EasyApache4 v25.59 Maintenance and Security Release

WebPros has released an update for EasyApache 4!  Take a look at some highlights below, and then join us on the cPanel Community Forums, Discord, or Reddit to talk about this update and much more. If you have additional questions, feel free to reach out on one of our social channels.

• ea-valkey72
• EA-13426: Update ea-valkey72 from v7.2.12 to v7.2.13

• ea-redis62
• EA-13425: Update ea-redis62 from v6.2.21 to v6.2.22

• ea-nginx-njs
• EA-13420: Update ea-nginx-njs from v0.9.7 to v0.9.8

• ea-apache24-mod_security2
• EA-13418: Update ea-apache24-mod_security2 from v2.9.12 to v2.9.13

• ea-wappspector
• EA-13409: Fix Ubuntu phar build by removing stale phar before rebuilding

• ea-tomcat101
• EA-13434: Update ea-tomcat101 from v10.1.54 to v10.1.55
• (CVE-2026-43515) Moderate: Security constraints not correctly applied
• (CVE-2026-43512) Moderate: Digest authenticator will authenticate any unknown user
• (CVE-2026-43514) Low: AJP secret compared in non-constant time
• (CVE-2026-43513) Low: LockOutRealm treats user names as case-sensitive
• (CVE-2026-42498) Low: WebSocket authentication header exposure
• (CVE-2026-41293) Low: HTTP/2 request headers not validated
• (CVE-2026-41284) Low: Unbounded read in WebDAV LOCK and PROPFIND handling

• ea-apache24-mod_lsapi
• EA-13431: Update ea-apache24-mod_lsapi and ea-liblsapi from v1.1-81 to v1.1-92