ngtcp2 1.14.0, nghttp3 1.11.0 rpms released and added to all supported platforms.
All the libraries stack built with OpenSSL 3.5.0, including ngtcp2 (quic client name changed from qtlsclient to osslclient).
Месяц: Июль 2025
Apache httpd 2.4.65 with brotli support, TLS 1.3, OpenSSL 3.5.1 with http2, mod_http2 2.0.33 and ALPN for Red Hat Enterprise Linux, CentOS 7, Alma Linux, Rocky Linux 8/9/10 fixing CVE-2025-54090
Apache httpd 2.4.65 added to the repository.
Changes:
*) SECURITY: CVE-2025-54090: Apache HTTP Server: 'RewriteCond expr'
always evaluates to true in 2.4.64 (cve.mitre.org)
A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond
expr ..." tests evaluating as "true".
Users are recommended to upgrade to version 2.4.65, which fixes
the issue.mod_http2 v2.0.33 rpms released
mod_http2 v2.0.33 rpms released
Apache httpd 2.4.64 with brotli support, TLS 1.3, OpenSSL 3.5.1 with http2, mod_http2 2.0.32 and ALPN for Red Hat Enterprise Linux, CentOS 7, Alma Linux, Rocky Linux 8/9/10
Apache httpd 2.4.64 added to the repository.
OpenSSL 3.5.1 rpms released for EL7/EL8/EL9/EL10
openssl 3.5.1 rpms released and added to all supported platforms (Alma Linux, Rocky Linux, RedHat Enterprise Linux RHEL, Oracle Linux).
Fix x509 application adds trusted use instead of rejected use (CVE-2025-4575)
OpenSSL 3.5.1 is a release featuring QUIC server support.
We continue to build libs with quic support as a separate non-conflicting package openssl-quic-libs, files have separate .so.81.3 suffix to avoid conflicts with the official .so.3.