPANEL-48470: Do not rely on the Cpanel-OS cache in fix-cpanel-perl.
- CPANEL-48473: Update cpanel-php84 to 8.4.11 in etc/rpm.versions.
- CPANEL-48487: Fix bug in Cpanel::SSL::Objects::Certificate::File where private keys were not separated from certificates during instantiation.
- CPANEL-48487: Catch errors initializing SSLEay object during SSL cert verification and treat it as a failure to verify.
- CPANEL-48518: Handle system package repository installations which come with both obsolete and valid keys.
- CPANEL-48520: Ensure that the nscd entry in Service Manager always knows the path to the program.
- CPANEL-48521: Make Packman more resilient against bad or unexpected data on the mirrors.
- CPANEL-48540: Make dependency on “acl” package explicit for all supported RHEL-derived distributions.
- CPANEL-48552: Fix bug in Whostmgr::API::1::AdvConfig where setting incoming_reached_quota for dovecot did not also rebuild dovecot and exim's configuration.
- CPANEL-48552: Restore quota_clone configuration block in dovecot.
- CPANEL-48581: update requirejs to address CVE-2024-38999.
- CPANEL-48633: Add systemd-logind to the list of services to ignore for find_outdated_services.
- CPANEL-48641: Handle rare file unlock condition when PID has not changed.
- CPANEL-48665: Implement API calls for in product survey.
- CPANEL-48719: Users are now asked to complete the survey after logging in the WHM.
- CPANEL-48723: Change the way the MySQL community repository is installed on the system.
- CPANEL-48730: Users are now asked to complete the survey after logging in.
- CPANEL-48811: Blocked unauthenticated users from enabling debug mode via a query parameter in the URL.
- CPANEL-48836: Change tech_domain warning to an info log entry.
- CPANEL-48843: Fix restoration issues when domains aren't restored.
- CPANEL-48960: Fix potential race condition in the cPanel Log and Bandwidth Processor daemon.
- CPANEL-49007: Avoid unnecessary NS lookups for temporary domains.
- CPANEL-49050: Update CGI::Simple to address CVE-2025-40927.
- CPANEL-49082: Teach create account page to respect the unlimited radio button.
- CPANEL-49106: Update Cpanel::JSON::XS and JSON::XS to address CVE-2025-40929.
- CPANEL-49116: Arbitrary file download possible for users missing ACL for filemanager feature.
- CPANEL-49149: Switch TicketSupport ssh checks to use lsof.
- CPANEL-49202: Bump rpm.versions for cpanel-clamav.
- CPANEL-49216: Bump rpm.versions for cpanel-geoipfree-data.
- CPANEL-49232: Set the main shared IPv6 address as the default route for outgoing ipv6 traffic when possible.
- CPANEL-49246: Skip NS lookups for temporary domains.
- CPANEL-49378: Ensure quota_clone dict entry always exists in dovecot.conf.
- CPANEL-49379: Guard against undefined return from readdir in Cpanel::FileUtils::Dir.
- CPANEL-49422: Line-wrap the encoded SpamAssassin report in email headers to better comply with RFC 2047.
- CPANEL-49530: Suppress warning in Cpanel::Config::userdata::Guard when the account is deleted before it can setup the userdata dir.
- CPANEL-49542: Upgrade Devel::Cover to an officially supported version for perl 5.42.
- CPANEL-49551: Fixed issue where user's crontab does not delete when the cPanel account is terminated.
- CPANEL-49573: Update cpanel-userperl for 132.
- CPANEL-49611: Fix spurious warning in xfer logs regarding doveadm syncs.
- CPANEL-49671: Bump YAML::Syck to 1.36.
- CPANEL-49683: Update awstats pkg for CWE-78/PTT-2025-021.
- CPANEL-49953: Allow skipping of DKIM keys in pkgacct.
- CPANEL-49965: Add missing –disable flags and –from-stdin to restorepkg.
- CPANEL-50005: Update PHP to 8.4.14.
- CPANEL-50079: Force dovecot config rebuild on update of dovecot.
- CPANEL-50079: Prevent run of install/FixSolr.pm when Solr is not installed.
- CPANEL-50079: Stop prefixing userdb/passdb returns in dovecot auth dict.
- CPANEL-50082: Update dovecot to version 2.4.2 to fix CVE-2025-30189.
- CPANEL-50093: Fix issue where HTTP::Tiny::UA was unavailable in the scope of scripts/builddovecotconf due to check_cpanel_pkgs run.
- CPANEL-50113: Ensure dovecot_config_version always equals dovecot version in dovecot.conf.
Implemented Case(s):
- CPANEL-45720: Password and API Token notification improvements.
- CPANEL-46411: Add a way to set the default dmarc record.
- CPANEL-46549: Add robots meta tag to login pages.
- CPANEL-47291: Enable pigeonhole sieve in dovecot + roundcube.
- CPANEL-47691: Update supporting code for cpanel-dovecot to support 2.4.
- CPANEL-47836: Allow parking registered domain on temporary domain.
- CPANEL-47980: The cPanel tools page sidebar now highlights SSL certificate issues and provides direct links for users to resolve them.
- CPANEL-48174: Optimize wptk api routes.

132.1.6

released on 2025-11-05

Fixed Case:
- SEC-70235: Security Fix Disclosure coming soon.

2025-09

132.1.5

released on 2025-09-03

Fixed Case(s):
- WPX-2487: Added messaging when CDN configuration is using invalid API keys.
- WPX-8801: Clear plugin cache each time get_login_url is called to avoid login link failure.
- WPX-8868: Fix a DNS sync issue when adding new domains with CDN admin mode enabled.

2025-08

132.1.4

released on 2025-08-28

Fixed Case(s):
- WPX-6087: Remove WPTK IDs in userdata that no longer exist in WPTK.
- WPX-8148: Add 'Manage CDN' as a newly configurable feature.
- WPX-8801: Clear plugin cache on site creation to avoid login link failure.
Implemented Case(s):
- WPX-1660: Update some no results images that show when searching for plugins or themes.
- WPX-5106: Add a website's SSL status to the overview tab.
- WPX-5966: Remove the WP::add_notification API.
- WPX-7647: Add a sort for websites that have a vulnerability notification.

132.1.3

released on 2025-08-12

Fixed Case(s):
- WPX-3310: Additional directory cleanup when removing website.
- WPX-7221: Update the WP::list_domains API to return information about vulnerability protection being enabled for a specific website; update UI to consume data from this point.
- WPX-7900: Add information to the vulnerability protection table indicating vulnerabilities that are applicable for inactive themes or plugins; move vulnerabilities to lower order of table.
- WPX-8299: Fixed a bug that would sometimes cause the temporary domain notification to stay after modifying the main domain name.
- WPX-8329: Address concern with toast appearing before modal closes.
- WPX-8330: Improve traffic graph styling to prevent overflow behind notification column.
Implemented Case(s):
- WPX-6250: Add 'Site Staging' as a newly configurable feature.
- WPX-6258: Add 'Site Cloning' as a newly configurable feature.
- WPX-6490: Rename WP::list_domains to WP::list websites; deprecate WP::list_domains.
- WPX-6692: Update WPTK config to no longer turn off 'Search Engine Indexing' on cloned instances.
- WPX-6774: Add 'recommended plugins' for WP2, including a banner indicating when plugin(s) missing, as well as a specific filter in the uninstalled plugins dialog.
- WPX-6893: Add SSL certificate support in restore_website_metadata API.
- WPX-8407: Update wp-toolkit to 6.8.0-9497.

