Nginx with OpenSSL 1.1.1n

Sergey A. Osokin osa at
Sun Mar 27 13:58:25 UTC 2022


On Sun, Mar 27, 2022 at 02:04:10AM -0400, sukeerthiadiga wrote:
> The Mainline version of Nginx i.e 1.12.6 has the OpenSSL version 1.1.1m and
> it is vulnerable.

That's a bit far from true.  NGINX, as many other products, depends on other
open source software components, like openssl, pcre, zlib.  Library of those
components are supported by an operating system vendor.  I'd recommend
to contact to the vendor of a corresponding OS to get an update of a

> Is there any plan to release another version of Nginx with the latest
> OpenSSL(i.e 1.1.1n)?

I don't think that such plans are available.

Sergey A. Osokin

More information about the nginx mailing list