Knock, Knock Synology! It’s been more than one year without any update to the Apache HTTP Server 2.4 package. The current Synology package version 2.4.29 has huge holes in security. You can take a look at the Apache 2.4 changelog page (the latest version is 2.4.39) where you can see a lot of security improvements since version 2.4.29. It is unacceptable that, after updating the Webstation, phpMyAdmin 4.8.4 and PHP 7.2.13 in January 2019, Synology did not bother to make an important update to APACHE 2.4.29 bringing it to version 2.4.39.
I understand it’s the start of the Chinese New Year and all the celebrations going on, but was it so difficult to update Apache 2.4? The current version is full of bugs and security issues and there is no excuse for it. The update should have been done concurrently with the webstation, phpMyadmin and php 7.2.13 packages.
Synology, please tell me that it was an oversight and that this problem will be solved soon. According to your Page the latest Apache HTTP Server version is 2.4.29.
I am very worried about this lack of responsibility; sincerely, I expect the best from Synology because Synology must become an internationally recognized quality label and this behavior does not honor them. I hope that in the next days, at the end of the holidays and the Chinese New Year celebrations, Synology will release an update to the Apache HTTP Server.
After more then one month, Synology don’t update the package. Below a full conversation with Synology technical support “Ticket”.
After some time, after my numerous tickets, Synology has released the new DSM 6.2.2 on 28.03.2019. The new DSM 6.2.2 includes the latest APACHE version 2.4.39. Respect Synology!