Sorry for cross posting between here and the GPL forums, but we own a professional license and I need an answer and it looks like you are swamped over there with GPL users' questions.
Andre is on our web team and I asked him to post this for us. He's taking a short break to get away from Rio and head for the country while Carnival madness rages on Brazil, so, I'm dropping in here hoping to inspire an answer.
As mentioned in the other post, we are working toward PCI compliance and one last vulnerability appears to be cross domain scripting attacks which can only be cured with an upgrade to Apache 2.2.14 (the last Apache upgrade pushed via VirtualMin was 2.2.3)
Our server is with ServePath in San Francisco. We asked support at the data center if they would upgrade Apache on our box for us. They replied that they could, but since 2.2.14 does not appear in the available repos at VirtualMin, they speculated that possibly, after upgrading Apache to 2.2.14, that VirtualMin will no longer function properly, and that it would be wise for use to ask you first.
As Andre says: we don't want to lose our beloved control panel functionality!