Commit a7304fa
committed
security(nginx): mainline=1.31.0, stable=1.30.1
This release addresses several security vulnerabilities:
- CVE-2026-42926: HTTP/2 request injection in ngx_http_proxy_module.
- CVE-2026-42945: Buffer overflow in ngx_http_rewrite_module.
- CVE-2026-42946: Buffer overread in ngx_http_scgi and ngx_http_uwsgi modules.
- CVE-2026-42934: Buffer overread in ngx_http_charset_module.
- CVE-2026-40460: Address spoofing vulnerability in HTTP/3.
- CVE-2026-40701: Use-after-free in OCSP requests to resolver.
Additionally, version 1.31.0 (mainline) introduces:
- Native support for HTTP forward proxy.
Links:
- https://nginx.org/en/security_advisories.html
- https://github.com/depthfirstdisclosures/nginx-rift
- https://x.com/Markak_/status/2054599711764750498
- https://nginx.org/1 parent 759b49e commit a7304fa
6 files changed
Lines changed: 6 additions & 6 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
1 | 1 | | |
2 | 2 | | |
3 | | - | |
| 3 | + | |
4 | 4 | | |
5 | 5 | | |
6 | 6 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
1 | 1 | | |
2 | 2 | | |
3 | | - | |
| 3 | + | |
4 | 4 | | |
5 | 5 | | |
6 | 6 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
1 | 1 | | |
2 | 2 | | |
3 | | - | |
| 3 | + | |
4 | 4 | | |
5 | 5 | | |
6 | 6 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
1 | 1 | | |
2 | 2 | | |
3 | | - | |
| 3 | + | |
4 | 4 | | |
5 | 5 | | |
6 | 6 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
1 | 1 | | |
2 | 2 | | |
3 | | - | |
| 3 | + | |
4 | 4 | | |
5 | 5 | | |
6 | 6 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
1 | 1 | | |
2 | 2 | | |
3 | | - | |
| 3 | + | |
4 | 4 | | |
5 | 5 | | |
6 | 6 | | |
| |||
0 commit comments