Will V134.0.12 be ported to V132 too?

Answered

hosta

• March 25, 2026 17:34

Hi,

maybe cPRex you can help here - there are numerous security fixes in V134:

134.0.12

---

2026-03-23

• Fixed CPANEL-51921: Upgrade Compress::Raw::Zlib to 2.220+ to address CVE-2026-3381.
  • The previous version bundled a vulnerable zlib version earlier than 1.3.2.
• Fixed CPANEL-52097: Update cpanel-roundcubemail to 1.6.14.
  • Fix pre-auth arbitrary file write via unsafe deserialization in redis/memcache session handler.
  • Fix password change without old password validation.
  • Fix IMAP Injection and CSRF bypass in mail search.
  • Fix remote image blocking bypass via SVG animate attributes and body background attribute.
  • Fix fixed position mitigation bypass via use of !important.
  • Fix XSS issue in HTML attachment preview.
  • Fix SSRF and Information Disclosure via stylesheet links to local network host.

Will they also be pushed to V132 soon?

Thank you for the information :-)

• 

  cPRex Jurassic Moderator

  • March 25, 2026 18:25

  Hey hey!  132 is no longer receiving updates, especially since version 134 is now LTS, so I don't believe any further updates will get backported to version 132.

  0
• 

  hosta

  • March 26, 2026 08:29

  Thank you cPRex !

  0
• 

  cPRex Jurassic Moderator

  • March 26, 2026 13:07

  Sure thing!

  0

Please sign in to leave a comment.