As we announced last week, there is a security issue on existing default Virtualmin setups. The current Virtualmin release partly fixes it, but an additional update is needed to completely close down the hole.
We felt the security issue was severe enough that in the current release of Virtualmin, it made configuration changes to mitigate the problem.
Unfortunately, automatically performing those changes caused problems for some folks; and we’ve come up with a more interactive way to perform the next series of changes that are needed to fully correct the security issue.
We highly recommend performing all the recommended changes, and not doing so will leave your system vulnerable to some pretty significant problems. However, the changes are no longer mandatory, and you’ll be prompted for which changes to make.
We’re planning to release this new version shortly, and we’re working on testing it now.
If you’re a Virtualmin Pro customer, we’d like to get you involved too, if you like! If you want to beta test the new security update, simply do the following:
Send an email to firstname.lastname@example.org
Include “Virtualmin test” in the subject
Include your virtualmin.com username and your Linux distribution in the message body
I’ll send you an email containing the current beta version of Virtualmin, which contains the security fixes.
(note: this beta version is only available to Virtualmin Pro customers)
After installing the updates, log into Virtualmin as root. Upon doing so, Virtualmin will detect if any security issues are present, and if they are, it will tell you what it sees, and prompt you to correct them.
If you’d like to try the beta version, let me know, and then we’d certainly enjoy hearing your feedback on how it works for you.