---

Last modified: July 22, 2024

EasyApache 4 does not use versioning and organizes changes by date only.

Each entry contains the following information:

1. The package that we changed.
2. The case number for the change.
3. A description of the change.

For more information about our GitHub repository, read our The EasyApache 4 Git Repository and Build Updates documentation.

2024-7-22

---

ea-apache24

• EA-12288: Update ea-apache2 from v2.4.61 to v2.4.62
  • Important: Apache HTTP Server: source code disclosure with handlers configured via AddType (CVE-2024-40725)

2024-7-17

---

ea-libcurl

• EA-12212: Update libcurl from v8.7.1 to v8.8.0

ea-php82

ea-php82-meta

• EA-12275: Update ea-php82 from v8.2.20 to v8.2.21

ea-php83

ea-php83-meta

• EA-12276: Update ea-php83 from v8.3.8 to v8.3.9

ea-podman

• ZC-11748: Require systemd-container to allow management via WHM terminal

2024-7-10

---

ea-nodejs18

• EA-12274: Update ea-nodejs18 from v18.20.3 to v18.20.4
  • CVE-2024-36138 – Bypass incomplete fix of CVE-2024-27980 (High)
  • CVE-2024-22020 – Bypass network import restriction via data URL (Medium)

ea-nodejs20

• EA-12264: Update ea-nodejs20 from v20.15.0 to v20.15.1
  • CVE-2024-36138 – Bypass incomplete fix of CVE-2024-27980 (High)
  • CVE-2024-22020 – Bypass network import restriction via data URL (Medium)
  • CVE-2024-22018 – fs.lstat bypasses permission model (Low)
  • CVE-2024-36137 – fs.fchown/fchmod bypasses permission model (Low)
  • CVE-2024-37372 – Permission model improperly processes UNC paths (Low)

ea-nodejs22

• EA-12265: Update ea-nodejs22 from v22.3.0 to v22.4.1
  • CVE-2024-36138 – Bypass incomplete fix of CVE-2024-27980 (High)
  • CVE-2024-22020 – Bypass network import restriction via data URL (Medium)
  • CVE-2024-22018 – fs.lstat bypasses permission model (Low)
  • CVE-2024-36137 – fs.fchown/fchmod bypasses permission model (Low)
  • CVE-2024-37372 – Permission model improperly processes UNC paths (Low)

ea-apache24

• EA-12261: Update ea-apache2 from v2.4.59 to v2.4.61
  • important: Apache HTTP Server: source code disclosure with handlers configured via AddType (CVE-2024-39884)
  • low: Apache HTTP Server: DoS by Null pointer in websocket over HTTP/2 (CVE-2024-36387)
  • important: Apache HTTP Server on WIndows UNC SSRF (CVE-2024-38472)
  • moderate: Apache HTTP Server proxy encoding problem (CVE-2024-38473)
  • important: Apache HTTP Server weakness with encoded question marks in backreferences (CVE-2024-38474)
  • important: Apache HTTP Server weakness in mod_rewrite when first segment of substitution matches filesystem path. (CVE-2024-38475)
  • important: Apache HTTP Server may use exploitable/malicious backend application output to run local handlers via internal redirect (CVE-2024-38476)
  • important: Apache HTTP Server: Crash resulting in Denial of Service in mod_proxy via a malicious request (CVE-2024-38477)
  • moderate: Apache HTTP Server: mod_rewrite proxy handler substitution (CVE-2024-39573)

ea-openssl11

• EA-12205: Patch ea-openssl11 for CVE-2024-4741

2024-7-3

---

ea-liblsapi

• ZC-11878: Add newfold remi patch for A9.

ea-apache24-mod_lsapi

• ZC-11878: Add newfold remi patch for A9.

ea-nodej20

• EA-12240: Update ea-nodejs20 from 20.13.1 to 20.15.0.

ea-nodejs22

• EA-12241: Update ea-nodejs22 from 22.2.0 to 22.3.0.

ea-nginx-njs

• EA-12243: Update ea-nginx-njs from 0.8.4 to 0.8.5.

ea-ioncube13

• EA-12245: Update ea-ioncube13 from 13.0.3 to 13.3.0.

