Server Software and Configuration Services
New MailScanner Front-End v4.44
Changes:
- Security – Restricted access to MailScanner Configuration options that could be exploited on a compromised server
ConfigServer Services Blog
New csf v6.23
Changes:
- Security – added new option RESTRICT_UI. This options restricts the ability to modify settings within csf.conf from the csf UI. Should the parent control panel be compromised, these restricted options could be used to further compromise the server. This option is enabled by default on all installations
- Added entries to csf.pignore on new installations on cPanel servers for Dovecot v2.2 (cPanel v11.40+)
- Fixed UI Template validation error message
New cxs v3.04
Changes:
- Security – Fixed file view from quarantine – reported by Rack911
- Security – Further improved UI form data sanitisation
- Bolstered the UI warning with regard to disabling Restricted Mode
New cxs v3.03
Changes:
- Fixed broken UI items
- Improvements to the ignore logic
- Improved UI form data sanitisation
- Exploit fingerprint definitions database additions
New MailScanner Front-End v4.43
Changes:
- Fixed location of msfe.div in WHM UI
- Sanitised user data input to prevent running unauthorised commands via the UI. A user would require root access to exploit this, so risk is low
- Changed backtick calls to use Open3
New cxs v3.02
Changes:
- Security – Added UI Restricted Mode which is enabled by default. This disables features in the UI that could allow abritrary commands to be run as root and system files to be overwritten. To enable unrestricted access to the UI remove /etc/cxs/cxs.restricted
- Added UI option to completely disable the UI by creating the file /etc/cxs/cxs.disableui
New cxs v3.01
Changes:
- Implement slurp routine for configuration files to cater for incorrect linefeeds
- Improvements to forced quarantine feature within –xtra [file] and updated instructions provided in cxs.xtra.example
- Security – Quarantine improvements
- Exploit fingerprint definitions database additions
New cmm v1.22
Changes:
- Sanitised user data input to prevent running unauthorised commands via the UI. A user would require root access to exploit this, so risk is low
- Changed backtick calls to use Open3
New cmq v1.16
Changes:
- Fixed selected queue run based on sender/recipient. Also fixed BCC field email release
New cmq v1.15
Changes:
- Sanitised user data input to prevent running unauthorised commands via the UI. A user would require root access to exploit this, so risk is low