The Apache HTTP Server version 2.4.38 fixes tree vulnerabilities [1].
No action required for Airlock WAF
Details
CVE-2018-17189 - DoS with mod_http2. The criticality of this vulnerability for Airlock WAF is negligible.
CVE-2019-0190 - DoS in combination with OpenSSL 1.1.1. This OpenSSL version is not yet used by Airlock WAF.
CVE-2018-17199 - Affects mod_session_cookie. This module is not used by Airlock WAF.
No action is required.