2024-6-26

---

ea-nginx

• EA-12203: Update ea-nginx from 1.26.0 to 1.26.1 and build the following against it:
  • ea-nginx-echo
  • ea-nginx-headers-more
  • ea-nginx-njs
  • ea-nginx-passenger
  • ea-modsec30-connector-nginx

2024-6-10

---

ea-profiles-cpanel

• ZC-11857: Replace mod_ruid with mod_suexec for WP2 profiles.

ea-php81

• EA-12192: Update ea-php81 from 8.1.28 to 8.1.29 (with fixes for CVE-2024-4577, CVE-2024-5458, and CVE-2024-5585.)

ea-php81-meta

• EA-12192: Update ea-php81 from 8.1.28 to 8.1.29 (with fixes for CVE-2024-4577, CVE-2024-5458, and CVE-2024-5585.)

ea-php82

• EA-12194: Update ea-php82 from 8.2.19 to 8.2.20 (with fixes for CVE-2024-4577, CVE-2024-5458, and CVE-2024-5585.)

ea-php82-meta

• EA-12194: Update ea-php82 from 8.2.19 to 8.2.20 (with fixes for CVE-2024-4577, CVE-2024-5458, and CVE-2024-5585.)

ea-php83

• EA-12193: Update ea-php83 from 8.3.7 to 8.3.8 (with fixes for CVE-2024-4577, CVE-2024-5458, and CVE-2024-5585.)

ea-php83-meta

• EA-12193: Update ea-php83 from 8.3.7 to 8.3.8 (with fixes for CVE-2024-4577, CVE-2024-5458, and CVE-2024-5585.)

2024-5-29

---

ea-nodejs18

• EA-12166: Update ea-nodejs18 from 18.20.2 to 18.20.3.

2024-5-22

---

ea-passenger-src

• EA-12161: Update ea-passenger-src from 6.0.20 to 6.0.22.

ea-nginx-passenger

• EA-12161: Update ea-passenger-src from 6.0.20 to 6.0.22.

ea-apache24-mod-passenger

• EA-12161: Update ea-passenger-src from 6.0.20 to 6.0.22.

ea-cpanel-tools

• ZC-11823: Add new container package ea-valkey72 to the metainfo and update manifest.

ea-valkey72

• ZC-11805: Initial release.

ea-nghttp2

• EA-12163: Update ea-nghttp2 from 1.62.0 to 1.62.1.

ea-nodejs22

• EA-12158: Update ea-nodejs22 from 22.1.0 to 22.2.0.

ea-ruby27-passenger

• EA-12162: Update ea-ruby27-passenger from 6.0.20 to 6.0.22.

2024-5-15

---

ea-tomcat101

• EA-12147: Update ea-tomcat101 from 10.1.20 to 10.1.24.

ea-nghttp2

• EA-12146: Update ea-nghttp2 from 1.61.0 to 1.62.0.

ea-nodejs20

• EA-12140: Update ea-nodejs20 from 20.13.0 to 20.13.1.

ea-nodejs22

• ZC-11803: Initial build.

ea-ioncube13

• EA-12148: Update ea-ioncube13 from 13.0.2 to 13.0.3.

ea-cpanel-tools

• ZC-11822: Add ea-nodejs22 to additional packages list and manifest.

2024-5-9

---

ea-nginx

• ZC-11741: Reload touch file mechanism.

ea-cpanel-tools

• ZC-11759: Create ea-tomcat85 EOL recommendation.
• ZC-11811: Add ea-apache24-mod_cpanel``eol.json to recommendations.

ea-apache24-mod_cpanel

• ZC-11717: Mark ea-apache24-mod_cpanel as EOL.

ea-nodejs20

• EA-12128: Update ea-nodejs20 from 20.12.2 to 20.13.0.

2024-5-1

---

ea-nginx

• EA-12112: Update ea-nginx from 1.25.5 to 1.26.0.

ea-nginx-headers-more

• EA-12112: Build against ea-nginx version 1.26.0.

ea-nginx-echo

• EA-12112: Build against ea-nginx version 1.26.0.

ea-nginx-njs

• EA-12112: Build against ea-nginx version 1.26.0.

ea-nginx-passenger

• EA-12112: Build against ea-nginx version 1.26.0.

ea-modsec30-connector-nginx

• EA-12112: Build against ea-nginx version 1.26.0.

ea-apache24-mod_lsapi

• CLOS-2334: Minor mod_lsapi scripts corrections.
• CLOS-2348: Execute condition changed in switch_mod_lsapi script.

ea-cpanel-tools

• ZC-11752: Update Manifest for mod_lsapi update.

