EasyApache4 v25.54 Maintenance and Security Release

WebPros has released an update for EasyApache 4!  Take a look at some highlights below, and then join us on the cPanel Community Forums, Discord, or Reddit to talk about this update and much more. If you have additional questions, feel free to reach out on one of our social channels.

• ea-openssl11
• EA-13406: Patch ea-openssl11 for multiple CVEs:
• (CVE-2026-28387) Memory management fix in dane_match_cert() - use X509_free() instead of OPENSSL_free() on mcert
• (CVE-2026-28388) NULL Dereference When Delta CRL Lacks CRL Number Extension
• (CVE-2026-28389) NULL deref in ecdh_cms_set_shared_info via crafted CMS EnvelopedData with missing KeyEncryptionAlgorithmIdentifier parameters
• (CVE-2026-28390) NULL deref in rsa_cms_decrypt via missing RSA-OAEP SourceFunc parameters in CMS KeyTransportRecipientInfo
   

• ea-php85
• EA-13404: Update ea-php85 from v8.5.4 to v8.5.5

• ea-php84
• EA-13403: Update ea-php84 from v8.4.19 to v8.4.20

• ea-nginx
• EA-13402: Update ea-nginx from v1.29.7 to v1.29.8

• ea-nginx-echo
• EA-13402: Build against ea-nginx version v1.29.8

• ea-nginx-headers-more
• EA-13402: Build against ea-nginx version v1.29.8

• ea-nginx-njs
• EA-13402: Build against ea-nginx version v1.29.8

• ea-nginx-passenger
• EA-13402: Build against ea-nginx version v1.29.8

• ea-modsec30-connector-nginx
• EA-13402: Build against ea-nginx version v1.29.8