Apache HTTPD versions supported by Red Hat
Environment
- Red Hat Enterprise Linux (RHEL)
- Red Hat Software Collections (RHSCL)
- Red Hat JBoss Core Services (JBCS)
- Red Hat JBoss Enterprise Application Platform (EAP)
- Red Hat JBoss Web Server (JWS/EWS)
- Microsoft Windows
- Apache Web Server (HTTPD)
Issue
- What version of httpd is supported on RHEL?
- Is the community version of Apache httpd supported?
- Which versions of Apache httpd are supported?
- How can I install Apache 2.5/2.6? Is Apache httpd 2.5/2.6 supported?
- Does Redhat support self compiled apache installations?
- What are supported install methods for Apache 2.4 (e.g. rpm and yum only etc.)?
- Support for Apache installation.
- We need to update the httpd version from 2.4.x to 2.4.y. We are unable to find the same on portal. Please provide Apache executable file for this.
- Which is the latest version of httpd(Apache) server available from RHEL?
- Apache HTTPD Upgrade / Update to latest version
- I am aware that the Apache HTTPD version supplied for RHEL7.1 is version 2.4.6. Will Redhat upgrade this to 2.5 in future for RHEL7?
- I also have RHEL6.6 OS. Will there be plans to upgrade the Apache Httpd package in future?
- Apache Prior to 2.x Multiple Vulnerabilities
- We patched httpd packages to latest version to solve vulnerabilities but seems there is still a vulnerability that Qualys is reporting
- It looks like the latest is 2.4.6, but this is quite old
- It is necessary to install a specific version of Apache. Does the installed version of Red Hat Enterprise Linux supports it?
Resolution
Currently-supported products and versions
-
Red Hat Enterprise Linux (RHEL) -
httpd- RPM install only
- In RHEL 7 and previous versions, Apache httpd's life cycle is directly related to RHEL's Life Cycle available in Red Hat Enterprise Linux Life Cycle
- In RHEL 8 and recent versions, Apache httpd's life cycle is defined in Application Streams Life Cycle
- The documentation is available in Product Documentation for Red Hat Enterprise Linux
- Search for
httpdin Package Explorer Tool to check the httpd versions available with RHEL
-
Red Hat JBoss Core Services (JBCS) Apache HTTP Web Server
- RPM and ZIP install options
- The recommended product to be used with JWS and EAP
- It's life cycle is available in Red Hat JBoss Core Services Collection Lifecycle Dates
- The documentation is available in Product Documentation for Red Hat JBoss Core Services
- Search for
jbcs-httpd24-httpdin Package Explorer Tool to check the httpd versions available with JBCS
-
Red Hat Software Collections (RHSCL) -
httpd24-httpd- RPM install only
- RHSCL is available only for RHEL 7 and previous supported releases. From RHEL 8 onwards it moved to Application Streams.
- It's life cycle is directly related to RHSCL's Life Cycle available in Red Hat Software Collections Product Life Cycle
- The documentation is available in Product Documentation for Red Hat Software Collections
- Search for
httpd24-httpdin Package Explorer Tool to check the httpd versions available with RHSCL
Outdated and unsupported versions
-
JBoss Enterprise App Platform (EAP) Apache HTTP Web Server (Outdated/ELS Required)
- EAP 7: Apache httpd was not included (JBCS is the product to be used)
- EAP 6.4: Has an Apache httpd v2.2.26 (ELS Required)
- EAP 5 and earlier: Apache HTTP Server was not included (Unsupported)
- For more information:
- JBoss Enterprise Application Platform Component Details
- Red Hat JBoss Middleware Product Update and Support Policy - Life Cycle Dates
- Product Documentation for JBoss Enterprise Application Platform
-
Red Hat JBoss Web Server (JWS/EWS) Apache HTTP Web Server (Outdated/Unsupported)
- Apache httpd used to be distributed until JWS 3.0
- JBCS package is now the recommended product to be used together with JWS
- For more information:
- JBoss Web Server Component Details
- Red Hat JBoss Middleware Product Update and Support Policy - Life Cycle Dates
- Product Documentation for Red Hat JBoss Web Server
Additional notes
- Note that the versions of Apache HTTP Server included in the above products are in most cases vastly different from the upstream community releases of the same version
- This is explained by Red Hat's Security Backporting Policy and is the most common cause of admins/auditors trying to get a newer version of Apache
- For example: RHEL 7 Apache httpd is based in v2.4.6; However, they also include multiple CVE security fixes which are **NOT*** in the original community release of Apache httpd v2.4.6
- Community releases of Apache httpd are NOT supported
- Self-compiled Apache installations, even using the source code shipped by Red Hat, is NOT supported
- Apache httpd 2.5/2.6 is currently NOT included in any of Red Hat product
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Comments