-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

cPanel TSR-2021-0006 Announcement

cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.

cPanel has rated this update as having a CVSSv3.1 score of 1.8 to 5.3.

Information on cPanel's security ratings is available at https://go.cpanel.net/securitylevels.

If your deployed cPanel & WHM servers are configured to automatically update when new releases are available, then no action is required. Your systems will update automatically. If you have disabled automatic updates, then we strongly encourage you to update your cPanel & WHM installations at your earliest convenience.

RELEASES

The following cPanel & WHM versions address all known vulnerabilities:

94.0.18 & Greater
98.0.12 & Greater
100.0.3 & Greater

The latest public releases of cPanel & WHM for all update tiers are available at http://httpupdate.cpanel.net.

SECURITY ISSUE INFORMATION

There is no reason to believe that these vulnerabilities have been made known to the public. As such, cPanel will only release limited information about the vulnerabilities at this time.

Once sufficient time has passed, allowing cPanel & WHM systems to automatically update to the new versions, cPanel will release additional information about the nature of the security issue.

This Targeted Security Release addresses two vulnerabilities in cPanel & WHM software versions 94, 98, and 100.

Additional information is scheduled for release the following day.

For information on cPanel & WHM Versions and the Release Process, read our documentation at: https://go.cpanel.net/versionformat

-----BEGIN PGP SIGNATURE-----

iQJIBAEBCgAyFiEEtnCbTMb0IHf2mEGRlSG+3KvZTd8FAmGShdsUHHNlY3VyaXR5
QGNwYW5lbC5uZXQACgkQlSG+3KvZTd8gQw/9GquYE/IhziTQnxtCp4wQh62ubT4C
26D8tUU86HmScz7o5HzqvHR+rhcHqUQgE1E8441mZDBE999RNA/dgEwD+zl2lCIQ
R8De/GL3fsi1kV6UGUYREJLFr4Wfg8M6vlA2iY9oPeNbTQiPjPdo8icWz7sfeHWh
6zgIpy4YA9lu+01EBYHo56lwkECh5r1mMYgFLArS9gnOnCy3YwurFf/X1WYQQ1tY
AlQ1M2uaCR9LdDrzFQKOyxuixqEQ1X838Xv/+X64xtix1HO1Qp0F8WwMlYRLDH9I
DDm80d3ptERdfHqqmxgcf2MJc/u1cIdb6gPdxatDFCQiw/tjehUlaOeo2O5M6UVr
YcmqYVvT3DzmR1vPPOj3SHV5VIdNbNALb8zSwE/SsVe1RoUtaygTj5AZoh9aKCBp
J8niXCmrWZiuMPh1MgLJ3U7KdqxZUkU6p7DYYq+Dd6Qfx9OsfT7cEFUjc19KbFsp
kaADstCMoG2/S6J4yuL+ipZH30rK+ze1BTAGwLz+YIowTdl4m24vuCngZBDEuuKB
ATy5oSfSg9WCvkhQB5dlLjqKMgwEjkT9fLeEtvxeiCR3sG74B+UUeQJSH4ovQXpb
8xhY2FUq7tafpfN52/EIUEITtlHxA0mGw8pWyD77urAyDSPyxWfjTk3ZODNVgJyX
X2ui338IOP3Mrdg=
=kzZc
-----END PGP SIGNATURE-----