EasyApache4 v25.46 Maintenance and Security Release
WebPros has released an update for EasyApache 4! Take a look at some highlights below, and then join us on the cPanel Community Forums, Discord, or Reddit to talk about this update and much more. If you have additional questions, feel free to reach out on one of our social channels.
SECURITY FIXES
This release addresses 2 security vulnerabilities:
-
CVE-2026-1642 (ea-nginx): An attacker might inject plain text data in the response from an SSL backend
-
CVE-2026-21876 (ea-modsec2-rules-owasp-crs): Rule 922110 only validates the LAST multipart part's charset, allowing malicious charsets in earlier parts to bypass detection
PACKAGE UPDATES
-
ea-modsec2-rules-owasp-crs
-
EA-13308: Update ea-modsec2-rules-owasp-crs from v3.3.7 to v3.3.8
-
ea-modsec30-connector-nginx
-
EA-13286: Build against ea-nginx version v1.29.5
-
ea-nginx
-
EA-13333: Update ea-nginx from v1.29.4 to v1.29.5
-
ea-nginx-echo
-
EA-13333: Build against ea-nginx version v1.29.5
-
ea-nginx-headers-more
-
EA-13333: Build against ea-nginx version v1.29.5
-
ea-nginx-njs
-
EA-13333: Build against ea-nginx version v1.29.5
-
ea-nginx-passenger
-
EA-13333: Build against ea-nginx version v1.29.5
Post is closed for comments.
Comments
0 comments