Nginx has released version 1.28.3, which includes critical patches for buffer overflow vulnerabilities in the DAV and MP4 modules, as well as fixes for mail session authentication flaws and an OCSP bypass vulnerability. These updates are crucial to prevent unauthorized access and potential remote code execution that could compromise server security. System administrators are urged to apply the patch immediately to protect their infrastructure from these known exploits. The update process involves either compiling from source or downloading the new package, followed by a service restart to ensure the changes take effect
Nginx 1.28.3 released
The nginx 1.28.3 stable release drops critical patches that fix buffer overflows in the DAV and MP4 modules before they crash your services. Mail session authentication flaws and an OCSP bypass vulnerability also got addressed to keep unauthorized users out of your stream configurations. Leaving this unpatched invites remote code execution from anyone scanning your public ports. Ops teams should grab the new package immediately to secure their infrastructure against these known exploits.
