Nginx has released version 1.31.3, addressing three high-severity security vulnerabilities. The flaws impact HTTP/2 connections, upstream proxy handling, and tunneling mechanisms, potentially allowing attackers to cause denial of service or execute arbitrary code. Organizations running Nginx in production should prioritize upgrading to this version. The update also includes performance improvements and bug fixes. Given the widespread use of Nginx as a reverse proxy and web server, this release is significant for DevOps and security teams worldwide. The vulnerabilities were discovered through internal audits and responsible disclosure, with no active exploits reported yet. However, the severity warrants immediate attention.
Nginx 1.31.3 fixes three high-severity vulnerabilities affecting HTTP/2, upstream proxy, and tunneling. This is a critical update for any organization using Nginx, especially in production environments.