nginx: upgrade 1.29.7 -> 1.30.0

2026-05-12T08:10:18+00:00

1.30.0 stable version has been released, incorporating new features and bug fixes from the 1.29.x mainline branch (https://nginx.org/en/CHANGES-1.30) Also dropped v1.28 support. Signed-off-by: Ankur Tyagi Signed-off-by: Khem Raj

nginx: upgrade 1.28.2 -> 1.28.3

2026-03-28T15:32:48+00:00

Changes: *) Security: a buffer overflow might occur while handling a COPY or MOVE request in a location with "alias", allowing an attacker to modify the source or destination path outside of the document root (CVE-2026-27654). *) Security: processing of a specially crafted mp4 file by the ngx_http_mp4_module on 32-bit platforms might cause a worker process crash, or might have potential other impact (CVE-2026-27784). *) Security: processing of a specially crafted mp4 file by the ngx_http_mp4_module might cause a worker process crash, or might have potential other impact (CVE-2026-32647). *) Security: a segmentation fault might occur in a worker process if the CRAM-MD5 or APOP authentication methods were used and authentication retry was enabled (CVE-2026-27651). *) Security: an attacker might use PTR DNS records to inject data in auth_http requests, as well as in the XCLIENT command in the backend SMTP connection (CVE-2026-28753). *) Security: SSL handshake might succeed despite OCSP rejecting a client certificate in the stream module (CVE-2026-28755). *) Change: now nginx limits the size and rate of QUIC stateless reset packets. *) Bugfix: receiving a QUIC packet by a wrong worker process could cause the connection to terminate. *) Bugfix: in the ngx_http_mp4_module. Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj

linux/meta-openembedded.git/meta-webserver/recipes-httpd/nginx/nginx_1.28.3.bb, branch master-next

nginx: upgrade 1.29.7 -> 1.30.0

nginx: upgrade 1.28.2 -> 1.28.3