Name: mod_lua	Distribution: CentOS
Version: 2.4.62	Vendor: CentOS
Release: 14.el9	Build date: Mon Jun 1 15:25:41 2026
Group: Unspecified	Build host: aarch64-06.stream.rdu2.redhat.com
Size: 136847	Source RPM: httpd-2.4.62-14.el9.src.rpm
Packager: builder@centos.org
Url: https://httpd.apache.org/
Summary: Lua scripting support for the Apache HTTP Server

The mod_lua module allows the server to be extended with scripts
written in the Lua programming language.

Provides

Requires

config(mod_lua) = 2.4.62-14.el9
httpd-core = 0:2.4.62-14.el9
httpd-mmn = 20120211aarch64
ld-linux-aarch64.so.1()(64bit)
ld-linux-aarch64.so.1(GLIBC_2.17)(64bit)
libc.so.6()(64bit)
libc.so.6(GLIBC_2.17)(64bit)
libcrypt.so.2()(64bit)
libcrypt.so.2(XCRYPT_2.0)(64bit)
liblua-5.4.so()(64bit)
libm.so.6()(64bit)
rpmlib(CompressedFileNames) <= 3.0.4-1
rpmlib(FileDigests) <= 4.6.0-1
rpmlib(PayloadFilesHavePrefix) <= 4.0-1
rpmlib(PayloadIsZstd) <= 5.4.18-1
rtld(GNU_HASH)

License

ASL 2.0

Changelog

* Fri May 29 2026 Luboš Uhliarik <luhliari@redhat.com> - 2.4.62-14
  - Resolves: RHEL-173563 - httpd: Apache HTTP Server mod_proxy_ajp: Arbitrary
    code execution via heap-based buffer overflow (CVE-2026-28780)
  - Resolves: RHEL-175078 - httpd: NULL pointer dereference can cause a child
    process crash (CVE-2026-33007)
  - Resolves: RHEL-175099 - httpd: off-by-one out-of-bounds reads in AJP getter
    functions (CVE-2026-33857)
  - Resolves: RHEL-175035 - httpd: heap-based buffer over-read due to missing
    null-termination check (CVE-2026-34032)
  - Resolves: RHEL-175063 - httpd: heap-based buffer over-read and memory
    disclosure in ajp_parse_data() (CVE-2026-34059)
* Thu Feb 12 2026 Luboš Uhliarik <luhliari@redhat.com> - 2.4.62-13
  - Resolves: RHEL-129692 - [RFE] Need miliseconds time stamp in ErrorLogFormat
* Thu Jan 08 2026 Luboš Uhliarik <luhliari@redhat.com> - 2.4.62-12
  - Resolves: RHEL-135064 - httpd: Apache HTTP Server: mod_userdir+suexec bypass
    via AllowOverride FileInfo (CVE-2025-66200)
  - Resolves: RHEL-135049 - httpd: Apache HTTP Server: CGI environment variable
    override (CVE-2025-65082)
  - Resolves: RHEL-134481 - httpd: Apache HTTP Server: Server Side Includes adds
    query string to #exec cmd=... (CVE-2025-58098)
* Fri Dec 19 2025 Luboš Uhliarik <luhliari@redhat.com> - 2.4.62-11
  - Resolves: RHEL-131827 - Fix error page messaging when error handling fails
* Thu Nov 06 2025 Luboš Uhliarik <luhliari@redhat.com> - 2.4.62-10
  - Resolves: RHEL-119000 - mod_ssl: allow more fine grained SSL SNI vhost check
    to avoid unnecessary 421 errors after CVE-2025-23048 fix
  - mod_ssl: add conf.d/snipolicy.conf to set 'SSLVHostSNIPolicy authonly' default
* Fri Oct 24 2025 Luboš Uhliarik <luhliari@redhat.com> - 2.4.62-9
  - Resolves: RHEL-105446 - mod_proxy_hcheck may stop healthchecks after a child
    process is reclaimed
* Mon Oct 13 2025 Luboš Uhliarik <luhliari@redhat.com> - 2.4.62-8
  - Resolves: RHEL-114501 Image mode: The dir /var/www is not created when
    updating system in image mode
* Sat Aug 16 2025 Luboš Uhliarik <luhliari@redhat.com> - 2.4.62-7
  - Resolves: RHEL-99815 - stickysession field does not work when specifying
    it in the query parameter after upgrade to 9.5
  - Resolves: RHEL-99953 - httpd: HTTP Session Hijack via a TLS
    upgrade (CVE-2025-49812)
  - Resolves: RHEL-99968 - httpd: access control bypass by trusted
    clients is possible using TLS 1.3 session resumption (CVE-2025-23048)
  - Resolves: RHEL-99977 - httpd: insufficient escaping of user-supplied
    data in mod_ssl (CVE-2024-47252)
* Tue Jul 29 2025 Luboš Uhliarik <luhliari@redhat.com> - 2.4.62-6
  - Resolves: RHEL-94562 - httpd 2.4.62: mod_proxy_connect prematurely closes
    connections
* Fri Jun 06 2025 Joe Orton  <jorton@redhat.com> - 2.4.62-5
  - mod_dav: add dav_get_base_path() API
  - Resolves: RHEL-41069
* Wed Jan 29 2025 Luboš Uhliarik <luhliari@redhat.com> - 2.4.62-4
  - Resolves: RHEL-66488 - Apache HTTPD no longer parse PHP files with unicode
    characters in the name
* Thu Jan 09 2025 Luboš Uhliarik <luhliari@redhat.com> - 2.4.62-3
  - Resolves: RHEL-68660 - RewriteRule proxying to UDS (unix domain socket)
    configured in .htaccess doesn't work on httpd-2.4.62-1
* Thu Sep 12 2024 Joe Orton <jorton@redhat.com> - 2.4.62-2
  - mod_ssl: fix loading keys via ENGINE API
    Resolves: RHEL-36755
* Sat Aug 03 2024 Luboš Uhliarik <luhliari@redhat.com> - 2.4.62-1
  - new version 2.4.62
  - Resolves: RHEL-52724 - Regression introduced by CVE-2024-38474 fix
* Fri Jul 19 2024 Luboš Uhliarik <luhliari@redhat.com> - 2.4.59-7
  - Resolves: RHEL-49856: htcacheclean.service missing [Install] section
* Thu May 30 2024 Joe Orton <jorton@redhat.com> - 2.4.59-6
  - mod_ssl: restore SSL_OP_NO_RENEGOTIATE support
    Related: RHEL-14668

Files

/etc/httpd/conf.modules.d/00-lua.conf
/usr/lib/.build-id
/usr/lib/.build-id/88/0e9af430e907ef2e3e408df76d06df647f7889
/usr/lib64/httpd/modules/mod_lua.so

Generated by rpm2html 1.8.1

Fabrice Bellet, Thu Jun 11 04:42:20 2026

mod_lua-2.4.62-14.el9 RPM for aarch64

From CentOS Stream 9 AppStream for aarch64

Provides

Requires

License

Changelog

Files