CWP needs to move forward - Fast

Controlling network services, protocols, and port access to and from CWP servers is relatively straightforward. By deploying a properly configured firewall between the internet and your CWP infrastructure, administrators can tightly regulate traffic and tailor access according to their specific requirements. In practice, this means CWP environments can be isolated and managed with a high degree of flexibility.

However, while network-level controls are important, they are not the primary concern.

The more pressing issue lies in end-of-life (EOL) applications and or operating systems that continue to exist within the CWP ecosystem. These outdated components often carry known security vulnerabilities, making them a significant risk regardless of how well the surrounding network is protected. A firewall cannot mitigate vulnerabilities that are already present within the system itself.

For this reason, addressing EOL applications and or operating systems and their associated security issues should be the top priority for CWP development. Failing to remediate these risks undermines the effectiveness of all other security measures. From a security standpoint, it is difficult to justify prioritizing new features or secondary improvements over resolving known, exploitable weaknesses.

In short, strong perimeter defenses are valuable—but they are not a substitute for maintaining a secure and up-to-date software stack. Ensuring that all components are supported and free from known vulnerabilities must come first.

It is a significant red flag when CWP developers do not prioritise security fixes above all other development efforts. In any system exposed to the internet, security is not just another item on the roadmap—it is the foundation everything else depends on.

When known vulnerabilities or end-of-life components remain unaddressed, it signals a misalignment in priorities. New features, interface improvements, or performance enhancements may add value, but they do not reduce risk. In fact, continuing development without first resolving security issues can compound that risk by increasing system complexity while leaving existing weaknesses intact.

There is little justification for delaying security remediation, particularly when vulnerabilities are already identified and potentially exploitable. In modern software development, responsible practices—such as timely patching, dependency management, and proactive vulnerability mitigation—are not optional; they are baseline expectations.

Failing to treat security as the top priority undermines user trust and places the burden of risk mitigation on system administrators, who are then forced to rely on external controls like firewalls to compensate for weaknesses that should have been addressed at the source.

Ultimately, security should lead development, not follow it. Anything less raises serious concerns about the long-term reliability and safety of the platform.

All the latest versions 0.9.8.1221 to the current 09.8.1124 have all be releases for control panel security fixes.

The last CVE (CVE-2025-48703) was patched back in 0.9.8.1205

Last version that updated PHP was 0.9.8.1220

So they are prioritizing security fixes above updating control panel features.

Last version that updated PHP was 0.9.8.1220

CWP is running... in PHP 7.

So they are prioritizing security fixes above updating control panel features.

No.

The last CVE (CVE-2025-48703) was patched back in 0.9.8.1205

No. There are multiple CVE still active and ignored.

And that doesn't count the CVEs that are active in all the other software that CWP uses. We are talking ONLY in CVEs in CWP itself.
Because if we are going the route of CVEs that are active in the outdated software related with CWP services...

All the latest versions 0.9.8.1221 to the current 09.8.1124 have all be releases for control panel security fixes.

Do you know that... how?
What changed? what CVE was fixed? What file? What was the security fix made?
Can you provide ANY explanation?


Also: i have a test server where i monitor the changes made in CWP files after every update. Do you really wanna know what changed?
There was a update where the only change was a date string. And that increase the number of the update version.
Do you consider that a priority in the update for CWP future? I don't...

I’ve increasingly come to question whether the updates being rolled out to CWP are delivering anything meaningful. Your most recent post seems to reinforce that concern rather than dispel it.

There’s a recurring pattern on the forums: a handful of experienced users consistently defend CWP, insisting that updates are happening and progress is being made. Yet, when they’re asked to provide concrete details—especially in the absence of clear, official announcements—the conversation tends to go quiet. That silence is hard to ignore, and it does little to build confidence within the community.

Transparency is the core issue here. Without clear documentation, changelogs, or visible evidence of improvement, users are left to speculate. This creates a divide between those who trust the process and those who are increasingly skeptical. Neither side benefits from that ambiguity.

If you have access to a test server and are actively monitoring updates as they’re deployed, it would be incredibly valuable for you to share those findings. Even a simple breakdown of what has changed—features added, bugs fixed, performance improvements—would go a long way toward clarifying the situation.

Providing that level of insight would benefit the entire CWP community. It would allow users to make informed judgments about the direction of the platform and whether the development efforts are aligned with their needs. More importantly, it would replace speculation with evidence, which is something the community clearly lacks right now.

At the moment, the perception gap is growing. Bridging it requires openness, shared knowledge, and a willingness to document what’s actually happening behind the scenes. If that can be achieved—even informally—it would represent a meaningful step forward for everyone involved.