Announcing:
LiteSpeed Plugin for cPanel v2.4.8 and LiteSpeed Plugin for WHM v5.3.2.1
In this update: Important security update!.
cPanel RELEASE LOG:
[Security] CRITICAL: Additional symlink hardening to address a reported exploit that allowed an authenticated cPanel user to escalate privileges to root.
[Security] Harden user logger input handling.
[Security] Harden SSRF guards.
[Security] Encode WordPress install paths in LSCWP manage view.
[Security] Improve shell argument escaping.
WHM RELEASE LOG:
v5.3.2.1
---
[Bug Fix] Fixed CSRF issues on certain pages.
v5.3.2.0
---
[Security] Additional symlink hardening.
[Security] Add additional binary integrity checks.
[Security] Convert state-changing plugin UI actions from GET to POST.
[Security] Additional XSS hardening.
[Security] Add in-plugin CSRF.
[Security] Improve encoding on container manager and stats views.
[Security] Improve WHM and LSWS installation logic.
[Security] Improve lsns_common.sh validation.
[Security] Reject leading-dash and empty identifiers in redis user/package validation.
[Security] Harden lsns script commands.
[Security] Harden WHM entry logic.
[Security] Harden WHM utility URL fetch logic.
https://www.litespeedtech.com/products/litespeed-web-server/control-panel-support/release-log
Cheers!
LiteSpeed Plugin for cPanel v2.4.8 and LiteSpeed Plugin for WHM v5.3.2.1
In this update: Important security update!.
cPanel RELEASE LOG:
[Security] CRITICAL: Additional symlink hardening to address a reported exploit that allowed an authenticated cPanel user to escalate privileges to root.
[Security] Harden user logger input handling.
[Security] Harden SSRF guards.
[Security] Encode WordPress install paths in LSCWP manage view.
[Security] Improve shell argument escaping.
WHM RELEASE LOG:
v5.3.2.1
---
[Bug Fix] Fixed CSRF issues on certain pages.
v5.3.2.0
---
[Security] Additional symlink hardening.
[Security] Add additional binary integrity checks.
[Security] Convert state-changing plugin UI actions from GET to POST.
[Security] Additional XSS hardening.
[Security] Add in-plugin CSRF.
[Security] Improve encoding on container manager and stats views.
[Security] Improve WHM and LSWS installation logic.
[Security] Improve lsns_common.sh validation.
[Security] Reject leading-dash and empty identifiers in redis user/package validation.
[Security] Harden lsns script commands.
[Security] Harden WHM entry logic.
[Security] Harden WHM utility URL fetch logic.
https://www.litespeedtech.com/products/litespeed-web-server/control-panel-support/release-log
Cheers!