Apache Friends Support Forum

[juliuss]

Hi,

Is it possible to upgrade Apache within the Xampp installation separately? The last update of Xampp (8.2.4) was in April and there are some vulnerabilities that we want to patch with an update.

If not, is there a way to determine when updates will be forthcoming?

Thanks for any help!

[Nobbie]

Is it possible to upgrade Apache within the Xampp installation separately?

No.

If not, is there a way to determine when updates will be forthcoming?

No.

I wonder why "vulnerabilities" are so important?! Xampp is explicitely NOT meant for public servers (and its not supported), it is meant for local educational use only.

[juliuss]

Thanks for the quick reply; that's good to know. Appreciate the help.

[juliuss]

I had a quick look here:
https://www.apachefriends.org/about.html

and I didn't see anything about it being:

explicitely NOT meant for public servers

It wasn't obvious to me that it isn't explicitly meant for public servers. I searched for public and production, but didn't see anything in this context. It would be great to have something in bold that mentioned this.

[Nobbie]

There is a readme file in your Xampp folder, which includes this important note:

A matter of security (A MUST READ!)

As mentioned before, XAMPP is not meant for production use but only for developers in a development environment. The way XAMPP is configured is to be open as possible and allowing the developer anything he/she wants. For development environments this is great but in a production environment it could be fatal. Here a list of missing security
in XAMPP:

- The MySQL administrator (root) has no password.
- The MySQL daemon is accessible via network.
- phpMyAdmin is accessible via network.
- Examples are accessible via network.