Apache HTTPD versions supported by Red Hat

Solution Verified - Updated -


  • Red Hat Enterprise Linux (RHEL)
  • Red Hat Software Collections (RHSCL)
  • Red Hat JBoss Web Server (JWS/EWS)
  • Red Hat JBoss Core Services (JBCS)
  • Red Hat JBoss Enterprise Application Platform (EAP)
  • Windows
  • Apache Web Server (HTTPD)


  • What version of httpd is supported on RHEL?
  • Is the community version of Apache httpd supported?
  • Which versions of Apache httpd are supported?
  • How can I install Apache 2.4/2.5? Is Apache httpd 2.4/2.5 supported?
  • Does Redhat support self compiled apache installations?
  • What are supported install methods for apache 2.4(e.g. rpm and yum only etc.)?
  • Support for Apache installation.
  • We need to update the httpd version from 2.4.9 to 2.4.12 . we are unable to find the same on portal. Please provide Apache executable file for this.
  • Which is the latest version of httpd(Apache) server available from RHEL.
  • Apache HTTPD Upgrade / Update to latest version
  • I am aware that the Apache HTTPD version supplied for RHEL7.1 is version 2.4.6.Will Redhat upgrade this to 2.5 in future for RHEL7?
  • I also have RHEL6.6 OS. Will there be plans to upgrade the Apache Httpd package in future?
  • Apache Prior to 2.4.4 and 2.2.24 Multiple Vulnerabilities
  • Apache HTTP Server Prior to 2.2.25 Multiple Vulnerabilities
  • httpd vulnerability on port 443
  • We patched httpd packages to latest (available on RHEL6 repository) to solve below vulnerabilities but seems there is still a vulnerability that Qualys is reporting
  • What is the latest version of httpd supported on RHEL
  • It looks like the latest is 2.2.3 but this is quite old.
  • Does RHEL 7 support Apache version 2.2.31? Else, which Apache Version does RHEL 7 supports?
  • Which versions of Apache are available for my version of Red Hat Enterprise Linux?
  • It is necessary to install a specific version of Apache, does the installed version of Red Hat Enterprise Linux supports it?
  • We need to know which is latest Apache (httpd) version that Redhat support?
  • Does Apache/2.2.31 (Unix) support in RHEL6 or RHEL7?
  • Does Apache/2.4.33 (Unix) support by Red Hat on RHEL7.5?
  • Is Red Hat Apache version 2.4.37 current ? Cannot find a package with higher version.
  • What is the latest version of JBCS Apache httpd?


Apache HTTP Server versions included in currently-supported products

  • Red Hat Enterprise Linux (RHEL)1 - httpd rpms

    • RHEL 5: based on upstream v2.2.3
    • RHEL 6: based on upstream v2.2.15
    • RHEL 7: based on upstream v2.4.6
    • RHEL 8: based on upstream v2.4.37
  • Red Hat Software Collections (RHSCL)2 - httpd24* rpms

    • RHSCL 2.0 / 2.1 : based on upstream httpd 2.4.12
    • RHSCL 2.2 / 2.3 : based on upstream httpd 2.4.18
    • RHSCL 2.4 : based on upstream httpd 2.4.18
    • RHSCL 3.0 / 3.1 : based on upstream httpd 2.4.27
    • RHSCL 3.2 / 3.3 : based on upstream httpd 2.4.34
  • Red Hat JBoss Web Server (JWS)3 Apache HTTP Server

    • JWS 3.1+: Utilizes JBCS Apache HTTP Server (See below)
    • JWS 3.0: based on upstream v2.4.6
    • EWS 2.1: based on upstream v2.2.26
    • EWS 1.0.2: based on upstream v2.2.17
  • JBoss Enterprise App Platform (EAP)4 Apache HTTP Server

    • EAP 6.4: based on upstream v2.2.26
    • EAP 7: Apache HTTP Server was moved to the separate JBCS product
    • EAP 5 and earlier: Apache HTTP Server was not included
  • Red Hat JBoss Core Services (JBCS)5 Apache HTTP Server

