ConfigServer Security & Firewall (CSF) 16.08-1

Important: * As of August 31, 2025, the developers of CSF no longer maintain or support it. They have released CSF under the <a href=”https://www.gnu.org/licenses/gpl-3.0.en.html” target=”_blank”>GPLv3 license. * On supported cPanel & WHM versions, WebPros International, LLC maintains <a href=”https://github.com/cpanel/cpanel-csf” target=”_blank”>its own version of CSF for security and stability updates only. We do not provide help with CSF configuration or troubleshooting. For more information, read our How to Install ConfigServer Security & Firewall (CSF) documentation. WebPros now maintains CSF for cPanel & WHM WebPros International has assumed stewardship of ConfigServer Security & Firewall (CSF) and repackaged it as the cpanel-csf RPM. CSF now installs and updates through the standard cPanel package management system on all supported cPanel & WHM versions. Support for non-cPanel platforms has been removed; this package is exclusively for cPanel & WHM environments. Security improvements and codebase modernization This release addresses XSS vulnerabilities in the CSF web UI and improper HTML encoding throughout. The codebase has been modernized with cPanel-native Perl libraries and a 100+ test suite. IPv6 handling, timeout validation, and log parsing for AlmaLinux 10 have also been corrected. Package-managed updates CSF now updates through the cPanel package manager. The previous AUTO_UPDATES feature has been removed. Keep your cPanel & WHM installation current to receive CSF security and stability patches automatically. For a full list of changes, read the ConfigServer Security & Firewall (CSF) change log.