🔥 New Features

🚀 xCloud MailBox – Free Professional Mailbox With Advanced Features

The xCloud MailBox Addon is now a complete business productivity suite — not just email anymore. Create professional email addresses with your own domain (e.g., yourname@yourbusiness.com), build trust with customers, and manage everything from one place.

• Free Mailbox for xCloud Server/Provider Users — Every unique domain hosted on an xCloud Managed or Provider Server now gets one free professional mailbox with the full suite included. No setup fee, no commitment.

• Professional Email Features — Threaded conversations, unlimited email signatures, built-in rules engine for auto-filtering and tagging, spam and phishing protection, unified inbox for all accounts, IMAP & POP client support, aliases, mail forwarding, catch-all addresses, mail templates, schedule send, undo send, snooze, and follow-up reminders.

• Full Business Workspace — Built-in calendar with smart scheduling, RSVP, recurring events, and resource booking. Shared task lists with due dates, reminders, priority flags, and team collaboration. Personal address book with smart autocomplete. Dark mode and app access on any device.

• Upgrade to Unlock Even More — Cloud Drive with file sharing, version history, WebDAV, and sync clients. Built-in document, spreadsheet, and presentation editors with real-time collaboration. Shared contacts across your organization. Read receipts and follow-up reminders.

• Enterprise-Grade Security — Two-factor authentication, WebAuthn hardware key support, end-to-end encryption, and premium antivirus, antispam, and antiphishing protection.

• Plans Starting at Just $1/mo — 8GB at $1/mo, 25GB at $2.5/mo, 50GB at $5/mo, and 80GB at $8/mo with support for 25+ languages.

• Easy Migration from Legacy Mailbox — Existing users can migrate seamlessly to the new mailbox using the built-in migration tool. Move all emails in bulk per domain, keep the same pricing and billing, and unlock more features at no additional cost.

• AI-Powered Email Productivity — Auto-generate email replies and subject lines, summarize long email threads in seconds, smart classification to sort your inbox automatically, automate routine tasks with Smart Tasks, and text-to-speech for emails read aloud.

✨ Improvements

• Cloudflare integration no longer requires the Origin CA Key, so new Cloudflare users can connect without it.
• Users now see AI-powered answer suggestions while creating support tickets.

🐛 Bug Fixes

• Fixed site environment stays as Production when the domain update fails during the demo-to-live transition.
• Fixed Authorization header being dropped on OpenLiteSpeed Node-app reverse proxy.
• Fixed an issue related to the  MariaDB database settings.
• Billing accuracy and invoice reconciliation improvements
• Internal admin reporting and MRR visibility enhancements
• Missing bill detection and recovery workflow improvements
• Server billing calculation fixes for resize and plan changes
• Provider data sync improvements for Vultr backups, server size, and billing status
• Mailbox migration backend improvements, including migration flow, plan handling, and provider architecture
• Multi-provider mailbox architecture improvements with OX Mail integration
• Abuse report handling improvements with better queue processing
• WordPress vulnerability scanning performance improvements
• White-label product picker and storage information improvements
• Server SSH authentication state handling improvements
• Domain update rollback improvements for safer failed updates
• Internal API callback error response improvements
• Meta Ads purchase tracking and deduplication improvements
• Internal report access control and permission handling improvements
• Site deletion and PHP-FPM restart safety improvements
• GitHub release and cache handling improvements
• Internal test coverage and rollback test improvements
• Various UI polish, route guards, loader states, and admin action improvements

🔖 Resources

• How to Set Up xCloud MailBox Addon
• How to Configure Your Email Client with xCloud Mailbox Addon
• How to Migrate Emails From Legacy Mailbox To The New xCloud MailBox

Security Release – 🔒 Dirty Frag Linux Kernel Vulnerability Mitigation Applied

Dirty Frag mitigation has been applied across all connected xCloud servers, including xCloud-managed and self-managed servers, via the existing security patch system. The vulnerable kernel modules are safely disabled and unloaded where applicable. Nothing needs to be done from your end, and there is no downtime or reboot requirement.

🔥 New Features

OpenClaw & Hermes Reseller Panel

– Resellers can offer fully managed OpenClaw, Hermes & Paperclip hosting to their own customers.
– Customers get AI agent hosting powered by xCloud, while resellers manage sales and customer access from one place.
– This makes it easier for agencies, hosting providers, and AI service businesses to launch their own AI hosting services without building the infrastructure themselves.

