changelogly / releases / nginx-1-31-2
NG

Nginx 1.31.2

1.31.1โ†’1.31.2SecurityBug fix
๐Ÿ“… June 17, 2026๐Ÿ—‚ Web Servers๐Ÿ“ฆ Nginx โ†—๐Ÿ“œ Full changelog โ†—
โœฆ Editor's summary

NGINX 1.31.2 is a security-focused mainline release that fixes multiple vulnerabilities affecting HTTP/3, HTTP/2 proxying, gRPC, and character set processing. The update addresses several memory safety issues and is recommended for all deployments running NGINX 1.31.0 or 1.31.1.

โš  Security impact
  • Fixed a use-after-free vulnerability in the HTTP/3 module (CVE-2026-42530).
  • Fixed a heap buffer overflow in the ngx_http_proxy_v2_module and ngx_http_grpc_module (CVE-2026-42055).
  • Fixed a heap buffer over-read vulnerability in the ngx_http_charset_module (CVE-2026-48142).
  • Upgrade is strongly recommended for all NGINX 1.31.0 and 1.31.1 deployments.

What's new

  • Updated NGINX to version 1.31.2.
  • Fixed a use-after-free vulnerability in the HTTP/3 (QUIC) module.
  • Resolved a heap buffer overflow affecting HTTP/2 proxying and gRPC workloads.
  • Fixed a heap buffer over-read issue in the charset module.
  • Improved overall stability and reliability of the mainline release.
  • Recommended upgrade for all users running NGINX 1.31.0 or 1.31.1.

๐Ÿ’ฌ Comments (0)

No comments yet.