nginx-1.30.2 stable and nginx-1.31.1 mainline versions have been released, with a fix for buffer overflow vulnerability in the ngx_http_rewrite_module (CVE-2026-9256).
njs-0.9.9 version has been released, with a fix for heap buffer overflow vulnerability in js_fetch_proxy (CVE-2026-8711), featuring js_access, r.readRequestText() and friends, r.readRequestForm(), and jsVarNames().
nginx-1.30.1 stable and nginx-1.31.0 mainline versions have been released, with fixes for HTTP/2 request injection vulnerability in the ngx_http_proxy_module (CVE-2026-42926), buffer overflow vulnerability in the ngx_http_rewrite_module (CVE-2026-42945), buffer overread vulnerabilities in the ngx_http_scgi_module and ngx_http_uwsgi_module (CVE-2026-42946), buffer overread vulnerability in the ngx_http_charset_module (CVE-2026-42934), address spoofing vulnerability in HTTP/3 (CVE-2026-40460), and use-after-free vulnerability in OCSP requests to resolver (CVE-2026-40701). Additionally, nginx-1.31.0 mainline version features support for HTTP forward proxy.
njs-0.9.7 version has been released, featuring WebCrypto Ed25519 and X25519 support, wrapKey() and unwrapKey(), and crypto.randomUUID().
nginx-acme-0.4.0 version has been released, featuring ACME Renewal Information support.
nginx-1.30.0 stable version has been released, incorporating new features and bug fixes from the 1.29.x mainline branch Β β including Early Hints, HTTP/2 to backend and Encrypted ClientHello, sticky sessions support for upstreams, Multipath TCP support, the default proxy HTTP version set to HTTP/1.1 with keep-alive enabled, and more.
nginx-1.29.8 mainline version has been released.
nginx-1.28.3 stable and nginx-1.29.7 mainline versions have been released, with fixes for buffer overflow vulnerability in the ngx_http_dav_module (CVE-2026-27654), buffer overflow vulnerabilities in the ngx_http_mp4_module (CVE-2026-27784, CVE-2026-32647), mail session authentication vulnerabilities (CVE-2026-27651, CVE-2026-28753) and OCSP result bypass vulnerability in stream (CVE-2026-28755). Additionally, nginx-1.29.7 mainline version introduces support for Multipath TCP and upgrades the default proxy HTTP version to HTTP/1.1 with keep-alive enabled.
nginx-1.28.3 stable and nginx-1.29.7 mainline versions have been released, with fixes for buffer overflow vulnerability in the ngx_http_dav_module (CVE-2026-27654), buffer overflow vulnerabilities in the ngx_http_mp4_module (CVE-2026-27784, CVE-2026-32647), mail session authentication vulnerabilities (CVE-2026-27651, CVE-2026-28753) and OCSP result bypass vulnerability in stream (CVE-2026-28755). Additionally, nginx-1.29.7 mainline version introduces support for Multipath TCP and upgrades the default HTTP version to HTTP/1.1 with keep-alive enabled.
nginx-1.28.3 stable and nginx-1.29.7 mainline versions have been released, with fixes for buffer overflow vulnerability in the ngx_http_dav_module (CVE-2026-27654), buffer overflow vulnerabilities in the ngx_http_mp4_module (CVE-2026-27784, CVE-2026-32647), mail session authentication vulnerabilities (CVE-2026-27651, CVE-2026-28753) and OCSP result bypass vulnerability in stream (CVE-2026-28755)
nginx-1.29.6 mainline version has been released, featuring sticky sessions support for upstreams.
nginx-1.28.2 stable and nginx-1.29.5 mainline versions have been released, with a fix for the SSL upstream injection vulnerability (CVE-2026-1642).
nginx-1.28.1 stable version has been released.
nginx-1.29.4 mainline version has been released, featuring HTTP/2 to backend and Encrypted ClientHello support.
nginx-acme-0.3.0 version has been released.
nginx-1.29.3 mainline version has been released.
njs-0.9.4 version has been released, featuring HTTP forward proxy support for ngx.fetch() API in http and stream.
nginx-1.29.2 mainline version has been released.
njs-0.9.2 version has been released, featuring HTTP keepalive support for ngx.fetch() API in http and stream.
nginx-1.29.1 mainline version has been released.
nginx-1.28.1 stable version has been released.
nginx-1.29.4 mainline version has been released, featuring HTTP/2 to backend and Encrypted ClientHello support.
nginx-1.29.4 mainline version has been released, featuring HTTP/2 to backend and Encrypted ClientHello.
nginx-acme-0.3.0 version has been released.
nginx-1.29.3 mainline version has been released.
njs-0.9.4 version has been released, featuring HTTP forward proxy support for ngx.fetch() API in http and stream.
Log in