Apache httpd 2.4.65 with brotli support, TLS 1.3, OpenSSL 3.5.1 with http2, mod_http2 2.0.33 and ALPN for Red Hat Enterprise Linux, CentOS 7, Alma Linux, Rocky Linux 8/9/10 fixing CVE-2025-54090

Apache httpd 2.4.65 added to the repository.

Changes: 

  *) SECURITY: CVE-2025-54090: Apache HTTP Server: 'RewriteCond expr'
     always evaluates to true in 2.4.64 (cve.mitre.org)
     A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond
     expr ..." tests evaluating as "true".
     Users are recommended to upgrade to version 2.4.65, which fixes
     the issue.

Leave a Reply

Your email address will not be published. Required fields are marked *