Many of the script versions in Virtualmin Pro are very old, some are not even being supported by the authors (e.g. Advanced Guestbook, Advanced Poll).
The net result is that many of the scripts fail after you install them (e.g do not support PHP 7)
Further, many of them have newer versions which fix identified security flaws.
If we install the versions included with VirtualMin, we potentially expose our webserver to potential security holes (e.g. eXTplorer 2.1.9, which was releasted in Dec 2016, is the latest supported by VirtualMin Pro. However, it has several security flaws which were fixed in 2.1.13, which itself is already more than a year old.)
eXtplorer 2.1.13 has been released
2019-05-15
A new version of eXtplorer (v2.1.13) has been released. It’s fixes various security issues
— version 2.1.13 —
- fixed various security issues reported by Mario Korth: * potential XSS * Arbitrary file read * Path traversal in listing directory contents * Path traversal in archive feature
**When will the scripts included in VirtualMin Pro be updated?
Its pretty frustrating to find a script that we want to use, but then find that the VirtualMin version is years behind the latest versions **
I know that there is an option to install unsupported versions, but often your source does not contain links to the latest version, so we end up having to install it ourselves as an add-on, rather than being able to offer it to customers to install themselves.
e.g eXTplorer 2.1.13 can be found on https://extplorer.net/attachments/download/82/eXtplorer_2.1.13.zip
However, Virtualmin Pro uses the version found on Sourceforge, which stops at 2.1.9