I'm trying to upgrade apache from 2.4.52 to 2.4.58 on a droplet with Digital Ocean running Ubuntu 22.04. My upgrade path is:
sudo apt update
And then:
sudo apt install apache
But I get a message thats says
apache2 is already the newest version (2.4.52-lubuntu4.7)
Your audit is flawed. It is not enough to only check for version numbers. Package maintainers of large distributions backport all security fixes to the versions that are actively maintained.
You can see the fixes that have been applied in the changelog of the package. As long you install security updates you will also receive security fixes, even when the original software has them fixed in a newer version.
Currently the latest version of the Ubuntu 22.04 Apache package is 2.4.52-1ubuntu4.7. Since you are already on that version, all known security issues are fixed. The most relevant version number in here is the last part, ubuntu4.7.
If you want to know if a security issue exists, get the CVE number of the issue and check it agains the changelog. They are usually fixed and provided as an updated package very fast.
I don't see that version available in the version history of the official Ubuntu package. https://changelogs.ubuntu.com/changelogs/pool/main/a/apache2/apache2_2.4.52-1ubuntu4.7/changelog
The highest version is 2.4.52
Simply you need to add apache repository by geven command.
sudo add-apt-repository ppa:ondrej/apache2
sudo apt-get update
sudo apt-get upgrade apache2
The latest updates (security or otherwise) for 2.4 is always going to be from apache.org: https://httpd.apache.org/security/vulnerabilities_24.html
You can wait for the Ubuntu updates, but they are going to be slower (and always behind) to update/address issues (because they have their own release cycle), than the Apache team.
