search

madeITBelgium / vesta

VESTA Control Panel
https://www.tpweb.org
GNU General Public License v3.0
34 stars 15 forks source link

Outdated Apache httpd.x86_64 2.4.6-118.el7.centos from Vesta repo #117

Closed dynanode closed 2 years ago

dynanode commented 2 years ago

As Apache is installed from the VestaCP repo which has not been updates for many years and threats arise (https://access.redhat.com/security/cve/cve-2021-40438) it might be more than time to provide an updates httpd version also for the MadeIT release? Not sure if this could work: https://forum.vestacp.com/viewtopic.php?f=11&t=17737

Kind Regards

dynanode

madeITBelgium commented 2 years ago

Hi, this vesta fork uses the default httpd/apache package provided by the OS. Normally an upgrade via another repo should work without any problems. In Centos 8, Almalinux 8, ... we switched to nginx and php-fpm as default.

dynanode commented 2 years ago

You are right, we also avoid to use it and rather use nginx but on one of our MadeIT releases it´s still on Vesta repo on the outdated version not on the OS. Maybe it´s because we updated it from VestaCP and its not a new install, not sure as it´s so long ago :) I will try to find out.

dynanode commented 2 years ago

It´s true, on fresh MadeIT installed it uses the OS version as it should

httpd.x86_64 2.4.6-97.el7.centos.2 @updates

dynanode commented 2 years ago

Correct on fresh install on MadeIT release, check your instance if you upgraded from VestaCP to MadeIT and make sure you received the correct version.