Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - cyberspace

Pages: [1]
2
Nginx / New Nginx Vulnerability CVE-2026-42945
« on: May 16, 2026, 10:31:36 PM »
Hi guys,

New critical vulnerability CVE-2026-42945 was discovered in nginx webserver:
https://www.picussecurity.com/resource/blog/nginx-rift-cve-2026-42945-critical-heap-buffer-overflow-vulnerability-explained

Almalinux developers released the patched version of nginx:
https://almalinux.org/ru/blog/2026-05-13-nginx-rift-cve-2026-42945/

To fix it is enough to run:

Code: [Select]
dnf update
service nginx restart
and then check the nginx version to make sure you are safe.

3
Updates / Vulnerabilities in Apache 2.4.66 and older versions
« on: May 08, 2026, 09:17:41 PM »
New vulnerabilities are discovered in Apache 2.4.66 and older versions.

Update Apache to 2.4.67 or disable the affected modules:
https://httpd.apache.org/security/vulnerabilities_24.html

4
Updates / Roundcube vulnerability
« on: June 19, 2025, 10:39:18 AM »
A new security vulnerability was found in Roundcube:
https://nvd.nist.gov/vuln/detail/CVE-2025-49113

The effected versions:
all versions before 1.5.10
all 1.6.x versions before 1.6.11

The most recent versions of Roundcube include the patch:
https://roundcube.net/news/2025/06/01/security-updates-1.6.11-and-1.5.10

CWP uses Roundcube 1.4.x therefore it is highly recommended to update Roundcube

Instructions how to update Roundcube to 1.5.11:

Code: [Select]
cd /usr/local/cwpsrv/var/services
cp -R roundcube roundcube_backup
wget https://github.com/roundcube/roundcubemail/releases/download/1.5.11/roundcubemail-1.5.11-complete.tar.gz
tar -xvzf roundcubemail-1.5.11-complete.tar.gz
cd roundcubemail-1.5.11
bin/installto.sh /usr/local/cwpsrv/var/services/roundcube
cd ..
chown -R cwpsvc:cwpsvc roundcube
rm -rf roundcubemail-1.5.11*

Please note you do it on your own risk.

5
Functions / Question about hooks
« on: March 19, 2021, 05:18:50 PM »
Hi guys,

Is there some possibility to run the hooks before the account or domain name is created/added ?

I want to create a module/plugin (not sure how you call it here :) ) to block account creation and domain name/subdomain adding in case the username or domain name/subdomain is listed in some list managed by the server administrator so the users won't be able to add the domain names like "gmail.com", "hotmail.com", etc as the main domain names or addons of their accounts .

Thanks.

Pages: [1]