nginx-1.28.3 stable and nginx-1.29.7 mainline versions have been released, with fixes for buffer overflow vulnerability in the ngx_http_dav_module (CVE-2026-27654), buffer overflow vulnerabilities in the ngx_http_mp4_module (CVE-2026-27784, CVE-2026-32647), mail session authentication vulnerabilities (CVE-2026-27651, CVE-2026-28753) and OCSP result bypass vulnerability in stream (CVE-2026-28755). Additionally, nginx-1.29.7 mainline version introduces support for Multipath TCP and upgrades the default HTTP version to HTTP/1.1 with keep-alive enabled.

nginx-1.29.6 mainline version has been released, featuring sticky sessions support for upstreams.

njs-0.9.6 version has been released, featuring optional chaining, nullish coalescing assignment (??=), and logical assignment operators (||= and &&=).

nginx-1.28.2 stable and nginx-1.29.5 mainline versions have been released, with a fix for the SSL upstream injection vulnerability (CVE-2026-1642).

njs-0.9.5 version has been released, featuring native modules support for qjs engine in http and stream.

nginx-1.28.1 stable version has been released.

nginx-1.29.4 mainline version has been released, featuring HTTP/2 to backend and Encrypted ClientHello support.

nginx-acme-0.3.0 version has been released.

nginx-1.29.3 mainline version has been released.

njs-0.9.4 version has been released, featuring HTTP forward proxy support for ngx.fetch() API in http and stream.