RHEL 8.5 has the following fixes in the httpd package over the past couple of months: 2022-03-21 Luboš Uhliarik <luhliari at redhat.com> - 2.4.37-43.3 - Resolves: #2065247 - CVE-2022-22720 httpd:2.4/httpd: HTTP request smuggling vulnerability in Apache HTTP Server 2.4.52 and earlier 2022-02-25 Luboš Uhliarik <luhliari at redhat.com> - 2.4.37-43.2 - Resolves: #2059256 - CVE-2021-34798 httpd:2.4/httpd: NULL pointer dereference via malformed requests - Resolves: #2059257 - CVE-2021-39275 httpd:2.4/httpd: out-of-bounds write in ap_escape_quotes() via malicious input 2022-01-10 Luboš Uhliarik <luhliari at redhat.com> - 2.4.37-43.1 - Resolves: #2035062 - CVE-2021-44790 httpd:2.4/httpd: mod_lua: possible buffer overflow when parsing multipart content I don't see builds that correspond to this in https://koji.mbox.centos.org/koji/packageinfo?packageID=583 , and this URL hangs in my browser: https://git.centos.org/rpms/httpd When should I expect these CVE fixes in CentOS 8 Stream? - Ken