Headline
CVE-2019-13385: ChangeLog for CentOS 7 | Control Web Panel
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.840, File and Directory Information Exposure in filemanager allows attackers to enumerate users and check for active users of the application by reading /tmp/login.log.
New Version (coming soon)
Now in 2019, we release new version multiple times a week and sometimes even multiple times per day.
Version 0.9.8.651 – 0.9.8.747 (released 21/05/2018-09/12/2018 )
Security
– [New Feature] Implementation of anti XSS token for the GUI
New WebServers
– [New Feature] Define per domain webservers, now you can use different webservers per domain
– [New Feature] prepared for AI-Robot so Artificial Intelligence can take over the control on it
– [New Feature] Define global default server vhost templates for apache/nginx/varnish/php-fpm
– [New Feature] Define per domain vhost templates for apache/nginx/varnish/php-fpm
– [New Feature] Error detection in vhost build for apache/nginx/varnish/php-fpm
– [UPDATE] latest versions of the webservers apache/nginx/varnish
– [UPDATE] AutoSSL: more stable domain validation check
New Varnish
– [New Feature] Varnish makes your site look like static html, it doesn’t need to run php-cgi/php-fpm for each request.
– [New Feature] Website continues to work as cached even if apache is down
– [New Feature] more advanced templates with better cache in memory
– [New Feature] per domain templates and configs which you can modify and build your own
– [New Feature] it can run now as a cache server in front of Tomcat,nodejs,ruby…
AI-Robot (Artificial Intelligence for cwp)
Artificial intelligence integration, we have integrated “AI-Robot” artificial intelligence system which has started to learn system issues and soon it will be able to handle errors and automatically recover the system services.
PHP/PHP-FPM
– [New Feature] PHP-FPM default setup with cache and with fastest unix sockets
– [New Feature] PHP Pecl Manager for all PHP builders
– [New Feature] PHP-FPM Selector with many custom options (automatic install of dependencies)
– [New Feature] Predefined vhost templates for better performances
– [New Feature] Custom templates for php-fpm, you can use custom per domain
– [UPDATE] latest versions of the PHP
– [UPDATE] New PHP 7.3.0, please use only for beta testing
– [UPDATE] for all php builders automatic detection if build is already running
– [UPDATE] PHP Selector with many versions and options (automatic install of dependencies)
Other Modules
– [New Feature] New DNS Zone Editor with error detection and now much more advanced
– [New Feature] New Mod Security Manager
– [New Feature] Automatic update manager for 3rdParty scripts like, roundcube, phpmyadmin…
– [New Feature] User notifications
– [UPDATE] Improved cwp to cwp migration tool, we are still working on it to make it even better
– [UPDATE] MySQL Manager: edit user password
User Panel [New Design]
– [SECURITY] Implementation of anti XSS token for the GUI
– [New Feature] New Advanced File Manager
– [New Feature] New Modern Design
– [New Feature] Search integration for menu and icons
– [New Feature] Sound alerts
– [New Feature] Pagination for all modules
– [New Feature] Advanced editor integration for php.ini
– [UPDATE] Cron Manager error detection
* We have also fixed many other reported bugs
Version 0.9.8.448 – 0.9.8.651 (released 08/02/2018-21/05/2018)
– [New Feature] cgroups for centos 7 (limit resource per user, eg. set cpu limit to 50%)
– [New Feature] Main left menu search option
– [New Feature] Manage User crons from the admin panel
– [New Feature] New Notifications handler with email alerts
– [New Feature] New Ulimits Module -Show all user processes and limits (good for debugging)
– [New Feature] Monit Monitoring (advanced tool for monitoring server services and resources)
– [New Feature] MySQL Manager now has security and optimization tests integrated
– [New Feature] Security Tools – Maldet Scan – Scan websites for malware
– [New Feature] Security Tools – RKHunter Scan – Scan server for rootkits, backdoors
– [New Feature] Security Tools – Lynis Scan – Scan server for system hardening
– [New Feature] Security Tools – Symlink scan – Scan user accounts for symlinks
– [UPDATE] New SSL Manager with additional auto-download for chain certificates
– [UPDATE] Latest PHP versions (used in switcher/selector)
– [UPDATE] Apache latest version rpm + rebuilder/compiler
– [UPDATE] New Security checks in the Security Advisor via new notifications
– [BUGFIX] Fixed all reported bugs with the cpanel account migration
– [BUGFIX] Fixed bugs in the account transfer tool
– [BUGFIX] Fixed bugs in the Mail server manager related to rebuild
– [BUGFIX] Fixed bugs with API
User Panel []
– [SECURITY] Big security update for user panel, many issues have been resolved
– [New Feature] AutoSSL- Install/remove Free SSL from the user panel
– [UPDATE] Improved DNS zone editor
* We have also fixed many other reported bugs
Version 0.9.8.359 – 0.9.8.448 (released 29/09/2017-07/02/2018)
– [UPDATE] PHP 7.2
– [UPDATE] New admin panel design upgrade
– [New Feature] Theme manager for User Panel
– [New Feature] Language manager for User Panel
– [New Feature] New cPanel migration tool running in background
– [New Feature] New CWP to CWP migration tool
– [New Feature] New Advanced Backup Manager
– [New Feature] New Advanced API Manager with permissions
New user Panel (demo)
– [New Feature] All new, too many things to have them listed here, you simply need to check it!
