Changes with nginx 1.26.3 05 Feb 2025
*) Security: insufficient check in virtual servers handling with TLSv1.3
SNI allowed to reuse SSL sessions in a different virtual server, to
bypass client SSL certificates verification (CVE-2025-23419).
*) Bugfix: in the ngx_http_mp4_module.
Thanks to Nils Bars.
*) Workaround: "gzip filter failed to use preallocated memory" alerts
appeared in logs when using zlib-ng.
*) Bugfix: nginx could not build libatomic library using the library
sources if the --with-libatomic=DIR option was used.
*) Bugfix: nginx now ignores QUIC version negotiation packets from
clients.
*) Bugfix: nginx could not be built on Solaris 10 and earlier with the
ngx_http_v3_module.
*) Bugfixes in HTTP/3.
Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:
sudo dnf upgrade --refresh --advisory=FEDORA-2025-016ed44ddc
Please login to add feedback.
This update's test gating status has been changed to 'waiting'.
This update's test gating status has been changed to 'ignored'.
This update has been submitted for testing by bodhi.
This update has been pushed to testing.
This update's test gating status has been changed to 'waiting'.
This update's test gating status has been changed to 'ignored'.
This update has been submitted for stable by bodhi.
This update has been pushed to stable.