Announcing:
LiteSpeed Plugin for cPanel v2.4.7 and LiteSpeed Plugin for WHM v5.3.1.0
In this update: Important security update!.
cPanel RELEASE LOG:
[Security] Drop privileges before removing new-LSCWP flag file to eliminate symlink-race window.
[Security] Use CSPRNG and constant-time comparison for ACME pre-validate token.
[Security] Fix TOCTOU exposure of Let's Encrypt account key.
[Security] Scope fetch_vhost_ssl_components API call to the authenticated user.
[Security] Harden deserialization and EC cert key file permission checks.
[Security] Pin translation-file wget to cPanel CA bundle for TLS verification.
WHM RELEASE LOG:
[Security] Validate QuicCloud IP feed integrity before writing knownproxies file.
[Security] Fix reflected XSS in input_text and input_password form helpers.
[Security] Harden adminbin caller-trust validation.
[Security] Replace shell-string EXEC_ISSUE_CMD with structured argument passing.
[Improvement] Default cPanel plugin auto-install to OFF on fresh installations.
https://www.litespeedtech.com/products/litespeed-web-server/control-panel-support/release-log
Cheers!
LiteSpeed Plugin for cPanel v2.4.7 and LiteSpeed Plugin for WHM v5.3.1.0
In this update: Important security update!.
cPanel RELEASE LOG:
[Security] Drop privileges before removing new-LSCWP flag file to eliminate symlink-race window.
[Security] Use CSPRNG and constant-time comparison for ACME pre-validate token.
[Security] Fix TOCTOU exposure of Let's Encrypt account key.
[Security] Scope fetch_vhost_ssl_components API call to the authenticated user.
[Security] Harden deserialization and EC cert key file permission checks.
[Security] Pin translation-file wget to cPanel CA bundle for TLS verification.
WHM RELEASE LOG:
[Security] Validate QuicCloud IP feed integrity before writing knownproxies file.
[Security] Fix reflected XSS in input_text and input_password form helpers.
[Security] Harden adminbin caller-trust validation.
[Security] Replace shell-string EXEC_ISSUE_CMD with structured argument passing.
[Improvement] Default cPanel plugin auto-install to OFF on fresh installations.
https://www.litespeedtech.com/products/litespeed-web-server/control-panel-support/release-log
Cheers!