Hestia 1.8.10 Security release

We’re happy to announce that Hestia Control Panel v1.8.10 is now available to download.

This release contains 2 security patches and multiple other bug fixes

  • Restrict PHP-FPM permissions to a new user to prevent permission escalation to admin or other users (CVE will follow)
  • Reduce Nginx keepalive_requests to 1000 (Nginx default) to limit risks of CVE-2023-44487

We strongly ask you to update Hestia to the latest version! (1.8.9)

We also suggest disabling the php functions by default for extra security if it is not done yet run the file that you can find in:

Best regards,

If you have already updated to 1.8.9 please run!