-
Fri May 29 2026 EL Errata <el-errata_ww@oracle.com> - 1.20.1-28.0.1.el9_8.2
- Reference oracle-indexhtml within Requires [Orabug: 33802044]
- Remove Red Hat references [Orabug: 29498217]
- Update upstream references [Orabug: 36579090]
-
Thu May 14 2026 Luboš Uhliarik <luhliari@redhat.com> - 2:1.20.1-28.2
- Resolves: RHEL-176232 - nginx: NGINX: Arbitrary Code Execution
Vulnerability (CVE-2026-42945)
-
Fri Mar 27 2026 Zdenek Dohnal <zdohnal@redhat.com> - 2:1.20.1-28.1
- RHEL-159560 CVE-2026-27654 nginx: NGINX: Denial of Service or file modification via buffer overflow in ngx_http_dav_module
- RHEL-159539 CVE-2026-27784 nginx: NGINX: Denial of Service due to memory corruption via crafted MP4 file
- RHEL-159447 CVE-2026-27651 nginx: NGINX: Denial of Service via undisclosed requests when ngx_mail_auth_http_module is enabled
- RHEL-157888 CVE-2026-32647 nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files
-
Tue Feb 17 2026 Luboš Uhliarik <luhliari@redhat.com> - 2:1.20.1-28
- Resolves: RHEL-146528 - CVE-2026-1642 nginx: NGINX: Data injection via
man-in-the-middle attack on TLS proxied connection
-
Thu Jan 29 2026 Luboš Uhliarik <luhliari@redhat.com> - 2:1.20.1-27
- Resolves: RHEL-145177 - Clarify binding behavior of -t option
-
Thu Nov 20 2025 Luboš Uhliarik <luhliari@redhat.com> - 2:1.20.1-26
- Resolves: RHEL-102548 - Remove 50x.html for nginx 1.26
-
Wed Nov 19 2025 Luboš Uhliarik <luhliari@redhat.com> - 2:1.20.1-25
- Resolves: RHEL-114935 - Image mode: The dir /var/lib and /var/log
is not created when updating system in image mode
-
Wed May 14 2025 Luboš Uhliarik <luhliari@redhat.com> - 2:1.20.1-24
- Resolves: RHEL-84477 - nginx: specially crafted MP4 file may cause
denial of service (CVE-2024-7347)
- Resolves: RHEL-85556 - nginx: Memory disclosure in the
ngx_http_mp4_module (CVE-2022-41742)
- Resolves: RHEL-91446 - nginx: Memory corruption in the
ngx_http_mp4_module (CVE-2022-41741)
-
Thu Apr 24 2025 Luboš Uhliarik <luhliari@redhat.com> - 2:1.20.1-23
- Resolves: RHEL-6786 - SSL-errors 0A000126 / NS_NET_ERROR_PARTIAL_TRANSFER
at nginx with reverse-proxy
-
Thu Feb 13 2025 Luboš Uhliarik <luhliari@redhat.com> - 2:1.20.1-22
- Resolves: RHEL-78236 - nginx: TLS Session Resumption
Vulnerability (CVE-2025-23419)