CyberPanel v2.3.1 Released – Security Release

I am happy to announce that CyberPanel v2.3.1 has been released. This update brings tons of security and bug fixes to CyberPanel.

During this time we’ve also launched our new site and new community forums.

Right now CyberPanel is the only free control panel that is fully audited by RACK911 Labs for any security issues, team from RACK911 Labs is known for fixing security issues in web hosting industry. Apart from that we’ve brought some new features too:

1. You will now be able to see weather you are on latest commit from Version Management in CyberPanel
2. Root Level File Manager (Paid Feature)
3. Google Drive Backups Retention (Paid Feature)
4. Make Mautic 4.1.2 as default during installation

We’ve worked really hard so that you can use CyberPanel in mult-user environment with peace of mind.

Security Fixes

Please update your CyberPanel to v2.3.1 as soon as possible.

1. security fix: CP-01: Installation improper permissions
2. CP-05: Command Line Tools Type Insecure Processes Risk Medium
3. CP-10: Admin – Websites – Suspend / Unsuspend
4. CP-11: Admin – Packages – Delete Package
5. CP-12: Admin – Packages – Modify Package
6. CP-13: Admin – Back Up – Create Back Up
7. CP-14: Admin – Back Up – Create Back Up
8. CP-16: Admin Back Up Start Transfer
9. security fix: CP-17: Admin – Security – CSF
10. security fix: CP-18: Users – Create New User
11. security fix: CP-21: Websites – Create Website
12. security fix: CP-22: Websites – Modify Website
13. security fix: CP-24: Manage Website – Domain Alias (Delete)
14. security fix: CP-26: Manage Website – File Manager – Upload
15. Security: Prevent leaking load average dat
16. Security: PyYAML dependency update
17. Security: Multiple CVE dependency update
18. resolve https://www.exploit-db.com/exploits/50230
19. securify fix: CP-29: Manage Website – SMTP Hosts – Verify
20. securityfix: CP-30: Manage Website – Compose
21. security fix: CP-33: Manage Website – Git
22. security fix: CP-36: DNS – Add / Delete Records
23. bug fix: CP-17
24. CP-19: Additional Domains to Block
25. CP-21: Additional Security
26. Fix CVE-2021-32839

Bug Fixes

1. bug fix: avoid possible removal of directories
2. install acme.sh before main installation
3. Update cyberpanel.sh
4. bug fix: install
5. bug fix: cronjob
6. bug fix in backup creation
7. bug fix: wp staging
8. bug fix: custom ssl save
9. bug fix: deploy staging to production
10. bug fix: create wp staging
11. security fix: CP-19: Websites – Create Website
12. bug fix: fetch status
13. bug fix: file manager
14. bug fix: dkim manager
15. Fix architecture detection
16. add vhost level cache root for openlitespeed
17. bug fix: continue backups if website is deleted from main CP
18. bug fix: during website creation
19. bug fix: backup creation
20. use website level user for restic backups
21. bug fix: incremental backups
22. disable sftp destination for incremental backups for time being
23. bug fix: delete database during inc backups
24. bug fix: see git file changes
25. bug fix: child domain records
26. fix: file creation user
27. bug fix: ssl
28. bug fix: cpanel importer
29. add confirm before converting to LiteSpeed Enterprise
30. remove not needed function calls