Fixed Case(s):
- CPANEL-37236: Enable DNS TXT records over 255 characters in WHM Zone Manager.
- CPANEL-47026: Fix WHM Add a DNS Zone to give proper ownership for system domains.
- CPANEL-47992: Allow temporary domain creation when 'Allow Remote Domains' is false.
- CPANEL-48060: Update PHP to 8.4.10.
- CPANEL-48140: Adjust RELEASE rollout logic to use a 5 day release cycle.
- CPANEL-48149: Bump rpm.versions for update to cpanel-git-2.48.2.
- CPANEL-48204: Add new Domain category hook replace_temporary_domain.
- CPANEL-48296: Update cpanel-sqlite to 3.50.3 for CVE-2025-6965.

2025-07

132.1.1

released on 2025-07-16

Fixed Case(s):
- WPX-7484: Error pages have updated styles and messaging.
- WPX-7556: Fix need for double click on red shield from websites table.
- WPX-7591: Improve dependency handling for optional plugins.
- WPX-7657: Update default theme sets.
- WPX-7770: Do not show the 'HTML Editor Removal Notice' on WP2 servers.
- WPX-7773: Fixed a bug when modifying a domain name, it would sometimes re-open the modal unintentionally.
- WPX-7895: Create TaskProcessor for clearing all users cache by key.
- WPX-8268: Update wp-toolkit-cpanel package to version 6.7.3-9456.
Implemented Case(s):
- WPX-4688: Add integrator APIs for backup and restore of a WP2 website.
- WPX-5926: Website list image hides and unhides based on number of visible websites including nested rows.
- WPX-7862: Fix a bug where the vulnerability protection icon was getting hidden on smaller screens.

Fixed Case(s):
- CPANEL-46705: Fixed issue with the 'All' filter in the DNS Zone Manager.
- CPANEL-47902: Use the system SQLite3 package to read bandwidth database entries.
- CPANEL-48095: Obsolete “Forks” package in cPanel Perl.
- MOON-2973: Improved accessibility in the Account Preferences page.

2025-06

130.1.5

released on 2025-06-30

Fixed Case(s):
- WPX-7589: Improve dependency handling for optional plugins.
- WPX-7613: Fixed a bug that would cause an inaccurate pagination menu.
- WPX-7739: Disk usage for staging sites now listed on the websites list.
- WPX-7740: Website details overview disk usage now has more data.
- WPX-7741: Update wp-toolkit-cpanel to version 6.7.2-9425.
Implemented Case(s):
- WPX-7113: Add 'ignore low risk vulnerabilities' functionality to Vulnerability Protection, powered by Patchstack.

130.1.4

released on 2025-06-24

Fixed Case(s):
- WPX-3498: Use WP2 branding in iContact notifications.
- WPX-5209: Updated pagination styles.
- WPX-5270: Reverse order of what is displayed inside and outside parentheses for all language selections.
- WPX-6599: Auto update settings now show correct state after backup restore.
- WPX-6923: Fixed a bug that would cause locale changes to not update during initial onboarding.
- WPX-7210: Install accelerate-wp package once licensed.
- WPX-7447: Ensure notifications created at the 'warn' level have an icon present on the notification card in the UI.
- WPX-7614: Website list does not hide some action buttons on smaller screen resolutions.
- WPX-7690: Update wp-toolkit-cpanel to version 6.7.1-9415.
- WPX-7711: Fix AutoSSL certificate renewal for temporary domains.
Implemented Case(s):
- WPX-1630: Update the styles of the theme cards.
- WPX-5755: Disk space usage per website is now visible on the website list and the website details overview tab.
- WPX-7537: Optimize the list_domains UAPI call.

Fixed Case(s):
- CPANEL-46032: Update cpanel-awstats to 7.9-2.
- CPANEL-47662: WHM users will see the in-page banner informing about restricted usage of the DNS Zone Manager feature when user's account does not have registered domains assigned.
- CPANEL-47664: Update cpanel-file-find-rule to 0.35 in etc/rpm.versions.
- CPANEL-47678: Update cPanel PHP to 8.4.7.
- CPANEL-47764: Unship cpanel-php-composer package.
- CPANEL-47815: Depend on distro PostgreSQL for DBD::Pg.
Implemented Case(s):
- CPANEL-47687: Bump rpm.versions for cpanel-php83 update to 8.3.22.

130.1.3

released on 2025-06-04

Fixed Case(s):
- WPX-7464: Upgraded WP Squared accounts do not have vulnerability protection working.
- WPX-7467: “Take Action” button and notification are visible when vulnerability protection is disabled.
- WPX-7465: Vulnerability protection “feature showcase” is not visible.

130.1.2

released on 2025-06-03

Fixed Case(s):
- WPX-5973: Ensure that 'enable_cdn' UAPI doesn't fail due to parsing error in the CloudFlare CDN driver.
- WPX-6280: Fixed an issue where custom titles were not being applied to customization icons in the side nav bar.
- WPX-6502: Add third-party theming info to Storybook.
- WPX-7081: Address typo in string in website details and table.
- WPX-7180: Improved error handling when there is missing plugin information.
- WPX-7229: Remove the 'Replace with a registered domain' option from the 'Modify an Account' interface in WHM.
Implemented Case(s):
- WPX-5164: Implement Vulnerability Protection, powered by Patchstack.
- WPX-6002: Allow WH companies to enable and customize an email link/icon in the WP2 product.
- WPX-6254: Add 'Temporary Domains' to the feature manager and require the 'Temporary Domains' feature to utilize temporary domains when creating or cloning websites.
- WPX-6359: Long domain names will now be truncated in the websites list table.

Fixed Case(s):
- CPANEL-46029: Exclude kernel-devel* from rpmup.
- CPANEL-47057: Remove temporary domain on account domain modification.
- CPANEL-47060: Exclude temporary domains from DomainInfo API unless requested.
- CPANEL-47062: UAPI Domain::is_temporary_domain + API2 domain updates.
- CPANEL-47113: Block transfers of temp domains to servers that do not support it.
- CPANEL-47156: Prevent temporary domains from showing in cPanel Zone Editor.
- CPANEL-47375: Fix lines with ',,' or '=> =>' in them.
- DUCK-2612: Adjust the whm top webcomponent to retain existing extensibility model and make the trend arrows work togather.
Implemented Case(s):
- CPANEL-46175: Add option in transfer tool and restorepkg to not restore DNS records for an account.
- CPANEL-47227: Bump rpm.versions for cpanel-php83 update.
- CPANEL-47284: Ensure temporary domains are removed upon account termination.
- CPANEL-47318: Bump rpm.versions for the latest version of Perl::Tidy.

2025-05

130.1.1

released on 2025-05-19

Fixed Case(s):
- WPX-6223: Fixed a bug that would prevent a maintenance mode background image from being uploaded.
- WPX-7075: Notifications now use icons instead of colored dots.
- WPX-7179: Fix Plugins tab list when installing plugins like Imunify360.
- WPX-7191: Fix nginx configuration when using Imunify360.

Fixed Case(s):
- CPANEL-44093: By displaying the current trend icon in the Load Averages component in the WHM header, users gain better clarity on system resource load status at a glance.
- CPANEL-46823: Update re2c to 4.2.
- CPANEL-46839: Bump rpm.versions to update cpanel-clamav to 1.0.8-1.cp118.
- CPANEL-46845: Update PowerDNS to 4.9.5.
- CPANEL-46895: Grant MySQL database privileges for cPanel users who have the SUPER privilege.
Implemented Case(s):
- RE-1421: New tweak setting to specify the file size used by the securetmp script for /tmp and /var/tmp.

