nginx-1.30.4 stable and nginx-1.31.3 mainline versions have been released with:
- fixes for buffer overflow vulnerability when using map with regex (CVE-2026-42533)
- memory disclosure vulnerability when using ngx_http_slice_module (CVE-2026-60005)
- use-after-freevulnerability when using ngx_http_ssi_module (CVE-2026-56434)
Resources:
nginx-1.30.4 stable change log
nginx-1.31.3 mainline change log