nginx 1.29.1 Mainline with HTTP/3 support added to EL7, EL8, EL9, EL10 repositories. brotli compression module from Google, http2, ngx cache purge and ngx http geoip2 modules added or built-in. OpenSSL built dynamically using official OpenSSL 3.5.1 with QUIC support.
Our OpenSSL 3.5.1 builds break compatibility with nginx 1.28.x and earlier versions, as they are compiled against quictls project with their own APIs. Thus, to upgrade OpenSSL QUIC libs, please use nginx >= 1.29.0.
- CVE fix CVE-2025-53859 Buffer overread in the ngx_mail_smtp_module
- PCRE license fix for win32 zip by @pluknet in #753
- QUIC: adjusted OpenSSL 3.5 QUIC API feature test. by @pluknet in #749
- OPENSSL_VERSION_NUMBER fix for OpenSSL 3.0 by @pluknet in #775
- kqueue build fixes by @pluknet in #777
- HTTP/3: limited prefixed integers encoded length. by @pluknet in #124
- HTTP/3: fixed handling :authority and Host with port. by @arut in #772
- HTTP/2: fixed flushing early hints. by @arut in #808
- HTTP/2 fixes for «:authority» vs «Host» by @pluknet in #803
Certificate compression by @pluknet in #788 - Auth basic: fixed file descriptor leak on memory allocation error. by @pluknet in #833
- smtp module fixes by @pluknet in #842
- Changes 1.29.1 by @pluknet in #843