Greetings from me, I’m very happy to see this lovely project now, continued from the abandoned vestacp.
I have used vestacp for more than 1 year with good performance but fewer options.
I see hestiacp with a lot of new features like multi PHP, two-factor authentication,better interface, new updates and a lot of new features I don’t know yet.
But the last version of vestacp , had some vulnerabilities so my question is: Does HestiaCP fixed those vulns ?
Vulnerabilities:
https : // www. vulnerability - lab. com / get_content.php?id=2238 (as new user I cant post more than 2 links)
Since we forked Vestacp in late 2018 we have implemented a large number of security fixes and improvements. This is the reason some of the security exploits discovered recently in Vestacp did not affect us.
The list of changes would be too large to post here but you can check the changelog on github if you are curious.
This being said, Hesiacp is not bulletproff and general security best practises must be followed as always. Still we are commited to take any security reports very seriously and fix them in a timely manner.