Nginx has released version 1.31.0, which addresses six critical vulnerabilities, including an HTTP/2 request injection flaw and buffer overflows that could lead to server crashes and memory leaks. This update introduces significant new features such as least_time load balancing for improved traffic distribution and native support for HTTP forward proxying. Additionally, the release includes updates to the OpenSSL library for Windows, enhanced WebDAV path validation, and fixes for HTTP/2 keepalive issues. System administrators are encouraged to upgrade promptly to enhance security and optimize server performance
Nginx 1.31.0 released
The nginx-1.31.0 mainline release patches six critical vulnerabilities, including an HTTP/2 request injection flaw in the proxy module and buffer overflows that could crash worker processes or leak memory. Administrators gain two major new features: least_time load balancing for smarter traffic distribution across uneven backends, and native HTTP forward proxy support for outbound tunneling. The update also brings a refreshed OpenSSL library for Windows builds, ALPN compatibility for stream proxies, tighter WebDAV path validation, and a fix for HTTP/2 keepalive drops. Server operators should apply this upgrade promptly to close security gaps while unlocking better latency handling and routing flexibility.
