Hi, It seems there are some medium vulnerabilities for nginx version 1.14 which is installed from the vmware image of ispconfig. Should there be any concerns? What will be the best next version to upgrade to and is ISPConfig compatible with later versions? Thanks
I don't use nginx, but as far as I know there should be no compatibility issues. The vmware images are made at the time of writing the tutorial and therefore not everything is up to date.
It is very likely that there are no vulnerabilities. The Nginx package is the one from the Linux Distribution and Linux distributions patch their packages without increasing version numbers, so you can't compare version numbers from vulnerability reports that you find on the internet with the version number that nginx -v shows on your system as you don't see in that way that the vulnerabilities on your system are already patched. If you want to know in details whats got fixed, then you'll have to look up the package history in the package archive of the used Linux distribution. No. Just take care to install the available package updates for the Linux distribution that you use regularly. Regarding VMWare images, just run: apt-get update apt-get upgrade on debian and Ubuntu VM's and your system is up to date.
