cPanel has updated packages for EasyApache 4 with Apache 2.4.49 and libcurl 7.79.0. This update includes bug fixes related to CVE-2021-22945, CVE-2021-22946, CVE-2021-22947, CVE-2021-40438, CVE-2021-39275, CVE-2021-36160, CVE-2021-34798, and CVE-2021-33193. All versions of Apache through 2.4.48 and libcurl through 7.78.0 have been affected. Therefore, cPanel recommends that all Apache users upgrade to version 2.4.49 and all libcurl users upgrade to version 7.79.0.
The new update is bringing new features, enhancements and fixes, as listed below:
- EA-10108: Update ea-nginx to 1.21.3, drop 1.21.2.
- ZC-9261: Allow to include prefix proxy_cache_key based on any criteria.
- ZC-9260: Move standalone includes to separate folder and bring in server includes on reverse proxy and standalone.
- EA-10110: Update libcurl to 7.79.0, drop 7.78.0 (with fixes for CVE-2021-22945, CVE-2021-22946, and CVE-2021-22947).
- EA-10109: Update ea-tomcat85 to 8.5.71, drop 8.5.70.
- EA-10107: Update ea-apache2 to 2.4.49, drop 2.4.48 (with fixes for CVE-2021-40438, CVE-2021-39275, CVE-2021-36160, CVE-2021-34798, and CVE-2021-33193)
- ZC-9217: Fix the RPM path for modsec_audit.
- ZC-8704: Build for Ubuntu and minor changes for CentOS.