Security: When proxying a specially crafted request to a gRPC backend with the ignore_invalid_headers directive set to off and the large_client_header_buffers directive with a large value, a buffer overflow could occur, allowing an attacker to corrupt the worker process memory or cause its crash (CVE-2026-42055); the fix was ported from nginx 1.31.2.
Security: When processing a specially crafted response with UTF-8 decoding via the charset_map directive, an out-of-bounds read could occur, allowing an attacker to send limited worker process memory contents to the client or cause its crash (CVE-2026-48142); the fix was ported from nginx 1.31.2.
Bugfix: An IP address without a port number in the acme_http_port or acme_dns_port directives caused a master process crash when reading the configuration.