Release date:
2026-05-15 15:28:32 UTC
Description:
- CVE-2023-6710: stored XSS in mod_cluster-manager HTML output via virtual host
and context names rendered without HTML escaping
- CVE-2024-10306: unauthorized MCMP requests due to directive being
ignored for protocol-handler filtering; runtime guard now refuses
siblings of EnableMCPMReceive, and the shipped conf.sample uses
Updated packages:
-
mod_proxy_cluster-1.3.18-1.el9.tuxcare.els1.x86_64.rpm
sha:9aac458b75534506a3e75acf4cc68de52d3ac448e5db412dc3ecba2be361f836
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
