Project

General

Profile

Actions

Todo #16049

closed

Update nginx to 1.26.3

Added by Kris Phillips about 1 month ago. Updated about 1 month ago.

Status:
Resolved
Priority:
Normal
Category:
Web Interface
Target version:
Start date:
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
25.03
Release Notes:
Force Exclusion

Description

Vulnerabilities in nginx have been discovered in CVE-2025-23419. Plus 24.11 and 25.03-BETA runs 1.26.2, which is vulnerable. There is a point release available that resolves this.

Actions #1

Updated by Mike Moore about 1 month ago

Will this be through the system update package OR through a firmware upgrade?

Actions #2

Updated by Kris Phillips about 1 month ago

Mike Moore wrote in #note-1:

Will this be through the system update package OR through a firmware upgrade?

This will require an OS/package update, as System Patches can only apply patches to PHP code. This will require the nginx package to be updated.

Actions #3

Updated by Christopher Cope about 1 month ago

  • Status changed from New to Confirmed

25.07-DEV is also running 1.26.2.

Actions #4

Updated by Kristof Provost about 1 month ago

I've updated nginx on plus-RELENG_25_03 to 1.26.3.
I've not touched the plus-devel-main (ie 25.07-DEV) branch. That'll get the update when we next do an upstream merge.

Actions #5

Updated by Jim Pingle about 1 month ago

  • Subject changed from Update nginx to 1.26.3 for CVE-2025-23419 to Update nginx to 1.26.3
  • Category changed from Operating System to Web Interface
  • Status changed from Confirmed to Resolved
  • Assignee set to Kristof Provost
  • Target version changed from CE-Next to 2.8.0
  • % Done changed from 0 to 100

Latest beta build for 25.03 has nginx-1.26.3,3 and appears to be working fine.

Actions #6

Updated by Marcos M about 1 month ago

  • Tracker changed from Bug to Todo
  • Release Notes changed from Default to Force Exclusion
Actions

Also available in: Atom PDF