Site icon Fix I.T. Phill – Your Go-To Tech Guru

cPanel EasyApache 4 25.70: PHP and curl Security Updates

cPanel EasyApache 4 25.70 PHP and curl security update checklist for hosting servers

cPanel EasyApache 4 25.70 PHP and curl security update checklist for hosting servers

cPanel published EasyApache 4 25.70 and Sitejet Builder 4.11.0-1 on July 9, 2026. This is a practical hosting-admin update because the EasyApache release includes PHP security fixes for CVE-2026-14355 and CVE-2026-12184, plus ea-libcurl backports tied to the curl 8.21.0 security advisory.

For cPanel and WHM servers, treat this as a normal backup-first maintenance window. The release is not a reason to panic, but it is a reason to confirm your EasyApache packages are current on any server that exposes PHP applications, hosted WordPress sites, WHMCS installs, customer control panels, or API-driven apps.

What changed

What to do before updating

  1. Confirm you have a current account backup and a server-level recovery path.
  2. List the sites or apps using PHP 8.2, 8.3, 8.4, or 8.5 so post-update checks are targeted.
  3. Schedule the update during a maintenance window if the server hosts customer stores, forms, billing portals, or high-traffic WordPress sites.
  4. Capture current PHP, curl, Apache, and nginx package versions before applying the EasyApache update.

Post-update checks

FixItPhill guidance

Install this update after backups are confirmed, then verify live customer workflows instead of relying only on package status. The highest-value checks are the boring ones: PHP-FPM health, checkout pages, login flows, forms, billing portals, and error logs after traffic resumes.

Source: cPanel Release Notes for EasyApache 4 25.70 and Sitejet Builder 4.11.0-1.

Exit mobile version