[ol8_appstream] mod_proxy_html-1:2.4.37-65.0.1.module+el8.10.0+90740+3332f30e.7.aarch64

Name:	mod_proxy_html
Epoch:	1
Version:	2.4.37
Release:	65.0.1.module+el8.10.0+90740+3332f30e.7
Architecture:	aarch64
Module:	httpd:2.4:8100020250411144918:489197e6
Group:	System Environment/Daemons
Size:	138863
License:	ASL 2.0
RPM:	mod_proxy_html-2.4.37-65.0.1.module+el8.10.0+90740+3332f30e.7.aarch64.rpm
Source RPM:	httpd-2.4.37-65.0.1.module+el8.10.0+90740+3332f30e.7.src.rpm
Build Date:	Wed Dec 24 2025
Build Host:	build-ol8-aarch64.oracle.com
Vendor:	Oracle America
URL:	https://httpd.apache.org/
Summary:	HTML and XML content filters for the Apache HTTP Server
Description:	The mod_proxy_html and mod_xml2enc modules provide filters which can transform and modify HTML and XML content.

Changelog (Show File list) (Show related packages)

Wed Dec 24 2025 Alan Steinberg <alan.steinberg@oracle.com> - 2.4.37-65.0.1.7
```
- Replace index.html with Oracle's index page oracle_index.html
```

Fri Dec 12 2025 Luboš Uhliarik <luhliari@redhat.com> - 2.4.37-65.7

- Resolves: RHEL-135054 - httpd: Apache HTTP Server: mod_userdir+suexec bypass
  via AllowOverride FileInfo (CVE-2025-66200)
- Resolves: RHEL-135039 - httpd: Apache HTTP Server: CGI environment variable
  override (CVE-2025-65082)
- Resolves: RHEL-134471 - httpd: Apache HTTP Server: Server Side Includes adds
  query string to #exec cmd=... (CVE-2025-58098)

Fri Nov 07 2025 Luboš Uhliarik <luhliari@redhat.com> - 2.4.37-65.6

- Resolves: RHEL-127073 - mod_ssl: allow more fine grained SSL SNI vhost check
  to avoid unnecessary 421 errors after CVE-2025-23048 fix
- mod_ssl: add conf.d/snipolicy.conf to set 'SSLVHostSNIPolicy authonly' default

Mon Jul 28 2025 Luboš Uhliarik <luhliari@redhat.com> - 2.4.37-65.5

- Resolves: RHEL-99944 - CVE-2025-49812 httpd: HTTP Session Hijack via a TLS upgrade
- Resolves: RHEL-99969 - CVE-2024-47252 httpd: insufficient escaping of
  user-supplied data in mod_ssl
- Resolves: RHEL-99961 - CVE-2025-23048 httpd: access control bypass by trusted
  clients is possible using TLS 1.3 session resumption

Tue Apr 22 2025 Luboš Uhliarik <luhliari@redhat.com> - 2.4.37-65.4

- Resolves: RHEL-87641 - apache Bug 63192 - mod_ratelimit breaks HEAD requests

Wed Jan 29 2025 Luboš Uhliarik <luhliari@redhat.com> - 2.4.37-65.3

- Resolves: RHEL-56068 - Apache HTTPD no longer parse PHP files with
  unicode characters in the name

Tue Aug 06 2024 Luboš Uhliarik <luhliari@redhat.com> - 2.4.37-65.2

- Resolves: RHEL-46040 - httpd:2.4/httpd: Security issues via backend
  applications whose response headers are malicious or exploitable (CVE-2024-38476)
- Resolves: RHEL-53022 - Regression introduced by CVE-2024-38474 fix

Thu Jul 11 2024 Luboš Uhliarik <luhliari@redhat.com> - 2.4.37-65.1

- Resolves: RHEL-45812 - httpd:2.4/httpd: Substitution encoding issue
  in mod_rewrite (CVE-2024-38474)
- Resolves: RHEL-45785 - httpd:2.4/httpd: Encoding problem in
  mod_proxy (CVE-2024-38473)
- Resolves: RHEL-45777 - httpd:2.4/httpd: Improper escaping of output
  in mod_rewrite (CVE-2024-38475)
- Resolves: RHEL-45758 - httpd:2.4/httpd: null pointer dereference
  in mod_proxy (CVE-2024-38477)
- Resolves: RHEL-45743 - httpd:2.4/httpd: Potential SSRF
  in mod_rewrite (CVE-2024-39573)

Wed Jun 12 2024 Luboš Uhliarik <luhliari@redhat.com> - 2.4.37-65

- Resolves: RHEL-31857 - httpd:2.4/httpd: HTTP response
  splitting (CVE-2023-38709)

Fri Feb 16 2024 Joe Orton <jorton@redhat.com> - 2.4.37-64

- Resolves: RHEL-14448 - httpd: mod_macro: out-of-bounds read
  vulnerability (CVE-2023-31122)