I’m currently fiddling around with Lighttpd and noticed that my version is about two years old:
root@DietPi:/# lighttpd -version
lighttpd/1.4.69 (ssl) - a light and fast webserver
1.4.69 – February 10, 2023 by gstrauss
Version 1.4.79 was released on April 04, 2025. I was under the assumption that all installed packages are updated via apt, but:
root@DietPi:/# apt update
Hit:1 https://deb.debian.org/debian bookworm InRelease
Hit:2 https://deb.debian.org/debian bookworm-updates InRelease
Hit:3 https://deb.debian.org/debian-security bookworm-security InRelease
Hit:4 https://deb.debian.org/debian bookworm-backports InRelease
Hit:5 https://archive.raspberrypi.com/debian bookworm InRelease
Hit:6 https://dietpi.com/apt bookworm InRelease
Hit:7 https://dietpi.com/apt all InRelease
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
All packages are up to date.
root@DietPi:/#
Digging deeper, the debian package seems to be lagging behind: Package: lighttpd (1.4.69-1)
Could this be a security risk? Should I switch from Lighttpd to Nginx? What would I need to do to make this change smooth? I’m worried to break something, as everything works perfectly fine currently. (Never change a running system and stuff).
I’m currently running a Pi-Hole, Nextcloud and Mediawiki (with a basic, plain username-password login via Lighttpd, everything else is dietpi default)