Todo #16049
closedUpdate nginx to 1.26.3
100%
Description
Vulnerabilities in nginx have been discovered in CVE-2025-23419. Plus 24.11 and 25.03-BETA runs 1.26.2, which is vulnerable. There is a point release available that resolves this.
Updated by Mike Moore about 1 month ago
Will this be through the system update package OR through a firmware upgrade?
Updated by Kris Phillips about 1 month ago
Mike Moore wrote in #note-1:
Will this be through the system update package OR through a firmware upgrade?
This will require an OS/package update, as System Patches can only apply patches to PHP code. This will require the nginx package to be updated.
Updated by Christopher Cope about 1 month ago
- Status changed from New to Confirmed
25.07-DEV is also running 1.26.2.
Updated by Kristof Provost about 1 month ago
I've updated nginx on plus-RELENG_25_03 to 1.26.3.
I've not touched the plus-devel-main (ie 25.07-DEV) branch. That'll get the update when we next do an upstream merge.
Updated by Jim Pingle about 1 month ago
- Subject changed from Update nginx to 1.26.3 for CVE-2025-23419 to Update nginx to 1.26.3
- Category changed from Operating System to Web Interface
- Status changed from Confirmed to Resolved
- Assignee set to Kristof Provost
- Target version changed from CE-Next to 2.8.0
- % Done changed from 0 to 100
Latest beta build for 25.03 has nginx-1.26.3,3
and appears to be working fine.
Updated by Marcos M about 1 month ago
- Tracker changed from Bug to Todo
- Release Notes changed from Default to Force Exclusion