---

Last modified: June 1, 2023

EasyApache 4 does not use versioning and organizes changes by date only.

Each entry contains the following information:

1. The package that we changed.
2. The case number for the change.
3. A description of the change.

For more information about our GitHub repository, read our The EasyApache 4 Git Repository and Build Updates documentation.

2023-5-31

---

ea-cpanel-tools

• ZC-10931: Updated for ea-libc-client.
• ZC-10474: Add ea-nginx-echo to additional_packages.

ea-brotli

• ZC-10933: Correct brotli dependency.

libcurl

• EA-11448: Update libcurl from 8.1.1 to 8.1.2 (with fixes for CVE-2023-28322, CVE-2023-28321, CVE-2023-28320, and CVE-2023-28319.)
• EA-11432: Update libcurl from 8.0.1 to 8.1.1.

ea-php74

• ZC-10931: Link with libc-client statically.

ea-php80

• ZC-10931: Link with libc-client statically.

ea-php81

• ZC-10931: Link with libc-client statically.

ea-php82

• ZC-10931: Link with libc-client statically.

ea-libc-client

• ZC-10931: Initial Build.

ea-nginx

• EA-11442: Update ea-nginx from 1.24.0 to 1.25.0.

ea-openssl11

• EA-11449: Update ea-openssl11 from 1.1.1t to 1.1.1u (with fix for CVE-2023-2650.)

2023-5-24

---

ea-libxml2

• EA-11431: Update ea-libxml2 from 2.11.3 to 2.11.4.

ea-ruby27-libuv

• EA-11427: Update ea-ruby27-libuv from 1.44.2 to 1.45.0.

ea-tomcat85

• EA-11428: Update ea-tomcat85 from 8.5.88 to 8.5.89.

ea-apache24-mod-qos

• EA-11430: Update ea-apache24-mod-qos from 11.73 to 11.74.

scl-sourceguardian

• EA-11429: Update scl-sourceguardian from 14.0.2 to 14.0.3.

2023-5-17

---

ea-nghttp2

• EA-11412: Update ea-nghttp2 from 1.52.0 to 1.53.0.

ea-php81

• EA-11415: Update ea-php81 from 8.1.18 to 8.1.19.

ea-php81-meta

• EA-11415: Update ea-php81 from 8.1.18 to 8.1.19.

ea-php82

• EA-11413: Update ea-php82 from 8.2.5 to 8.2.6.

ea-php82-meta

• EA-11413: Update ea-php82 from 8.2.5 to 8.2.6.

ea-libxml2

• EA-11414: Update ea-libxml2 from 2.11.2 to 2.11.3.

2023-5-10

---

ea-nginx

• EA-11397: Ensure deb package moves /var/log/nginx to /var/log/nginx.uninstall upon removal.

ea-libxml2

EA-11401: Update ea-libxml2 from 2.11.1 to 2.11.2.

2023-5-3

---

ea-nginx

• EA-11132: Ensure /var/log/nginx.uninstall does not exist before moving active log files there.
• EA-11131: Ensure userdata reflects apache port changes when ea-nginx is removed.

ea-libxml2

• EA-11388: Update ea-libxml2 from 2.10.4 to 2.11.1. This update contains security releases, but no CVEs are assigned.

ea-php80-php-memcached

• EA-11384: Update ea-php80-php-memcached from 3.1.5 to 3.2.0.

ea-php81-php-memcached

• EA-11385: Update ea-php81-php-memcached from 3.1.5 to 3.2.0.

ea-php82-php-memcached

• ZC-10561: Create ea-php82-php-memcached.

ea-cpanel-tools

• ZC-10561: Add ea-php82-php-memcached.

2023-4-26

---

ea4-experimental

• ZC-10895: make From repo have OS info akin to APT-Sources.

apr

• EA-11357: Update apr from 1.7.3 to 1.7.4.

ea-apache2

• EA-11296: Fix posttrans scriptlet failures on RHEL8+.

ea-apache24-mod-passenger

• EA-11368: Change PassengerInstanceRegistryDir to /opt/cpanel/ea-passenger/run/passenger-instreg.

ea-ruby27-rubygem-rack

• EA-11374: Update ea-ruby27-rubygem-rack from 2.2.6 to 2.2.7.

ea-tomcat85

• EA-11369: Update ea-tomcat85 from 8.5.87 to 8.5.88.

