If your an existing customer nothing will need to be done on your part to continue using your licenses. We will be automatically converting all existing licenses to there most appropriate fixed price plan based on the number of accounts on your server. This change will happen on September 30th, 2019 at which time you will receive an email from us showing what plan your license was converted to and its new price.

Due to the way cPanel is now licensing their product the majority of users will see an increase in the cost of their license. We understand nobody wants to see a price increase but unfortunately, this is out of our control.

cPanel LLC. also announced the immediate discontinuation of their annual term license types. Customers with an existing annual license will continue to be able to use this unlimited account license until the end of its term at which time the license will be automatically converted to a fixed priced license based on the number of accounts on the server.

New Plans & Pricing

Below is a list of cPanel’s new fixed priced plans. Please note that some licenses can only be run on cloud servers (virtual servers) and other’s can run on metal servers (dedicated Servers). Each license has a hard limit on the number of accounts that can be created.

Enjoy!

cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.

cPanel has rated these updates as having CVSSv3 scores ranging from 2.0 to 8.8.

Information on cPanel’s security ratings is available at https://go.cpanel.net/securitylevels.

If your deployed cPanel & WHM servers are configured to automatically update when new releases are available, then no action is required. Your systems will update automatically. If you have disabled automatic updates, then we strongly encourage you to update your cPanel & WHM installations at your earliest convenience.

RELEASES

The following cPanel & WHM versions address all known vulnerabilities:

68.0.15 & Greater
66.0.34 & Greater
64.0.42 & Greater
62.0.35 & Greater

The latest public releases of cPanel & WHM for all update tiers are available at http://httpupdate.cpanel.net.

SECURITY ISSUE INFORMATION

The cPanel Security Team and independent security researchers identified the resolved security issues. There is no reason to believe that these vulnerabilities have been made known to the public. As such, cPanel will only release limited information about the vulnerabilities at this time.

Once sufficient time has passed, allowing cPanel & WHM systems to automatically update to the new versions, cPanel will release additional information about the nature of the security issues. This Targeted Security Release addresses 23 vulnerabilities in cPanel & WHM software versions 68, 66, 64, and 62.

Additional information is scheduled for release on November 21, 2017.
For information on cPanel & WHM Versions and the Release Process, read our documentation at:
https://go.cpanel.net/versionformat

AFFECTED VERSIONS
All versions of OpenSSL through 1.0.2l

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

CVE-2017-3735 – LOW
OpenSSL 1.0.2m
Fix parse error in the IPAdressFamily extension related to CVE-2017-3735

CVE-2017-3736 – MEDIUM
OpenSSL 1.0.2m
Fix carry propagating bug in x86_64 Montgomery squaring procedure related to CVE-2017-3736

SOLUTION
cPanel, Inc. has released updated RPMs for EasyApache 4 on November 7, 2017, with an updated version of OpenSSL version 1.0.2m. Unless you have enabled automatic RPM updates in your cron, update your system with either yum update or WHM’s Run System Update interface.

REFERENCES
https://nvd.nist.gov/vuln/detail/CVE-2017-3736
https://nvd.nist.gov/vuln/detail/CVE-2017-3735
https://www.openssl.org/news/secadv/20171102.txt

AFFECTED VERSIONS
All versions of PHP 5.6 through 5.6.31
All versions of PHP 7.0 through 7.0.24
All versions of PHP 7.1 through 7.1.10

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

CVE-2016-1283 – HIGH
PHP 5.6.32
Fixed bug in PCRE related to CVE-2016-1283

PHP 7.0.25
Fixed bug in PCRE related to CVE-2016-1283

PHP 7.1.11
Fixed bug in PCRE related to CVE-2016-1283

SOLUTION
cPanel, Inc. has released updated RPMs for EasyApache 4 on October 31, 2017, with a updated versions of PHP versions 5.6.32, 7.0.25, and 7.1.11. Unless you have enabled automatic RPM updates in your cron, update your system with either yum update or WHM’s Run System Update interface.

cPanel, Inc. has released EasyApache 3.34.19 with an updated versions of PHP 5.6.32. Unless you have disabled EasyApache updates, the EasyApache application updates to the latest version when launched. Run EasyApache to rebuild your profile with the latest version of PHP.

REFERENCES
https://nvd.nist.gov/vuln/detail/CVE-2016-1283
http://www.php.net/ChangeLog-5.php
http://www.php.net/ChangeLog-7.php

AFFECTED VERSIONS
All versions of Passenger

DESCRIPTION
This update patches a vulnerability where a user can list the contents of arbitrary files on the system when Passenger runs as the root user.

SOLUTION
cPanel, Inc. has released updated RPMs for EasyApache 4 on October 16, 2017, with a patch for Passenger. Unless you have enabled automatic RPM updates in your cron, update your system with either yum update or WHM’s Run System Update interface.

REFERENCES
https://blog.phusion.nl/2017/10/16/passenger-5-1-11/
https://blog.phusion.nl/2017/10/13/passenger-security-advisory-5-1-11/

You can upgrade in one of two ways.

1. Log into the WHM and click on the Account DNS Plugin. You should see a new version notice, click the upgrade link!
2. Log into your server as root via the console or SSH and run the following command /var/cpanel/addons/accountdnscheck/bin/upgrade

Please submit any bugs or issues to support@ndchost.com.  Thank you!

cPanel has rated these updates as having CVSSv3 scores ranging from 2.2 to 8.8.

Information on cPanel’s security ratings is available at https://go.cpanel.net/securitylevels.

If your deployed cPanel & WHM servers are configured to automatically update when new releases are available, then no action is required. Your systems will update automatically. If you have disabled automatic updates, then we strongly encourage you to update your cPanel & WHM installations at your earliest convenience.

RELEASES

The following cPanel & WHM versions address all known vulnerabilities:

64.0.21 & Greater
62.0.24 & Greater
60.0.43 & Greater
58.0.49 & Greater
56.0.49 & Greater

The latest public releases of cPanel & WHM for all update tiers are available at http://httpupdate.cpanel.net.

SECURITY ISSUE INFORMATION

The cPanel Security Team identified the resolved security issues. There is no reason to believe that these vulnerabilities have been made known to the public. As such, cPanel will only release limited information about the vulnerabilities at this time.

Once sufficient time has passed, allowing cPanel & WHM systems to automatically update to the new versions, cPanel will release additional information about the nature of the security issues. This Targeted Security Release addresses 24 vulnerabilities in cPanel & WHM software versions 64, 62, 60, 58, and 56.

Additional information is scheduled for release on May 16, 2017.
For information on cPanel & WHM Versions and the Release Process, read our documentation at:
https://go.cpanel.net/versionformat

Deploying our HipChat server image.

1. First step is to login to our customer portal by going to https://customer.ndchost.com.  If you do not know your login details they can be reset using the “forgot password” tool.
2. From the top navigation menu click “My Services” and then “Services”.
3. Next find your cloud server instance from the service list and click it.
4. From the left sidebar, under “Server Manager” click “Deploy New Image”.
5. Inside the “Choose an image” panel click “Latest Apps” and then select “HipChat Server”
6. Set your primary disk size and choose a swap disk option
7. Next you need to set a root password.  The HipChat server by default comes with root access disabled.  You should still set a password, however you will access the server using the same methods described in the HipChat server documentation.
8. Click Deploy and wait for the server to start.

HipChat server first boot

It may take some time after your initial deploy for the HipChat server to come up.  The reason being that on first boot the HipChat server image runs a post installation script that prepares the server for use. You can expect to wait 5-10 minutes before being able to access HipChat’s web interface!