Server Software and Configuration Services
New cxs v6.33
Changes:
- Added workaround for cPanel users with non-standard characters in addon domain documentroot
General
New csf v10.04
Changes:
- Added error message to RECAPTCHA_* if the non-priveleged user cannot write to its home directory
- Further improvements to RECAPTCHA_* hostname check
New csf v10.03
Changes:
- Added new option MESSENGER_HTTPS_SKIPMAIL on cPanel installations. This option ignores ServerAlias definitions that begin with “mail.”. This can help with memory usage on systems that do not require the use of MESSENGER_HTTPS on those subdomains. The option is enabled by default on cPanel servers
- Improved RECAPTCHA_* hostname check
- Cluster CLI can now block CIDRs, e.g LF_NETBLOCK blocks will be applied cluster-wide
New csf v10.02
Changes:
- Modified Messenger HTTPS to cater for a wider range of Apache VirtualHost formatting
- Added Messenger HTTPS workaround for servers using PEM but a version of IO::Socket::SSL that does not yet support it (pre v1.988)
- Added Messenger HTTPS warning in csf.conf regarding memory usage on some servers using the option
- Added java binary for cPanel solr process to csf.pignore on new and existing servers
New csf v10.00
Changes:
- Added new feature to MESSENGER: MESSENGER_HTTPS*. See /etc/csf/csf.conf for more detail. This option redirects blocked IP addresses that connect over an HTTPS connection (port 443) to the HTML MESSENGER service. The option uses existing SSL certificates on the server for each domain to maintain a secure SSL SNI connection without browser warnings. The setting is disabled by default
Note: The perl module IO::Socket::SSL (v1.83+) with support for SNI must be available to use MESSENGER_HTTPS* otherwise it will be disabled
- Added new feature to MESSENGER: Google ReCAPTCHA (v2) to allow those blocked in the firewall to unblock themselves. See RECAPTCHA_* in /etc/csf/csf.conf for more details and limitations
- Added MESSENGER procedure to restart listening sub-process if it has died
- Moved MESSENGER processes to a separate module
- Ensure that all forked processes terminate appropriately
- On cPanel servers, use the cPanel WHM Template to support the new v64 UI layout (as best we can to maintain the look that we want)
- Modified the cPanel csf ACL metadata and driver Perl modules to match new requirements for v64 and also maintain backwards compatibility
New cxs v6.32
Changes:
- Ensure that empty decoded text and the md5sum for an empty file is always ignored
New cxs v6.30
Changes:
- Added a new Universal decoder. This attempts brute-force against PHP scripts containing base64 data and can greatly improve decoding performance over other included decoders
- Improved recent advanced decoder
- Perl module Compress::Zlib added to requirements (should be installed by default with perl)
New cxs v6.29
Changes:
- Added new advanced PHP decoders
New cxs v6.28
Changes:
- Correct POD documentation regarding –Wmaxchild
- Ensure that original self-contained inline PHP zip file is quarantined rather than zip file member
New csf v9.30
Changes:
- Fix to try and resolve cluster send/recv issues (Note: _All_ members of the cluster need to be running v9.30 for clustering to function correctly)