NGINX 的 NGINX App Protect、NGINX ModSecurity WAF 及 NGINX JavaScript 模块的脚本可以帮助您保护您的应用免受 Apache log4j 中的 Log4Shell 漏洞 (CVE-2021-44228) 的威胁。
![](https://www.nginx-cn.net/wp-content/uploads/2024/05/nginx-cn.net_弹窗图_-_560x666-1.png)
Accept cookies for analytics, social media, and advertising, or learn more and adjust your preferences. These cookies are on by default for visitors outside the UK and EEA. Privacy Notice.
NGINX 的 NGINX App Protect、NGINX ModSecurity WAF 及 NGINX JavaScript 模块的脚本可以帮助您保护您的应用免受 Apache log4j 中的 Log4Shell 漏洞 (CVE-2021-44228) 的威胁。
We have released updates to NGINX Open Source, NGINX Plus, and NGINX Ingress Controller to fix a vulnerability in DNS resolution (CVE-2021-23017). We consider the vulnerability to be low-severity, but encourage users to upgrade to the latest versions.
NGINX Plus 一个经常被忽视的优势是它可以快速轻松地保护自己免受安全威胁。我们会主动通知 NGINX Plus 订阅者安全漏洞和补丁,在受到攻击期间提供帮助,支持 JWT 和 OIDC 身份验证等。
On 14 September 2020 we released an update to the NGINX Plus ModSecurity module (for NGINX Plus R20, R21, and R22) in response to CVE-2020-15598. We encourage NGINX Plus subscribers to upgrade to the patched module.
We provide guidance on using NGINX to mitigate the recently discovered vulnerability in PHP-FPM (CVE-2019-11043). The vulnerability is triggered when the PATH_INFO variable passed to PHP-FPM with an invalid value, which can happen in a common NGINX configuration.
We have released updates to NGINX Open Source and NGINX Plus to fix vulnerabilities in the HTTP/2 protocol that were announced today (CVE-2019-9511, CVE-2019-9513, and CVE-2019-9516). Upgrade as soon as possible to NGINX 1.17.3, NGINX 1.16.1, or NGINX Plus R18 P1.
The Meltdown and Spectre vulnerabilities stem from commonly found security flaws in microprocessors. They require patches to most OSs.
Security firm Imperva found four potential security vulnerabilities in HTTP/2, and one affects older versions of NGINX. Here are mitigation suggestions.