130.1.0

released on 2025-05-08

Fixed Case(s):
- WPX-3084: Fix bug preventing default set from being configured during install.
- WPX-6385: Fix the styles on dialogs to improve box shadow.
- WPX-6527: Hide performance card in overview tab when no data is returned.
Implemented Case(s):
- WPX-4798: Users can now use wp cli from command line.
- WPX-5044: List all EasyApache PHP versions installed >= 7.0.
- WPX-5162: Add support for temporary domains. Accounts or websites can be created using a temporary wpsquared.site domain and renamed later.
- WPX-5501: Improved navigation on notifications.
- WPX-5502: Remove superfluous password confirmation input when setting a password for a staged site.
- WPX-5775: Improve HTTP DCV for new domains by removing the mail alias and adding wp and wp2 aliases.
- WPX-6055: Implement a ProductConfig mechanism for global product-level config.
- WPX-6222: Separate the Redis object-caching feature from the AccelerateWP feature in WHM’s Feature Manager.
- WPX-6661: Change Default PHP Version to 8.2 on new server installations.
- WPX-6753: Add ProductConfig option to not warn about missing theme in restores.
- WPX-6864: Update wp-toolkit-cpanel to version 6.7.0-9317.
- WPX-6955: Add AAAA and SRV records to advanced zone editor interface.

Fixed Case(s):
- CPANEL-35466: Enhanced the PowerDNS error message to provide additional context from data.warnings.PowerDNS and included a link to the relevant documentation for improved clarity and user guidance.
- CPANEL-46112: Added more user checks for DMARC record addition.
- CPANEL-46605: Docs improvement to get/set_notification_preferences UAPI functions.
- CPANEL-46608: Fix uninitialized variable warnings in bandwidth DB restoration.
- CPANEL-46667: Integrated Change Password section with backend API and MixPanel tracking on form submit action.
- CPANEL-46668: Integrated Contact Preferences section with backend API and MixPanel tracking on form submit action.
- HB-7912: Prevent event update notifications/invites from non-organizers.
- HB-8226: Fix path display names in certain DAV queries.
- RE-1399: Changed addon domain conversion to set the new account to use the inherited PHP version when appropriate.
- RE-1401: Ensure cpsrvd's memory limits are properly set upon startup.
- RE-1418: Update cpanel-exim to 4.98.1-2.cp118 in etc/rpm.versions to fix CVE-2025-30232.
- RE-1419: Speed up autodomain configuration during post snapshot.
- RE-1421: New tweak setting to specify the file size used by the securetmp script for /tmp and /var/tmp.
- RE-1425: Update EOL blocker message in upcp to reference ELevate where relevant.
- RE-1487: Bump rpm.versions for cpanel-php83 8.3.20.
- ZC-12783: Prevent cpdavd deadlocks by isolating SSL_CTX in child processes.
Implemented Case(s):
- CPANEL-46895: Grant MySQL database privileges for cPanel users who have the SUPER privilege.
- CPANEL-46985: WHM users can now choose between a temporary domain or an existing domain when creating an account.
- CPANEL-47054: Added 'is_temporary_domain' boolean to listaccts API.
- HB-8229: Add get/set_notification_preferences to UAPI.
- HB-8230: Add UAPI call to change a cPanel user's system password.
- RE-1398: Add UAPI calls for saving and retrieving the Pushbullet access token associated with user notifications.

2025-04

128.1.5

released on 2025-04-14

Fixed Case(s):
- RE-1477: Update rpm.versions for cpanel-perl-536: CVE-2024-56406: Heap-buffer-overflow with 'tr//'.

2025-03

128.1.4

released on 2025-03-25

Fixed Case(s):
- WPX-1179: Update the websites list icon for the website details and arrange the WP Admin button to be first.
- WPX-2659: Add Welcome Notification on account creation.
- WPX-4833: Add additional navigation buttons to the create website workflow.
- WPX-5540: Refactor websites table actions column for improved user experience; add 'Manage Zones' action if applicable to website.
- WPX-5610: Refactor permanent notifications so permanency and type are separate.
- WPX-5815: Disable redis-cache plugin on staging instances.
- WPX-5816: Reduced time to display domain name when onboarding a new account and website.
- WPX-5818: Add new UAPI call: 'DomainInfo::primary_domain'.
- WPX-5849: Fixed an issue that would sometimes display broken customization logos. A browser console error is now displayed in this event.
- WPX-5861: Move CDN configuration interface from 'Settings' tab to 'Advanced' tab in website details view.
- WPX-5979: Enable SSL Redirect by default on new domains.
- WPX-6066: Fix issue where forwarding websites have access to unusable actions after updating forwarding type.
- WPX-6086: Fix issue where site with no name breaks websites table.
- WPX-6094: Fix issue with custom help link going to 404 from left navigation.
- WPX-6095: Add documentation link to side navigation.
- WPX-6233: Fix a bug where the advanced tab was not loading for newly created websites.

Fixed Case(s):
- HB-7958: Add HASDMARC to list of restoreable CPUSER keys.
- HB-8219: Ignore 'nobody' user data for hostname if "Allow users to park subdomains of the server’s hostname" setting is enabled.
- MOON-2828: Add the new strings to fix the warnings.
- MOON-2878: Fix styling in WHM favorite cards.
- RE-1274: Update cpanel-ioncube to 14.4.0 in rpm.versions.
- RE-1318: Fix Security Advisor detection of Suexec.
- RE-1319: Reject DB imports larger than PHP download limits in myadmin.
- RE-1322: Fix bug in the AdminBin layer where the "enable_api_log" setting in cpanel.config could cause API calls to fail for suspended accounts.
- RE-1346: Resume use of BIND zone-checking utilities when ALIAS records are not present.
- RE-1358: Fix IPv6 Overlap check for shared IP in Whostmgr::TweakSettings::Basic.
- RE-1393: Update cpanel-php83 to 8.3.19 in etc/rpm.versions.
- RE-1419: Speed up autodomain configuration during post snapshot.
- WPX-6056: Implement a ProductConfig mechanism for global product-level config.
- WPX-6083: Update GeoIP package to 20250307 version.
Implemented Case(s):
- HB-7170: Extend RRULE handling for freebusy requests.
- WPX-5831: Teach the (deprecated) Sectigo AutoSSL provider to recognize certificates signed by an updated CA.

2025-02

128.1.3

released on 2025-02-27

Fixed Case(s):
- WPX-5089: Update change log link for WHM >> Change Log.
- WPX-5702: Disable Redis Object Cache Pro promotional banner in wp-admin.
- WPX-5748: Fix up wwwacct.conf NS entries from 'cprapid.com' to 'wp2.host'.
- WPX-5814: Fix extraneous plugin deleting when dialog is closed.
- WPX-5857: Update copyright on login pages to reflect current year.
- WPX-5935: Fix incorrect onboarding workflow when server analytics are turned off.

