Apache httpd 2.4.64 has just been released, fixing 8 vulnerabilities (5 moderate, 3 low).
Two HTTP/2 related CVEs also fixed in the latest mod_h2 release v2.0.33.
httpd.apache.org/security/vuln…
github.com/icing/mod_h2/releas…
Release mod_h2 v2.0.33 · icing/mod_h2
Fixes CVE-2025-53020 (https://www.cve.org/CVERecord?id=CVE-2025-53020) where a client can increase memory consumption for a HTTP/2 connection via repeated request header names,leading to denial of ...GitHub