-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 SEC-650 Summary cPanel Visitors UI does not always display direct apache access Security Rating cPanel has assigned this vulnerability a CVSSv3.1 score of 5.3 CVSS:3.1AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Description If nginx is installed, then the cPanel Visitors UI does not display direct hits to the apache webserver. This could prevent a cPanel user from seeing malicious requests to their website. Credits This issue was discovered by John Lightsey Solution This issue is resolved in the following builds: 11.107.9999.94 11.106.0.9 11.102.0.24 SEC-651 Summary Nginx stops logging all requests after log rotation via cpanellogd Security Rating cPanel has assigned this vulnerability a CVSSv3.1 score of 5.3 CVSS:3.1AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Description If nginx is installed, and piped logging (splitlogs) are disabled, then nginx will stop logging all requests after the logs are rotated via cpanellogd. Credits This issue was discovered by John Lightsey. Solution This issue is resolved in the following package: ea-nginx-1.23.1-9 -----BEGIN PGP SIGNATURE----- iQJIBAEBCAAyFiEEtnCbTMb0IHf2mEGRlSG+3KvZTd8FAmNEShwUHHNlY3VyaXR5 QGNwYW5lbC5uZXQACgkQlSG+3KvZTd+8Dg//TT7sJzdnJZ9W4JSwELZSzYPWmMSj Q+o5v2a78/lk+WLswfT01WeGi1o3xQcYE4110gb9iR3eJ4TRO2TRU5ng112Mdjpd QYkSeMW6qaHiHIsucEmhKx0WRs1xfl9cnSRi7ctFKcUwOn/+VJ/pCn2/lJpumBTZ 5EozrHr8rtyGBoxvBjX+7aSkxWi9RV8Oz0QPzTXnA2Xzix9ZtEBfn88yUu3YkQmf YYa/dCq+5UsfneW17YL2QTwHAddIq3hug9xNQ/DFVjFtqrpQfIHbg8YTn7lb9xFp eXjJu3yvyauy6FvJGXaOagy+fKwMDlbvoQhvlxvpsiOw2lIIT3u4vUgBu9Nnjn/0 2xiBRnfmyrLTDtDqUYWys9PzvVhhqUcFnJZ+xVjZxkmc96KG0sRsA8zVt90qZwZ0 5n3TEHsKzT3yWk43Mik6PDFwjg86lAOf7vYFXwfgb/Bnou9LTBIIf+R7lPZhvth+ icjBAmkotB4kgJbIixQvbI1xoGP+zYHwzR3/yXjGr58Je4jjPc7NsiT+nv2Ikpn1 dQ81lBLRh1M8as9NsE+6Ags8cbzMEJeCi0zobPKLKbGNaJOfnaBe9C7gYodW+B7p aDsnszGteVaKCbdQSitaqaf3td+bt2hNkc99zSC7mb8VrGURdOPMPVS6OR7/POBW mBPTZ1g0RoG86Sc= =GxH6 -----END PGP SIGNATURE-----