Fixed Case(s):
- HB-8184: Add touchfile to disable cpdavd TLS caching for OpenSSL < v3.
- RE-1219: Update cpanel-analog, cpanel-ldns, cpanel-libzip, cpanel-libtidy, cpanel-mariadb-connector, cpanel-p0f, cpanel-puttygen, cpanel-re2c, cpanel-rrdtool, and cpanel-webalizer.
- RE-1226: Do not add active root hint zones to the DNS server configuration.
- RE-1227: Update BackBlaze B2 backup transport to use the v3 API.
- RE-1228: Fix database restores where there is a definer set when creating a trigger.
- RE-1325: Re-classify cpanel-oniguruma-devel package to fix potential issues when upgrading from 118.
- RE-1326: Update cpanel-exim to 4.98.1.
- WPX-3021: Improve bin/checkallsslcerts pre-DCV checks and error handling.
- ZC-12594: Fix failure to upgrade to MariaDB 11.4.
Implemented Case(s):
- RE-1292: Ship cpanel-perl-536-datetime-event-recurrence and dependencies.
- RE-1339: Ship cpanel-perl-536-datetime-event-ical.

128.1.2

released on 2025-02-19

Fixed Case(s):
- WPX-826: Do not show installed themes from search results.
- WPX-1822: The website list interface resets checkbox state upon website deletion.
- WPX-2800: Fetch Notifications when the user goes to the website details page to ensure all the notifications are captured.
- WPX-3714: snapshot_prep will now do some minimal RHN cleanup on CloudLinux.
- WPX-4886: Implement the ability for the user to sync the production site back to the staged site.
- WPX-4986: Restore staging instances during transfers and restores.
- WPX-5048: The website list interface now remembers rows that have been expanded between sessions.
- WPX-5051: Add a permanent notification to websites with a staging site.
- WPX-5339: Improve bin/manage_hooks cleanup when removing hooks from a package.
- WPX-5344: Clicking username or domain selects or delects checkbox for terminating accounts.
- WPX-5352: Always show the analytics opt-in/opt-out page during onboarding.
- WPX-5365: Add more descriptive tooltip text for the staging button when a site has a staging site.
- WPX-5412: Ensure the 'default' package is properly applied during transfers.
- WPX-5497: Update wp-toolkit-cpanel to version 6.7.0-9124.
- WPX-5551: Ensure that password protection is preserved during transfers.
- WPX-5574: Fix issue where pressing cancel action acted as confirmation.
- WPX-5588: Fix issue where file upload would not allow click upload.
- WPX-5597: New WP2 servers will enable remote and unregistered domains by default.
- WPX-5609: Fix the icons on the notification cards that were not showing.
- WPX-5625: Removed twentytwentyfour theme for new installs.
- WPX-5643: Update wp-toolkit-cpanel to version 6.7.0-9132.
- WPX-5652: Switch order of onboarding pages so site naming happens before theme selection.
- WPX-5657: Rename WP::add_domain UAPI call to WP::create_website.
- WPX-5661: Rename WP::delete_domain to WP::remove_website.
- WPX-5672: Hide installed plugins from search.
- WPX-5693: Fix icon color palette to not appear disabled.

Fixed Case(s):
- MOON-2578: Modernize the Manage Account Suspension page.
- MOON-2586: Display the information regarding user's analytics participation.
- MOON-2603: Add tracking on the link clicks on the WHM tools page.
- MOON-2604: Add analytics tracking for links in WHM’s main menu.
- MOON-2605: Improve navigation for History Reports in cPHulk.
- MOON-2679: Fix home symbol to accurately reflect document root when creating a new domain in cPanel.
- MOON-2682: Update descriptions of Zone Editor in WHM's Feature Manager.
- MOON-2697: Fixed issue with path shown when changing domains document root in cPanel.
- RE-922: Filter out CloudLinux Network messages to prevent Security Advisor false positives.
- RE-982: Skip slow rollout when the major version for the release and stable tier are the same.
- RE-1171: Switch to using distro provided pigz for cPanel.
- RE-1173: Update cpanel-php83 to 8.3.16.
- RE-1178: Fix issue in cpanel's internal error reporting logic when UID or GID cannot be found for a given user/group combo.
- RE-1182: Update cpanel-sqlite to 3.48.0.
- RE-1188: Update cpanel-phpmyadmin to 5.2.2.
- RE-1190: Update cpanel-p0f to 3.09b-2.cp108.
- RE-1193: Remove the cpanel-pigz package.
- RE-1211: Remove restriction on IPv6 range addition when the range only overlaps the server's Main IP.
- RE-1213: Updated the following packages to ensure file consistency across platforms: cpanel-angular-chosen, cpanel-angular-growl-2, cpanel-angular-minicolors, cpanel-bootstrap, cpanel-bootstrap-devel, cpanel-fontawesome, cpanel-git-templates, cpanel-jquery-minicolors, cpanel-moment-devel, and cpanel-yui.
- RE-1229: Fix issue with BIND leaving cruft in the named.conf file when deleting accounts after having rebuilt the dns config.
- RE-1277: Update cpanel-php83 to 8.3.17.
- ZC-9351: Fix Optimize Website causing high CPU load.
- ZC-12552: Remove generated hostnames from Change Hostname.

128.1.1

released on 2025-02-04

Fixed Case(s):
- WPX-5670: Fix broken 2FA page not showing interface.

2025-01

128.1.0

released on 2025-01-27

Fixed Case(s):
- WPX-2938: Only enable CageFS if not already enabled.
- WPX-3103: Support for Bring Your Own License (aka BYOL) with WP2.
- WPX-3646: Loading step indicators throughout the product have been updated for clarity.
- WPX-4625: Only display Terminal when feature is available.
- WPX-4781: Improve zone editor user experience by creating API to provide records for a given domain.
- WPX-4922: Page text while staging a domain has been adjusted for added clarity.
- WPX-4997: Add a warning to the publish website dialog to warn the user if a publish could break the parent's theme.
- WPX-5006: Update the PHP version of the production website when publishing a staging website if needed.
- WPX-5050: Disable 'Create Staging' website icon when a staging website already exists.
- WPX-5061: Fix condition where loading bar for labels in website details never closes.
- WPX-5084: Remove extraneous success notification for publish site actions.
- WPX-5117: Avoid adding multiple cprapid entries in Apache configuration.
- WPX-5131: Migrate WP backups to new standard location.
- WPX-5192: Update create and modify account templates to disable spellcheck.
- WPX-5193: Update GeoIP DB to version 20241210.
- WPX-5196,WPX-5059: Update wp-toolkit-cpanel to 6.7.0-9049, and save backups in a new location.
- WPX-5233: Fix forever loading bug after backup restore.
- WPX-5282: Ensure the 'default' package is properly applied during transfers.
- WPX-5315: Add a new API call SSH.get_shell to get the user shell and check if the user can access terminal.
- WPX-5319: Configure higher default IO limits for LVE.
- WPX-5343: Update pkgacct to include WPTK backups.
- WPX-5351: Fix race condition between naming first site and loading data for that site.
- WPX-5364: Restore WPTK backups as part of the restore process.
- WPX-5424: Clean up WPTK backup dir for user on account termination.
- WPX-5437: Improve WHM localization for more completeness.
Implemented Case(s):
- WPX-1411: Enable CageFS & MySQL Governor.
- WPX-4177: Ability to setup a password protection when creating a staging website.

