<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux/meta-openembedded.git/meta-webserver/recipes-httpd/nginx/nginx_1.29.7.bb, branch master-next</title>
<subtitle>Mirror of git.openembedded.org/meta-openembedded</subtitle>
<id>https://git.enea.com/cgit/linux/meta-openembedded.git/atom?h=master-next</id>
<link rel='self' href='https://git.enea.com/cgit/linux/meta-openembedded.git/atom?h=master-next'/>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/'/>
<updated>2026-05-13T07:17:25+00:00</updated>
<entry>
<title>nginx: upgrade 1.29.7 -&gt; 1.30.0</title>
<updated>2026-05-13T07:17:25+00:00</updated>
<author>
<name>Ankur Tyagi</name>
<email>ankur.tyagi85@gmail.com</email>
</author>
<published>2026-05-09T11:06:00+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=d98d888df6aec5177517d94322493241ad2cd9b7'/>
<id>urn:sha1:d98d888df6aec5177517d94322493241ad2cd9b7</id>
<content type='text'>
1.30.0 stable version has been released, incorporating new features and bug
fixes from the 1.29.x mainline branch (https://nginx.org/en/CHANGES-1.30)

Also dropped v1.28 support.

Signed-off-by: Ankur Tyagi &lt;ankur.tyagi85@gmail.com&gt;
Signed-off-by: Khem Raj &lt;khem.raj@oss.qualcomm.com&gt;
</content>
</entry>
<entry>
<title>nginx: upgrade 1.29.6 -&gt; 1.29.7</title>
<updated>2026-03-28T15:32:48+00:00</updated>
<author>
<name>Gyorgy Sarvari</name>
<email>skandigraun@gmail.com</email>
</author>
<published>2026-03-28T07:30:21+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=81e1926faffdc13555f94422c722ab5fcbee6b61'/>
<id>urn:sha1:81e1926faffdc13555f94422c722ab5fcbee6b61</id>
<content type='text'>
Changes:
*) Security: a buffer overflow might occur while handling a COPY or MOVE
   request in a location with "alias", allowing an attacker to modify
   the source or destination path outside of the document root
   (CVE-2026-27654).

*) Security: processing of a specially crafted mp4 file by the
   ngx_http_mp4_module on 32-bit platforms might cause a worker process
   crash, or might have potential other impact (CVE-2026-27784).

*) Security: processing of a specially crafted mp4 file by the
   ngx_http_mp4_module might cause a worker process crash, or might have
   potential other impact (CVE-2026-32647).

*) Security: a segmentation fault might occur in a worker process if the
   CRAM-MD5 or APOP authentication methods were used and authentication
   retry was enabled (CVE-2026-27651).

*) Security: an attacker might use PTR DNS records to inject data in
   auth_http requests, as well as in the XCLIENT command in the backend
   SMTP connection (CVE-2026-28753).

*) Security: SSL handshake might succeed despite OCSP rejecting a client
   certificate in the stream module (CVE-2026-28755).

*) Feature: the "multipath" parameter of the "listen" directive.

*) Feature: the "local" parameter of the "keepalive" directive in the
   "upstream" block.
*) Change: now the "keepalive" directive in the "upstream" block is
   enabled by default.
*) Change: now ngx_http_proxy_module supports keepalive by default; the
   default value for "proxy_http_version" is "1.1"; the "Connection"
   proxy header is not sent by default anymore.
*) Bugfix: an invalid HTTP/2 request might be sent after switching to
   the next upstream if buffered body was used in the
   ngx_http_grpc_module.

Signed-off-by: Gyorgy Sarvari &lt;skandigraun@gmail.com&gt;
Signed-off-by: Khem Raj &lt;khem.raj@oss.qualcomm.com&gt;
</content>
</entry>
</feed>