Fixed many many other reported bugs
Version 0.9.8.334 – 0.9.8.359 (released 26/06-29/09/2017)
– [UPDATE] Added Apache 2.4.26, 2.4.27
– [UPDATE] PHP 5.6.31, 7.0.21, 7.0.22, 7.0.23, 7.0.24, 7.1.6, 7.1.7, 7.1.9, 7.1.10
– [UPDATE] PHP selector delete unwanted php version with single click
– [UPDATE] AutoSSL: manualy start and force auto renewal
– [New Feature] Included manager for new user panel compatibility
– [BUGFIX] IonCube installer fixed issue with php 7.0 & 7.1
– [BUGFIX] Zendguard loader5.5, 5.6 improved installer
– [BUGFIX] AutoSSL reported bugs fixed
– [BUGFIX] Improved security
Fixed many other reported bugs
Version 0.9.8.315 – 0.9.8.333 (released 28/04-25/06/2017)
– [UPDATE] detailed cleanup of removed accounts
– [UPDATE] yum manager improvement
– [UPDATE] New PHP versions added 7.0.20 and 7.1.5
– [UPDATE] php selector new versions of php
– [UPDATE] apache 2.4.26 (has security updates)
– [New Feature] new ftp manager for admin
– [New Feature] bandwidth monitor (incoming/outgoing for all interfaces)
– [BUGFIX] php switcher bug fix
– [BUGFIX] autossl bugfix
– [BUGFIX] mod security installer bug fix
– [BUGFIX] vhost rebuild bug fix
– [BUGFIX] mail queue module bug fix
– [BUGFIX] mail explorer module bug fix
Fixed many other reported bugs
Version 0.9.8.291 – 0.9.8.314 (released 23/03-28/04/2017)
– [UPDATE] New PHP versions added 7.0.18 and 7.1.4
– [UPDATE] Improved SSL Manager (fixed autoSSL bugs)
– [UPDATE] Improved backups (now weekly and monthly use hard links and can reduce total backup size up to 65%)
– [New Feature] Ajax disk usage checker (check your disk space usage per folder)
– [New Feature] New Varnish configuration editor
– [New CWPpro] Yum Package and Repository Manager
– [SECURITY] SECURITY BUG FIXED
Prevention of Cross-site Scripting (XSS) Attack by Esmaeil Rahimian (Security Research from SecureHost) [email protected]
Fixed many other reported bugs
Version 0.9.8.266 – 0.9.8.290 (released 01-22/03/2017)
– [BUGFIX] ioncube update scripts
– [BUGFIX] sysstat graph errors
– [BUGFIX] PHP Selector fixed php 7
– [BUGFIX] Advanced File Manager bugs
– [BUGFIX] Mail Server rebuild
– [BUGFIX] SSL redirection for cwp services
– [BUGFIX] Fixed security advisor multiple messages
– [UPDATE] Php Switcher new additional modules and new php versions
– [UPDATE] PHP Selector update of all php versions and added php 7.0, 7.1
– [UPDATE] SSL Cert Manager now with more detailed info from the certificate files
– [New Feature] AutoSSL option when creating new account, domain or subdomain from admin panel
– [New Feature] AutoSSL for Hostname
– [New Feature] Nice and Fast Ajax upgrade for list accounts, domains and subdomains.
– [New Feature] New Varnish configuration editor
– [CWPpro] Yum, number of available packages upgrades at login into cwp
Version 0.9.8.250 – 0.9.8.265 (released 21-28/02/2017)
– [New Feature] Sysstat graphs
– [UPDATE] Higher grade for apache SSL
– [UPDATE] PHP Switcher_v2 Configuration Upgrade and Bugs Fixed
– [BUGFIX] File Manager bug fixed, and few smaller bug in the gui
Version 0.9.8.248 – 0.9.8.249 (released 21/02/2017)
– [UPDATE] PHP Switcher added extensions: intl, pspell, tidy, wddx
– [BUGFIX] Fixed several bugs
Version 0.9.8.240 – 0.9.8.247 (released 17/02/2017)
– [New Feature] NEW friendly PHP Version Switcher with many addons and more to come…
– [UPDATE] Update of PHP versions: 7.1.2, 7.0.16, 5.6.30
– [Old Removed] Old PHP Version Switcher removed from the left menu but still exists.
– [BUGFIX] Fixed several bugs
Version 0.9.8.239 (released 13/02/2017)
– [BUGFIX] Fixed bug with softaculous remove mysql user.
Version 0.9.8.237 & 0.9.8.238 (released 11/02/2017)
– [New Feature] LiteSpeed Enterprise integration with CWP
13/02/2017
…we were working very hard to make CWP work with CentOS 7 so we have done many changes are unfortunately there is no any info what was done before in which version.