HCE3-SA-2025-0220
An update for mod_http2 is now available for HCE 3.0
Important
HCE 3.0
Security Fix(es):
In certain proxy configurations, a denial of service attack against Apache HTTP Server versions 2.4.26 through to 2.4.63 can be triggered by untrusted clients causing an assertion in mod_proxy_http2.
Configurations affected are a reverse proxy is configured for an HTTP/2 backend, with ProxyPreserveHost set to "on". (CVE-2025-49630)
HCE 3.0
mod_http2-2.0.25-3.r2.hce3.x86_64.rpm
mod_http2-help-2.0.25-3.r2.hce3.noarch.rpm
mod_http2-2.0.25-3.r2.hce3.aarch64.rpm