Nginx has announced the release of version 1.28.1, emphasizing enhancements related to security and various bug fixes aimed at improving stability and performance for real-world applications. A key highlight of this update is the resolution of a memory disclosure vulnerability in the ngx_mail_smtp_module, identified as CVE-2025-53859, which could have permitted unauthorized access to worker process memory under specific conditions.
In addition to addressing this critical security issue, the update also resolves numerous bugs that have contributed to improved overall performance. Noteworthy fixes include the stabilization of the try_files directive when used with proxy_pass, which previously caused worker crashes in certain scenarios. Additionally, adjustments have been made to handle inconsistencies with HTTP/2 header lines and to rectify problems related to SSL certificate caching during server reconfiguration.
The update also marks improvements in cross-platform compatibility, as Nginx has shifted to using Windows SDK 10 for its native binary builds, aimed at optimizing performance on Windows servers. Furthermore, users of NetBSD will be pleased to know that version 1.28.1 is now compatible with NetBSD 10.0.
Other enhancements include bug fixes for improperly encoded XCLIENT commands and updates to Cache-Control backend processing. The team is actively working on HTTP/3 issues and has implemented workarounds for current challenges, ensuring that the latest version remains robust in handling modern web protocols.
Overall, this release underscores Nginx's commitment to continuously enhancing server configuration and operation through focused improvements in security, protocol handling, and cross-platform capabilities. Users can find more detailed information in the official CHANGES-1.28 document on the Nginx website.
In conclusion, Nginx 1.28.1 reflects a consistent effort to refine the server's functionality and security, and it serves as a stable foundation for users looking to optimize their web server environments
In addition to addressing this critical security issue, the update also resolves numerous bugs that have contributed to improved overall performance. Noteworthy fixes include the stabilization of the try_files directive when used with proxy_pass, which previously caused worker crashes in certain scenarios. Additionally, adjustments have been made to handle inconsistencies with HTTP/2 header lines and to rectify problems related to SSL certificate caching during server reconfiguration.
The update also marks improvements in cross-platform compatibility, as Nginx has shifted to using Windows SDK 10 for its native binary builds, aimed at optimizing performance on Windows servers. Furthermore, users of NetBSD will be pleased to know that version 1.28.1 is now compatible with NetBSD 10.0.
Other enhancements include bug fixes for improperly encoded XCLIENT commands and updates to Cache-Control backend processing. The team is actively working on HTTP/3 issues and has implemented workarounds for current challenges, ensuring that the latest version remains robust in handling modern web protocols.
Overall, this release underscores Nginx's commitment to continuously enhancing server configuration and operation through focused improvements in security, protocol handling, and cross-platform capabilities. Users can find more detailed information in the official CHANGES-1.28 document on the Nginx website.
In conclusion, Nginx 1.28.1 reflects a consistent effort to refine the server's functionality and security, and it serves as a stable foundation for users looking to optimize their web server environments
Nginx 1.28.1 released
Nginx has rolled out its latest update, version 1.28.1, with a focus on security and bug fixes for real-world setups. The most notable change is the patching of a memory disclosure vulnerability in the ngx_mail_smtp_module that could have allowed snooping worker process memory under certain conditions. In addition to security fixes, several bugs related to stability and performance were resolved, including issues involving try_files, proxy_pass, HTTP/2 headers, and SSL certificate caching.
