Apache httpd 2.4.55-1 with brotli compression library from Google, TLS 1.3 Final (RFC 8446), http2 (HTTP/2) support for Red Hat Enterprise Linux and CentOS 7/8, Alma Linux 8, Rocky Linux 8 added to repository. mod_http2 2.0.2 is built dynamically against OpenSSL 1.1.1s.
- CVE-2022-37436: Apache HTTP Server: mod_proxy prior to 2.4.55 allows a backend to trigger HTTP response splitting
- CVE-2022-36760: Apache HTTP Server: mod_proxy_ajp Possible request smuggling
- CVE-2006-20001: mod_dav out of bounds read, or write of zero byte
We build OpenSSL+QUIC 1.1.1 separately since v2.4.53-2, installing it separately to /lib64 with .so.81.1.1 suffix to ensure it won’t interfere with your system libraries. You can safely delete openssl111* packages.
On EL8 and EL9 please enable httpd module:
dnf module enable httpd:codeit