2023-4-19

---

ea-modsec30

• EA-11353: Update ea-modsec30 from 3.0.8 to 3.0.9.

ea-cpanel-tools

• ZC-10899: Add ea-nginx-echo to additional_packages.

ea-libxml2

• EA-11352: Update ea-libxml2 from 2.10.3 to 2.10.4 (with fixes for CVE-2023-29469 and CVE-2023-28484.)

ea-nginx

• EA-11350: ea-nginx: ea4-tool-post-update update include-binaries to new tarball.
• EA-11350: Update ea-nginx from 1.23.4 to 1.24.0.

ea-php81

• EA-11356: Update ea-php81 from 8.1.17 to 8.1.18.

ea-php81-meta

• EA-11356: Update ea-php81 from 8.1.17 to 8.1.18.

ea-php82

• EA-11355: Update ea-php82 from 8.2.4 to 8.2.5.

ea-php82-meta

• EA-11355: Update ea-php82 from 8.2.4 to 8.2.5.

ea-nginx-njs

• EA-11351: Update ea-nginx-njs from 0.7.11 to 0.7.12.

ea-nginx-echo

• ZC-10483: Create ea-nginx-echo module.

2023-4-12

---

ea-apache2

• EA-11337: Update ea-apache2 from 2.4.56 to 2.4.57.

ea-nginx

• EA-11324: Wrap docroot in quotes so that docroots that contain semicolons do not break the config.

ea-profiles-cpanel

• EA-11338: Don’t ship ruby profiles at all on c9+.

2023-4-5

---

Ruby 2.7

• EA-11327: Update ea-ruby27 from 2.7.7 to 2.7.8 (with fixes for CVE-2023-28755 and CVE-2023-28756.)
  • ea-ruby27
  • ea-ruby27-meta
  • ea-ruby27-rubygem-mizuho
  • ea-ruby27-rubygem-nokogiri
  • ea-ruby27-rubygem-rack
  • ea-ruby27-rubygem-sqlite3

apr

• EA-11326: Update apr from 1.7.2 to 1.7.3.

ea-nginx

• EA-11323: Update ea-nginx from 1.23.3 to 1.23.4.

ea-nodejs16

• EA-11328: Update ea-nodejs16 from 16.19.1 to 16.20.0.

2023-3-29

---

scl-sourceguardian

• EA-11314: Update scl-sourceguardian from 14.0.1 to 14.0.2.

libcurl

• EA-11303: Update libcurl from 7.88.1 to 8.0.1 (with fixes for CVE-2023-27538, CVE-2023-27537, CVE-2023-27536, CVE-2023-27535, and CVE-2023-27534.)

ea-nginx

• EA-11298: Do not log microseconds to bytes log.

ea-apache2-config

• EA-11222: Remove ancient MSIE SSL keepalive hack.

2023-3-23

---

ea-cpanel-tools

• EA-10893: Fix ea_install_profile to return non-zero exit code upon failure.

ea-nginx-njs

• EA-11297: Update ea-nginx-njs from 0.7.10 to 0.7.11.

ea-php81

• EA-11300: Update ea-php81 from 8.1.16 to 8.1.17.

ea-php81-meta

• EA-11300: Update ea-php81 from 8.1.16 to 8.1.17.

ea-php82

• EA-11301: Update ea-php82 from 8.2.3 to 8.2.4.

ea-php82-meta

• EA-11301: Update ea-php82 from 8.2.3 to 8.2.4.

mod_suphp

• ZC-10531: Restore “Scan this dir for additional .ini files” for A9.

scl-php-pear

• EA-11253: Ensure zzzzzzz-pecl.ini is marked as a config file on debian-based systems.

2023-3-8

---

ea-nginx

• EA-11269: Reduce frequency of nginx restarts during cpanellogd’s domain log processing when piped logging is enabled.

ea-cpanel-tools

• EA-11271: Let ea_current_to_profile ignore OpenSSL devel packages under --target-os.

ea-tomcat85

• EA-11283: Update ea-tomcat85 from 8.5.86 to 8.5.87.

ea-apache24

• EA-11284: Update ea-apache24 from 2.4.55 to 2.4.56 (with fixes for CVE-2023-27522 and CVE-2023-25690.)

2023-3-1

---

ea-tomcat85

• EA-11270: Update ea-tomcat85 from 8.5.85 to 8.5.86.

scl-php-pear

• EA-11201: Update PEAR and its dependencies (with fixes for CVE-2020-28948, CVE-2020-28949, CVE-2020-36193, and CVE-2021-32610.)
  • Update PEAR from 1.10.12 to 1.10.13.
  • Update Archive_Tar from 1.4.9 to 1.4.14.

