Server Software and Configuration Services
Changes: Fixed location of msfe.div in WHM UI Sanitised user data input to prevent running unauthorised commands via the UI. A user would require root access to exploit this, so risk is low Changed backtick calls to use Open3
Changes: Security – Added UI Restricted Mode which is enabled by default. This disables features in the UI that could allow abritrary commands to be run as root and system files to be overwritten. To enable unrestricted access to the…
Changes: Implement slurp routine for configuration files to cater for incorrect linefeeds Improvements to forced quarantine feature within –xtra [file] and updated instructions provided in cxs.xtra.example Security – Quarantine improvements Exploit fingerprint definitions database additions
Changes: Sanitised user data input to prevent running unauthorised commands via the UI. A user would require root access to exploit this, so risk is low Changed backtick calls to use Open3
Changes: Fixed selected queue run based on sender Also fixed BCC field email release
Changes: Sanitised user data input to prevent running unauthorised commands via the UI. A user would require root access to exploit this, so risk is low
Changes: Security Fix – Sanitised user data input to prevent running unauthorised commands via the UI. A user would require root access to exploit this, so vulnerability is probably low. Thanks to Steven at Rack911.com for reporting this issue Added…
Changes: Modified auto-update logic to only create the file if it does not already exist Fix permissions on csf man file and directory Modified webmin module paths to be relative rather than absolute so that webmin via mod_proxy works…
Changes: Implemented hfile ignoring for ratelimiting in cxs Watch Implemented ignore caching in cxs Watch for ratelimited files HTTP::Tiny upgraded to v0.033 Exploit fingerprint definitions database additions
Changes: Introduced a new directory structure to get closer to the Linux Filesystem Hierarchy Standard (FHS): /etc/csf/ – (mostly) configuration files /var/lib/csf/ – temporary data files /usr/local/csf/bin/ – scripts /usr/local/csf/lib/ – perl modules and static data /usr/local/csf/tpl/ – email alert…