Fixed Case(s):
- MOON-2584: Remove an obsolete cPanel feature (Change Style) from WHM > Feature Manager.
- RE-118: Add generic EOL banner in WHM.
- RE-646: Return proper message when the “fetch_vhost_ssl_components” WHM API1 call has an internal error.
- RE-780: Update recoverymgmt cron to only execute once per day.
- RE-938: Revert changes from CPANEL-42994.
- RE-982: Skip slow rollout when the major version for the release and stable tier are the same.
- RE-984: Better handle a missing cPanel install version file when collecting UI analytics information.
- RE-994: Ensure packages created by resellers default to the value set for "Max hourly emails per domain" in the Tweak Settings.
- RE-1035: Update AWStats to version 7.9.
- RE-1037: Update cpanel-dovecot to 2.3.21.1.
- RE-1038: Make cPanel depend on the Zstd library.
- RE-1038: Update cpanel-mariadb-connector to 3.3.13.
- RE-1040: Update RRDtool to 1.9.0.
- RE-1041: Upgrade SQLite to 3.47.2.
- RE-1063: Drop support for Python2 in cPanel & WHM.
- RE-1072: Update cpanel-pdns to rely on upstream libboost and mark the cpanel-boost* packages as obsolete in rpm.versions.
- RE-1074: Update cpanel-php83 to 8.3.15-1.cp118 in rpm.versions.
- RE-1091: Remove cpanel-perl-536-inline-python.
- ZC-12388: Fix DNS using outdated config cache.

2024-12

126.1.5

released on 2024-12-12

Fixed Case(s):
- WPX-4141: Fix some styling issues when in non English languagues. Change how websites list table sorts for websites that need an update.
- WPX-4969: Add 'Update' button to websites table for staged sites.
- WPX-5029: Update wp-toolkit-cpanel to version 6.6.0-9004.
- WPX-5039: Fix some styles in the Themes tab.
Implemented Case:
- WPX-4799: Display current Disk Space Usage of an account in the website lister interface.
- WPX-4865: Set new default values for 'upload_max_filesize' and 'post_max_size' in php.ini to '32M'.
- WPX-5021: Updated Brazilian Portuguese (português do Brasil) translations.
- WPX-5144: Fix unintended removal of backups when closing delete backup dialog.

Fixed Case(s):
- DUCKS-1455: Include agent360 in reserved usernames list.
- MOON-2025: Improved consistency of scrollbar appearance in the left sidebar of WHM.
- RE-744: Bump rpm.versions for cpanel-munin.
- RE-746: Move the script responsible for upgrading the PowerDNS configuration file out of cPanel releases and into the PowerDNS package.
- RE-868: Fix an exception when shutting down socket connections in Cpanel::Server::Connection::SSL.
- RE-986: Bump rpm.versions for cpanel-php 8.3.14.
- ZC-12323: Update references to deprecated MySQL utilities.

2024-11

126.1.4

released on 2024-11-25

Fixed Case(s):
- WPX-266: Remove List Subdomains from the WHM list.
- WPX-1819: Increase the terminal window height.
- WPX-2034: Improve Accelerate WP and Object Cache cleanup.
- WPX-2509: Fix a visual bug with notifications when using Safari.
- WPX-4100: Return Settings functionality to Filemanager.
- WPX-4120: Fix broken stats API calls.
- WPX-4387: Fix a bug with the select all on the plugins table.
- WPX-4388: Fix localization for logs table checkboxes.
- WPX-4390: Fix a bug with the website quota warning showing after deleting a website to get back within limits.
- WPX-4703: Fix bug that could result in indefinite loop during the first time initialization of WPTK instance.
- WPX-4823: The logo at the top of the side navigation now links to the websites list.
- WPX-4859: Fix issue to create account when using French locale.
- WPX-4958: Fix data fetch for fresh staging site.
Implemented Case:
- WPX-3917: Implement Site Staging feature.
- WPX-4571: Display domain user is configuring when setting site name.
- WPX-4727: Add OpenAPI documentation to WHM.
- WPX-4977: Update translations for pt-br locale.

Fixed Case(s):
- RE-476: Fix detection of dual use of ClamAV and ImunifyAV in the Imunify360 assessor of the Security Advisor.
- RE-567: Update French translations.
- RE-875: Report better errors in the Processes assessor of the Security Advisor.
- RE-884: Optimize _get_account_age function in UIAnalytics template plugin.
- RE-913: Update cpanel-php83 to v8.3.13.
- RE-927: Update Cpanel::JSON::XS to 4.38 to address CVE-2022-48623.
- ZC-12322: Fix check_mysql false positives on MariaDB 11.4.

126.1.3

released on 2024-11-07

Fixed Case(s):
- WPX-3603: Upgrade the WP Squared projects and component library ng16 -> ng18.
- WPX-4305: Update wp-toolkit-cpanel to release 6.6.0-8916.
- WPX-4516: Add a global exception handler the checkallsslcerts.
- WPX-4582: Allow AccelerateWP options to be controlled by a cPanel feature.
- WPX-4619: Translate user notifications in the WP2 UI.
- WPX-4631: Allow notifications to be permanant and non-dismissable.
- WPX-4632: Allow notification button links to be JS functions.
- WPX-4641: Fix notification styling to show color level with long title.
- WPX-4652: Tooltips appear faster when hovering on icons in the websites list table.
- WPX-4700: Fix broken customization colors list.
- WPX-4708: Add missing styles to WP2's anchor component.
- WPX-4755: Pass an empty string for the publish DB type when not publishing DBs.
- WPX-4802: Set analytics data correctly to identify company ID.

Fixed Case(s):
- HB-7539: Update roundcube package.
- HB-7748: Tighter Exim requirements for sending local mail.
- MOON-1994: Fixed checkbox selection issue on initial setup.
- RE-769: Assure Imunify360/AVPlus install happens exclusively.
- RE-776: Encoding issue in cPanel login_log.
- RE-819: Remove "additional-from-cache" line from BIND config for BIND versions 9.16 and above.
- RE-842: Update cpanel-exim to 4.98.
- RE-882: Update cpanel-pdns to 4.9.2.
- RE-884: Optimize load of Koality cpanel template plugin.
- RE-884: Optimize _get_account_age function in UIAnalytics template plugin.
- RE-884: Optimize get_root_age call in UIAnalytics plugin initialization.
- RE-896: Fix corruption of home directory paths during quota cache handling introduced with TSR-2024-0001.
- TSR-417: Fix information disclosure issue via login page caching.

2024-10

126.1.1

released on 2024-10-17

Fixed Cases:
- WPX-4165: Add conditional to the two factor authentication description text.
- WPX-4243: Restore send bandwidth email notification in Tweak Settings.
- WPX-4269: Fix maintenance mode status in WP Squared frontend when enabled.
- WPX-4364: Improved error message on API calls using unknown instance id.
- WPX-4438: Add new UAPI call to check the main website: WP::get_main_account_id.
- WPX-4531: Update wp-toolkit-cpanel to version 6.6.0-8876: speedup backup and clone.
- WPX-4555: Customize WHM page for CloudLiunx.
Implemented Case:
- WPX-3919: Ability to enable backup using Feature Manager.

Fixed Case(s):
- MOONS-1699: Corrected jump location for anchor links on the Edit Database Configuration page for WHM.
- RE-683: Provide API calls to facilitate account transfers with 2FA enabled.
- RE-726: Fixed the "SSH Password Authorization Tweak" for cases where the sshd configuration file has an include directory.
- RE-769: Assure Imunify360/AVPlus install happens exclusively.
- RE-771: For the timezone cookie, set the "Secure" attribute to true.
- RE-774: Perform nightly maintenance even if cPanel fails to update itself.
- RE-794: Update cpanel-php-sourceguardian to 15.0.2.
- RE-848: Update cpanel-php83 to v8.3.12 which addresses: CVE-2024-9026, CVE-2024-8925, CVE-2024-8926, & CVE-2024-8927.
- RE-873: Update cpanel-unbound to 1.21.1-1.cp110 (fixes CVE-2024-8508).