2023-2-22

---

ea-nodejs16

• EA-11255: Update ea-nodejs16 from 16.19.0 to v16.19.1 (with fixes for CVE-2023-23918, CVE-2023-23919, CVE-2023-23920, CVE-2023-23936, and CVE-2023-24807.)

libcurl

• EA-11256: Update libcurl from 7.88.0 to 7.88.1.

scl-sourceguardian

• EA-11257: Update scl-sourceguardian from 14.0.0 to 14.0.1.

2023-2-16

---

ea-nghttp2

• EA-11239: Update ea-nghttp2 from 1.51.0 to 1.52.0.

ea-nginx

• ZC-10615: Remove cleaning pipelog artifacts from init.d and chksrvd files.
• EA-11189: Exclude invalid certificate files from the Nginx config.

ea-nginx-njs

• EA-11224: Update ea-nginx-njs from 0.7.9 to 0.7.10.

ea-php80

• EA-11227: Update ea-php80 from 8.0.27 to 8.0.28 (with fixes for CVE-2023-0567, CVE-2023-0568, and CVE-2023-0662.)

ea-php80-meta

• EA-11227: Update ea-php80 from 8.0.27 to 8.0.28 (with fixes for CVE-2023-0567, CVE-2023-0568, and CVE-2023-0662.)

ea-php81

• EA-11244: Update ea-php81 from 8.1.15 to 8.1.16 (with fixes for CVE-2023-0567, CVE-2023-0568, and CVE-2023-0662.)

ea-php81-meta

• EA-11244: Update ea-php81 from 8.1.15 to 8.1.16 (with fixes for CVE-2023-0567, CVE-2023-0568, and CVE-2023-0662.)

ea-php82

• EA-11226: Update ea-php82 from 8.2.2 to 8.2.3 (with fixes for CVE-2023-0567, CVE-2023-0568, and CVE-2023-0662.)

ea-php82-meta

• EA-11226: Update ea-php82 from 8.2.2 to 8.2.3 (with fixes for CVE-2023-0567, CVE-2023-0568, and CVE-2023-0662.)

ea-podman

• ZC-10667: Change perms for nuewuidmap for Rocky 9.

libcurl

• EA-11241: Update libcurl from 7.87.0 to 7.88.0 (with fixes for CVE-2023-23916, CVE-2023-23915, and CVE-2023-23914.)

mod_security2

• EA-11134: Update mod_security2 from 2.9.6 to 2.9.7 (with fix for CVE-2023-24021.)

2023-2-9

---

libcurl

• EA-11221: Bump minimum required nghttp2 version to 1.51.0-2.

apr

• EA-11198: Update apr from 1.7.0 to 1.7.2 (with fixes for CVE-2022-24963 and CVE-2021-35940.)

apr-util

• EA-11199: Update apr-util from 1.6.1 to 1.6.3 (with fix for CVE-2022-25147.)

ea-openssl11

• EA-11213: Update ea-openssl11 from 1.1.1s to 1.1.1t (with fixes for CVE-2023-0286, CVE-2022-4304, CVE-2023-0215, and CVE-2022-4450.)

ea-libxml2

• EA-11205: Update ea-libxml2 from 2.9.7 to 2.10.3 (with fixes for CVE-2022-23308, CVE-2022-29824, CVE-2022-2309, CVE-2022-40304, and CVE-2022-40303.)

ea-php81

• EA-11208: Update ea-php81 from 8.1.14 to 8.1.15.

ea-php81-meta

• EA-11208: Update ea-php81 from 8.1.14 to 8.1.15.

ea-php82

• EA-11212: Fix PKG_CONFIG_PATH.
• EA-11200: Update ea-php82 from 8.2.1 to 8.2.2.

ea-php82-meta

• EA-11200: Update ea-php82 from 8.2.1 to 8.2.2.

ea-nghttp2

• EA-11210: Update ea-nghttp2 from 1.49.0 to 1.51.0.
• EA-11221: Have ea-nghttp2 require ea-libnghttp2.

2023-2-1

---

ea-apache2-config

• EA-11169: Ensure apache restart during glibc updates on Ubuntu.

ea-apache24-mod-passenger

• EA-11187: ea-passenger-src was updated from 6.0.16 to 6.0.17.

ea-passenger-src

• EA-11187: Update ea-passenger-src from 6.0.16 to 6.0.17.

ea-php74

• EA-11075: Correct default value description for log_errors in php.ini file.

ea-php80

• EA-11075: Correct default value description for log_errors in php.ini file.

ea-php81

• EA-11075: Correct default value description for log_errors in php.ini file.

ea-php82

• EA-11075: Correct default value description for log_errors in php.ini file.

ea-ruby27-passenger

• EA-11188: Update ea-ruby27-passenger from 6.0.16 to 6.0.17.

