nginx

nginx/nginx last check 2026-06-20 20:07 UTC 25 releases recent

Notes

no notes yet

Release notes

v-1.29.7

nginx-1.29.7 mainline version has been released, introducing two significant updates: support for Multipath TCP and upgrading the default HTTP version to HTTP/1.1 with keep-alive enabled. This release also includes a security fix for the buffer overflow vulnerability in the ngx_http_dav_module (CVE-2026-27654), security fixes for the buffer overflow vulnerabilities in the ngx_http_mp4_module (CVE-2026-27784, CVE-2026-32647), security fixes for the mail session authentication vulnerabilities (CVE-2026-27651, CVE-2026-28753), and a security fix for the OCSP result bypass vulnerability in stream (CVE-2026-28755).

See official CHANGES on nginx.org.

Below is a release summary generated by GitHub.

What's Changed

Version bump 1.29.7. by @arut in https://github.com/nginx/nginx/pull/1181
Proxy authentication definitions. by @arut in https://github.com/nginx/nginx/pull/1178
Proxy: reset pending control frames on HTTP/2 upstream reinit. by @devnexen in https://github.com/nginx/nginx/pull/1135
gRPC: reset buffer chains on upstream reinit. by @devnexen in https://github.com/nginx/nginx/pull/1136
Multipath TCP support by @pluknet in https://github.com/nginx/nginx/pull/931
Logs: added COMPAT padding to ngx_log_t. by @dplotnikov-f5 in https://github.com/nginx/nginx/pull/1196
Upstream keepalive: enabled keepalive module by default. by @roman-f5 in https://github.com/nginx/nginx/pull/1080
Upstream keepalive: fixed parameter parsing. by @arut in https://github.com/nginx/nginx/pull/1207
Mp4: avoid zero size buffers in output. by @arut in https://github.com/nginx/nginx/pull/1149
Mp4: fixed possible integer overflow on 32-bit platforms. by @arut in https://github.com/nginx/nginx/pull/1209
Dav: destination length validation for COPY and MOVE. by @arut in https://github.com/nginx/nginx/pull/1210
Mail: host validation. by @arut in https://github.com/nginx/nginx/pull/1211
Mail: fixed clearing s->passwd in auth http requests. by @arut in https://github.com/nginx/nginx/pull/1212
Stream: fixed client certificate validation with OCSP. by @arut in https://github.com/nginx/nginx/pull/1213
nginx-1.29.7-RELEASE by @arut in https://github.com/nginx/nginx/pull/1215

New Contributors

@devnexen made their first contribution in https://github.com/nginx/nginx/pull/1135

Full Changelog: https://github.com/nginx/nginx/compare/release-1.29.6...release-1.29.7