**My issue:BDSA-2024-2036 - vulnerability is still present with latest nginx version v1.28.0
**How I encountered the problem:During the Black Duck security scan, the report highlighted the security vulnerability BDSA-2024-2036 present in the latest nginx version
**Solutions I’ve tried: None, since there are no new versions available
**Version of NGINX or NGINX adjacent software (e.g. NGINX Gateway Fabric): nginx-1.28.0
**Deployment environment: Production
**NGINX config (formatted in a code block): Not Needed
**NGINX access/error log: Not needed
Kindly confirm when the new version will be planned to get released with the fix for this vulnerability.
Hi @ngoyal1987, thank you for bringing this to our attention. Can you please email the F5 Security Incident Response Team at f5sirt@f5.com with this information? We do not handle vulnerabilities on the NGINX Community Forum or GitHub. Instead the process is:
The F5 Security Incident Response Team (F5 SIRT) offers two methods to easily report potential security vulnerabilities:
If you’re an F5 customer with an active support contract, please contact F5 Technical Support.
If you aren’t an F5 customer, please report any potential or current instances of security vulnerabilities in any F5 product to the F5 Security Incident Response Team at f5sirt@f5.com.