2024-4-24

---

ea-nginx

• EA-12100: Update ea-nginx from 1.25.4 to 1.25.5.

ea-nginx-headers-more

• EA-12100: Build against ea-nginx version 1.25.5.

ea-nginx-echo

• EA-12100: Build against ea-nginx version 1.25.5.

ea-nginx-passenger

• EA-12100: Build against ea-nginx version 1.25.5.

ea-modsec30-connector-nginx

• EA-12100: Build against ea-nginx version 1.25.5.

ea-nginx-njs

• EA-12100: Build against ea-nginx version 1.25.5.
• EA-12090: Update ea-nginx-njs from 0.8.3 to 0.8.4.

ea-apache24-mod-qos

• EA-12101: Update ea-apache24-mod-qos from 11.74 to 11.75.

2024-4-17

---

ea-libzip

• EA-12064: Update ea-libzip from 1.9.2 to 1.10.1.

ea-php81

• ZC-11730: Add GD support for AVIF format on Ubuntu 22 and higher.
• EA-12087: Update ea-php81 from 8.1.27 to 8.1.28 (with fixes for CVE-2024-1874, CVE-2024-2756, and CVE-2024-3096.)

ea-php81-meta

• ZC-11730: Add GD support for AVIF format on Ubuntu 22 and higher.
• EA-12087: Update ea-php81 from 8.1.27 to 8.1.28 (with fixes for CVE-2024-1874, CVE-2024-2756, and CVE-2024-3096.)

ea-php82

• ZC-11730: Add GD support for AVIF format on Ubuntu 22 and higher.
• EA-12085: Update ea-php82 from 8.2.17 to 8.2.18 (with fixes for CVE-2024-1874, CVE-2024-2756, and CVE-2024-3096.)

ea-php82-meta

• ZC-11730: Add GD support for AVIF format on Ubuntu 22 and higher.
• EA-12085: Update ea-php82 from 8.2.17 to 8.2.18 (with fixes for CVE-2024-1874, CVE-2024-2756, and CVE-2024-3096.)

ea-php83

• ZC-11730: Add GD support for AVIF format on Ubuntu 22 and higher.
• EA-12086: Update ea-php83 from 8.3.4 to 8.3.6 (with fixes for CVE-2024-1874, CVE-2024-2756, CVE-2024-3096, and CVE-2024-2757.)

ea-php83-meta

• ZC-11730: Add GD support for AVIF format on Ubuntu 22 and higher.
• EA-12086: Update ea-php83 from 8.3.4 to 8.3.6 (with fixes for CVE-2024-1874, CVE-2024-2756, CVE-2024-3096, and CVE-2024-2757.)

ea-cpanel-tools

• ZC-11698: Update manifest for new ea-noop-u20 pkg and recent repo cleanups.

ea-tomcat101

• EA-12081: Update ea-tomcat101 from 10.1.10 to 10.1.20.

ea-openssl11

• EA-12071: Update ea-openssl11 for CVE-2023-5678 (additional patch) and CVE-2024-0727.

ea-libcurl

• EA-12080: patch update that caused issues with CURLOPT_ACCEPT_ENCODING.

2024-4-8

---

ea-apache24

• EA-12070: Update ea-apache24 from 2.4.58 to 2.4.59 (with fixes for CVE-2024-24795, CVE-2024-27316, and CVE-2023-38709.)

ea-nodejs20

• EA-12068: Update ea-nodejs20 from 20.12.0 to 20.12.1 (with fixes for CVE-2024-27983 and CVE-2024-27982.)

ea-nodejs18

• EA-12067: Update ea-nodejs18 from 18.20.0 to 18.20.1 (with fixes for CVE-2024-27983 and CVE-2024-27982.)

ea-nghttp2

• EA-12069: Update ea-nghttp2 from 1.60.0 to 1.61.0 (with fix for CVE-2024-28182.)

ea-profiles-cpanel

• ZC-11574: Set epoch to 5 to coordinate w/ Cloudlinux’s fixes.

ea-tomcat85

• EA-11588: Mark ea-tomcat85 as EOL.

