Nginx 1.29.1 has been released and incorporates a security fix addressing a vulnerability in the ngx_mail_smtp_module. The release encompasses updates addressing the PCRE license, QUIC, OPENSSL_VERSION_NUMBER, kqueue build, HTTP/3, HTTP/2, certificate compression, Auth basic, and the SMTP module.
Nginx 1.29.1
nginx-1.29.1 mainline version has been released. This release includes a security fix for the vulnerability in the ngx_mail_smtp_module ( CVE-2025-53859). See official CHANGES on nginx.org.
Below is a release summary generated by GitHub.
What's Changed
- PCRE license fix for win32 zip by @pluknet in #753
- QUIC: adjusted OpenSSL 3.5 QUIC API feature test. by @pluknet in #749
- OPENSSL_VERSION_NUMBER fix for OpenSSL 3.0 by @pluknet in #775
- kqueue build fixes by @pluknet in #777
- HTTP/3: limited prefixed integers encoded length. by @pluknet in #124
- HTTP/3: fixed handling :authority and Host with port. by @arut in #772
- HTTP/2: fixed flushing early hints. by @arut in #808
- HTTP/2 fixes for ":authority" vs "Host" by @pluknet in #803
- Certificate compression by @pluknet in #788
- Auth basic: fixed file descriptor leak on memory allocation error. by @pluknet in #833
- smtp module fixes by @pluknet in #842
- Changes 1.29.1 by @pluknet in #843
Full Changelog: release-1.29.0...release-1.29.1
