Apache httpd 2.4.61 with brotli support, TLS 1.3, OpenSSL 3.0.14 with http2, mod_http2 2.0.27 and ALPN for Red Hat Enterprise Linux, CentOS 7/8/9, Alma Linux, Rocky Linux 8/9

Apache httpd 2.4.61-1 with brotli compression library from Google, TLS 1.3, http2 (HTTP/2) support for Red Hat Enterprise Linux and CentOS (including CentOS 7), Alma Linux, Rocky Linux 8/9 added to repository. mod_http2 2.0.27 and mod_ssl are built dynamically against OpenSSL 3.0.14.

Important security fixes: CVE-2024-39884: Apache HTTP Server: source code disclosure with handlers configured via AddType.

We build OpenSSL+QUIC separately since v2.4.56-2, installing it separately to /lib64 with .so.81.3 suffix to ensure it won’t interfere with your system libraries. You can safely delete openssl111* packages. On EL8 and EL9 please enable httpd module:

dnf module enable httpd:codeit

Since 2.4.33 we added brotli compression library. Since 2.4.35 release we start building Apache httpd against OpenSSL 1.1.1*. Since 2.4.37 release TLS 1.3 final version (not to be confused with any draft versions) is supported and enabled by default. Please note that TLS 1.3 final version is supported in Chrome 70+ and Mozilla Firefox 63+. brotli support is already included in base RPM file. All you need is to add filters like

AddOutputFilterByType BROTLI_COMPRESS text/html text/plain text/xml text/css text/javascript application/javascript

Apache httpd 2.4.60 with brotli support, TLS 1.3, OpenSSL 3.0.14 with http2, mod_http2 2.0.27 and ALPN for Red Hat Enterprise Linux, CentOS, Alma Linux, Rocky Linux 8/9

Apache httpd 2.4.60-1 with brotli compression library from Google, TLS 1.3, http2 (HTTP/2) support for Red Hat Enterprise Linux and CentOS, Alma Linux, Rocky Linux 8/9 added to repository. mod_http2 2.0.27 and mod_ssl are built dynamically against OpenSSL 3.0.14.

Important security fixes: CVE-2024-39573, CVE-2024-38477, CVE-2024-38476, CVE-2024-38475, CVE-2024-38474, CVE-2024-38473, CVE-2024-38472, CVE-2024-36387.

We build OpenSSL+QUIC separately since v2.4.56-2, installing it separately to /lib64 with .so.81.3 suffix to ensure it won’t interfere with your system libraries. You can safely delete openssl111* packages. On EL8 and EL9 please enable httpd module:

dnf module enable httpd:codeit

Since 2.4.33 we added brotli compression library. Since 2.4.35 release we start building Apache httpd against OpenSSL 1.1.1*. Since 2.4.37 release TLS 1.3 final version (not to be confused with any draft versions) is supported and enabled by default. Please note that TLS 1.3 final version is supported in Chrome 70+ and Mozilla Firefox 63+. brotli support is already included in base RPM file. All you need is to add filters like

AddOutputFilterByType BROTLI_COMPRESS text/html text/plain text/xml text/css text/javascript application/javascript

NGINX 1.27.0 Mainline with Brotli, TLS 1.3, OpenSSL 3.0.13, HTTP/2 and HTTP/3 for Red Hat Enterprise Linux, CentOS, Rocky, Oracle, Alma Linux EL7/EL8/EL9

1.27.0 Mainline with HTTP/3 support added to EL7, EL8, EL9 repositories. brotli compression module from Google, http2, ngx cache purge and ngx http geoip2 modules added or built-in. OpenSSL built dynamically using OpenSSL+QUIC 3.0.13.

NGINX 1.26.1 Stable with Brotli, TLS 1.3, OpenSSL 3.0.13, HTTP/2 and HTTP/3 for Red Hat Enterprise Linux, CentOS, Rocky, Oracle, Alma Linux EL7/EL8/EL9

1.26.1 Stable with HTTP/3 support added to EL7, EL8, EL9 repositories. brotli compression module from Google, http2, ngx cache purge and ngx http geoip2 modules added or built-in. OpenSSL built dynamically using OpenSSL+QUIC 3.0.13.

nghttp2 1.62.1 released

nghttp2 1.62.1 rpms released and added to EL7, EL8 and EL9 platforms.

At the same time please note that we already build nghttp2 for EL7 and EL8 since 1.61.0 with patches that allow c-ares 1.10 usage, as c-ares 1.16 is the minimum supported version.

nghttp2 requires C++-20 and is built with GCC 13 on EL8 and EL9.

UPD. EL7 platform is built with clang 15.

nghttp2 1.62.0 released

nghttp2 1.62.0 rpms released and added to EL8 and EL9 platforms.

EL7 platform is excluded as GCC 13 is minimum supported version.

At the same time please note that we already build nghttp2 for EL7 and EL8 since 1.61.0 with patches that allow c-ares 1.10 usage, as c-ares 1.16 is the minimum supported version.

nghttp2 requires C++-20 and is built with GCC 13 on EL8 and EL9.

NGINX 1.26.0 Stable with Brotli, TLS 1.3, OpenSSL 3.0.13, HTTP/2 and HTTP/3 for Red Hat Enterprise Linux, CentOS, Rocky, Oracle, Alma Linux EL7/EL8/EL9

1.26.0 Stable with HTTP/3 support added to EL7, EL8, EL9 repositories. brotli compression module from Google, http2, ngx cache purge and ngx http geoip2 modules added or built-in. OpenSSL built dynamically using OpenSSL+QUIC 3.0.13.

