-
Tue Apr 07 2026 EL Errata <el-errata_ww@oracle.com> - 1.24.0-3.0.1
- Remove Red Hat references [Orabug: 29498217]
-
Fri Mar 27 2026 Zdenek Dohnal <zdohnal@redhat.com> - 1:1.24.0-3
- Resolves: RHEL-157877 CVE-2026-32647 nginx:1.24/nginx: NGINX: Denial of
Service or Code Execution via specially crafted MP4 files
- Resolves: RHEL-159436 CVE-2026-27651 nginx:1.24/nginx: NGINX: Denial of
Service via undisclosed requests when ngx_mail_auth_http_module is enabled
- Resolves: RHEL-159549 CVE-2026-27654 nginx:1.24/nginx: NGINX: Denial of
Service or file modification via buffer overflow in ngx_http_dav_module
- Resolves: RHEL-159528 CVE-2026-27784 nginx:1.24/nginx: NGINX: Denial of
Service due to memory corruption via crafted MP4 file
-
Sun Feb 22 2026 Luboš Uhliarik <luhliari@redhat.com> - 1:1.24.0-2
- Resolves: RHEL-146517 - nginx:1.24/nginx: NGINX: Data injection via
man-in-the-middle attack on TLS proxied connections (CVE-2026-1642)
-
Thu Jan 18 2024 Luboš Uhliarik <luhliari@redhat.com> - 1:1.24.0-1
- Resolves: RHEL-14714 - add nginx:1.24 to RHEL 8.10
-
Mon Oct 16 2023 Luboš Uhliarik <luhliari@redhat.com> - 1:1.22.1-2
- Resolves: RHEL-12728 - nginx:1.22/nginx: HTTP/2: Multiple HTTP/2 enabled web
servers are vulnerable to a DDoS attack (Rapid Reset Attack)(CVE-2023-44487)
-
Thu Dec 01 2022 Luboš Uhliarik <luhliari@redhat.com> - 1:1.22.1-1
- Resolves: #2112345 - nginx:1.22 for RHEL 8
- add stream_geoip_module and stream_realip_module
- remove obsolete --with-ipv6
-
Tue Dec 21 2021 Joe Orton <jorton@redhat.com> - 1:1.20.1-1
- rebase to 1.20.1 (addressing CVE-2021-23017)
-
Wed Dec 01 2021 Joe Orton <jorton@redhat.com> - 1:1.20.0-4
- add delaycompress to logrotate config (#2015243)
-
Fri Sep 10 2021 Luboš Uhliarik <luhliari@redhat.com> - 1:1.20.0-3
- Add -mod-devel subpackage for building external nginx modules (Neal Gompa)
Resolves: #1991787
-
Fri Aug 20 2021 Luboš Uhliarik <luhliari@redhat.com> - 1:1.20.0-2
- Resolves: #1991796 - build nginx with --with-compat