recipe-maintainers/cc-ci-orchestrator
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f94be45f9c46ca21f2455678dbe0d2089b712fc2
cc-ci-orchestrator/cc-ci-plan/upstream/custom-html.md

1.5 KiB
Raw Blame History

Upstream sources — custom-html

service image source repo releases / changelog
app nginx https://github.com/nginx/nginx https://nginx.org/en/CHANGES
git alpine/git https://github.com/alpine-docker/git https://hub.docker.com/r/alpine/git/tags

Standing notes

  • nginx even-numbered minor versions (1.28.x, 1.30.x) are mainline; odd (1.27.x, 1.29.x) are stable. The recipe tracks mainline.
  • compose.git-pull.yml is an optional overlay for git-pull functionality; alpine/git version lives there.
  • compose.sftp.yml and compose.sso.yml are other optional overlays; linuxserver/openssh-server uses latest tag and is not version-pinned.
  • Breaking change in nginx 1.31.0: HTTP/2 and HTTP/3 requests with Connection/Proxy-Connection/Keep-Alive/Transfer-Encoding/Upgrade/TE headers are now rejected.
  • Breaking change in nginx 1.29.7: keepalive in upstream block is enabled by default; proxy_http_version changed to 1.1; Connection proxy header no longer sent by default.
  • nginx 1.31.2 (17 Jun 2026) is a security patch release: CVE-2026-42530 (HTTP/3 QUIC use-after-free), CVE-2026-42055 (heap buffer overflow with ignore_invalid_headers off + large_client_header_buffers + HTTP/2/gRPC backend), CVE-2026-48142 (charset_map UTF-8 heap overread). No breaking changes for static-file-serving use case.
  • alpine/git is a thin Docker wrapper around git (no formal release notes; version tracks bundled git). Source repo: alpine-docker/git (NOT alpine-git/alpine-git).