Apache http web server-2.4.64

vellayappan · July 17, 2025, 1:07pm

Hello,
can i have an approximate time line for apache http web server 2.4.64 to be available in yum repository? Thanks in advance.

esanchezvela · July 17, 2025, 1:30pm

Hi there,

As of right now, 2.4.64 is not scheduled to be included anytime soon.
Security updates would be backported into 63.

redadmin · July 17, 2025, 2:14pm

Hello,
I looked into the Apache vulnerability, but unless you have made special settings, you will not be affected. Therefore, I think it will take some time to fix this issue.
I also looked into Red Hat, which is the upstream, but it seems that the release of fixes for some packages is delayed. It will probably take some time for the backports to be released.

Reference sites
https://httpd.apache.org/security/vulnerabilities_24.html

Red Hat
https://access.redhat.com/security/cve/cve-2024-42516
https://access.redhat.com/security/cve/CVE-2024-43204
https://access.redhat.com/security/cve/CVE-2024-43394
https://access.redhat.com/security/cve/CVE-2024-47252
https://access.redhat.com/security/cve/CVE-2025-23048
https://access.redhat.com/security/cve/CVE-2025-49630
https://access.redhat.com/security/cve/CVE-2025-49812
https://access.redhat.com/security/cve/CVE-2025-53020

Akira Kurita redadmin

jlehtone · July 17, 2025, 3:53pm

The “2.4.63” in RHEL is not same as the Apache 2.4.63. Red Hat forks package for RHEL and backports (necessary) security fixes and features into the branch in RHEL. See What is backporting and how does it affect Red Hat Enterprise Linux? - Red Hat Customer Portal

Red Hat does occasionally rebase some packages in RHEL point updates. Usually “less critical” packages. An important part of Enterprise Linux is that you can set up a server and run it for years without fear of feature changes breaking your setup.

AlmaLinux basically has what corresponding RHEL has.

vellayappan · July 23, 2025, 12:13pm

Thank you for the information

kenlee · February 28, 2026, 12:52pm

To upgrade to apache 2.4.64 (or better 2.4.66 - the lastest version as at today), one of the ways is

a) Perform a manual installation from source
b) Stop your current httpd service
c) Start a new script for httpd
d) Change a few configuration / settings

To demonstrate I will append the steps required below. [Note: I am using Almalinux so in case you use other distribution please use the corresponding commands required]

For (a)

Install dependencies

sudo dnf groupinstall “Development Tools” -y
sudo dnf install apr-devel apr-util-devel pcre-devel openssl-devel -y
download the source, then compile

wget https://dlcdn.apache.org/httpd/httpd-2.4.66.tar.gz

tar -xzvf httpd-2.4.66.tar.gz

cd httpd-2.4.66

./configure --prefix=/usr/local/apache2 --enable-mods-shared=all --enable-ssl --with-mpm=event

make

sudo make install

For (b)

sudo systemctl stop httpd
sudo systemctl disable httpd

For (c)

Perform the following (may be put them as a script)

sudo systemctl stop php-fpm
sudo /usr/local/apache2/bin/apachectl stop

sudo systemctl start php-fpm
sudo /usr/local/apache2/bin/apachectl restart -f /etc/httpd/conf/httpd.conf

(Note: assuming /etc/httpd/conf/httpd.conf is the original configuration file)

For (d)

in my experience, you will immediately note a few places where the configuration files (inside /etc/httpd/conf.modules.d) have errors, in my case they are:

LoadModule dav_fs_module modules/mod_dav_fs.so (in 00-dav.conf)

and

LoadModule mpm_event_module modules/mod_mpm_event.so (in 00-mpm.conf)

Since mod_dav_fs is not required (in my case, and I believe most of the cases do not need to have mod_dav_fs, unless you want to use WebDAV to manage files on your filesystem) and I discovered that the line loading mod_mpm_event.so is not needed (I think the new httpd does not require it / or already load it somewhere so no need to “double-load” the so file), so I simply remarked the two problematic lines above (put a # at front of each of them), and re-run script (c) above, and now your apache is having version 2.4.66 (phpinfo() will display $_SERVER[‘SERVER_SOFTWARE’] as Apache/2.4.66 (Unix) OpenSSL/3.5.1 )

Of course, to be on the safe side, before the above installation steps you may consider

backing up your whole system first, or at least
backing up your web files and db

On the other hand, in case you encounter other problems you may need to fix them one by one , but in my experience the above steps are already sufficient.

Now make sure after every reboot the script (c) will be executed (or you may do whatever you prefer to kick start the new httpd).