2024-09

126.1.0

released on 2024-09-24

Fixed Case(s):
- WPX-1988: Add Feature Manager for WP Squared in WHM.
- WPX-4110: Fix some UTF-8 character encodings in JS lexicon files which prevented some strings from being translated in the UI.
- WPX-4118: Optimize image loading during the create new domain and onboarding workflows.
- WPX-4132: Remove improperly formatted URLs to page resources that were breaking logout functionality.
- WPX-4150: Add a description to the password protection dialog to clarify the behavior.
- WPX-4172: Allow spaces in account login passwords. Add a validation warning when a space is not allowed in a password.
- WPX-4197: Fix a bug where the footer would overlap the forms on login pages on shorter screens.
- WPX-4225: When building a CA Bundle from the CA Issuer URI chain, don't stop at the first self-signed cert encountered in a P7C bundle.
- WPX-4236: Disallow starting maintenance mode with an empty timer.
- WPX-4246: Add a banner to EasyApache warning about making changes to profiles.
- WPX-4252: Fix bug that could prevent creating backups.
- WPX-4294: Ensure that UAPI Features indicates always on features are enabled.
- WPX-4318: Create Account: use the featurelist configured in the package instead of using 'default'.
- WPX-4329: Spanish translations (specifically Español de España) are now fully supported.
- WPX-4367: Update button text in the onboarding and new domain workflow to be more compatible with other languages.

Fixed Case(s):
- DUCKS-69: Install the cpanel-plugin-monitoring-campaigns.
- MOONS-1715: Collect consent privacy settings during initial setup.
- MOONS-1743: Angular 16 and dependency library upgrades.
- RE-600: Reduce timeouts in DNS Cluster interface by extending peer timeouts from 7->15.
- RE-616: Fix bug in Cpanel::NameServer::Conf::BIND where the disk cache was never consulted.
- RE-643: Fix invalid NFTables configuration after installation on some systems.
- RE-645: Update Munin to resolve directory ownership inconsistency.
- RE-671: Updated cpanel-unbound to 1.21.0.
- RE-676: Retire the cpanel-dovecot-xaps package and the associated UI in WHM for installing APNS certs.
- RE-677: Update cpanel-dovecot to 2.3.21-1cp108.
- RE-736: Default to hiding the password when creating an account via the CLI.
- RE-739: Update cpanel-php83 to v8.3.11.
- RE-742: Update scripts/migrate-pdns-conf to remove or rename config keys changed since the last update of the PowerDNS package.
- RE-742: Update cpanel-pdns to 4.9.1-2.cp112.
- RE-758: Update cpanel-git to 2.46.1-1.cp118.
- RE-779: Require oniguruma system package on RHEL systems to preserve existing installs on upgrade.

2024-08

124.1.5

released on 2024-08-29

Fixed Case(s):
- WPX-2785: Improve onboarding workflow by providing user with event based updates as website is being configured.
- WPX-3749: Allow cPanel accounts to be migrated to WP2.
- WPX-4065: Fix bug in db governor install process.
- WPX-4188: Add Simple::Accessor to fix-cpanel-perl.
- WPX-4205: Extend timeout for scheduled backups.
- WPX-4226: Update wp-toolkit-cpanel to 6.6.0-8779.

Fixed Case(s):
- HB-7784: Increase the max threads limit on account transfers.
- QUACKEN-14: Add hooks for Server Profile changes.
- RE-562: Fix Support Access Request popup in WHM when 2fa is enabled for the administrator's login.
- RE-595: Update phpPgAdmin to 7.13.0-3.cp110 to patch a PHP 8 compatibility issue.
- RE-610: Update cpanel-php83 to v8.3.10.
- RE-635: Prevent 3rdparty installs from cPanel locking when they try to install things.

124.1.4

released on 2024-08-16

Fixed Case(s):
- WPX-4071: Fix bad UX for user at max websites limit trying to create more websites.
- WPX-4097: Prevent whitespace in 'Reset Password' password form inputs.
- WPX-4133: Fix a failure when calling the WP Toolkit clone function while cloning a site.
- WPX-4145: Fix broken scheduled backups dialog.

Fixed Case(s):
- RE-590: Fixed GZIP environment variable warnings that were emitted into the backup logs.

124.1.2

released on 2024-08-14

Fixed Case(s):
- WPX-2815: Add support for locale selection during onboarding and in the account profile.
- WPX-3643: Hide the CDN token management interface when all websites are managed by host CDN configurations.
- WPX-3825: Custom icons now work in login pages and in all website creation and onboarding pages.
- WPX-3827: Backups system now respects package limits set for automatic backups too.
- WPX-3894: Add a role to enable and disable reseller functionality.
- WPX-3916: Ensure CloudLinux Pro license registration happens successfully.
- WPX-3920: SSL panel is now controlled by the feature API.

Fixed Case(s):
- CPANEL-44101: Fix bug post login where additional get params were not passed along when goto_uri was active.
- HB-7675: The "Advanced Zone Editor" ACL is enabled by default on fresh installs.
- HB-7697: Make 'Integration Links' a configurable option for backups and transfers.
- HB-7745: Silence locale string format warnings during backups.
- QUACKEN-14: Add hooks for Server Profile changes.
- RE-360: Update cpanel-pdns 4.9.1-1.cp122.
- RE-366: Update cpanel-unbound to 1.20.0-1.cp110.
- RE-449: Fix issue where the ipaliases service could sometimes start before the network adapater configured as ETHDEV was ready on systems using NetworkManager.
- RE-488: Add cpanel-boost-devel to the cpanel-devel target in rpm.versions.
- ZC-11958: WHMAPI and UAPI compatability for experimental/unsupported non-standard ALIAS records.
Implemented Case(s):
- QUACKEN-359: Angular apps and plugin localization.

2024-07

124.1.1

released on 2024-07-24

Fixed Case(s):
- WPX-2986: Update consent page styles.
- WPX-3419: Provide an API to register a website migrated manually.
- WPX-3451: NPS surveys should begin to appear for customers correctly.
- WPX-3460: Add customizable HTML pages for WHM HTTP errors.
- WPX-3711: Update wp-toolkit-cpanel to 6.5.0-8604.
- WPX-3750: Add a UAPI method to indicate if a user can configure account CDNs.
- WPX-3791: Fix frontend issue PHP Settings Error blocking access to the Advanced Tab.
- WPX-3805: Remove useless deferred targets during installation.
- WPX-3821: Fix broken table margins in Account Settings > CDN interface.
- WPX-3840: Correct the logic for the global WPTK setup.
- WPX-3880: Fix exception that occurred when running the wp2_setup_wptk install task.
Implemented Case(s):
- WPX-2843: Start using wp2.host instead of cprapid.com for hostname.
- WPX-3574: Implement WHM API 1 calls to control CDN host mode.

Fixed Case(s):
- CPPX-18627: phpMyAdmin and phpPgAdmin open their own tab.
- RE-395: Fixed the 'License User Limit Exceeded' banner.
- RE-414: Added the ability to read DMI tables on systems running SMBIOS v3.
- RE-471: Improve criteria for detecting cgroup containers.
- RE-532: Update cpanel-ioncube to 13.3.0-1.cp110 (contains PHP 8.3 loaders).
- RE-536: Update cpanel-php83 to v8.3.9.

