The nginx 1.31.1 mainline release addresses a critical buffer overflow vulnerability in the rewrite module, which can lead to server crashes from overlapping regex captures. The update also implements stricter response header size limits in HTTP/2, as well as stability improvements for MP4 metadata parsing and mail proxy error handling. Administrators are urged to prioritize this update to mitigate potential attacks, while also ensuring that legacy routing rules are not disrupted by the new escape flag validation. Deployment of the update can be done through a simple binary swap and graceful reload, with careful monitoring of worker logs for any issues
nginx 1.31.1 released
The nginx 1.31.1 mainline release patches a nasty buffer overflow in the rewrite module that routinely crashes worker processes when overlapping regex captures slip through. HTTP/2 now strictly caps response header sizes, while MP4 metadata parsing and mail proxy error paths get the quiet stability tweaks they actually need. Admins should push this update immediately, but running a config test first stops the new escape flag validation from breaking legacy routing rules. A simple binary swap and graceful reload handles the deployment, provided the team watches the worker logs for any allocation hiccups.
