There have been a number of recent Apache vulnerabilities and the chart below can be used to understand which vulnerabilities may impact you and what to upgrade to. Note that Validation Authority only uses Apache web server, not Apache Struts or other Apache components. We also ship a reduced set of modules, as can be confirmed by looking in the modules directory of the Apache install, meaning that some CVEs do not apply to us at all due to lacking the required module. We do not enable HTTP/2, which also mitigates several CVEs.
