Recent Posts

11

Backup / Re: New Backup [Beta] problems still not fixed

« Last post by Reikor on April 18, 2026, 04:04:44 PM »

You need to activate the backup in the account, if account have backups disable backup beta will not work.

12

Problems on other RedHat linux servers / Re: TLS 1.1/1.0 deactivation

« Last post by overseer on April 18, 2026, 01:37:41 AM »

Take a look at Sandeep's guide for Apache here:
https://www.alphagnu.com/topic/37-cwp-apache-enable-tls-13-control-web-panel/
He also has one for nginx, but I'm assuming you are after an Apache config...
https://www.alphagnu.com/topic/47-how-to-enable-tls-13-in-cwp-nginx-reverse-proxy/

13

Problems on other RedHat linux servers / TLS 1.1/1.0 deactivation

« Last post by Haugg on April 17, 2026, 04:13:16 PM »

When I look in the config file for httpd, it seems as if the deprecated protocols are disabled. When I check on different verification tools online, they are still activated.

When I try:

update-crypto-policies --show (it shows default)

and then

update-crypto-policies --set FUTURE

apache breaks after reboot

There seems to be a misconfig somewhere, as the tls settings as mentioned seems ok, but just doesn´t reflect when checked

Running cwp pro (0.9.8.1224) latest version on AlmaLinux 9.7 - latest update and kernel 5.14.0-611.47.1.el9_7.x86_64

Any ideas on how to disable the old tls protocols globally on the server without breaking other stuff?

14

Updates / Re: Roundcube vulnerability

« Last post by cyberspace on April 09, 2026, 03:09:47 PM »

I believe the error happens with the install line, using the default RC install script:

Code: [Select]

yes | "$src_dir/bin/installto.sh" "$INSTALL_DIR"

Put:

Code: [Select]

set -euo pipefailright after:

Code: [Select]

#!/usr/bin/env bashand:

Code: [Select]

if [[ $? -ne 0 ]]; then
    echo "Install script failed!"
    send_email "Update FAILED" "Server: $(hostname)\nStatus: installto.sh failed\nBackup: $backup_dir\nTime: $(date)"
    exit 6
fi

right after:

Code: [Select]

echo "Running install script..."
yes | "$src_dir/bin/installto.sh" "$INSTALL_DIR"

15

PHP / Re: When will PHP 8.4 be released in CWP?

« Last post by overseer on April 09, 2026, 12:49:33 PM »

You could follow the guide on AlphaGNU for AlmaLinux 9 (should work on CentOS Stream 9 unless Stream has a bug, being a beta-quality OS):
https://www.alphagnu.com/topic/614-how-to-add-custom-php-fpm-84-85-support-to-cwp-on-almalinux-9x/

16

PHP / Re: When will PHP 8.4 be released in CWP?

« Last post by sETu on April 09, 2026, 02:27:22 AM »

@cHAp, I can provide instructions on how to build PHP 8.4 for PHP version switcher. The method is semi-manual: some steps are provided by CWP itself, and some must be done manually.

Let me know if you are interested.

Hello,
Can you please share it for CWP EL9 and CentOS Stream 9?

17

Updates / Re: Roundcube vulnerability

« Last post by overseer on April 08, 2026, 11:23:15 PM »

Anyway, the script doesn't use the function like system() or exec(). Do you run the script from PHP using system() ?

I believe the error happens with the install line, using the default RC install script:

Code: [Select]

yes | "$src_dir/bin/installto.sh" "$INSTALL_DIR"So it's a bit of an outlier, but maybe you need to test for installation success before reporting it with the echo lines that follow, and maybe worth testing the actual installed version and reporting that:

Code: [Select]

grep "Version " /usr/local/cwpsrv/var/services/roundcube/index.php | awk '{print $3}'

18

Updates / Re: Roundcube vulnerability

« Last post by cyberspace on April 08, 2026, 10:38:27 PM »

I had a problem with it.
Seems CWP is running php-7.2.30 without php-intl extension.
Roundcube needs this extension to detect Spoofing.

Seems "roundcube" running on my system doesn't require intl. Anyway, if your roundcube requires it you can compile the extension from sources:

As root:

Code: [Select]

cd /usr/local/src/
wget https://www.php.net/distributions/php-7.2.30.tar.gz
tar -xvzf php-7.2.30.tar.gz
cd php-7.2.30/ext/intl
/usr/local/cwp/php71/bin/phpize
./configure --with-php-config=/usr/local/cwp/php71/bin/php-config
make
cp modules/intl.so /usr/local/cwp/php71/lib/php/extensions/no-debug-non-zts-20170718/
open the file /usr/local/cwp/php71/php.ini for editing and add the line:

Code: [Select]

extension = intl.so
right before:

Code: [Select]

zend_extension = /usr/local/ioncube/ioncube_loader_lin_7.2.so

remove sources and extracted files

Code: [Select]

rm -rf /usr/local/src/php-*


19

Updates / Re: Roundcube vulnerability

« Last post by cyberspace on April 08, 2026, 09:34:54 PM »

Just used your script to update to 1.5.15 LTS -- on one server it worked fine, but on another server it errored out due to the system() function being disabled in that version of PHP

Hi,

Sorry for the delayed reply. I’ve been away from home for a while and only have occasional access to my PC.

Anyway, the script doesn't use the function like system() or exec(). Do you run the script from PHP using system() ?

20

Updates / Re: Roundcube vulnerability

« Last post by overseer on April 06, 2026, 01:44:05 AM »

Script wouldn't run unless system was an allowed function for that system version of PHP (8.3 in this case). It merrily proceeded to the ending echo lines and acted as if it had done something, but there was clearly an error during execution.