nginx 1.31.1 Mainline with HTTP/3 support added to EL7, EL8, EL9 and EL10 repositories. Brotli compression module from Google, http2, ngx_cache_purge and ngx_http_geoip2 modules are built in. OpenSSL is built dynamically using official OpenSSL 4.0.0 with QUIC support.
Major changes:
*) Security: a heap memory buffer overflow might occur in a worker process when using a configuration with overlapping captures in ngx_http_rewrite_module, potentially resulting in arbitrary code execution (CVE-2026-9256). Thanks to Mufeed VH of Winfunc Research.