RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

1. Proposed title of this feature request
+ To have httpd 2.4.42 package in the respective yum repos(or modules) as we have a customer who wants this to be implemented in httpd container.
+ In simple terms this needs to be implemented in base repo's so that it can be implemented at container level.

2. What is the nature and description of the request?
Outdated software is running in image in Production environment at customer's end.

3. Why do you need this? (List the business requirements here)
The reason the cu is asking this is because the Apache software that is present in the current images is having many vulnerabilities and their Security Team suggests to update the software. As they have taken the solution from RedHat Container catalog previously, they would like to use the same image with update Apache httpd version in it.

4. List any affected packages or components.
The list of vulnerabilities can be found in the below link.

https://www.cvedetails.com/vulnerability-list.php?vendor_id=45&product_id=66&version_id=271886&page=1&hasexp=0&opdos=0&opec=0&opov=0&opcsrf=0&opgpriv=0&opsqli=0&opxss=0&opdirt=0&opmemc=0&ophttprs=0&opbyp=0&opfileinc=0&opginf=0&cvssscoremin=0&cvssscoremax=0&year=0&cweid=0&order=1&trc=11&sha=d4830167d04324c42730dfc46ce281df75dd6d00

Please check the RFE --> https://issues.redhat.com/browse/RFE-1742 raised for using the image inside container.

We actively backport security patches to RHEL addressing relevant vulnerabilities in line with the support policy.  Please see https://access.redhat.com/security/security-updates/#/cve if there are specific CVEs where you are unsure about whether these affect RHEL and/or to check whether we have addressed them already.