Maintenance
WHMCS-25193 — Define a default region for S3-compatible Storage Providers
WHMCS-25216 — Correct invoice chunking logic
WHMCS-25397 — Improved error handling for ReCaptcha v2 and v3
WHMCS-26068 — Undisclosed Security Fix
WHMCS-26192 — Improved security around Admin password resets.
WHMCS-26194 — Improved security around User password resets.
WHMCS-26206 — Improved security around Invoice processing Hook Points
WHMCS-26338 — Improved security around User logouts.
WHMCS-26339 — Admins require “View Clients Summary” permission to download client files
WHMCS-26425 — Undisclosed Security Fix
WHMCS-26466 — Persist Sign-In Integration notice when appropriate
WHMCS-26624 — Undisclosed Security Fix
Modules
WHMCS-24791 — Improved security for paying invoices with Stripe
WHMCS-26067 — Improved security for paying invoices with PayPal Basic
WHMCS-26381 — Improved security for paying invoices with PayPal Payments
WHMCS-26444 — Improved security of logging in WorldPay FuturePay
WHMCS-26566 — Corrected variable name for Enom
Maintenance
WHMCS-22846 — Improve product downgrade credit calculation
WHMCS-25235 — Undisclosed Security Fix
WHMCS-25253 — Undisclosed Security Fix
WHMCS-25271 — Add validation Improvements in Admin Area
WHMCS-25272 — Undisclosed Security Fix
WHMCS-25466 — Resolved ClassLoader error during system updates
WHMCS-26014 — Undisclosed Security Fix
WHMCS-26057 — Undisclosed Security Fix
WHMCS-26073 — Improved encryption method for sensitive data storage
WHMCS-26075 — Increased randomness of guest ticket access key generation
WHMCS-26189 — Undisclosed Security Fix
Modules
WHMCS-26044 — Undisclosed Security Fix
WHMCS-26056 — Undisclosed Security Fix
WHMCS-26058 — Undisclosed Security Fix
WHMCS-26060 — Undisclosed Security Fix
WHMCS-26061 — Undisclosed Security Fix
WHMCS-26063 — Undisclosed Security Fix
WHMCS-26066 — Undisclosed Security Fix
WHMCS-26072 — Undisclosed Security Fix
WHMCS-26074 — Undisclosed Security Fix
WHMCS-26079 — Undisclosed Security Fix
WHMCS-26145 — Remove Asiapay, Gate2shop, Inpay & Paypoint from distribution
WHMCS-26261 — Improve security around Reports
- WHMCS-26041 - Security Fix for CVE-2026-29204
Maintenance
WHMCS-19418 — Updated Setup Tasks List
WHMCS-25024 — Improved session handling in the Client Area Nexus Theme
WHMCS-25168 — Improved System Health checks for supported PHP versions
WHMCS-25243 — Improved usage of customer currency when viewing Invoices from the Admin Area
WHMCS-25258 — Improvements to Digicert SSL expiry handling
WHMCS-25386 — Improved error handling for Activity Logs
WHMCS-24954 — Improved error handling in the Nexus Cart
Modules
WHMCS-25082 — Introduced new Stripe Dynamic Payments Gateway Module
WHMCS-25228 — Resolved a bug that allowed for cancelled services to be erroneously renewed
WHMCS-25250 — Improved error handling during Invoice generation
WHMCS-25002 — Improved error handling during OAuth authentication calls
WHMCS-22710 — Undisclosed Security Fix
WHMCS-25149 — Improved handling of Late Fees for Mass Pay Invoices
WHMCS-24960 — Improved handling of Domain Addons in the Nexus Cart template
Maintenance
WHMCS-17812 — Improved error handling for Stripe and Invisible reCaptcha
WHMCS-24655 — Improved authentication handling for Nexus Cart when masquerading as a client from the Admin Area
WHMCS-24830 — Improved handling of products with inclusive tax in Nexus Cart
WHMCS-24842 — Expand graceful handling of unsupported Smarty tags
WHMCS-24913 — Improved directory path references for Nexus Cart
WHMCS-24930 — Improved visibility of product renewals in the Nexus Cart
WHMCS-24931 — Improved handling of existing Invoice Late Fees when upgrading to version 9.0
WHMCS-24932 — Improved how Sign-In Integrations are handled
WHMCS-24935 — Improved handling of product deletions in the Nexus Cart
WHMCS-24936 — Improved authentication handling in Nexus Cart
WHMCS-24949 — Exclude Billing Notes from Admin Area income statistics
WHMCS-24950 — Exclude Billing Note Transactions from Cashflow Reports
WHMCS-25006 — Improved handling of URL Rewrites for Nexus Cart
Was this helpful?