2023-1-25

---

ea-apache2-config

• EA-11159: Provide touchfile to disable apache restart for glibc update.

ea-tomcat85

• EA-11177: Update ea-tomcat85 from 8.5.84 to 8.5.85.

scl-sourceguardian

• EA-11168: Update scl-sourceguardian from 13.0.3 to 14.0.0.

2023-1-19

---

ea-apache24

• EA-11157: Update ea-apache2 from 2.4.54 to 2.4.55.
• EA-11167: Patch to fix sporadic 500 errors with 2.4.55 (with fixes for CVE-2022-37436, CVE-2022-36760, and CVE-2006-20001.)

2023-1-18

---

ea-cpanel-tools

• ZC-10586: Update manifest for new C7 PHP 8.2 packages.

ea-nginx

• EA-11156: Avoid reloads while config subcommand is executing.

ea-profiles-cpanel

• ZC-10584: Drop special C7 allphp profiles since PHP 8.2 is available on C7.

ea-ruby27-rubygem-rack

• EA-11158: Update ea-ruby27-rubygem-rack from 2.2.5 to 2.2.6.

ea-php82

• ZC-10585: Build for CentOS7.

ea-php82-meta

• ZC-10585: Build for CentOS7.

2023-1-11

---

ea-cpanel-tools

• ZC-10581: Update EA4 recommendations.
• ZC-10447: Make PHP 8.1 the default PHP.
• ZC-10447: Update manifest for A9 and PHP 8.2.

ea-nginx

• EA-10890: Refactor _render_and_append() to use more data from global config data.
• EA-11121: Add ipv6 subdomain to server_name directive when account has an ipv6 address assigned.
• EA-11088: Account for mail subdomains of addon and parked domains when configuring the server_name directive.
• ZC-10593: Merge last upstream bit into ea-nginx.
• ZC-10517: Address Ubuntu creating additional splitlog processes.
• ZC-10484: Remove SIGKILL from various nginx files.
• ZC-10317: Update ngx_http_pipelog_module to version 1.0.3.

ea-php80

• EA-11137: Update ea-php80 from 8.0.26 to 8.0.27 (with fix for CVE-2022-31631.)

ea-php80-meta

• EA-11137: Update ea-php80 from 8.0.26 to 8.0.27 (with fix for CVE-2022-31631.)

ea-php81

• EA-11133: Update ea-php81 from 8.1.13 to 8.1.14 (with fix for CVE-2022-31631.)

ea-php81-meta

• EA-11133: Update ea-php81 from 8.1.13 to 8.1.14 (with fix for CVE-2022-31631.)

ea-php82

• EA-11136: Update ea-php82 from 8.2.0 to 8.2.1 (with fix for CVE-2022-31631.)

ea-php82-meta

• EA-11136: Update ea-php82 from 8.2.0 to 8.2.1 (with fix for CVE-2022-31631.)

ea-profiles-cpanel

• ZC-10447: Update profiles for PHP 7.4 being EOL and PHP 8.2 being available.

ea-ruby27-rubygem-rack

• EA-11119: Update ea-ruby27-rubygem-rack from 2.2.4 to 2.2.5.

ea-apache24-mod-qos

• EA-11147: Update ea-apache24-mod-qos from 11.72 to 11.73.

2023-1-4

---

ea-passenger-src

• EA-11116: Update ea-passenger-src from 6.0.15 to 6.0.16.

ea-apache24-mod-passenger

• EA-11116: Update ea-passenger-src from 6.0.15 to 6.0.16.

ea-ruby27-passenger

• EA-11117: Update ea-ruby27-passenger from 6.0.15 to 6.0.16.

ea-redis62

• EA-11106: Update ea-redis62 from 6.2.7 to 6.2.8.

ea-libcurl

• EA-11118: Update libcurl from 7.86.0 to 7.87.0 (with fixes for CVE-2022-43551 and CVE-2022-43552.)

scl-ioncube12

• EA-11120: Update scl-ioncube12 from 12.0.4 to 12.0.5.

ea-nginx

• EA-11087: Guard against bad userdata where a domain is considered an addon domain and subdomain.