- Fixed case CPANEL-23165: Ensure cphulkd service checks verify the socket files exist.
- Fixed case CPANEL-23889: Ensure the PHP-FPM packages are installed prior to switching PHP versions.
- Fixed case CPANEL-24289: Display modsec_vendor SSL error during upcp process.
- Fixed case CPANEL-25278: Make account removal tolerate invalid web vhosts config.
- Fixed case CPANEL-25310: Fix bug where the file upload part counter was being improperly incremented when a part failed to upload in a manner we could re-try.
- Fixed case CPANEL-25611: Fix checkallsslcerts for servers with an IPv6 address.
- Fixed case CPANEL-26195: Ensure MariaDB 10.3 is supported on new cPanel installs.
- Fixed case CPANEL-26228: Reuse DNS query ID for parallel queries in DNS resolver.
- Fixed case CPANEL-26238: Disable persistent UDP in DnsRoots::Resolver.
- Fixed case CPANEL-26312: Ensure install is successful when /etc/install_legacy_ea3_instead_of_ea4 exists.
- [security] Fixed case CPANEL-26539: Update dovecot to 2.3.5-3. Fixes CVE-2019-7524.
- [security] Fixed case SEC-477: Unsafe file operations as root in SSL certificate storage.
- [security] Fixed case SEC-479: Local root via userdata cache misparsing.
- [security] Fixed case SEC-480: Code execution via addforward API1 call.
- [security] Fixed case SEC-481: Unsafe terminal capabilities determination using infocmp.
- [security] Fixed case SEC-483: Open mail relay due to faulty domain redirect routing.
- [security] Fixed case SEC-484: Limited file read as root via EXIM virtual_user_spam router.
- [security] Fixed case SEC-487: Demo account code execution via securitypolicy.cgi
- [security] Fixed case SEC-493: Remote Stored XSS Vulnerability in BoxTrapper Queue Listing