Connect with us

NEWS

cPanel Plugin Contains Log4j Vulnerability via @sejournal, @martinibuster

Published

on

The popular cPanel web hosting server control panel software recently issued a patch to fix a critical flaw in the log4j Java library discovered in part of the software used for email. The vulnerability itself is named, Log4Shell.

Log4j Critical Log4Shell Vulnerability

Log4j is a Java library that adds a drop-in functionality to many online software products. For an end user it’s not something they would generally download and use.

It’s a Java library that would be included as part of the software. Because of that, end users aren’t generally aware if the software they use contain the vulnerability.

The log4j vulnerability is rated at 10 on a scale of 1 to 10, with 10 representing the most dangerous level of vulnerability.

The vulnerability was described by a security researcher as catastrophic:

Advertisement

Continue Reading Below

The United States Department of Homeland Security urged fast action: 

Advertisement

cPanel Web Host Control Panel

cPanel is a control panel that makes it easy for a website operator to manage their website hosting environment.

cPanel offers a graphical user interface (GUI) that looks similar to a desktop interface. It makes it easy perform tasks like update the version of PHP used by websites, control the firewall and add a security certificate, among many things.

According to the business intelligence company BuiltWith, there are over three million customers who use cPanel.

United States Government Statement on Log4Shell Vulnerability

The United States government Cybersecurity and Infrastructure Security Agency (CISA) issued a statement on Saturday Novemember 11, 2021 urging software developers and vendors that use the log4j library in their products to immediately patch their products and for the vendors to notify customers.

Advertisement

Continue Reading Below

Advertisement

The Director of CISA, Jen Easterly, wrote:

“CISA is working closely with our public and private sector partners to proactively address a critical vulnerability affecting products containing the log4j software library.

…End users will be reliant on their vendors, and the vendor community must immediately identify, mitigate, and patch the wide array of products using this software.

Vendors should also be communicating with their customers to ensure end users know that their product contains this vulnerability and should prioritize software updates.”

The statement says that the Joint Cyber Defense Collaborative, National Security Agency and the FBI are also coordinating their proactive stance toward creating awareness of the problem and mitigating vulnerabilities.

The statement adds:

“We continue to urge all organizations to review the latest CISA current activity alert and upgrade to log4j version 2.15.0, or apply their appropriate vendor recommended mitigations immediately.

To be clear, this vulnerability poses a severe risk. We will only minimize potential impacts through collaborative efforts between government and the private sector. We urge all organizations to join us in this essential effort and take action.”

cPanel Plugin Log4Shell Vulnerability

The vulnerable Log4j Java library was discovered in an essential cPanel plugin called cPanel Dovecot Solr plugin.

The plugin is an essential component of the IMAP email protocol.

Advertisement

cPanel describes it as:

“The cPanel Solr plugin enables Internet Message Access Protocol (IMAP) Full-Text Search (FTS) Indexing (powered by Apache Solr™), which provides fast search capabilities for IMAP mailboxes.”

An official cPanel forum discussion was among the first to identify that cPanel contained the log4j library and therefore may pose a security risk.

Within hours a cPanel technical analyst announced that a patch has been released.

“We have published an update with the mitigation for CVE-2021-44228 to the cpanel-dovecot-solr RPM.

Obtaining the Mitigation for CVE-2021-44228

You can run a cPanel Update which will update the cpanel-dovecot-solr RPM for you:
How to update cPanel/WHM

If you previously uninstalled cPanel Solr, you may install it again with the steps in this guide
How to Install cPanel Solr

Advertisement

Continue Reading Below

Advertisement

Citations

cPanel Forum Discussion

log4j CVE-2021-44228, does it affect Cpanel?

United States Government Statement

Statement From CISA Director Easterly on “Log4j” Vulnerability

Searchenginejournal.com

NEWS

Google December Product Reviews Update Affects More Than English Language Sites? via @sejournal, @martinibuster

Published

on

Google’s Product Reviews update was announced to be rolling out to the English language. No mention was made as to if or when it would roll out to other languages. Mueller answered a question as to whether it is rolling out to other languages.

Google December 2021 Product Reviews Update

On December 1, 2021, Google announced on Twitter that a Product Review update would be rolling out that would focus on English language web pages.

The focus of the update was for improving the quality of reviews shown in Google search, specifically targeting review sites.

A Googler tweeted a description of the kinds of sites that would be targeted for demotion in the search rankings:

“Mainly relevant to sites that post articles reviewing products.

Think of sites like “best TVs under $200″.com.

Goal is to improve the quality and usefulness of reviews we show users.”

Advertisement

Advertisement

Continue Reading Below

Google also published a blog post with more guidance on the product review update that introduced two new best practices that Google’s algorithm would be looking for.

The first best practice was a requirement of evidence that a product was actually handled and reviewed.

The second best practice was to provide links to more than one place that a user could purchase the product.

The Twitter announcement stated that it was rolling out to English language websites. The blog post did not mention what languages it was rolling out to nor did the blog post specify that the product review update was limited to the English language.

Google’s Mueller Thinking About Product Reviews Update

Screenshot of Google's John Mueller trying to recall if December Product Review Update affects more than the English language

Screenshot of Google's John Mueller trying to recall if December Product Review Update affects more than the English language

Product Review Update Targets More Languages?

The person asking the question was rightly under the impression that the product review update only affected English language search results.

Advertisement

Advertisement

Continue Reading Below

But he asserted that he was seeing search volatility in the German language that appears to be related to Google’s December 2021 Product Review Update.

This is his question:

“I was seeing some movements in German search as well.

So I was wondering if there could also be an effect on websites in other languages by this product reviews update… because we had lots of movement and volatility in the last weeks.

…My question is, is it possible that the product reviews update affects other sites as well?”

John Mueller answered:

“I don’t know… like other languages?

My assumption was this was global and and across all languages.

But I don’t know what we announced in the blog post specifically.

Advertisement

But usually we try to push the engineering team to make a decision on that so that we can document it properly in the blog post.

I don’t know if that happened with the product reviews update. I don’t recall the complete blog post.

But it’s… from my point of view it seems like something that we could be doing in multiple languages and wouldn’t be tied to English.

And even if it were English initially, it feels like something that is relevant across the board, and we should try to find ways to roll that out to other languages over time as well.

So I’m not particularly surprised that you see changes in Germany.

But I also don’t know what we actually announced with regards to the locations and languages that are involved.”

Does Product Reviews Update Affect More Languages?

While the tweeted announcement specified that the product reviews update was limited to the English language the official blog post did not mention any such limitations.

Google’s John Mueller offered his opinion that the product reviews update is something that Google could do in multiple languages.

Advertisement

One must wonder if the tweet was meant to communicate that the update was rolling out first in English and subsequently to other languages.

It’s unclear if the product reviews update was rolled out globally to more languages. Hopefully Google will clarify this soon.

Citations

Google Blog Post About Product Reviews Update

Product reviews update and your site

Google’s New Product Reviews Guidelines

Write high quality product reviews

John Mueller Discusses If Product Reviews Update Is Global

Watch Mueller answer the question at the 14:00 Minute Mark

[embedded content]

Searchenginejournal.com

Continue Reading

DON'T MISS ANY IMPORTANT NEWS!
Subscribe To our Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

Trending

en_USEnglish