    • Latest is based on upstream v2.4.37
    • Prior releases were based on upstream v2.4.29 v2.4.23 and v2.4.6

Additional notes

  • Note that the versions of Apache HTTP Server included in the above products are in most cases vastly different from the upstream community releases of the same version

    • This is explained by Red Hat's Security Backporting Policy and is the most common cause of admins/auditors trying to get a newer version of Apache
    • For example: EWS 2.1.0 & EAP 6.4.0 include Apache httpd based on upstream v2.2.26; however, they also include multiple CVE security fixes which are not in the original community release of Apache httpd 2.2.266
  • Community releases of Apache httpd are NOT supported

  • Self-compiled apache installations even using the source code shipped by Red Hat is NOT supported

  • Apache httpd v2.5 is currently not included in any Red Hat product

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.


Please note that Red Hat Software Collections 1.1 Beta for RHEL 6 now has Apache 2.4. Check it out!


Red Hat Software Collections package quick reference

Thanks for the info. I've just added it to the content.

I am on RHEL 8.x why can't I upgrade to Apache 2.4.41 or latest apache it complains that its already upto date.

Red Hat httpd does not have same version numbers as upstream. All updates would be available in form of patches and backported to same "base version" i.e for RHEL 8 httpd 2.4.37 . So your httpd may already be on the updated patch level.


I am on Httpd 2.4.37 at the moment for one of the product that I am installing its support matrix says 2.4.41 or higher hence I am wanting to understand if could upgrade to 2.4.41 .

While I am attempting to upgrade the 2.4.41 I am seeing quite a. lot of issues which doesn't make sense to me.

We don't provide that version. You can compile the community version and try checking if the error stops, but we won't be able to provide any support if you have HTTPD issues.

About the errors, there are many types of errors and a huge number of possibilities for them. Only troubleshooting the error logs is possible to figure it out. You can either create a ticket with our support or you can talk to the product vendor about it working on RHEL.

thanks that explains , I'll get back to them and see what they have to say. Issue am seeing is APR & APR-Utils adding a latest version doesn't seem to be reflected and fails compiling and building.

What about the RHEL8 and upgrade to the version 2.4.40 or above. Do you plan to upgrade in the coming period? Cause, from the version 2.4.40, there is one significant parameter:


Besides there is a very serious bug https://bz.apache.org/bugzilla/show_bug.cgi?id=60330, and as I concluded it was fixed in ver. 2.4.40

There are no plans to work with Apache HTTPD 2.4.40 or above yet.

You can create a support case asking the team to talk to the engineering team and check if a backport is possible to apply the Proxy100Continue directive on RHEL 8 HTTPD and also apply the mentioned bug fix.

Hi. Vulnerability analysis has been carried out and they tell us to update the apache version to 2.4.41 or higher. However, for RHEL 8.3 we have 2.4.37. There is some projection that of version 2.4.41 in RHEL 8.3?

Quoting this article text:

Note that the versions of Apache HTTP Server included in the above products are in most cases vastly different from the upstream community releases of the same version

Which means that we provide all the security fixes to our versions without changing the number. That said, our Apache 2.4.37 has several bug and security fixes that the latest community version would have.

You can check any CVE here: Red Hat CVE Checker

This article says that Apache HTTPD 2.4.x is included in RHEL 7.9 (which ends support in 2024) and in RHEL 8.x; this other article https://access.redhat.com/support/policy/updates/jboss_notes/#p_httpd states that Apache HTTPD support for 2.4.x ends in 2022. Could you please clarify?

Apache provided by RHEL 7 follows RHEL life cycle. However, that HTTPD you mentioned for RHEL 8 is the JBCS packages. It isn't RHEL 8 HTTPD binary package. JBCS adds modules to core HTTPD such as mod_jk, mod_cluster and others. The core HTTPD provided by RHEL 8 also follows the OS life cycle, just like RHEL 7.