NGINX 1.25.5 Mainline with Brotli, TLS 1.3, OpenSSL 3.0.13, HTTP/2 and HTTP/3 for Red Hat Enterprise Linux, CentOS, Rocky, Oracle, Alma Linux EL7/EL8/EL9

NGINX 1.25.5 mainline with HTTP/3 support added to EL7, EL8, EL9 repositories. brotli compression module from Google, http2, ngx cache purge and ngx http geoip2 modules added or built-in. OpenSSL built dynamically using OpenSSL+QUIC 3.0.13.

Apache httpd 2.4.59 with brotli support, TLS 1.3, OpenSSL 3.0.13 with http2, mod_http2 2.0.27 and ALPN for Red Hat Enterprise Linux 7/8/9, CentOS 7, Alma Linux 8/9, Rocky Linux 8/9

Apache httpd 2.4.59-1 with brotli compression library from Google, TLS 1.3, http2 (HTTP/2) support for Red Hat Enterprise Linux and CentOS 7/8, Alma Linux 8/9, Rocky Linux 8/9 added to repository. mod_http2 2.0.13 and mod_ssl are built dynamically against OpenSSL 3.0.11.

Important fix: CVE-2024-27316

We build OpenSSL+QUIC 3.0.11 separately since v2.4.56-2, installing it separately to /lib64 with .so.81.3 suffix to ensure it won’t interfere with your system libraries. You can safely delete openssl111* packages. On EL8 and EL9 please enable httpd module:

dnf module enable httpd:codeit

Since 2.4.33 we added brotli compression library. Since 2.4.35 release we start building Apache httpd against OpenSSL 1.1.1*. Since 2.4.37 release TLS 1.3 final version (not to be confused with any draft versions) is supported and enabled by default. Please note that TLS 1.3 final version is supported in Chrome 70+ and Mozilla Firefox 63+. brotli support is already included in base RPM file. All you need is to add filters like

AddOutputFilterByType BROTLI_COMPRESS text/html text/plain text/xml text/css text/javascript application/javascript

nghttp2 1.61.0 released fixing CVE-2024-28182

nghttp2 1.61.0 rpms released and added to all platforms. UPD. EL7 and EL8 also updated with the added patch reverting migrate-to-ares_getaddrinfo changes. Fixes CVE-2024-28182 nghttpx: Shutdown h3 stream read with trailer as well by @tatsuhiro-t in #2087 Checkout with submodules by @jonaski in #2093 Respect BUILD_STATIC_LIBS and add option for tests by @jonaski in #2092 build(deps): bump golang.org/x/net from 0.21.0 to 0.22.0 by @dependabot in #2097 Workaround llvm issue on github ubuntu runner by @tatsuhiro-t in #2098 docker: Use copy –link by @tatsuhiro-t in #2099 Nghttpx header idle timeout by @tatsuhiro-t in #2100 nghttpx: Fix frontend-header-timeout does not work in config file by @tatsuhiro-t in #2101 Rewrite hexdump by @tatsuhiro-t in #2102 Switch to distroless/base-nossl by @tatsuhiro-t in #2103 Bump ngtcp2 by @tatsuhiro-t in #2105 nghttpx: Simplify quic connection close handling by @tatsuhiro-t in #2106 build(deps): bump github.com/quic-go/quic-go from 0.41.0 to 0.42.0 by @dependabot in #2107 autotools: Use tar-ustar automake option by @tatsuhiro-t in #2108 Automate release process by @tatsuhiro-t in #2109 autotools: Switch to tar-pax by @tatsuhiro-t in #2110 nghttpx: Drop a UDP datagram from well-known port by @tatsuhiro-t in #2111 nghttpx: Fix port byte order by @tatsuhiro-t in #2112 h2load: Allow host header to be overridden by @tatsuhiro-t in #2113 nghttpx: Rework QUIC stateless reset packet size by @tatsuhiro-t in #2114 nghttpx: More QUIC prohibited ports by @tatsuhiro-t in #2115 Add actions/stale by @tatsuhiro-t in #2116 nghttpx: Discard UDP datagram that is too short to be a valid QUIC packet by @tatsuhiro-t in #2117 nghttp: Support SSLKEYLOGFILE by @tatsuhiro-t in #2119 No rfc7540 priority fix by @tatsuhiro-t in #2120 Further reduce Stateless reset emission by @tatsuhiro-t in #2122 nghttpx: Rework Connection ID construction by @tatsuhiro-t in #2124 Nghttpx faster worker lookup by @tatsuhiro-t in #2125 nghttpx: Split thread into worker_process and thread by @tatsuhiro-t in #2126 bpf: Drop bad QUIC packet by @tatsuhiro-t in #2127 cmake: check SSL_provide_quic_data when ENABLE_HTTP3 is ON by @jimmy-park in #2128 nghttpx: Allocate 3 bits for QUIC configuration in Connection ID by @tatsuhiro-t in #2129 nghttpx: Migrate to ares_getaddrinfo by @tatsuhiro-t in #2132 Bump munit by @tatsuhiro-t in #2131 nghttpx: Fix error message by @tatsuhiro-t in #2133 nghttpd: Fix read stall by @tatsuhiro-t in #2134