ngtcp2 1.11.0, nghttp3 1.8.0 rpms released and added to all supported platforms
Month: February 2025
openssl+quic (quictls) 3.0.16 rpms released
openssl+quic (quictls) 3.0.16 rpms released and added to all supported platforms.
OpenSSL 3.0.16 is a security patch release.
This release incorporates the following bug fixes and mitigations:
Fixed timing side-channel in ECDSA signature computation. (CVE-2024-13176)
Fixed possible OOB memory access with invalid low-level GF(2^m) elliptic curve parameters. (CVE-2024-9143)
NGINX 1.27.4 Mainline with Brotli, TLS 1.3, OpenSSL 3.0.15, HTTP/2 and HTTP/3 for Red Hat Enterprise Linux, CentOS, Rocky, Oracle, Alma Linux EL7/EL8/EL9
nginx 1.27.4 Mainline with HTTP/3 support added to EL7, EL8, EL9 repositories. brotli compression module from Google, http2, ngx cache purge and ngx http geoip2 modules added or built-in. OpenSSL built dynamically using OpenSSL+QUIC 3.0.15.
Featuring optimized resource usage for complex SSL configurations, and with a fix for the SSL session reuse vulnerability (CVE-2025-23419).
NGINX 1.26.3 Stable with Brotli, TLS 1.3, OpenSSL 3.0.15, HTTP/2 and HTTP/3 for Red Hat Enterprise Linux, CentOS 7/8/9, Rocky, Oracle, Alma Linux EL7/EL8/EL9
nginx 1.26.3 Stable with HTTP/3 support added to EL7, EL8, EL9 repositories. brotli compression module from Google, http2, ngx cache purge and ngx http geoip2 modules added or built-in. OpenSSL built dynamically using OpenSSL+QUIC 3.0.15.
Fixed CVE-2025-23419.