Is this a new feature request?
Wanted change
Summary
nginx just released released 1.30.1 (stable) and 1.31.0 (mainline) on 2026-05-13 addressing six CVEs. Several are directly relevant to SWAG's role as a reverse proxy doing TLS termination, OCSP stapling, and (optionally) HTTP/2 + HTTP/3. Requesting an image rebuild against the patched nginx version.
Relevance to SWAG
- CVE-2026-42926 affects the proxy module, which is the core of every SWAG deployment.
- CVE-2026-42945 affects the rewrite module, which most SWAG site configs use.
- CVE-2026-40701 affects OCSP requests to the resolver; SWAG performs OCSP stapling against the Let's Encrypt chain by default.
- CVE-2026-40460 applies to HTTP/3, which is opt-in on SWAG but increasingly enabled by users.
References
Environment
- Image:
lscr.io/linuxserver/swag:latest
- Affected nginx versions: anything currently pinned in the build (prior to 1.30.1)
Reason for change
CVEs fixed
Proposed code change
Request
Rebuild the linuxserver/swag image against nginx 1.30.1 (stable) so downstream deployments can pick up the fixes. Happy to validate a :nightly or pre-release tag if it's helpful before promotion to :latest.
Is this a new feature request?
Wanted change
Summary
nginx just released released 1.30.1 (stable) and 1.31.0 (mainline) on 2026-05-13 addressing six CVEs. Several are directly relevant to SWAG's role as a reverse proxy doing TLS termination, OCSP stapling, and (optionally) HTTP/2 + HTTP/3. Requesting an image rebuild against the patched nginx version.
Relevance to SWAG
References
Environment
lscr.io/linuxserver/swag:latestReason for change
CVEs fixed
ngx_http_proxy_modulengx_http_rewrite_modulengx_http_scgi_module,ngx_http_uwsgi_modulengx_http_charset_moduleProposed code change
Request
Rebuild the
linuxserver/swagimage against nginx 1.30.1 (stable) so downstream deployments can pick up the fixes. Happy to validate a:nightlyor pre-release tag if it's helpful before promotion to:latest.