This release includes a comprehensive set of upstream security patches addressing multiple vulnerabilities across core NGINX modules, improving overall stability and hardening key request-handling paths. 

• Fixed WebDAV module buffer overflow
  Resolved a vulnerability in ngx_http_dav_module where specially crafted requests could cause memory corruption, potentially leading to crashes or arbitrary code execution.
• Fixed MP4 streaming module buffer overflows
  Fixed multiple vulnerabilities in ngx_http_mp4_module where malformed MP4 files or requests could trigger memory corruption and destabilize the server.
• Fixed NULL pointer dereference in authentication methods
  Corrected a flaw in CRAM-MD5 and APOP authentication that could cause NGINX to crash when handling invalid authentication data.
• Fixed injection vulnerability in mail proxy (auth_http and XCLIENT)
  Patched an issue that could allow injection of unintended commands or data during mail authentication or client identification.
• Fixed OCSP validation bypass in stream module
  Closed a gap where SSL certificate revocation checks (OCSP) could be bypassed under certain configurations, improving TLS validation.
• Fixed SSL upstream injection issue
  Resolved a vulnerability that could allow manipulation of data in SSL connections to upstream servers.

We’ve introduced two highly requested features to make managing WordPress on RunCloud more reliable and developer-friendly, without having to manually update your wp-config.php.

Note: Both features require RunCloud Agent version 2.16.9 or later.

Easily Replace WP-Cron with a Server-Side Cron Job

WP-Cron is notoriously a source of missed schedules and unnecessary overhead. So, we’ve now made it easier than ever to replace it with a real server cron job.

What this does:

• Disables the default WordPress pseudo-cron (DISABLE_WP_CRON)
• Creates a server-level cron job that runs every 5 minutes
• Improves reliability for scheduled posts, backups, and other scheduled actions
• Reduces performance overhead from cron checks on every page load

This can be configured both when creating a new WordPress web application, as shown below: 

And, in your web application settings area under WordPress > General Settings, as shown below:

Development Mode Toggle (WP Debug Made Simple)

You can now also easily enable “Development Mode” for WordPress when debugging without having to risk exposing errors to website visitors. 

What this does:

• Enables/disables WordPress debug mode via UI

• Automatically manages:

  • WP_DEBUG
  • WP_DEBUG_LOG
  • WP_DEBUG_DISPLAY (disabled for safety)
  • SCRIPT_DEBUG
• Logs errors to a secure debug.log file
• Keeps errors hidden from visitors by default

RunCloud Agent v2.16.8 (patch)

What’s New

• Fix: Fixed an issue in OLS staging caused by enabling the Redis cache.
• Fix: Resolves a cloning issue between containerized and native servers.

Deployment Information

This update will automatically roll out to all compatible servers within 72 hours.

• No action is required.
• The update installs seamlessly in the background.

If your server has not received the update after 72 hours, please contact our support team for manual assistance.

PHP Updates Now Available for NGINX

• PHP 8.5.5
• PHP 8.4.20

Note: If your server runs on OpenLiteSpeed, RunCloud does not handle PHP version updates. However, once a PHP version update becomes available for OpenLiteSpeed, it should also be automatically available on your server(s).

RunCloud Agent v2.16.4 (patch)

What’s New

• Fix: Resolved unexpected server shutdowns triggered by server disconnection events in certain conditions.

Deployment Information

This update will automatically roll out to all compatible servers within 72 hours.

• No action is required.
• The update installs seamlessly in the background.

If your server has not received the update after 72 hours, please contact our support team for manual assistance.

You can now easily schedule restarts or run them automatically when required.

The 2 new ways to manage server restarts

1) Scheduled Restart

Restart your server at a fixed time based on your preferred schedule.

2) Restart when required 

Automatically restart only when a system update requires it, and run it during your next maintenance window.

In both cases, your Schedule Type can be a simple time-based preset or a Custom Cron Expression, as shown below: 

Note: When a restart may be required, you'll see a “Restart Recommended” badge on the server overview or in the servers list. You can also temporarily dismiss this reminder.

RunCloud Agent v2.16.2+10

Fixes

• Fixed an issue preventing successful cloning of WordPress sites from native servers to containerized servers.
• Resolved a bug where Auto Healing could fail when a database lock was present.
• Fixed an issue where ModSecurity interfered with multipart uploads.

Improvements

• Improved server downtime notifications to provide more reliable alerts during provider-level outages affecting connected servers.
• Added support for backups for web applications using Atomic Deployment.

Deployment Information

This update will automatically roll out to all compatible servers within 72 hours.

• No action is required.
• The update installs seamlessly in the background.

If your server has not received the update after 72 hours, please contact our support team for manual assistance.

PHP Updates Now Available for NGINX

• PHP 8.4.17
• PHP 8.3.30

Note: If your server runs on OpenLiteSpeed, RunCloud does not handle PHP version updates. However, once a PHP version update becomes available for OpenLiteSpeed, it should also be automatically available on your server(s).

RunCloud Agent v2.16.1+1

What’s New

• Improvement: You can now configure the dump binary used for incremental backups. 

Deployment Information

We’ve added support for up to 5 workspaces on the RunCloud Enterprise plan.

This update expands on the existing Workspaces feature and is especially useful for teams managing multiple environments, brands, or client setups.

What’s new

• Enterprise accounts can now create and manage up to 5 workspaces
• Continue to be a member of unlimited invited workspaces
• Easily separate teams, projects, or environments within a single Enterprise account

The feature is available immediately and requires no changes to existing setups.