Security updates to the Jessie apache2 package have been happening, as
patches are backported, and they are in Rasbian, see
https://anonscm.debian.org/cgit/pkg-apache/apache2.git/log/?id=refs/heads/jessie
for the list of changes, many of which have CVEs.
But yeah, Nginx vs Apache2, doesn't matter
On Mon, Feb 6, 2017 at 6:51 PM, Adam Holt wrote:
> Did Raspbian or we/others make this choice of Apache 2.4.10 out of
> curiosity?
>
> Is Apache 2.4.10 safe in general, despite being more than 2.5 years old?
>
> (Compared to Apache 2.4.25 released Dec 2016 etc...)
>
Tim has made a strong case fo
