Why SquirrelMail is being removed from cPanel

SquirrelMail is a project that provides both a web-based email client and a proxy server for the IMAP protocol. Started in 1999, it has been shipped with cPanel since over 10 years ago.

Used and loved by millions globally, SquirrelMail is, unfortunately, getting the stick from cPanel as it would stop being included officially from cPanel version 76.


cPanel is pulling SquirrelMail due to an active improvement and security patches to the webmail client. According to their blog:

SquirrelMail’s last update was May 30th, 2013, with their last release on July 12, 2011. In that seven years, 4 versions of PHP have reached End of Life, and we have worked with others in the community to maintain SquirrelMail. Unfortunately, recent security patches have significant problems, forcing us into a choice. Exclude the security fix and ship SquirrelMail with known security flaws, ship a secure version with known interface issues, or attempt to fix the problems.

Webmail users now expect a better experience than SquirrelMail provides. Rather than continuing to ship an unmaintained application, we decided to remove SquirrelMail.

A security hole was uncovered in SquirrelMail earlier in 2018.

Horde and RoundCube remain for use, to cPanel users for now. Both are regularly patched.

SquirrelMail would not be the first webmail app to be pulled by cPanel. Neomail was removed several years ago and eventually replaced by RoundCube.

Leave A Comment?

This site uses Akismet to reduce spam. Learn how your comment data is processed.