Change8

release-1.29.1

📦 nginxView on GitHub →
1 features🐛 11 fixes🔧 4 symbols

Summary

Nginx 1.29.1 mainline version released, primarily containing a critical security fix for the ngx_mail_smtp_module and various stability improvements across HTTP/2, HTTP/3, and build systems.

✨ New Features

  • Certificate compression support added.

🐛 Bug Fixes

  • Security vulnerability in ngx_mail_smtp_module fixed (CVE-2025-53859).
  • PCRE license fixed for win32 zip builds.
  • OpenSSL 3.5 QUIC API feature test adjusted.
  • OPENSSL_VERSION_NUMBER fixed for OpenSSL 3.0.
  • kqueue build fixes applied.
  • HTTP/3: Limited prefixed integers encoded length.
  • HTTP/3: Fixed handling of :authority and Host headers when a port is present.
  • HTTP/2: Fixed flushing of early hints.
  • HTTP/2 fixes for ":authority" vs "Host" header handling.
  • Auth basic: Fixed file descriptor leak on memory allocation error.
  • smtp module fixes applied.

🔧 Affected Symbols

ngx_mail_smtp_moduleHTTP/3HTTP/2Auth basic