2024-4-3

---

ea-php81

• ZC-11561: Add GD support for AVIF format on RHEL 8 and newer (RHEL only).

ea-php82

• ZC-11561: Add GD support for AVIF format on RHEL 8 and newer (RHEL only).

ea-php83

• ZC-11561: Add GD support for AVIF format on RHEL 8 and newer (RHEL only).

ea-libcurl

• EA-12051: Update libcurl from 8.6.0 to 8.7.1 (with fixes for CVE-2024-2466, CVE-2024-2398, CVE-2024-2379, and CVE-2024-2004.)

ea-tomcat101

• ZC-11732: Add SSL and Port information to readme file.

ea-nodejs18

• EA-12049: Update ea-nodejs18 from 18.19.1 to 18.20.0.

ea-nodejs20

• EA-12050: Update ea-nodejs20 from 20.11.1 to 20.12.0.

2024-3-27

---

ea-ruby27-rubygem-rack

• EA-12036: Update ea-ruby27-rubygem-rack from 2.2.8 to v2.2.9.

ea-tomcat85

• EA-12039: Update ea-tomcat85 from 8.5.99 to 8.5.100.

2024-3-20

---

ea-php82

• EA-12016: Update ea-php82 from 8.2.16 to 8.2.17.

ea-php82-meta

• EA-12016: Update ea-php82 from 8.2.16 to 8.2.17.

ea-php83

• EA-11978: Update ea-php83 from 8.3.2 to 8.3.3.

ea-php83-meta

• EA-11978: Update ea-php83 from 8.3.2 to 8.3.3.

ea-libxml2

• EA-12022: Update ea-libxml2 from 2.12.4 to 2.12.6 (with fix for CVE-2024-25062.)

ea-nghttp2

• EA-11992: Update ea-nghttp2 from 1.59.0 to 1.60.0.

scl-ruby24-passenger

• EA-12025: Update scl-ruby24-passenger from 6.0.12 to 6.0.20.

ea-apache2-config

• ZC-11694: Correct problem where changing MPM does not restart Apache.

ea-profiles-cpanel

• ZC-11674: Add php-redis extension to WP2 profile.

ea-cpanel-tools

• ZC-11660: Allow compatibility for profiles which include third-party packages.

ea-ruby24-meta

• EA-12025: Update bundler version requirement to allow to install for scl-ruby24-passenger.

2024-3-13

---

ea-nginx

• ZC-11679: Account for circumstance where wwwacct.conf is missing.
• ZC-11680: Clear cache after lookup for pre-install /var override.

ea-podman-repo

• ZC-11673: Update repository OS dependencies.

ea-cpanel-tools

• ZC-11662: Update manifest because of changes to EA4-experimental.

2024-3-6

---

ea-modsec30

• EA-11990: Update ea-modsec30 from 3.0.9 to 3.0.12.

2024-2-21

---

ea-nginx

• EA-11973: Update ea-nginx from 1.25.3 to 1.25.4 and build the following against 1.25.4:
  • ea-nginx-njs
  • ea-nginx-echo
  • ea-nginx-headers-more
  • ea-nginx-passenger
  • ea-modsec30-connector-nginx

ea-php82

• EA-11977: Update ea-php82 from 8.2.15 to 8.2.16.

ea-php82-meta

• EA-11977: Update ea-php82 from 8.2.15 to 8.2.16.

ea-php83

• EA-11978: Update ea-php83 from 8.3.2 to 8.3.3.

ea-php83-meta

• EA-11978: Update ea-php83 from 8.3.2 to 8.3.3.

ea-nodejs20

• EA-11975: Update ea-nodejs20 from 20.11.0 to 20.11.1 (with fixes for CVE-2024-21892, CVE-2024-22019, CVE-2024-21896, CVE-2024-22017, CVE-2023-46809, CVE-2024-21891, CVE-2024-21890, and CVE-2024-22025.)

ea-nodejs18

• EA-11974: Update ea-nodejs18 from 18.19.0 to 18.19.1 (with fixes for CVE-2024-21892, CVE-2024-22019, CVE-2023-46809, and CVE-2024-22025.)

ea-tomcat85

• EA-11979: Update ea-tomcat85 from 8.5.98 to 8.5.99.

