RunCache has now rolled out to all production accounts as a beta.

How to Get Access to the RunCache Beta

To get started, ensure your server is running RunCloud Agent 2.17.10 (or later). From there, navigate to your web application(s) of choice and to the Performance (Beta) tab, or if you already have RunCloud Hub installed, to the RunCloud Hub tab, where you will be prompted to upgrade eligible web applications.

We look forward to any & all feedback. 🙌

I’m new to RunCache, tell me more…

TL;DR – RunCache is the next generation of RunCloud Hub. 

RunCache is a unified caching solution for WordPress that combines full-page caching, object caching, and edge caching in a single plugin. Here’s an overview: 

• Full-page, object, and edge caching in one plugin: No more relying on multiple caching plugins and server rules. One dashboard, one config.
• Smart auto-purging: Cache refreshes automatically on publish/update. WooCommerce hooks handle real-time invalidation for product, stock, and price changes.
• WooCommerce-ready out of the box: Cart, checkout, and account pages are automatically excluded. Product and category pages are cached for speed but instantly purged when content changes. No manual exclusions required.
• Cloudflare Edge Caching integration: Deliver content instantly worldwide with built-in edge caching support.
• Works with your existing stack: Fully supported on Apache and NGINX with FastCGI. Redis integration for native object and page cache. Multisite ready. WP-CLI support. 100% compatible with RunCloud and beyond.

What’s New

• Upgraded OpenLiteSpeed to v1.9.0

• Includes upstream stability improvements and bug fixes

This release incorporates fixes from the official OpenLiteSpeed 1.9.x branch, focusing on performance improvements, security fixes, and more.

For full upstream details, refer to the OpenLiteSpeed 1.9.x release log.

Deployment Information

• Automatic updates will roll out to all compatible servers within 72 hours
• No action required from users for the update process

What’s New

• Improvement: Upgrade the agent's cron job storage mechanism for better stability.

Deployment Information

This update will automatically roll out to all compatible servers within 72 hours.

• No action is required.
• The update installs seamlessly in the background.

What’s New

• RC Agent has been updated to support the RunCache (Native) beta. RunCache (Native) is currently available by invitation only as part of our beta testing program (more details coming soon). 

Deployment Information

This update will automatically roll out to all compatible servers within 72 hours.

• No action is required.
• The update installs seamlessly in the background.

What’s New

• Fixed: Firewall-related errors when modifying rules. 
• Improvement: Agent health reporting to eliminate false error alerts during server restarts. 

Deployment Information

This update will automatically roll out to all compatible servers within 72 hours.

• No action is required.
• The update installs seamlessly in the background.

This release updates Apache HTTP Server to v2.4.67, addressing multiple security vulnerabilities and shipping dependency upgrades.

Security Fixes

• CVE-2026-34059: Heap over-read and memory disclosure in mod_proxy_ajp via ajp_parse_data()
• CVE-2026-34032: Heap buffer over-read in mod_proxy_ajp due to missing null-termination check in ajp_msg_get_string()
• CVE-2026-33857: Off-by-one out-of-bounds reads in AJP getter functions (mod_proxy_ajp)
• CVE-2026-33523: HTTP response splitting via malicious status line forwarding across multiple modules
• CVE-2026-33007: Crash in mod_authn_socache via NULL pointer dereference (forward proxy configurations)
• CVE-2026-33006: Timing attack bypass against mod_auth_digest authentication
• CVE-2026-29169: Crash via NULL pointer dereference in mod_dav_lock (indirect lock handling)
• CVE-2026-29168: Unrestricted OCSP response processing in mod_md (resource exhaustion)
• CVE-2026-28780: Heap-based buffer overflow in mod_proxy_ajp via ajp_msg_check_header()
• CVE-2026-24072: Privilege escalation via ap_expr in mod_rewrite (.htaccess)
• CVE-2026-23918: Double free and possible RCE in HTTP/2 on early stream reset

Module updates:

• mod_md updated to v2.6.10 (fixes ARI compatibility, OCSP handling, and certificate renewal reliability)
• mod_http2 updated to v2.0.39 (removes custom memory allocator that caused issues with third-party modules; fixes double-free on stream purge)

Fixed

• Resolved missing ${SRVROOT} entries in conf\extra\httpd-ssl.conf

What’s New

• Fix: Auto-healing is logging uninstalled PHP services, causing logs to consume excessive storage.
• Fix: Symlink sorting issue in the file manager.

Deployment Information

This update will automatically roll out to all compatible servers within 72 hours.

• No action is required.
• The update installs seamlessly in the background.

This release patches CVE-2026-42945 ("NGINX Rift") and includes updated extensions to address a heap memory corruption issue.

What's New

• Security: Patched CVE-2026-42945 ("NGINX Rift"), a critical vulnerability affecting NGINX.

Deployment Information

This update is rolling out to all compatible servers. 

Servers with automatic updates enabled will be patched during the regular rollout window.

Important Notes

• ⚠️ If you have disabled automatic updates, we recommend updating manually as soon as possible.
• If you experience any issues after the update, please open a support ticket, and our team can revert your server to the previous version (v1.27.1). We're actively monitoring the rollout. If you notice anything unusual, please let us know so we can investigate. 
• No action is required unless you've disabled automatic updates

RunCloud Agent v2.17.5 (Patch)

What’s New

• Fix: Resolved an issue where symlinks could not be opened with the file manager.

Deployment Information

This update will automatically roll out to all compatible servers within 72 hours.

• No action is required.
• The update installs seamlessly in the background.

RunCloud Agent v2.17.1 (Patch)

What’s New

• Fix: Resolved an auto-healing issue that caused a "database is locked" error.
• Fix: Addressed a File Manager error that occurred in certain edge cases.

Deployment Information

• This update will roll out automatically to all compatible servers within 72 hours.
• No action is required. The update installs seamlessly in the background.
• If your server does not receive the update within this timeframe, please get in touch with our support team for manual assistance.