Security updates are being install automatically

shoulders · March 12, 2026, 10:17am

SYSTEM INFORMATION
OS type and version	Ubuntu Linux 22.04.5
Webmin version	2.610
Usermin version	2.510
Virtualmin version	7.50.2 Professional
Theme version	26.20
Apache version	2.4.52
Package updates	11 package updates are available

I have my Virtualmin/webmin confirued just to notify me of security updates, whihc it does, however these updates are getting installed automatically.

I know some kernel level updates are installed automatically and this is an OS thing, but thee I got emails, the updates were waiting and then the get installed. Maybe all of these security updates are of that type!

The following updates were installed automatically. There are 2 occurences so I have added both.

11-03-2026

A security update to curl from 7.81.0-1ubuntu1.22 to 7.81.0-1ubuntu1.23 is available.

A security update to libcurl3-gnutls from 7.81.0-1ubuntu1.22 to 7.81.0-1ubuntu1.23 is available.

A security update to libcurl4 from 7.81.0-1ubuntu1.22 to 7.81.0-1ubuntu1.23 is available.

09-03-2026

A security update to apache2 from 2.4.52-1ubuntu4.18 to 2.4.52-1ubuntu4.19 is available.

A security update to apache2-bin from 2.4.52-1ubuntu4.18 to 2.4.52-1ubuntu4.19 is available.

A security update to apache2-data from 2.4.52-1ubuntu4.18 to 2.4.52-1ubuntu4.19 is available.

A security update to apache2-suexec-custom from 2.4.52-1ubuntu4.18 to 2.4.52-1ubuntu4.19 is available.

A security update to apache2-utils from 2.4.52-1ubuntu4.18 to 2.4.52-1ubuntu4.19 is available.

Related github Issuie

github.com/webmin/webmin

Software Package Updates - email notfication for security updates

opened 11:57AM - 14 Jan 24 UTC

closed 06:37PM - 14 Jan 24 UTC

shoulders

| SYSTEM INFORMATION|| |----------------------|---------------------------| |… OS type and version | Ubuntu Linux 22.04.3 | | Webmin version | 2.105 | | Usermin version | 2.005 | | Virtualmin version | 7.9.0 | | Theme version | 21.09.5 | | Package updates | 15 package updates are available | ## Current ![image](https://github.com/virtualmin/virtualmin-gpl/assets/319997/242ea260-7298-4611-915d-21d8ecc20770) You can set a schedule and then be notified of any updates, but this is for all updates. ## Request I would like to add the additional option of - Just Notify (Security Updates Only) this would allow me to get notified of security updates that do need applying rather than getting notified by all updates which I would then start ignoring.

stefan1959 · March 12, 2026, 11:25am

Looks like a bug seeing the options in Action when update needed

I’ve never needed this as I have Virtualmin as a saved tab and I get notified when I open my default browser.

Joe · March 12, 2026, 6:48pm

Not a bug. Nothing to do with Virtualmin.

Joe · March 12, 2026, 6:48pm

I assume you have unattended-upgrades installed.

shoulders · March 12, 2026, 7:00pm

There are 2 types of security updates, normal ones and the ones that are forced by the OS.

Are the forced ones kernel level?

shoulders · March 12, 2026, 7:18pm

I only have send emails when security updates are available. The is what the schedule tab is set to.

I assume this controls the setting you mention.

Joe · March 12, 2026, 7:24pm

No type of update is forced by the OS.

It does not. Virtualmin updates are unrelated to, and have no connection to unattended-upgrades, which is a package provided by your OS. If you have it installed, you are performing upgrades outside of the control of Virtualmin. Which is fine, if that’s what you prefer.

shoulders · March 12, 2026, 8:33pm

Then explain the point of the options in the schedule tab on my first post. What is the point of having an option that says email only when security updates are available when this setting does nothing.

I am confused.

Joe · March 12, 2026, 8:54pm

The setting controls whether updates are performed by Virtualmin.

unattended-upgrades is not our package and we didn’t install it. If you don’t want unattended upgrades, uninstall or disable unattended-upgrades.

shoulders · March 12, 2026, 9:07pm

As a user it does not matter what it might or might not control, virtualmin has a setting to inform me of security updates and explicitly not install them, so that’s what should happen on my server otherwise what is the point of this setting.

I am not a Linux admin that is why I use virtualmin.

Joe · March 12, 2026, 10:28pm

I guess we could include a notification if unattended-upgrades is installed. But, we can’t prevent every possible way updates could be performed.

shoulders · March 12, 2026, 10:40pm

It is stupid having a setting that does not work. Fix the setting or remove it are the options, my preference would be to fix it as I want control over the updates.

stefan1959 · March 13, 2026, 12:27am

Its overriding what virtualmin can control, its that simple.
Check here are some commands for it.

https://medium.com/@mohamadabdul1122/commands-to-check-auto-updates-unattended-upgrades-on-ubuntu-f97e196826ca

So try sudo systemctl status unattended-upgrades
That should show if its installed.

