nginx-ui

v2.3.11 Security

This release includes 4 security fixes for security teams reviewing exposed deployments.

Published 17d Reverse Proxies & Load Balancers

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

This release patches 4 known CVEs

Topics

chatgpt-app code-completion copilot cron deepseek-r1 docker

+11 more

go letsencrypt linux macos mcp mcp-server nginx self-hosted vue webui windows

Affected surfaces

deps

ReleasePort's take

Moderate signal

editorial:auto 9d

The release updates bundled Nginx to version 1.31.x and patches critical heap buffer overflow CVE‑2026‑42945 (NGINX Rift) along with related advisories.

Why it matters: CVE‑2026‑42945 has a CVSS severity of 9.8; upgrading Nginx to 1.31.x eliminates the vulnerability and prevents remote code execution attacks.

Summary

AI summary

Update bundled Nginx to latest 1.31.x, fixing critical heap buffer overflow CVE-2026-42945 (NGINX Rift) and related advisories.

Changes in this release

Type	Severity	Summary	CVE
Security	Medium	Fix CVE-2026-42945 and related advisories in bundled nginx Fix CVE-2026-42945 and related advisories in bundled nginx Source: granite4.1:8b-q6_K@2026-05-21 Confidence: low	—
Feature
Feature	Medium	Integrate Atlas Cloud provider Integrate Atlas Cloud provider Source: granite4.1:8b-q6_K@2026-05-21 Confidence: high	—
Feature	Medium	Add ACME CA directory presets Add ACME CA directory presets Source: granite4.1:8b-q6_K@2026-05-21 Confidence: high	—
Feature	Medium	Add batch status actions for sites Add batch status actions for sites Source: granite4.1:8b-q6_K@2026-05-21 Confidence: high	—
Feature	Medium	Add support for custom Nginx maintenance templates Add support for custom Nginx maintenance templates Source: granite4.1:8b-q6_K@2026-05-21 Confidence: high	—
Feature	Medium	Allow browserslist database updates Allow browserslist database updates Source: granite4.1:8b-q6_K@2026-05-21 Confidence: low	—
Dependency	Medium	Configure pnpm build approvals in CI Configure pnpm build approvals in CI Source: granite4.1:8b-q6_K@2026-05-21 Confidence: low	—
Performance	Medium	Optimize certificate application operations Optimize certificate application operations Source: granite4.1:8b-q6_K@2026-05-21 Confidence: high	—
Bugfix
Bugfix	Medium	Stabilize realtime chart timestamps on the dashboard Stabilize realtime chart timestamps on the dashboard Source: granite4.1:8b-q6_K@2026-05-21 Confidence: high	—
Bugfix	Medium	Inline nginx base image setup for Docker Inline nginx base image setup for Docker Source: granite4.1:8b-q6_K@2026-05-21 Confidence: high	—
Bugfix	Medium	Resolve websocket base from page url Resolve websocket base from page url Source: granite4.1:8b-q6_K@2026-05-21 Confidence: high	—
Bugfix	Medium	Preserve proxy path for websocket urls Preserve proxy path for websocket urls Source: granite4.1:8b-q6_K@2026-05-21 Confidence: high	—
Bugfix	Medium	Normalize legacy key types Normalize legacy key types Source: granite4.1:8b-q6_K@2026-05-21 Confidence: low	—
Bugfix	Low	Resolve concurrent map iteration and map write crash in sitecheck Resolve concurrent map iteration and map write crash in sitecheck Source: granite4.1:30b@2026-05-21-audit Confidence: low	—
Refactor	Medium	Migrate ACME client to lego v5 Migrate ACME client to lego v5 Source: granite4.1:8b-q6_K@2026-05-21 Confidence: high	—

Full changelog

Features

Integrate Atlas Cloud provider (d87e7785a) by @lucaszhu-hue.
Add ACME CA directory presets (0f0fa1c08) by @0xJacky.
Add batch status actions for sites (86ba59cbe) by @0xJacky.
Optimize certificate application operations (a98bd9216) by @CarmJos.
Add support for custom Nginx maintenance templates (4d0dcb92b) by @enwikuna.

Bug Fixes

Update the nginx bundled in the Docker image to the latest 1.31.x release, fixing the critical CVE-2026-42945 ("NGINX Rift") heap buffer overflow in ngx_http_rewrite_module along with related advisories (CVE-2026-42926, CVE-2026-42946, CVE-2026-42934) (fc7150c15) by @0xJacky.
Stabilize realtime chart timestamps on the dashboard (32c1fadc0) by @0xJacky.
Inline nginx base image setup for Docker (5fc038f2e) by @0xJacky.
Resolve websocket base from page url (a455e5902) by @0xJacky.
Allow browserslist database updates (4f489c123) by @0xJacky.
Preserve proxy path for websocket urls (c28fb16d5) by @0xJacky.
Migrate ACME client to lego v5 (6859e18d4) by @0xJacky.
Normalize legacy key types (98bb8903f) by @0xJacky.
Configure pnpm build approvals in CI (c7c67c5a6) by @0xJacky.
Resolve concurrent map iteration and map write crash in sitecheck (ba2bbe3ac) by @0xJacky.

Contributors

@0xJacky @lucaszhu-hue @CarmJos @enwikuna

Security Fixes

CVE-2026-42945 — NGINX Rift heap buffer overflow in ngx_http_rewrite_module (fixed by updating bundled Nginx to latest 1.31.x).
dep: CVE-2026-42926 — related advisory fixed.
dep: CVE-2026-42946 — related advisory fixed.
dep: CVE-2026-42934 — related advisory fixed.

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track nginx-ui

Get notified when new releases ship.

About nginx-ui

Yet another WebUI for Nginx

All releases →

Related context

Related tools

Related CVEs

CVE-2026-42945 NVD KEV EPSS