Nginx with CVE-2026-42945 fixed

mali1 · May 18, 2026, 8:30am

Hi,
at the moment the provided package for nginx has the version 1.26.3-r3. Unfortunately it is vulnarable to CVE-2026-42945 and also no longer receives security patches.
The current version would be 1.31 which is not vulnerable https://nginx.org/en/security_advisories.html .
Is there a chance to get this package updated in the official repositories?

Thanks,
B.R. Peter

frollic · May 18, 2026, 9:07am

Should probably create an issue at https://github.com/openwrt/packages/issues.

mali1 · May 18, 2026, 11:25am

Thanks for pointing me in the right direction. I created an issue.