A security update for HostBill CloudSignup module has just been released. In the release we’re also introducing a set of improvements for Estimates, Tickets, ACLs, Translation Toolkit & more!

HostBill CloudSignup Security Advisory

A security update for HostBill CloudSignup module has just been released – please update your CloudSignup module to the most recent version!

We’ve been notified privately about an Improper Authentication via SSO issue that affects all CloudSignup module versions until the most recent releases. We don’t have evidence that this security issue was exploited or known to public and its severity depends on the HostBill use and configuration and the client area protection.

Resolution:

To mitigate this issue please update your CloudSignup module to the most recent release, this is the version `1.2026-06-06` or higher, either manually or using the Auto-Update plugin.

Release notes

This week we introduced a new Processed status for Estimates. This status can be assigned manually by administrators and is also applied automatically when an order is generated directly from a draft estimate without creating an invoice. The new workflow provides better visibility into estimate processing stages and helps teams track document lifecycles more accurately.

For Ticket attachment management administrators can now configure how ticket attachments are handled when a support ticket is closed. This new setting provides greater flexibility in managing support-related files and helps organizations align attachment retention with their internal support policies and compliance requirements.

Status Updates now supports direct assignment of notification zones to individual clients and contacts. This enhancement allows businesses to deliver more targeted communications, ensuring the right recipients receive relevant service and maintenance notifications.

Security and permission management continue to be a key focus. Several modules have been updated to better respect administrator ACL settings. Administrators without the Edit General Settings permission are now prevented from making changes within the Gateway Fees module. Administrators without the Edit DNS Settings permission can no longer access DNS Import and DNS Zone Manager modules. Access to IPAM Audit Logs now requires the viewLogs ACL permission, providing more consistent control over administrative activity monitoring. To use the Manual Credit Card Processing plugin, administrators must now have all of the following permissions: view Invoices, list Clients, view CC. This ensures sensitive payment information remains accessible only to appropriately authorized staff.

The Translation Toolkit has been extended with a new administrator preference that allows support agents to manage automatic translation of their own support replies. This improvement gives individual administrators greater control over multilingual communication workflows while maintaining consistency across support operations.

Our ClouDNS integration continues to evolve with new failover management capabilities. Product-Level Failover Configuration is a new product configuration option allows administrators to define failover checks for sub-users, making it easier to standardize monitoring settings across customer environments. Client-Side Failover Management – clients can now directly manage failover checks through the client area, providing greater transparency and self-service functionality. To improve usability, Failover Details now display the Check Type using a descriptive name instead of a numeric value, making configuration and troubleshooting significantly more intuitive.