✨ Improvements

1. xCloud Free Vulnerability Checker is now up-to-date with the latest Wordfence workflow
2. New clients get a more user-friendly approach to set up their already paid servers during the signup and onboarding process.
3. Server and Site now show the correct MySQL or MariaDB version.
4. Improved the domain update process so the dashboard shows more accurate status updates during domain changes.
5. Improved server provider credential validation with clearer error messages when credentials are incorrect.
6. Improved the WordPress vulnerability scan page with a cleaner layout, better action buttons, and clearer security status.
7. Improved OpenLiteSpeed Rescue Site handling so custom PHP worker settings are preserved.
8. Improved Google Drive restore handling so remote site backup restore errors are shown more clearly instead of failing silently.
9. During ticket creation users can now also see helpful related documentation in real time.

🐛 Bug Fixes

1. Fixed an issue where Cloudflare actions could fail if an older Cloudflare integration had an invalid API token.
2. Fixed WP-CLI warnings appearing on WordPress multisite environments.
3. Fixed an issue where whitelabel brand logos and landing page navbar logos could overwrite each other.
4. Fixed incorrect failure titles on site delete, clone, and migration progress pages.
5. Fixed reserved xCloud platform domains being allowed during go-live or additional domain setup.
6. Fixed SSL status showing as failed while certificates were still being generated. It now correctly shows as pending.
7. Fixed the cookie banner showing on error pages and overlapping important error messages.
8. Fixed dropdowns closing unexpectedly when interacting with modals.
9. Fixed OpenClaw session file cleanup to prevent large session files from slowing down the chat UI.

Security Release – 🔒 CVE-2026-31431 (“Copy Fail”) Mitigation Applied
Automatically disables the vulnerable algif_aead Linux kernel module across all connected servers — both xCloud-managed and non-managed — via the existing security patch system. The module is permanently blacklisted, safely unloaded if running, and verified blocked without impacting older or custom server configurations. No action required from your side.

New Features

🆕 Introducing Hermes Agent Hosting on xCloud

Deploy your own self-improving AI agent with persistent memory, auto-built skills, and multi-platform messaging — fully managed on xCloud. No terminal or DevOps experience needed.

Hermes Agent remembers you across sessions, builds new skills as it works, and runs 24/7 on autopilot. You sign up, we deploy, you start chatting.

• Persistent memory – remembers everything across sessions, no re-explaining needed.
• Self-building skills – gets smarter the longer it runs by learning from every task.
• Multi-platform messaging – manage from Telegram, Discord, Slack, WhatsApp & more.
• Built-in scheduling for reports, monitoring, and automations.
• 40+ tools out of the box – web search, browser automation, code execution, vision, and more.

🌟 With xCloud, you get one-click deployment, built-in Telegram support, auto SSL, daily backups, managed updates, and security – all in one place.

👉 Visit the page for more details.

🐛 Improvements

📌 Added a combined stack called Agentic for OpenClaw, Paperclip, and Hermes Agent for xCloud Managed Servers.

📌 Added Cloudflare Security Settings support for OpenLiteSpeed sites

🐛 Bug Fixes

📌 Fixed an issue related to Nginx regeneration

📌 Fixed incorrect commit details showing in GIT deployment history

📌 Fixed deployment issues for GitHub auto-deploys

📌 Fixed SSL retry options for failed certificates

📌 Fixed silent failures with Disable Nginx Regeneration across multiple site actions

📌 Fixed SSL-related issues affecting failed certificates, multisite subdomains, and staging/live sites

🔥 New Features

🆕 Introducing Paperclip Hosting on xCloud

Deploy and run an autonomous company powered entirely by AI agents — fully managed on xCloud. No coding or server skills needed.

Paperclip lets you hire AI employees, set goals and budgets, and let your agents run 24/7. You stay in control. They handle the work.

✅ Full org chart setup – hire AI employees for any role 

✅ Set goals and budgets, agents work toward them automatically 

✅ Per-agent budgets to prevent runaway API costs 

✅ Audit log of every decision and tool call

🌟With xCloud, you get a fully managed server with automatic updates, security, logs, SSH, and more – all in one place.

📑 Requirements:

• xCloud Managed Server with at least 4GB RAM
• Dedicated server (no other apps run alongside Paperclip)

🆕 Gemma 4 Variants Support for Ollama

Gemma 4 is Google’s lightweight open model family – and it’s now supported in Ollama on xCloud. You can pull Gemma 4 variants directly from your Ollama dashboard and connect them to OpenClaw or other agent workflows for fully self-hosted, private, API-cost-free AI.🔥

Great for teams that want to experiment with local models alongside options like DeepSeek R1, or run sensitive workloads entirely on their own infrastructure.

🆕 Cloudflare Under Attack Mode Toggle

Cloudflare’s Under Attack mode performs additional security checks to help mitigate layer 7 DDoS attacks. Validated users access your website and suspicious traffic is blocked. It is designed to be used as one of the last resorts when a zone is under attack (and will temporarily pause access to your site and impact your site analytics).

