Log4J Bulletin: Passenger not affected TL:DR; Passenger is not affected. Passenger has no components written in Java and thus does not use log4j. As such, it is not affected by the log4j vulnerabilities (CVE-2021-45046 & CVE-2021-44228, or any subsequentl
Passenger 5.3.2: various security fixes Passenger 5.3.2 released, fixing a file system access race condition as well as various SpawningKit exploits. We urge you to upgrade your version immediately.
Security advisory [CVE-2017-16355]: arbitrary file read vulnerability The cPanel Security Team discovered a vulnerability in Passenger that allows users to list the contents of arbitrary files on the system. CVE-2017-16355 has been assigned to this issue. Affected use-cases Arbitrary file
Web applications on Phusion Passenger are not vulnerable to HTTPoxy A short time ago an old security issue was revealed to still be present in many modern application servers. The issue is now known as HTTPoxy, and no fewer than 6 CVE's were issued to document the vulnerabilities in var
Security advisory: CVE-2015-7519 header overwriting (medium severity) It was discovered by the SUSE security team that it was possible, in some cases, for clients to overwrite headers set by the server, resulting in a medium level security issue. CVE-2015-7519 has been assigned to this iss