nginx 1.29.5 Mainline with HTTP/3 support added to EL7, EL8, EL9, EL10 repositories. brotli compression module from Google, http2, ngx cache purge and ngx http geoip2 modules added or built-in. OpenSSL built dynamically using official OpenSSL 3.5.1 with QUIC support.
Our OpenSSL 3.5.4 builds break compatibility with nginx 1.28.x and earlier versions, as they are compiled against quictls project with their own APIs. Thus, to upgrade OpenSSL QUIC libs, please use nginx >= 1.29.0.
*) Security: an attacker might inject plain text data in the response from an SSL backend (CVE-2026-1642).
*) Bugfix: use-after-free might occur after switching to the next gRPC or HTTP/2 backend.
*) Bugfix: an invalid HTTP/2 request might be sent after switching to the next upstream.
*) Bugfix: a response with multiple ranges might be larger than the
source response.
*) Bugfix: fixed setting HTTP_HOST when proxying to FastCGI, SCGI, and uwsgi backends.
*) Bugfix: fixed warning when compiling with MSVC 2022 x86.
*) Change: the logging level of the "ech_required" SSL error has been lowered from "crit" to "info".