NGINX 的 NGINX App Protect、NGINX ModSecurity WAF 及 NGINX JavaScript 模块的脚本可以帮助您保护您的应用免受 Apache log4j 中的 Log4Shell 漏洞 (CVE-2021-44228) 的威胁。
立即升级 NGINX 以应对 DNS 解析程序漏洞(CVE-2021-23017)
We have released updates to NGINX Open Source, NGINX Plus, and NGINX Ingress Controller to fix a vulnerability in DNS resolution (CVE-2021-23017). We consider the vulnerability to be low-severity, but encourage users to upgrade to the latest versions.
NGINX Plus 助您快速轻松地缓解安全漏洞
NGINX Plus 一个经常被忽视的优势是它可以快速轻松地保护自己免受安全威胁。我们会主动通知 NGINX Plus 订阅者安全漏洞和补丁,在受到攻击期间提供帮助,支持 JWT 和 OIDC 身份验证等。
处理 ModSecurity 中的 DoS 漏洞(CVE-2020-15598)
On 14 September 2020 we released an update to the NGINX Plus ModSecurity module (for NGINX Plus R20, R21, and R22) in response to CVE-2020-15598. We encourage NGINX Plus subscribers to upgrade to the patched module.
借助 NGINX 处理 PHP-FPM 漏洞(CVE-2019-11043)
We provide guidance on using NGINX to mitigate the recently discovered vulnerability in PHP-FPM (CVE-2019-11043). The vulnerability is triggered when the PATH_INFO variable passed to PHP-FPM with an invalid value, which can happen in a common NGINX configuration.
NGINX 版本更新:修复了 2019 年 8 月发现的 HTTP/2 漏洞
We have released updates to NGINX Open Source and NGINX Plus to fix vulnerabilities in the HTTP/2 protocol that were announced today (CVE-2019-9511, CVE-2019-9513, and CVE-2019-9516). Upgrade as soon as possible to NGINX 1.17.3, NGINX 1.16.1, or NGINX Plus R18 P1.
NGINX 对 Meltdown 和 Spectre 漏洞的响应
The Meltdown and Spectre vulnerabilities stem from commonly found security flaws in microprocessors. They require patches to most OSs.
Imperva HTTP/2 漏洞报告与 NGINX
Security firm Imperva found four potential security vulnerabilities in HTTP/2, and one affects older versions of NGINX. Here are mitigation suggestions.