Implemented
WHMCS-20052 — Improve Domain Discoverability through AI Powered Namespinning
WHMCS-20187 — Expand API Coverage for Buy Flow Cart Management
WHMCS-22591 — Upgrade Smarty template engine to v4
WHMCS-22633 — Improve VAT Compliance and Validation During Checkout
WHMCS-22711 — ImportAssist Support for CSV Imports of Customer Accounts
WHMCS-23171 — 2026 Client and Buy Flow Theme
WHMCS-23462 — Credit Note Support for WHMCS
WHMCS-23658 — Digicert Certificate Provisioning Adjustments to Support Shorter SSL Certificate lengths
Maintenance
WHMCS-10754 — “Open” ticket counts in sidebar only include tickets from admin’s assigned departments
WHMCS-12696 — Configurable option pricing is now properly displayed in emails
WHMCS-13425 — Add clarifying messaging on Integration Links regarding Captcha (Also known as: WHMCS-14677)
WHMCS-16768 — Improve Password Reset error messaging when a password does not meet minimum security requirements
WHMCS-19165 — Fix the spelling of the Portuguese language in various Admin Area dropdowns (Also known as: CORE-19165)
WHMCS-19395 — Fix a bug related to undercharging a client when performing certain prorated addon actions
WHMCS-19956 — Validation improvements in admin area
WHMCS-22024 — Add Captcha Protection to Password Reset form
WHMCS-21192 — Remove the Trust Commerce Gateway Module (Also known as: WHMCS-21175)
WHMCS-21712 — Improve Staff Online header functionality in Blend - Preview theme
WHMCS-21765 — Secret Word is now required when configuring Skrill Hosted Payment
WHMCS-21795 — Upgrades and downgrades now validate resources to prevent overages
WHMCS-21897 — Visual updates to the Marketgoo landing page and reseller modal
WHMCS-21993 — EmailPreSend Hook Now Supports File Attachments
WHMCS-22177 — More MarketConnect offerings are now back compatible
WHMCS-22217 — Add the ability to select a default language in the “Getting Started Wizard”
WHMCS-22230 — Scheduled action controls now visually represent the permissions a user has
WHMCS-22289 — Prevent “Oops” error when attempting to “Login as Owner” as an Admin related to custom child themes
WHMCS-22290 — Fix a bug related to duplication of Activity Log entries when using the TPP Wholesale registrar module
WHMCS-22303 — Add System Health Check notice if plain-text TOTP tokens are found
WHMCS-22313 — Correct redirect for “Create Upgrade/Downgrade Orders” action without the required permissions
WHMCS-22474 — Validation improvements in admin area
WHMCS-22505 — New User Passwords are Limited to a Maximum of 100 Characters
WHMCS-22534 — Fix a bug to prevent invalid response messages when performing Domain Lookup search for various TLD’s (Also known as: WHMCS-22832)
WHMCS-22694 — Validation improvements in admin area
WHMCS-22702 — Fix a bug in the Domain Registrar Module code to prevent invalid “Oops” errors when performing a domain lookup
WHMCS-22705 — Update clientsummary.tpl admin template
WHMCS-22703 — Validation improvements in admin area
WHMCS-22707 — Validation improvements in admin area
WHMCS-22837 — Update firebase/php-jwt library
WHMCS-22838 — Update the league/flysystem library
WHMCS-22839 — Update the phpmailer/phpmailer library
WHMCS-22840 — Update the minimist library
WHMCS-22841 — Update the underscore.js library
WHMCS-22856 — Getting Started Wizard will now set the Default Language for the system instead of just setting it for the current Admin User
WHMCS-23184 — Add dropdown to Admin Area VAT Validation settings
WHMCS-23264 — Prevent erroneous CSRF block when accessing MarketConnect services (Also known as: WHMCS-22861)
WHMCS-23628 — Fix a bug where sending Custom Messages and Email Campaigns did not properly parse Smarty Tags
WHMCS-23636 — Remove the “Allow Smarty Tags” setting from Configuration Settings
WHMCS-23674 — Fix a bug in the AddClient API Endpoint to resolve invalid entries when both firstname and lastname fields are NULL
WHMCS-23711 — Add the ability to save a Product Group Icon under the Product Group settings page
WHMCS-24369 — Fix a bug with the Support Menu dropdown
WHMCS-24500 — Add language translations for Social Bee in the Client Area (Also known as: WHMCS-22300)
WHMCS-24540 — Enable product group icons for all themes
Modules
WHMCS-18868 — Improve error handling when viewing the “Transactions” page in the Admin Area while an active Payment Gateway’s files are missing
WHMCS-21227 — Improve error handling of .ca domain transfers when using the GoDaddy Registrar Module (Also known as: MODULE-7931)
Languages
WHMCS-19692 — Fix a bug that was preventing Invoices from using the default language set by the Admin when downloading
Maintenance
We are limiting technical details on these changes to protect users who may not yet have upgraded.
