nginx

nginx-1.31.2 mainline version has been released, with fixes for use-after-free vulnerability in the ngx_http_v3_module (CVE-2026-42530), buffer overflow vulnerability in the ngx_http_proxy_v2_module and ngx_http_grpc_module (CVE-2026-42055), and buffer overread vulnerability in the ngx_http_charset_module (CVE-2026-48142).

See official CHANGES on nginx.org.

Below is a release summary generated by GitHub.

What's Changed

• Use SipHash to speed up $request_id generation by @jimf5 in https://github.com/nginx/nginx/pull/1392
• SSL: add $ssl_sigalgs variable by @VadimZhestikov in https://github.com/nginx/nginx/pull/1361
• Xslt: fixed handle vsnprintf return value by @afonot in https://github.com/nginx/nginx/pull/747
• GH: remove the set-creation-date.yaml workflow by @ac000 in https://github.com/nginx/nginx/pull/1435
• Split clients: improved calculation of range boundaries by @pluknet in https://github.com/nginx/nginx/pull/1334
• Style by @pluknet in https://github.com/nginx/nginx/pull/1440
• GH: Fix the whitespace checker workflow by @ac000 in https://github.com/nginx/nginx/pull/1453
• Secure link: Compare hashes in constant time by @sbhowmikf5 in https://github.com/nginx/nginx/pull/1433
• Access log: Fix "request_length" format length by @nitin9977 in https://github.com/nginx/nginx/pull/1432
• Updated OpenSSL used for win32 builds by @pluknet in https://github.com/nginx/nginx/pull/1469
• Nginx 1.31.2 with security fixes (HTTP/2 proxy, grpc, HTTP/3, charset) by @arut in https://github.com/nginx/nginx/pull/1474

New Contributors

• @afonot made their first contribution in https://github.com/nginx/nginx/pull/747
• @sbhowmikf5 made their first contribution in https://github.com/nginx/nginx/pull/1433
• @nitin9977 made their first contribution in https://github.com/nginx/nginx/pull/1432

Full Changelog: https://github.com/nginx/nginx/compare/release-1.31.1...release-1.31.2