You need to uninstall it if you want virtualmin to control the updates.
I don’t think this is in Rocky (RHEL type) so first I’ve heard of it.

shoulders · March 13, 2026, 8:22am

I am guessing this means it is on.

adminusername@server:~$ sudo systemctl status unattended-upgrades
[sudo] password for adminusername: 
● unattended-upgrades.service - Unattended Upgrades Shutdown
     Loaded: loaded (/lib/systemd/system/unattended-upgrades.service; enabled; vendor preset: enabled)
     Active: active (running) since Sat 2026-03-07 08:33:02 GMT; 5 days ago
       Docs: man:unattended-upgrade(8)
   Main PID: 718 (unattended-upgr)
      Tasks: 2 (limit: 9378)
     Memory: 10.2M
        CPU: 32ms
     CGroup: /system.slice/unattended-upgrades.service
             └─718 /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal

Mar 07 08:33:02 server.mydomain.uk systemd[1]: Started Unattended Upgrades Shutdown.
adminusername@server:~$

shoulders · March 13, 2026, 8:33am

You can prevent this one

I feel a GitHub Issue forming

Steini · March 13, 2026, 10:08am

I’m glad we’re following suit what YOU want…

However, YOU have to invest YOUR brain matter into learning how Linux works, how far control panels like Virtualmin/Webmin can get YOU, and what YOUR duty/tasks/responsibilities as the administrator of such systems are.

Instead of demanding, turn your non-knowledge into knowledge and if you hit a blocker on the road that remains unsolvable after you tried to get your head around, feel free to demand. But don’t cover ignorance of learning with cheap excuses like “I am not a Linux admin that is why I use virtualmin. ”… That’s unfair and lazy behaviour.

shoulders · March 13, 2026, 10:12am

No I don’t. This is what Virtualmin is for. If it says updates are not going to be applied then that is what should happen. If you have to start second guessing every setting and be under the belief that you should know what every Linux command is for then Virtualmin is pointless.

This comes across as arrogant. I have reported a bug, or at very least an inconsistency and I am getting trolled for this, how is this fair.

Steini · March 13, 2026, 10:19am

Not my intention at all. I swear.

And you didn’t report a bug (it might appear to be a bug from your vantage point, but it’s not). Turn your demand into a feature request and use the Blue Skies forum instead of this one.

shoulders · March 13, 2026, 10:41am

It is implied as a bug report because I am discussing something I believe to be broken, just not confirmed.

The forum is the correct place to discuss before making a formal bug report.

Stop saying this, posting and having a discussion != demand

Wrong place for this. Read the categories description. This is not a big item.

If you’ve got a big wish for Virtualmin, Webmin, or Usermin, here is the place to discuss it.

Ok Thanks

Additional Thought

The wording for the options is always descriptive to allow the less “admin” of users interact with Virtualmin. I have discussed this with one or more of the staff and had suggested using more clinical terms but the team wanted to encompass a larger base than just admins. So the particular use of language throughout Virtualmin proves my point, that if a setting says it does something then it should or it is broken. It is for virtualmin to bridge the gap between the option and the operation because virtualmin is not just aimed at seasoned admins.

I think it was while I was bug reporting on the email GUI and suggesting improvements, one of which was to use the POSTFIX option names rather than the descriptive terms for the options. I believe the outcome of that was that the option name should be put in the description of in brackets or the description, anyway can’t remember exactly.

jimr1 · March 13, 2026, 2:21pm

Perhaps it could be said this is not a bug but a bit of an understanding in your perception of how your chosen OS works, For example, as stated by @stefan1959 this ‘bug’ would not appear in EL systems as the service that is upgrading some of your system is not installed by default.
Take it this way OS’s (e.g windows or Ubuntu) as different languages such as English & french, you may be fluent in say windows but have no idea how another language works. So I do agree with @Steini this is down to your misunderstanding on how your target OS works (or parts of it), maybe it’s time to read up on a problem that your having and it’s possible causes and having a go at fixing it rather that pronouncing that your problem has to be a bug in virtualmin where in some cases it maybe a bug or in other cases your lack of knowledge about your target OS. If you want a Ubuntu specific version of Webmin/virtualmin fork the project and code it rather than (in this case) stating it’s a bug in webmin/virtualmin when clearly it’s not and it’s a ‘bug’ in your understanding of how webmin/virtualin and your target OS work together