WHMCS-18936 — Prevent error when sending email from custom email template with bad attachment reference
WHMCS-19766 — Disabling auto renewal for a domain in the admin area does not cancel the renewal invoice
WHMCS-22025 — Clarify Ioncube Loader Minimum version for PHP 8.3
WHMCS-22090 — Improve Activity Log entry for Admin-initiated User password change
WHMCS-22228 — Layout changes on Client Area homepage after switching the theme (Also known as: WHMCS-22280)
WHMCS-22233 — Improve formatting for invoice modification log entries
WHMCS-22245 — Improve CSS for MarketConnect DigiCert landing page
WHMCS-22289 — Honour parent theme definition for captcha.tpl on Login as Owner link
WHMCS-22304 — Correct regression for target opening of custom module actions (styled as links) in clientarea sidebar
WHMCS-22308 — Ensure ticket scheduled actions can be updated or cancelled when language is not set to English
WHMCS-22450 — Improve visual responsiveness for SocialBee MarketConnect landing page
WHMCS-22456 — Correct alignment of Admin Global Warning text
WHMCS-22457 — Correct regression for displaying embedded videos in Knowledgebase articles
WHMCS-19435 — Undisclosed Security Fix
WHMCS-19947 — Undisclosed Security Fix
WHMCS-19950 — Undisclosed Security Fix
WHMCS-19952 — Undisclosed Security Fix
WHMCS-19953 — Undisclosed Security Fix
WHMCS-19954 — Undisclosed Security Fix
WHMCS-19955 — Undisclosed Security Fix
WHMCS-19957 — Undisclosed Security Fix
WHMCS-19958 — Undisclosed Security Fix
WHMCS-19959 — Undisclosed Security Fix
WHMCS-19960 — Undisclosed Security Fix
WHMCS-19967 — Undisclosed Security Fix
WHMCS-19981 — Undisclosed Security Fix
WHMCS-19983 — Undisclosed Security Fix
WHMCS-19984 — Undisclosed Security Fix
WHMCS-19987 — Undisclosed Security Fix
WHMCS-19992 — Undisclosed Security Fix
WHMCS-20029 — Undisclosed Security Fix
WHMCS-20064 — Undisclosed Security Fix
WHMCS-20066 — Undisclosed Security Fix
WHMCS-21726 — Undisclosed Security Fix
WHMCS-21729 — Undisclosed Security Fix
WHMCS-21763 — Undisclosed Security Fix
WHMCS-21765 — Undisclosed Security Fix
WHMCS-21766 — Undisclosed Security Fix
WHMCS-21768 — Undisclosed Security Fix
WHMCS-21769 — Undisclosed Security Fix
WHMCS-21862 — Undisclosed Security Fix
WHMCS-21884 — Undisclosed Security Fix
WHMCS-21998 — Undisclosed Security Fix
WHMCS-22041 — Undisclosed Security Fix
Modules
WHMCS-21375 — Ensure only partial payment amount is capture when appropriate for invoices paid by PayPal Payments (Also known as: MODULE-8180)
- WHMCS-19282 — Stripe Payment Gateway can now be configured in the Getting Started Wizard
- WHMCS-19870 — Allow blank address field for AddClient API
- WHMCS-21701 — Correct UK VAT Number Validation
- WHMCS-21788 — Prevent error during request for SSL certificate status when using right to left language
- WHMCS-21899 — Visual refinements for DigiCert MarketConnect landing page
- WHMCS-21988 — The Getting Started Wizard will now show when you already have a server connected.
- WHMCS-22094 — Correct mobile responsive rendering of footer in blend-new theme
- WHMCS-22137 — Correct API createclientinvite developer documentation
- WHMCS-21513 — Ensure PayPal Checkout module works with custom service addons (Also known as: MODULE-7585)
- WHMCS-19169 — Correct bulk removal of IPs on Security tab of General Settings
- WHMCS-19286 — Prevent error with Sitejet addon when only annual pricing is configured
- WHMCS-19887 — Correct credit attributes when refunding invoice from View screen
- WHMCS-21790 — Prevent error on Payment Disputes when configuration is invalid for PayPal Payments
- WHMCS-21224 — Improve detection of SiteJet Publishing in Plesk (Also known as: WHMCS-21778)
- WHMCS-21272 — Correct identification of currency in callback from Skrill (Also known as: MODULE-8173)
- WHMCS-21786 — Improve handling of Sitejet availability for reseller packages in cPanel