Ahmad

Vulnerable and out of date NGINX version

I was contacted by one of my client, since they found out that NGINX version for ISPManager 6 in Almalinux is out date, way out of date. It also contains Vulnerability in which make them switch to different provider than me since they don't want to gamble anything with out of date version of this stack.

Is there really no plan for this? Since this is the main feature of Web Hosting and our backbone for the services we provide.

For your information, the NGINX version used in ISPManager is 1.14.1 while the latest one is on 1.25.1. All other competitor have been using 1.25.1 since Last month except Plesk which used 1.20 Which is still much more newer than the one used by ISPManager.

If you want, you can try check your website hosted in ISPManager 6 Lite, Pro or Host in AlmaLinux 8.5. with Sucuri SiteCheck or Pentest-tools.com

22.07.2023 19:09

IgorG

Thank you for your post. We understand your concern. But the point is that ispmanager uses builds from the OS vendor's repository. And the OS vendor is responsible for security updates of its builds. Note, that they cover the most serious vulnerabilities with their updates.

We are planning to start delivering our own actual nginx builds in the nearest future, where we will close all current vulnerabilities.

26.07.2023 10:28

Houssam C

Any update on this feature is highly appreciated. We got flagged also by some pen-testing team recently due to this which is bad.

02.05.2024 00:58