Join the community today
Register Now

Security Nginx 1.25.4 Security Release For HTTP/3 Experimental Code

Discussion in 'Centmin Mod News' started by eva2000, Feb 17, 2024.

Thread Status:
Not open for further replies.
  1. eva2000

    eva2000 Administrator Staff Member

    53,811
    12,159
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,711
    Local Time:
    4:54 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Update: For current state of Centmin Mod Nginx HTTP/3 as of September 12, 2024 read https://community.centminmod.com/th...in-mod-nginx-https-http-3-quic-support.26296/

    Nginx has released Nginx 1.25.4 version for bug and HTTP/3 security fixes CVE-2024-24989 and CVE-2024-24990 https://nginx.org/en/CHANGES. F5 Nginx blog also posted at Updating NGINX for the Vulnerabilities in the HTTP/3 Module - NGINX

    This security bug only applies to Nginx 1.25.x and not applicable to Nginx 1.24.x or early versions.


    Centmin Mod 130.00beta01 is only branch that optional supports Nginx 1.25.x HTTP/3 experimental code and it's disabled by default so not many folks would be impacted by these HTTP/3 security issues. However, Nginx 1.25.4 also has bug fixes, so for existing Centmin Mod users they can upgrade via centmin.sh menu option 4 and specifying Nginx 1.25.4 version for upgrade.

    Code (Text):
    --------------------------------------------------------
         Centmin Mod Menu 130.00beta01 centminmod.com 
    --------------------------------------------------------
    1).  Centmin Install
    2).  Add Nginx vhost domain
    3).  NSD setup domain name DNS
    4).  Nginx Upgrade / Downgrade
    5).  PHP Upgrade / Downgrade
    6).  Option Being Revised (TBA)
    7).  Option Being Revised (TBA)
    8).  Option Being Revised (TBA)
    9).  Option Being Revised (TBA)
    10). Memcached Server Re-install
    11). MariaDB MySQL Upgrade & Management
    12). Zend OpCache Install/Re-install
    13). Install/Reinstall Redis PHP Extension
    14). SELinux disable
    15). Install/Reinstall ImagicK PHP Extension
    16). Change SSHD Port Number
    17). Multi-thread compression: zstd,pigz,pbzip2,lbzip2
    18). Suhosin PHP Extension install
    19). Install FFMPEG and FFMPEG PHP Extension
    20). NSD Install/Re-Install
    21). Data Transfer (TBA)
    22). Add Wordpress Nginx vhost + Cache Plugin
    23). Update Centmin Mod Code Base
    24). Exit
    --------------------------------------------------------
    Enter option [ 1 - 24 ] 4
    --------------------------------------------------------
    

    Code (Text):
    Nginx Upgrade - Would you like to continue? [y/n] y
    
    Current Nginx Version: 1.25.3 (050124-165935-almalinux8-fd3b9c9-br-a71f931)
    
    Install which version of Nginx? (version i.e. type 1.25.3): 1.25.4
    
    Do you still want to continue? [y/n] y
    

    End result from nginx -V version command is like below if you had enabled optional and experimental Nginx HTTP/3 using QuicTLS OpenSSL forked library (OpenSSL 1.1.1w+quic). Otherwise, the default Nginx crypto library is regular OpenSSL 1.1.1w without the reported --with-http_v3_module flag.
    And regular non-HTTP/3 Nginx 1.25.4 on KVM VPS running AlmaLinux 8
    To discuss Centmin Mod Nginx updates check out thread at https://community.centminmod.com/threads/nginx-1-25-4-is-out.24449/
     
Thread Status:
Not open for further replies.