nginx-1.30.3 stable and nginx-1.31.2 mainline versions have been released, with fixes for buffer overflow vulnerability in the ngx_http_proxy_v2_module and ngx_http_grpc_module (CVE-2026-42055), and buffer overread vulnerability in the ngx_http_charset_module (CVE-2026-48142). Additionally, nginx-1.31.2 includes a fix for use-after-free vulnerability in the ngx_http_v3_module (CVE-2026-42530).

nginx-1.30.2 stable and nginx-1.31.1 mainline versions have been released, with a fix for buffer overflow vulnerability in the ngx_http_rewrite_module (CVE-2026-9256).

njs-0.9.9 version has been released, with a fix for heap buffer overflow vulnerability in js_fetch_proxy (CVE-2026-8711), featuring js_access, r.readRequestText() and friends, r.readRequestForm(), and jsVarNames().

nginx-1.30.1 stable and nginx-1.31.0 mainline versions have been released, with fixes for HTTP/2 request injection vulnerability in the ngx_http_proxy_module (CVE-2026-42926), buffer overflow vulnerability in the ngx_http_rewrite_module (CVE-2026-42945), buffer overread vulnerabilities in the ngx_http_scgi_module and ngx_http_uwsgi_module (CVE-2026-42946), buffer overread vulnerability in the ngx_http_charset_module (CVE-2026-42934), address spoofing vulnerability in HTTP/3 (CVE-2026-40460), and use-after-free vulnerability in OCSP requests to resolver (CVE-2026-40701). Additionally, nginx-1.31.0 mainline version features support for HTTP forward proxy.

njs-0.9.8 bugfix version has been released.

njs-0.9.7 version has been released, featuring WebCrypto Ed25519 and X25519 support, wrapKey() and unwrapKey(), and crypto.randomUUID().

nginx-acme-0.4.0 version has been released, featuring ACME Renewal Information support.

nginx-1.30.0 stable version has been released, incorporating new features and bug fixes from the 1.29.x mainline branch  — including Early Hints, HTTP/2 to backend and Encrypted ClientHello, sticky sessions support for upstreams, Multipath TCP support, the default proxy HTTP version set to HTTP/1.1 with keep-alive enabled, and more.

nginx-1.29.8 mainline version has been released.

nginx-1.28.3 stable and nginx-1.29.7 mainline versions have been released, with fixes for buffer overflow vulnerability in the ngx_http_dav_module (CVE-2026-27654), buffer overflow vulnerabilities in the ngx_http_mp4_module (CVE-2026-27784, CVE-2026-32647), mail session authentication vulnerabilities (CVE-2026-27651, CVE-2026-28753) and OCSP result bypass vulnerability in stream (CVE-2026-28755). Additionally, nginx-1.29.7 mainline version introduces support for Multipath TCP and upgrades the default proxy HTTP version to HTTP/1.1 with keep-alive enabled.

nginx-1.28.3 stable and nginx-1.29.7 mainline versions have been released, with fixes for buffer overflow vulnerability in the ngx_http_dav_module (CVE-2026-27654), buffer overflow vulnerabilities in the ngx_http_mp4_module (CVE-2026-27784, CVE-2026-32647), mail session authentication vulnerabilities (CVE-2026-27651, CVE-2026-28753) and OCSP result bypass vulnerability in stream (CVE-2026-28755). Additionally, nginx-1.29.7 mainline version introduces support for Multipath TCP and upgrades the default HTTP version to HTTP/1.1 with keep-alive enabled.

nginx-1.28.3 stable and nginx-1.29.7 mainline versions have been released, with fixes for buffer overflow vulnerability in the ngx_http_dav_module (CVE-2026-27654), buffer overflow vulnerabilities in the ngx_http_mp4_module (CVE-2026-27784, CVE-2026-32647), mail session authentication vulnerabilities (CVE-2026-27651, CVE-2026-28753) and OCSP result bypass vulnerability in stream (CVE-2026-28755)

nginx-1.29.6 mainline version has been released, featuring sticky sessions support for upstreams.

njs-0.9.6 version has been released, featuring optional chaining, nullish coalescing assignment (??=), and logical assignment operators (||= and &&=).

nginx-1.28.2 stable and nginx-1.29.5 mainline versions have been released, with a fix for the SSL upstream injection vulnerability (CVE-2026-1642).

njs-0.9.5 version has been released, featuring native modules support for qjs engine in http and stream.

nginx-1.28.1 stable version has been released.

nginx-1.29.4 mainline version has been released, featuring HTTP/2 to backend and Encrypted ClientHello support.

nginx-acme-0.3.0 version has been released.

nginx-1.29.3 mainline version has been released.

njs-0.9.4 version has been released, featuring HTTP forward proxy support for ngx.fetch() API in http and stream.

nginx-1.29.2 mainline version has been released.

njs-0.9.3 bugfix version has been released.

njs-0.9.2 version has been released, featuring HTTP keepalive support for ngx.fetch() API in http and stream.

nginx-1.29.1 mainline version has been released.

nginx-1.28.1 stable version has been released.

nginx-1.29.4 mainline version has been released, featuring HTTP/2 to backend and Encrypted ClientHello support.

nginx-1.29.4 mainline version has been released, featuring HTTP/2 to backend and Encrypted ClientHello.

nginx-acme-0.3.0 version has been released.

nginx-1.29.3 mainline version has been released.