nginx

nginx-1.28.3 stable version has been released. This release includes a security fix for the buffer overflow vulnerability in the ngx_http_dav_module (CVE-2026-27654), security fixes for the buffer overflow vulnerabilities in the ngx_http_mp4_module (CVE-2026-27784, CVE-2026-32647), security fixes for the mail session authentication vulnerabilities (CVE-2026-27651, CVE-2026-28753), and a security fix for the OCSP result bypass vulnerability in stream (CVE-2026-28755).

See official CHANGES-1.28 on nginx.org.

Below is a release summary generated by GitHub.

What's Changed

• Release 1.28.3 by @arut in https://github.com/nginx/nginx/pull/1216

Full Changelog: https://github.com/nginx/nginx/compare/release-1.28.2...release-1.28.3