They have been testing control panels that are alternatives to cPanel in view of the massive price increase from cPanel Inc. My motivation for switching to Virtualmin was also the same, but now it seems the software is not secure enough.
I understand that these flaws can be fixed, but I would like to know what is the plan for identifying and fixing such flaws, going forward.
Still i know that is not the answer on your question, for future use important one thank you… I understand that these flaws can be fixed, but I would like to know what is the plan for identifying and fixing such flaws, going forward.
I asked once to have separate security part here in forum , but this used forum system seems hard for such changes
Curious meaning of this while does it mean if LOGGED in users that should be trusted while they can get root… or worse? I would not use that in an untrusted environment.
The official pages really lack some love That is all I am willing to say as I am not the kind that turns it’s back to any software that has a security flaw, either a programming bug or somehow injected by a “bad actor”. That is just bad acting. But there should be a very well maintained security area here, on virtualmin.com
That post said they’ve contacted us with details, but I can’t find any related emails in the security@webmin account, so I’m not sure how to proceed. I followed up in the forum there, but haven’t heard back yet.
We try to respond to security reports very quickly, as I hope folks who’ve been around for a while know, but so far I don’t think we’ve gotten any details of the issues mentioned.
Since there’s far more noise than substance in this thread, I’m going to go ahead and close it.
The key point to take though is that the security issues mentioned in the original post are being looked into, and if there is indeed an issue we’ll post a news blurb on the matter as well as push out an update fixing them. None of us want security issues, and if there is one it’ll be fixed.
If anyone wants to have an actual technical discussion, please feel free to open a new thread though