2024-2-14

---

ea-nginx-njs

• EA-11959: Update ea-nginx-njs from 0.8.2 to 0.8.3.

ea-ruby27-libuv

• EA-11958: Update ea-ruby27-libuv from 1.47.0 to 1.48.0 (with fix for CVE-2024-24806.)

ea-php82-php-memcached

• ZC-11489: Remove unused package.xml file.

2024-2-7

---

ea-nginx

• ZC-11555: No longer pull in Apache’s passenger in reverse proxy mode.

ea-tomcat85

• EA-11947: Update ea-tomcat85 from 8.5.97 to 8.5.98.

libcurl

• EA-11948: Update libcurl from 8.5.0 to 8.6.0 (with fix for CVE-2024-0853.)

2024-1-31

---

ea-passenger-src

• EA-11926: Update ea-passenger-src from 6.0.19 to 6.0.20.

ea-apache24-mod-passenger

• EA-11926: ea-passenger-src was updated from 6.0.19 to 6.0.20.

ea-ruby27-passenger

• EA-11927: Update ea-ruby27-passenger from 6.0.19 to 6.0.20.

ea-ruby27-meta

• ZC-11549: Specify bundler version since latest is not compatible w/ 2.7.

ea-cpanel-tools

• EA-11937: Remove ea-tomcat85 for CentOS_8 in pkg-manifest.json.

2024-1-24

---

ea-php83

• EA-11920: Update ea-php83 from 8.3.1 to 8.3.2.

ea-php83-meta

• EA-11920: Update ea-php83 from 8.3.1 to 8.3.2.

ea-php82

• EA-11919: Update ea-php82 from 8.2.14 to 8.2.15.

ea-php82-meta

• EA-11919: Update ea-php82 from 8.2.14 to 8.2.15.

ea-nghttp2

• EA-11923: Update ea-nghttp2 from 1.58.0 to 1.59.0.

ea-redis62

• EA-11922: Update ea-redis62 from 6.2.8 to 6.2.14 (with fixes for CVE-2023-45145, CVE-2022-24834, CVE-2023-25155, CVE-2023-28856, CVE-2022-36021, and CVE-2023-22458.)

2024-1-17

---

ea-profiles-cpanel

• ZC-11378: Clean up /etc/cpanel/ea4/profiles/cpanel related %files and change %post to %posttrans.

ea-cpanel-tools

• ZC-11503: Add PHP 8.0 EOL recommendation.

ea-nodejs20

• EA-11904: Update ea-nodejs20 from 20.10.0 to 20.11.0.

ea-libxml2

• EA-11908: Update ea-libxml2 from 2.12.3 to 2.12.4.

2024-1-10

---

ea-php73

• EA-10753: Have snmp module require snmp-mibs-downloader for deb.

ea-php74

• EA-10753: Have snmp module require snmp-mibs-downloader for deb.

ea-php80

• EA-10753: Have snmp module require snmp-mibs-downloader for deb.

ea-php81

• EA-11892: Update ea-php81 from 8.1.26 to 8.1.27.
• EA-10753: Have snmp module require snmp-mibs-downloader for deb.

ea-php81-meta

• EA-11892: Update ea-php81 from 8.1.26 to 8.1.27.
• EA-10753: Have snmp module require snmp-mibs-downloader for deb.

ea-php82

• EA-11893: Update ea-php82 from 8.2.13 to 8.2.14.
• EA-10753: Have snmp module require snmp-mibs-downloader for deb.

ea-php82-meta

• EA-11893: Update ea-php82 from 8.2.13 to 8.2.14.
• EA-10753: Have snmp module require snmp-mibs-downloader for deb.

ea-php83

• EA-11894: Update ea-php83 from 8.3.0 to 8.3.1.
• EA-10753: Have snmp module require snmp-mibs-downloader for deb.

ea-php83-meta

• EA-11894: Update ea-php83 from 8.3.0 to 8.3.1.
• EA-10753: Have snmp module require snmp-mibs-downloader for deb.

2024-1-3

---

ea-php83

• Case ZC-11475: Build on CentOS 7.

ea-php83-meta

• Case ZC-11475: Build on CentOS 7.

scl-php-pear

• Case ZC-11475: Build on CentOS 7.

ea-php83-php-memcached

• Case ZC-11475: Build on CentOS 7.

ea-cpanel-tools

• Case ZC-11475: Build on CentOS 7.