CVEs, backported fixes or not?

Hi there, we are getting our internal infrastructure scanned regularly by Rapid7 and the VM with FreePBX distro installed gets a lot of high risk issues.


Of course it’s in the internal network, but still this should be better?

So I read that there might be fixes back ported, is there an official page indicating this?
Or could I somehow manually upgrade some packages to have versions not vulnerable?

Thanks :slight_smile:

See:

for a discussion on the policy on this.

1 Like