You can now enable or disable Cloudflare’s “Under Attack Mode” directly from the Site security settings page of xCloud dashboard. 

🆕 Git Integration for Docker Compose Sites

You can now deploy custom Docker Compose projects directly from a Git repository on xCloud. Connect your public, private, or linked Git provider, auto-detect ports from your docker-compose.yml, map services to domains, and go live – all from the xCloud dashboard.

🐛 Improvements & Bug Fixes

📌Fixed Codex authentication flow issue

📌Fixed UI related issues across multiple pages

📌Fixed an issue related to the blank server monitoring page

📌Fixed MySQL installation version issue on Ubuntu 24.04

📌Fixed Docker site deletion getting stuck when a Redis file is missing

📌Fixed package upgrades showing as failed after a reboot

📌Fixed Fail2Ban timeout issue

📌Fixed staging option showing for unsupported WordPress multisite

📌Fixed empty site title issue in Bulk Nginx Customization

🚀 Introducing the xCloud Infrastructure Upgrade: A Faster and More Secure Dashboard

The xCloud infrastructure upgrade brings major improvements to the performance, security, and long-term stability of your dashboard. This release focuses on faster operations, near-instant navigation, and a modern foundation that keeps xCloud reliable as it continues to grow.

✨ What this upgrade brings for you

• No more waiting on slow operations – provisioning servers, managing DNS, billing, API calls – all ~40% faster on average
• Pages load before you expect them to – xCloud now prefetches the next page before you click, so navigation feels instant
• Dashboards show content first – no more staring at a loading screen while everything catches up. Your content appears immediately; heavy data loads behind the scenes
• Better security – every package is patched and up to date, with fewer dependencies, meaning fewer things that can go wrong

🔥 New Features

WordPress

🌟Site Rules – Manage HTTP Headers & Redirects for WordPress Sites 

Create and manage HTTP header and redirect rules for WordPress sites running NGINX directly from the xCloud UI – no manual nginx config editing required.

Add Custom Headers 

Define custom HTTP response headers (security headers, caching headers, CORS, etc.) for your WordPress site directly from the dashboard. Strengthen site security, control browser caching, and manage cross-origin policies without manually editing nginx configuration files.

Redirects

Set up 301/302 redirects for URLs, paths, or patterns from a clean, intuitive interface. Manage post-migration URL changes, enforce trailing slashes, or route legacy paths to new destinations — all without writing a single rewrite rule by hand.

🌟 Bulk NGINX Customization

Apply NGINX Configs Across Multiple Sites at Once on xCloud. You can now push custom NGINX configurations to multiple sites on a server in a single operation directly from the dashboard without editing each site individually. 🚀

🌟 Restore Backup To Any Site On Any Server

Seamless Cross-Site Backup Restoration Is Now Available on xCloud. You can now restore a WordPress backup directly to another existing site without rebuilding anything from scratch. This feature helps you clone live sites to staging, recover broken environments instantly, or reuse recent backups across projects. It simplifies migration workflows, reduces downtime, and gives you full control.

🌟 Sidebar Menu Search Is Now Available Again

Search improves navigation speed across the xCloud dashboard with sidebar menu search. Now users can instantly find exact page locations more easily.

🌟Site-Level Cron Job Management

Added comprehensive Cron Job Management directly in the xCloud dashboard at the site level. Users can now create, edit, and delete cron jobs without SSH access, with support for custom schedules, command validation, and execution logs.

🌟 Staging Hook Scripts — Post-Pull & Post-Push Automation

Add your own Post-Pull and Post-Push scripts from the Staging Management page. These scripts run automatically after each pull or push, so you can execute custom bash commands without manual work.

Use them to deactivate sync plugins, clear caches, or apply environment-specific settings instantly.

✨ Improvements 

• Easy Upgrade From Free To PRO – A new global upgrade modal accessible from anywhere in the app, allowing free plan users to upgrade to the Starter plan without leaving their current page.
• Fatal Error Banners & Notifications – When a fatal PHP error occurs on a site, xCloud now shows a banner on the site dashboard. It also includes a direct link to the error logs for faster debugging. Also, users will get real-time integrated notifications channels and a dashboard.
• Improved warning banner system consistency across dashboard
• Added searchable sidebar navigation
• Improved search component flexibility
• Improved safety during site and server deletion
• Improved cross-server navigation state handling
• Improved gateway health check handling
• Improved backup deletion handling across storage types

✨ Bug Fixes

• Fixed checkout security issues related to duplicate accounts and charges
• Fixed whitelabel server creation failures
• Fixed session handling on password change
• Fixed issues with salt handling during production push
• Fixed staging visibility indexing after database pull
• Fixed SSL-related deletion crashes
• Fixed cache helper CPU loop issue.
• Fixed MySQL install hang in non-interactive environments.
• Fixed PM2 startup issues on reboot for Node.js Git sites.
• Fixed mailbox banner-related issue.

