3 (CVE-2026-40460), and use-after-free vulnerability in OCSP requests to resolver (CVE-2026-40701). Additionally, nginx-1.31.0 mainline version features support for HTTP forward proxy.

nginx

12 Mei 2026 om 23:00

2026-05-13

njs-0.9.8 bugfix version has been released.

nginx

22 April 2026 om 23:00

2026-04-23

njs-0.9.8 bugfix version has been released.

njs-0.9.7 version has been released, featuring WebCrypto Ed25519 and X25519 support, wrapKey() and unwrapKey(), and crypto.randomUUID().

nginx

20 April 2026 om 23:00

2026-04-21

njs-0.9.7 version has been released, featuring WebCrypto Ed25519 and X25519 support, wrapKey() and unwrapKey(), and crypto.randomUUID().

nginx-acme-0.4.0 version has been released, featuring ACME Renewal Information support.

nginx

19 April 2026 om 23:00

2026-04-20

nginx-acme-0.4.0 version has been released, featuring ACME Renewal Information support.

nginx-1.30.0 stable version has been released, incorporating new features and bug fixes from the 1.29.x mainline branch — including Early Hints, HTTP/2 to backend and Encrypted ClientHello, sticky sessions support for upstreams, Multipath TCP support, the default proxy HTTP version set to HTTP/1.1 with keep-alive enabled, and more.

nginx

13 April 2026 om 23:00

2026-04-14

nginx-1.30.0 stable version has been released, incorporating new features and bug fixes from the 1.29.x mainline branch — including Early Hints, HTTP/2 to backend and Encrypted ClientHello, sticky sessions support for upstreams, Multipath TCP support, the default proxy HTTP version set to HTTP/1.1 with keep-alive enabled, and more.

nginx-1.29.8 mainline version has been released.

nginx

6 April 2026 om 23:00

2026-04-07

nginx-1.29.8 mainline version has been released.

nginx-1.28.3 stable and nginx-1.29.7 mainline versions have been released, with fixes for buffer overflow vulnerability in the ngx_http_dav_module (CVE-2026-27654), buffer overflow vulnerabilities in the ngx_http_mp4_module (CVE-2026-27784, CVE-2026-32647), mail session authentication vulnerabilities (CVE-2026-27651, CVE-2026-28753) and OCSP result bypass vulnerability in stream (CVE-2026-28755). Additionally, nginx-1.29.7 mainline version introduces support for Multipath TCP and upgrades the default proxy HTTP version to HTTP/1.1 with keep-alive enabled.

nginx

23 Maart 2026 om 22:00

2026-03-24

nginx-1.28.3 stable and nginx-1.29.7 mainline versions have been released, with fixes for buffer overflow vulnerability in the ngx_http_dav_module (CVE-2026-27654), buffer overflow vulnerabilities in the ngx_http_mp4_module (CVE-2026-27784, CVE-2026-32647), mail session authentication vulnerabilities (CVE-2026-27651, CVE-2026-28753) and OCSP result bypass vulnerability in stream (CVE-2026-28755). Additionally, nginx-1.29.7 mainline version introduces support for Multipath TCP and upgrades the default proxy HTTP version to HTTP/1.1 with keep-alive enabled.

nginx-1.28.3 stable and nginx-1.29.7 mainline versions have been released, with fixes for buffer overflow vulnerability in the ngx_http_dav_module (CVE-2026-27654), buffer overflow vulnerabilities in the ngx_http_mp4_module (CVE-2026-27784, CVE-2026-32647), mail session authentication vulnerabilities (CVE-2026-27651, CVE-2026-28753) and OCSP result bypass vulnerability in stream (CVE-2026-28755). Additionally, nginx-1.29.7 mainline version introduces support for Multipath TCP and upgrades the default HTTP version to HTTP/1.1 with keep-alive enabled.

nginx

23 Maart 2026 om 22:00

2026-03-24

nginx-1.28.3 stable and nginx-1.29.7 mainline versions have been released, with fixes for buffer overflow vulnerability in the ngx_http_dav_module (CVE-2026-27654), buffer overflow vulnerabilities in the ngx_http_mp4_module (CVE-2026-27784, CVE-2026-32647), mail session authentication vulnerabilities (CVE-2026-27651, CVE-2026-28753) and OCSP result bypass vulnerability in stream (CVE-2026-28755). Additionally, nginx-1.29.7 mainline version introduces support for Multipath TCP and upgrades the default HTTP version to HTTP/1.1 with keep-alive enabled.

nginx-1.28.3 stable and nginx-1.29.7 mainline versions have been released, with fixes for buffer overflow vulnerability in the ngx_http_dav_module (CVE-2026-27654), buffer overflow vulnerabilities in the ngx_http_mp4_module (CVE-2026-27784, CVE-2026-32647), mail session authentication vulnerabilities (CVE-2026-27651, CVE-2026-28753) and OCSP result bypass vulnerability in stream (CVE-2026-28755)

nginx

23 Maart 2026 om 22:00

2026-03-24

nginx-1.28.3 stable and nginx-1.29.7 mainline versions have been released, with fixes for buffer overflow vulnerability in the ngx_http_dav_module (CVE-2026-27654), buffer overflow vulnerabilities in the ngx_http_mp4_module (CVE-2026-27784, CVE-2026-32647), mail session authentication vulnerabilities (CVE-2026-27651, CVE-2026-28753) and OCSP result bypass vulnerability in stream (CVE-2026-28755)

nginx-1.29.6 mainline version has been released, featuring sticky sessions support for upstreams.

nginx

9 Maart 2026 om 22:00

2026-03-10

nginx-1.29.6 mainline version has been released, featuring sticky sessions support for upstreams.

njs-0.9.6 version has been released, featuring optional chaining, nullish coalescing assignment (??=), and logical assignment operators (||= and &&=).

nginx

2 Maart 2026 om 22:00

2026-03-03

njs-0.9.6 version has been released, featuring optional chaining, nullish coalescing assignment (??=), and logical assignment operators (||= and &&=).