After installing a new AlmaLinux server with CWP, what components should we really update manually to keep the server secure?
I know Apache currently has a serious security issue, and the default Nginx version installed with CWP also seems quite old. But it is not fully clear which components are handled by the OS, which ones are handled by CWP, and which ones we need to update manually.
For example, should we update Apache, Nginx, PHP versions, Roundcube, MariaDB, OpenSSL, OpenSSH, Postfix, Dovecot, CSF, ModSecurity, etc.?
Also, shouldn’t this be one of the main priorities of the CWP team? One of the reasons to use a control panel is to avoid having to manually inspect every component and guess what is outdated or vulnerable.
Can the community please share useful links, tutorials, or checklists explaining what really needs to be updated after installing CWP and the safest way to keep everything updated over time?
This would make life easier for everyone using CWP.
Topic: [SECURITY] What should we update after a fresh CWP install? (Read 50 times)
