Sign in to follow this  
tgonhawk1

Suggestion for improvement: no surprise updates

Recommended Posts

Today, in the middle of the day, without any notice, cPanel was updated to version 78.
I suppose in most respects this makes little or no difference, but in at least one way it did.

Version 78 does away with Squirrelmail.
The way I found out about this was that my open webmail page failed to update.
(Fortunately, I was not in the midst of writing an email, which effort might have been lost.)

Since I was well informed of this change, I easily made the switch to Roundcube - no big deal.
Had I not known about this in advance, it might have been of more concern.

My suggestion is two pronged:

  1. Don't do things like this in the middle of a busy day - typically a weekday.
    (subject to the fact, of course, that it's always the middle of the day somewhere, etc.)
  2. Provide some advance notice: "On Mar 19, we will be updating .... which will bring about these changes ..."
    Sending emails to everyone is probably not necessary, ,but at least a blog post or other notice would
    be nice.

Share this post


Link to post
Share on other sites

Hi,

Unfortunately this isn't feasible for a variety of reasons -- mostly due to the rapid release cycle cPanel employs (we actually don't update as often and frequent as many other providers unless we deem it necessary (IE: important bug fix, security update). This also affects posting notices -- there would be *a lot* of updates posted constantly and the vast majority of them aren't service impacting minus cPanel being unreachable for 5-20 minutes. In the case of today it was the latter - a cPanel TSR which will be disclosed in a few days so updating ASAP is necessary (especially when you have a large fleet of servers).

Lastly non-peak times is subjective depending on who you're asking -- we have a very large international customer base. Depending on the spread of users on the servers what may be peak time during the day for you could be 1AM elsewhere. We can't make the assumption that every maintenance window will be affecting North America based customers.

Unfortunately until we can find a graceful way to resolve these issues we'll continue pushing updates as we have for many years.

Share this post


Link to post
Share on other sites

Given that this cPanel update addressed security problems,
https://news.cpanel.com/tsr-2019-0002-announcement/ and
https://news.cpanel.com/tsr-2019-0002-full-disclosure/
I can understand the urgency of getting it installed.

cPanel identifies their releases with a Major number, a Minor number, and a Build number.
These change in increasing order of frequency.

If a new build, or a new minor release is made which doesn't impact users, there is no need
to issue notices.  When the Major part changes (as in 76 to 78), which is not very frequent,
then it would nice to know why (for example) my webmail page suddenly stopped working
from one minute to the next, or what new features are now available.

As I read it, they released updates to both version 76 (the previous version)
and version 78 (the new version).

It appears to me that it was your choice to advance to version 78 at this time
(which is your right to do), and since this was a case where there was a change
affecting users, notice would be appropriate.

Other points:
I, for one, appreciate that you  " actually don't update as often and frequent as many other providers unless we deem it necessary "
(if it ain't broke, don't fix it) - since often times updates cause things to break. (See: Windows, Microsoft).

I understand that it is the World wide web and it always the middle of the day somewhere, as I stated in my original post.
That said, some times will be busier than others on any one server.

Share this post


Link to post
Share on other sites

cPanel operates with several major versions at one time, however they don't actively support them all. As of this post cPanel 78 is the recommended version and is installed on anyone using the RELEASE branch which is the recommended branch for production systems. The cPanel 78 reaching STABLE builds is most likely going to be the before the end of March meaning cPanel 76 will no longer be supported. The current LTS release before cPanel 78 is actually cPanel 70: https://documentation.cpanel.net/display/CKB/cPanel+Long-Term+Support . This version will actually reach end of life at the end of this month as well meaning going forward cPanel 78 is going to be the oldest version one can run with active cPanel support.

As far as SquirrelMail it's not actively being supported and hasn't had a stable release since 2011. It does not support the latest versions of PHP ( http://php.net/supported-versions.php ) . There is a remote code execution exploit in it that affects the latest version: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7692 . cPanel has been patching the software themselves for quite some time to resolve compatibility and security issues. This was however not a long term solution and since no one has taken over the SquirrelMail project then it was finally time to stop maintaining it. There are still webmail programs within cPanel that are actually being actively maintained by the maintainers that are still offered.

 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this