There's a security update of Apache available for all supported CentOS versions. They should be showing up in your available updates in the Virtualmin UI over the next couple of hours, or you can force a refresh of available packages.
This update patches the recently discussed httpoxy security bug, wherein any application running in a CGI environment could be tricked into using an attackers proxy for requests, which would be used for a variety of malicious behavior. There are mitigations without having to patch, but there's no reason not to run the latest package; and, it's easy to make mistakes in implementing the mitigation steps.
In short: Everyone should update.
As always, file a ticket, if there are problems with these packages. I have only tested on CentOS 7, as I don't have fast Internet at the moment and so can't pull down test images for CentOS 5 or 6. But, because it is a security issue, I wanted to get it out as quickly as possible. But, if you have problems upgrading, file a ticket, and I'll get it sorted.