124.1.0

released on 2024-07-10

Fixed Case(s):
- WPX-3133: Add backup quotas to be set at a package level by the WHM user.
- WPX-3158: Fix various icon buttons failing accessibility rules.
- WPX-3304: Add customizable HTML pages for WHM HTTP errors.
- WPX-3519: Update onboarding page image.
- WPX-3569: Update tooltip text for CDN when config is managed by host to be more informative to WP2 user.
- WPX-3585: In the forward dialog, the subdomain input no longer allows for duplicate domains, similar to the domains input.
- WPX-3616: Fix a bug where an existing domain can be forwarded to an addon domain.
- WPX-3624: Fix a bug where '&' was rendered incorrectly.
- WPX-3639: Modify account correctly updates user settings without altering the package.
- WPX-3645: Remove 'Clear' button from log view datepicker and improve user experience when filtering logs by date.
- WPX-3655: Update Extendify partner prefix to use 'CP-'.
- WPX-3664: Ensure newly created domains are configured to use 'remote' mail routing.
- WPX-3680: MariaDB 10.11 is now the default MySQL version.
- WPX-3696: Improve log view experience by opening log view in separate browser context.
- WPX-3704: Fix failing 'bootstrap_wp2' script.
- WPX-3710: Fix password visibility for login page.
Implemented Case(s):
- WPX-2989: Implement a 'View Log' interface so that a user may be able to quickly view log output, without downloading the data.

Fixed Case(s):
- CPANEL-44216: Remove default public grants on MariaDB 10.11.
- CPANEL-45617: Avoid "Service SSL Certificate Expires Soon" notification by renewing hostname certificates at the 30 day mark.
- CPANEL-45637: Update GeoIP to 122.0-2.cp122.
- CPANEL-45638: Update cpanel-geoipfree-data to 124.0-1.cp124.
- DUCK-10684: Add support for plugin WHM API specs.
- HB-7581: Remove vestigial logic for calendar_crypt_key in pre/post snapshot scripts.
- HB-7584: Add DAV client directory.
- PH-20739: Add proper prefix to Retently data properties.
- RE-423: Update cpanel-php83 to v8.3.8.
- ZC-11452: Add experimental/unsupported non-standard ALIAS records to zone editing (WHM and cPanel Advanced).
- ZC-11762: Remove error when activating/inactivating a ModSecurity Vendor include file which is already active/inactive.

2024-06

122.1.3

released on 2024-06-13

Fixed Case(s):
- WPX-2508: Add support for CDN mode controlled by host.
- WPX-2863: Setup CageFS configuration for cPanel when cagefs is enabled.
- WPX-3331: Add ability to select a custom WPToolkit set when creating one account.
- WPX-3455: Enable the MailRelay role for WP2.
- WPX-3456: Correct behavior when adding, modifying, and removing redirects.
- WPX-3555: Update wp-toolkit-cpanel to version 6.4.0-8445.
- WPX-3583: Fix issue where usage of a wildcard SSL certificate caused the advanced website details view to hang.
- WPX-3598: Fix broken anchor component that was always trying to download given URI, instead of navigating.
- WPX-3617: Fix button misalignment for Account Profile >> Reset Password.
Implemented Case(s):
- WPX-82: Additional changes to localizable phrases in preparation for translation.
- WPX-3009: Add interface for WP2 user to view a list of logs where they can download or delete the log.
- WPX-3339: Add a notification to the website details page when the WordPress version is not up-to-date.

Fixed Case(s):
- CPANEL-44152,CPANEL-44152: Force SQLite Roundcube conversion on MySQL 5.6 or Maria 10.0.
- CPANEL-44216: Remove default public grants on MariaDB 10.11.
- PH-20736: Add Mixpanel tracking to WHM Next Steps and Favorites.
- PH-20737: Add proper prefix to Retently data properties.
- PH-20741: Add "WHM" prefix to "Important-Next-Steps-Nav-Link" events.
- RE-351: Update Terms/Policy for ELS.

2024-05

122.1.2

released on 2024-05-29

Fixed Cases:
- WPX-1047: Remove some artifacts on failed site clone or creation.
- WPX-1494: Update maintenance mode dialog to match WP2 styles.
- WPX-3041: Add the Akismet plugin to the Default WP Set, and uninstall it during instance setup if it no longer exists in the default set.
- WPX-3079: Remove LiteSpeed banners from WHM
- WPX-3214: Check CloudLinux kernel to request reboot
- WPX-3393: Change Back2WP wording for wp-admin plugin.
- WPX-3504: Update wp-toolkit-cpanel to version 6.4.0-8410.

Fixed Cases:
- CPANEL-44045: Fix incorrect content for cpsess0/scripts/authorizesupport page.
- CPANEL-44139: Fix bug where postgres got uninstalled automatically as a dependency of CCS even if other things relied on it.
- CPANEL-44144: Fix template for SRV records when transferring accounts.
- CPANEL-44164: Add dbus-broker to the ignore list for find_outdated_services.
- HB-7561: Add support for ARC signing in Exim.
- HB-7603: Clean up error logging for some situations in cPDAV.
- MM-550: Assure CloudLinux conversion runs isolated for other installs.
- MOON-1936: Refactor Canary app for maintainability.
- MOON-1938: Refactor WHM Canary application.
- MOON-1942: Update table button styles.
- MOON-1943: Changes to integrate paginator with cp-table.
- PH-20726: Decrease the complexity of the cPanel & WHM Mixpanel instrumentation distribution strategy.
- PH-20732: Add account age attribute to Retently embed meta data.
- PH-20735: Emit analyticsInstanceLoaded event when mixpanel instance is initialized.
- RE-314: Switch to cpanel-php83 for use in whm and cpanel interfaces.
- ZC-11723: Remove tomcat 8.5 (EOL) API/UI.

122.1.1

released on 2024-05-13

Implemented Cases:
- WPX-3063: Add support for Extendify.
- WPX-2382: Add a NPS survey for customer feedback.
- WPX-2804: Update onboarind images and refactor pages to matching WP2 styles.
- WPX-3103: Support for Bring Your Own License (aka BYOL) with WP2.
Fixed Cases:
- WPX-2374: Handle CDNs during transfer and restore.
- WPX-3118: Move the MySQL Governor setup to run before first reboot during fresh WP2 installation.
- WPX-3139: Ensure that verify_api_spec_files runs after plugin installations are finished on fresh installs.
- WPX-3143: Color customization is complete on all elements.
- WPX-3229: Skip WordPress installation in account creation during restores.
- WPX-3234: Only load the Analytics template plugin when the cpanel-analytics pkg is installed.
- WPX-3258: The createacct API now properly applies package extension values.
- WPX-3308: Fix console error bug.
- WPX-3328: Resolve some WP2-related package installation failures by avoiding RPM lock contention.
- WPX-3345: Fix broken login page on session timeout.

