cPanel team announced the release of an update for EasyApache 4 that brings fixes for multiple CVEs.
June 17 release of EasyApache is now announced by the cPanel. The latest update includes fixes for CVE-2020-11080, CVE-2020-8174, CVE-2020-10531, and CVE-2020-11080. The update also fixes the PHP version in DSO description and grammatical error in the 404 page. The latest version also doesn’t log proxied requests to avoid double counting of them in stats. cPanel has released updated RPMs for EasyApache 4 on June 17, with updated versions of nghttp2 version 1.41.0 and NodeJS version 10.21.0.
Update highlights:
ea-apache2-config
- ZC-6899: do not log proxied requests to avoid double counting of them in stats.
ea-documentroot
- EA-9095: Fixed grammatical error in 404 page.
ea-libzip
- EA-9101: Update from upstream to 1.7.0.
ea-nghttp2
- EA-9098: Update ea-nghttp2 to 1.41.0, drop 1.40.0 (with fix for CVE-2020-11080).
ea-nodejs10
- EA-9099: Update ea-nodejs10 to 10.21.0, drop 10.20.1 (with fixes for CVE-2020-8174, CVE-2020-10531, and CVE-2020-11080).
ea-tomcat85
- EA-9110: Update ea-tomcat85 to 8.5.56, drop 8.5.55.
scl-php72
- EA-9087: Fix PHP version in DSO description.
scl-php73
- EA-9111: Update scl-php73 to 7.3.19, drop 7.3.18.
- EA-9087: Fix PHP version in DSO description.
scl-php73-meta
- EA-9111: Update scl-php73 to 7.3.19, drop 7.3.18.
ea-php74
- EA-9109: Update ea-php74 to 7.4.7, drop 7.4.6.
- EA-9087: Fix PHP version in DSO description
ea-php74-meta
- EA-9109: Update ea-php74 to 7.4.7, drop 7.4.6.