Back to Changelog
v1.31.0-nginx
Critical security fix: customer-facing nginx upgraded to 1.31.0 to patch CVE-2026-42945
Improvements
2- Build details: compiled on Ubuntu 22.04 (gcc 11.4.0), GLIBC max 2.34, stripped, --with-compat preserved. Configure flags identical to 1.28.3.
- Apply triggers graceful customer-nginx reload; active HTTP connections drain cleanly.
Bug Fix
1- Fixed by upstream nginx 1.31.0, released by F5 on 2026-05-13 as a coordinated advisory.
Security Fixes
2- Fix CVE-2026-42945 (CVSS 9.2 CRITICAL) — heap buffer overflow in ngx_http_rewrite_module exposed to customer sites via Custom Directives (rewrite rules). Remote code execution possible on systems with weak or disabled ASLR.
- Affected: customer nginx versions 0.6.27 through 1.30.0. Panelica previous build (1.28.3) was vulnerable.