🔥 New Features

🌟 Cloudflare WAF Rules Integration

Cloudflare WAF rule management is now available directly inside xCloud. You can apply common WordPress security protections without creating manual rules in the Cloudflare dashboard.

• Cloudflare WAF Security Settings – Configure essential WordPress protection rules directly from the xCloud dashboard.
• Allow Good Bots & ACME Validation – Ensures trusted crawlers and Let’s Encrypt validation requests continue to function normally.
• Sensitive File Protection – Blocks direct access to files that should not be publicly exposed.
• wp-config.php Protection – Prevents direct access to the WordPress configuration file.
• XML-RPC Blocking – Reduces exposure to XML-RPC abuse and brute-force attacks.
• Author Enumeration Protection – Blocks requests attempting to discover WordPress usernames.

Each rule is applied as a Cloudflare WAF custom rule via API and managed per site directly from xCloud.

🔄 New: Easy WordPress Rollback with Backup

You can now roll back plugins, themes, or WordPress core in a few clicks. Just pick a version from a searchable list and revert instantly. You can also enable automatic backups before rollback.

⚙️ New: Auto-Tune PHP, FPM & OPcache

Added auto-tunes for  PHP, FPM, and OPcache settings based on your server RAM. It suggests optimized values instantly and lets you manage full OPcache configuration. Works seamlessly with both Nginx and OpenLiteSpeed.

✨Improvements

• Improved access log view with search, filters, and bot traffic insights
• Better default OPcache settings applied during PHP installation
• Improved disk usage with clearer stats such as total, used, and free space
• Refreshed support portal design with better visibility and layout
• Improved site controls with “Enable Site” action and quick recovery option
• General UI improvements for spacing, colors, and responsiveness

✨Bug Fixes

• Reduced false alerts from PageSpeed errors caused by external issues
• Improved retry handling for PageSpeed connection failures
• Fixed incorrect sorting and pagination issues in Site Insights
• Resolved Site Pro deployment-related errors
• Fixed Slack notification issue in vulnerability alerts
• Fixed duplicate DNS record issue in Cloudflare sync

🔥 New Features

Addon

🌟Mail Delivery Enhancements

Transactional emails are essential for WordPress websites. When an email quota runs out unnoticed, emails can suddenly stop sending. This update introduces smarter Mail Delivery subscription management with Auto Upgrade and 1-click Cloudflare DNS setup to keep email delivery uninterrupted.

• Auto Upgrade Mail Delivery: Automatically upgrades your email plan when usage reaches the limit. xCloud will notify you when your email usage reaches 90% of your available quota. This ensures transactional emails continue sending without disruption.

• Cloudflare One-Click DNS Verification — If your domain uses Cloudflare integration, xCloud can automatically add and verify the required DNS records with a single click, eliminating manual DNS configuration.

• Default Mail Delivery Provider — Set a default provider so newly created sites automatically use your preferred email delivery configuration.

• Email Usage Visibility — View total email quota and available emails directly from the dashboard for better monitoring and planning.
• Built-in SMTP Configuration — Access SMTP credentials including username, password, SMTP server, and port directly from the dashboard.
• API Key Access — Manage API keys for custom integrations or external applications.
• Clone Mail Delivery Settings — When cloning a site, the Mail Delivery configuration is automatically copied so the cloned site inherits the same email setup.

🌟Multi-Port Domain Mapping for Docker Compose Sites

Custom Docker Compose sites can now map multiple domains to different container ports. Perfect for running multiple services under separate domains from a single site.

🌟  PHP 8.5 Support for OpenLiteSpeed

PHP 8.5 is now available for OpenLiteSpeed servers on Ubuntu 24. All PHP extensions are now consistently available across all PHP versions.

🌟GridPane OpenLiteSpeed Server Migration

Migrate your servers from GridPane’s OpenLiteSpeed stack to xCloud. The migration wizard handles the full transfer including sites, databases, and configurations.

✨Improvements

• Optimized server provisioning by deferring non-essential packages during setup.

✨Bug Fixes

• Fixed WordPress Bulk Management issue where the Refresh All button failed when groups were collapsed or expanded.
• Fixed dropdown menus being cut off on Mail Delivery, Mailbox, and Security addon pages.
• Fixed SSH Key Editor showing system and migration keys in the sudo user SSH key selector.
• Fixed site cloning error that occurred when the PHP version was not set.
• Fixed PageSpeed Insights temporary network errors triggering false error reports.