EasyApache4 v25.53 Maintenance and Security Release

WebPros has released an update for EasyApache 4!  Take a look at some highlights below, and then join us on the cPanel Community Forums, Discord, or Reddit to talk about this update and much more. If you have additional questions, feel free to reach out on one of our social channels.

• ea-tomcat101
• EA-13399: Update ea-tomcat101 from v10.1.53 to v10.1.54

• ea-re2c
• EA-13398: Update ea-re2c from v4.5 to v4.5.1

• ea-ruby27-rubygem-rack
• EA-13397: Update ea-ruby27-rubygem-rack from v2.2.22 to v2.2.23
• CVE-2026-34830: Regex injection via X-Accel-Mapping header in Rack::Sendfile allows attacker to control nginx X-Accel-Redirect response header
• CVE-2026-34785: Information disclosure in Rack::Static via partial string comparison allows access to files sharing a prefix with configured static dirs

• ea-modsec2-rules-owasp-crs
• EA-13393: Update ea-modsec2-rules-owasp-crs from v3.3.8 to v3.3.9
• CVE-2026-33691: File upload detection bypass via whitespace padding in PHP double-extension, PHP upload, and JSP file upload detection

• ea-cpanel-tools
• EA4-249: Add target-os package rename mapping support to ea_current_to_profile
• EA4-249: Add ignore_deps support to package rename mappings