File: //var/softaculous/whmcs/changelog.txt
Version 9.0.6 (Maintenance Release)
Maintenance
WHMCS-25193 — Define a default region for S3-compatible Storage Providers
WHMCS-25216 — Correct invoice chunking logic
WHMCS-25397 — Improved error handling for ReCaptcha v2 and v3
WHMCS-26068 — Undisclosed Security Fix
WHMCS-26192 — Improved security around Admin password resets.
WHMCS-26194 — Improved security around User password resets.
WHMCS-26206 — Improved security around Invoice processing Hook Points
WHMCS-26338 — Improved security around User logouts.
WHMCS-26339 — Admins require “View Clients Summary” permission to download client files
WHMCS-26425 — Undisclosed Security Fix
WHMCS-26466 — Persist Sign-In Integration notice when appropriate
WHMCS-26624 — Undisclosed Security Fix
Modules
WHMCS-24791 — Improved security for paying invoices with Stripe
WHMCS-26067 — Improved security for paying invoices with PayPal Basic
WHMCS-26381 — Improved security for paying invoices with PayPal Payments
WHMCS-26444 — Improved security of logging in WorldPay FuturePay
WHMCS-26566 — Corrected variable name for Enom
Version 9.0.5 (Maintenance Release)
Maintenance
WHMCS-22846 — Improve product downgrade credit calculation
WHMCS-25235 — Undisclosed Security Fix
WHMCS-25253 — Undisclosed Security Fix
WHMCS-25271 — Add validation Improvements in Admin Area
WHMCS-25272 — Undisclosed Security Fix
WHMCS-25466 — Resolved ClassLoader error during system updates
WHMCS-26014 — Undisclosed Security Fix
WHMCS-26057 — Undisclosed Security Fix
WHMCS-26073 — Improved encryption method for sensitive data storage
WHMCS-26075 — Increased randomness of guest ticket access key generation
WHMCS-26189 — Undisclosed Security Fix
Modules
WHMCS-26044 — Undisclosed Security Fix
WHMCS-26056 — Undisclosed Security Fix
WHMCS-26058 — Undisclosed Security Fix
WHMCS-26060 — Undisclosed Security Fix
WHMCS-26061 — Undisclosed Security Fix
WHMCS-26063 — Undisclosed Security Fix
WHMCS-26066 — Undisclosed Security Fix
WHMCS-26072 — Undisclosed Security Fix
WHMCS-26074 — Undisclosed Security Fix
WHMCS-26079 — Undisclosed Security Fix
WHMCS-26145 — Remove Asiapay, Gate2shop, Inpay & Paypoint from distribution
WHMCS-26261 — Improve security around Reports
Version 9.0.4 (Maintenance)
Maintenance
WHMCS-26041 - Security Fix for CVE-2026-29204
Version 9.0.3 (Maintenance)
Maintenance
WHMCS-19418 — Updated Setup Tasks List
WHMCS-25024 — Improved session handling in the Client Area Nexus Theme
WHMCS-25168 — Improved System Health checks for supported PHP versions
WHMCS-25243 — Improved usage of customer currency when viewing Invoices from the Admin Area
WHMCS-25258 — Improvements to Digicert SSL expiry handling
WHMCS-25386 — Improved error handling for Activity Logs
WHMCS-24954 — Improved error handling in the Nexus Cart
Modules
WHMCS-25082 — Introduced new Stripe Dynamic Payments Gateway Module