Fixed Cases:
- BOO-3058: MariaDB 10.11 is now the default installed database on fresh installs.
- CPANEL-42459: Fixed subdomain restoration when the primary domain is parked under a subdomain.
- CPANEL-44057: Teach AutoSSL to automatically replace certs issued by the deprecated cPanel/Sectigo AutoSSL provider without requiring an override.
- CPANEL-44088: Update cpanel-php81 to 8.1.28-1.cp110.
- CPANEL-44144: Fix template for SRV records when transferring accounts.
- DUCK-10018: Add support for plugins to provide localized strings to the product.
- DUCK-10462: Fix some of component framework bugs.
- MOON-1924: Bump angular-ng packages version in rpm.versions.
- MOON-1929: Removing cpanel-cloud and routing from WHM.
- MOON-1930: Remove experimental accounts manger from product.
- MOON-1931: Removed connected-applications interface from WHM.
- MOON-1932: Add an empty row to the table component.
- MOON-1934: Changes to integrate search with the cp-table.
- MOON-1935: Updated canary app to show primary button on table.
- PH-20722: Embed Retently in-app script in WHM home page when the root and/or resellers have given analytics consent.
- RE-307: Upgrade PuTTY to 0.81.
- WPX-3212: Improve Let's Encrypt plugin installation and registration.
- WPX-3253: Reduce the time it takes to run the snapshot_prep MySQL task.
- ZC-11642: Prevent installer failure by ignoring some errors when setting system options which are not supported on Virtuozzo.
- ZC-11705: Update cpanel-pdns to 4.9.0-1.cp122.
- ZC-11746: Correct issue with transfer tool and modsecurity configs.

2024-04

122.1.0

released on 2024-04-15

Implemented Cases:
- WPX-720: Disable 'analog' and 'webalizer' webstats.
- WPX-2555: Update the UI with an improved CDN workflow.
- WPX-2618: Use EasyApache profiles from CloudLinux.
- WPX-2828: Update WHM's initial loading pages so that animation reflect correct product type the user has provisioned.
- WPX-2964: Enable CageFS on WP2 servers.
- WPX-2993: Always show File Manager icons if feature is available.
- WPX-3024: Update wp-toolkit-cpanel to build 6.3.0-8176 (CageFS improvements).
- WPX-3066: Update the onboarding theme cards to be in line with the overall visual look.
- WPX-3103: Initial support for Bring Your Own License (aka BYOL) with WP2 (need updated installer).
Fixed Cases:
- WPX-869: Fix content jump on the plugins table when activiating and deactivating a plugin.
- WPX-1246: Fix bugs on how plugins display with all metadata is not present.
- WPX-2686: Fix the background color to be correct regardless of screen size.
- WPX-2705: Prevent restores of accounts that were packaged on newer systems.
- WPX-2786: Fix situation where user clicks on button to open maintenance mode form and a tab opens the maintenance mode site as well.
- WPX-2925: Fix warnings related to email and live transfer for WP2.
- WPX-2971: Fix 'back' button alignment for Smart PHP interface.
- WPX-3127: Fix an issue when creating account and lvephpsel feature is mising.

Fixed Cases:
- BC-6610: Update to exim 4.97.1.
- CPANEL-42129: Remove deprecated scripts/check_cpanel_rpms replaced by scripts/check_cpanel_pkgs.
- CPANEL-43653: Adjust plugin download temporary directory permissions to allow apt to successfully download as a non-root user.
- CPANEL-43922: Do not block upgrades to 118 if the openssl rpm is not installed.
- CPANEL-43964: Teach find_outdated_services to ignore CL spacewalk errors.
- CPANEL-43966: Fix bug in conditional processing for Webmail's sitemap.json.
- CPANEL-44058: Fix bug in elfinder_connector.cgi when API call logging is enabled.
- DUCK-10195: Add component injection points to cPanel, Webmail and WHM.
- DUCK-10303: Add mixpanel tracking to feature showcase action items.
- EK-172: Improve Let's Encrypt plugin installation and registration.
- HB-7493: Fix cpapi2 Email has_delegated_mailman_lists.
- HB-7537: Fix minor bug in CPDAVD functions for UAPI.
- QDP-2581: Correct issues in Apt and Yum access.
- WPX-2960: Update cpanel-geoipfree-data to 122.0-1.cp122.
- WPX-3001: Add the server's current version to pkgacct archives.
- ZC-11574: Allow cPanel and CloudLinux EA4 profiles to coexist.
- ZC-11669: Performance improvement for package listing on apt systems.
- ZC-11700: Correct problem where transfer is removing modsec vendors.

2024-03

120.1.2

released on 2024-03-27

Fixed cases:
- WPX-2996: Fix setup_mysql_governor logic for MariaDB1011

120.1.1

released on 2024-03-18

This is the first release of WP Squared. That version contains all the change from the previous 119.8999.67 beta release.

You can know more about previous beta releases.

WP Squared Changelog

2026-05 #

138.1.2 #

WP2 related changes #

138.1.1 #

cPanel related changes #

138.1.0 #

WP2 related changes #

cPanel related changes #

136.1.16 #

cPanel related changes #

136.1.15 #

cPanel related changes #

136.1.13 #

WP2 related changes #

136.1.12 #

cPanel related changes #

136.1.11 #

WP2 related changes #

136.1.10 #

cPanel related changes #

136.1.8 #

cPanel related changes #

2026-04 #

136.1.7 #

WP2 related changes #

cPanel related changes #

136.1.6 #

WP2 related changes #

cPanel related changes #

136.1.5 #

WP2 related changes #

cPanel related changes #

2026-03 #

136.1.4 #

WP2 related changes #

cPanel related changes #

2026-02 #

136.1.3 #

WP2 related changes #

cPanel related changes #

136.1.2 #

WP2 related changes #

cPanel related changes #

136.1.1 #

WP2 related changes #

2026-01 #

136.1.0 #

WP2 related changes #

cPanel related changes #

2025-12 #

134.1.3 #

cPanel related changes #

134.1.2 #

WP2 related changes #

cPanel related changes #

134.1.1 #

WP2 related changes #

cPanel related changes #

2025-11 #

132.1.9 #

WP2 related changes #

cPanel related changes #

132.1.7 #

WP2 related changes #

cPanel related changes #

132.1.6 #

cPanel related changes #

2025-09 #

132.1.5 #

WP2 related changes #

2025-08 #

132.1.4 #

WP2 related changes #

132.1.3 #

WP2 related changes #

cPanel related changes #

2025-07 #

132.1.1 #

WP2 related changes #

2026-05

138.1.2

WP2 related changes

138.1.1

cPanel related changes

138.1.0

WP2 related changes

cPanel related changes

136.1.16

cPanel related changes

136.1.15

cPanel related changes

136.1.13

WP2 related changes

136.1.12

cPanel related changes

136.1.11

WP2 related changes

136.1.10

cPanel related changes

136.1.8

cPanel related changes

2026-04

136.1.7

WP2 related changes

cPanel related changes

136.1.6

WP2 related changes

cPanel related changes

136.1.5

WP2 related changes

cPanel related changes

2026-03

136.1.4

WP2 related changes

cPanel related changes

2026-02

136.1.3

WP2 related changes

cPanel related changes

136.1.2

WP2 related changes

cPanel related changes

136.1.1

WP2 related changes

2026-01

136.1.0

WP2 related changes

cPanel related changes

2025-12

134.1.3

cPanel related changes

134.1.2

WP2 related changes

cPanel related changes

134.1.1

WP2 related changes

cPanel related changes

2025-11

132.1.9

WP2 related changes

cPanel related changes

132.1.7

WP2 related changes

cPanel related changes

132.1.6

cPanel related changes

2025-09

132.1.5

WP2 related changes

2025-08

132.1.4

WP2 related changes

132.1.3

WP2 related changes

cPanel related changes

2025-07

132.1.1

WP2 related changes

cPanel related changes