changelogly / releases / nginx-1-31-2
NG
Nginx 1.31.2
1.31.1โ1.31.2SecurityBug fix
โฆ Editor's summary
NGINX 1.31.2 is a security-focused mainline release that fixes multiple vulnerabilities affecting HTTP/3, HTTP/2 proxying, gRPC, and character set processing. The update addresses several memory safety issues and is recommended for all deployments running NGINX 1.31.0 or 1.31.1.
โ Security impact
- Fixed a use-after-free vulnerability in the HTTP/3 module (CVE-2026-42530).
- Fixed a heap buffer overflow in the ngx_http_proxy_v2_module and ngx_http_grpc_module (CVE-2026-42055).
- Fixed a heap buffer over-read vulnerability in the ngx_http_charset_module (CVE-2026-48142).
- Upgrade is strongly recommended for all NGINX 1.31.0 and 1.31.1 deployments.
What's new
- Updated NGINX to version 1.31.2.
- Fixed a use-after-free vulnerability in the HTTP/3 (QUIC) module.
- Resolved a heap buffer overflow affecting HTTP/2 proxying and gRPC workloads.
- Fixed a heap buffer over-read issue in the charset module.
- Improved overall stability and reliability of the mainline release.
- Recommended upgrade for all users running NGINX 1.31.0 or 1.31.1.
๐ฌ Comments (0)
No comments yet.