[nginx-announce] nginx-1.26.1

Sergey Kandaurov pluknet at nginx.com
Wed May 29 15:12:03 UTC 2024

Changes with nginx 1.26.1                                        29 May 2024

   *) Security: when using HTTP/3, processing of a specially crafted QUIC
      session might cause a worker process crash, worker process memory
      disclosure on systems with MTU larger than 4096 bytes, or might have
      potential other impact (CVE-2024-32760, CVE-2024-31079,
      CVE-2024-35200, CVE-2024-34161).
      Thanks to Nils Bars of CISPA.

   *) Bugfix: reduced memory consumption for long-lived requests if "gzip",
      "gunzip", "ssi", "sub_filter", or "grpc_pass" directives are used.

   *) Bugfix: nginx could not be built by gcc 14 if the --with-atomic
      option was used.
      Thanks to Edgar Bonet.

   *) Bugfix: in HTTP/3.

Sergey Kandaurov

More information about the nginx-announce mailing list