ConfigServer Security & Firewall (CSF) Release Notes
Last modified: 2026 February 25
- As of August 31, 2025, the developers of CSF no longer maintain or support it. They have released CSF under the GPLv3 license.
- On supported cPanel & WHM versions, WebPros International, LLC maintains its own version of CSF for security and stability updates only. We do not provide help with CSF configuration or troubleshooting. For more information, read our How to Install ConfigServer Security & Firewall (CSF) documentation.
ConfigServer Security & Firewall (CSF) 16.08-1
2026 February 5
WebPros now maintains CSF for cPanel & WHM
WebPros International has assumed stewardship of ConfigServer Security & Firewall (CSF) and repackaged it as the cpanel-csf RPM. CSF now installs and updates through the standard cPanel package management system on all supported cPanel & WHM versions. Support for non-cPanel platforms has been removed; this package is exclusively for cPanel & WHM environments.
Security improvements and codebase modernization
This release addresses XSS vulnerabilities in the CSF web UI and improper HTML encoding throughout the codebase. The code has been modernized to use cPanel-native Perl libraries and conventions, with a new 100+ test suite providing ongoing stability assurance. IPv6 handling, timeout validation, and log parsing for AlmaLinux 10 have also been corrected.
Package-managed updates
CSF now updates through the cPanel package manager. The previous AUTO_UPDATES feature has been removed. Keep your cPanel & WHM installation current to receive CSF security and stability patches automatically.