recipe-maintainers/lasuite-drive
0
0
Fork 0
Code Issues Pull Requests 2 Actions Packages Projects Releases Wiki Activity

chore: upgrade web (nginx) to 1.31.2 #4

Open
autonomic-bot wants to merge 1 commits from upgrade-0e3daef into main
pull from: upgrade-0e3daef
merge into: recipe-maintainers:main
Conversation 2 Commits 1 Files Changed 1 +1 -1
autonomic-bot commented 2026-06-19 03:01:10 +00:00
Owner
Copy Link

lasuite-drive: bump nginx 1.31.1 → 1.31.2 (security patch)

Image changes

service image current → new
web nginx 1.31.1 → 1.31.2

All other services unchanged (lasuite/drive-frontend v0.19.0, lasuite/drive-backend v0.19.0, redis 8.8.0, pgautoupgrade 18-debian, collabora 25.04.9.4.1, onlyoffice 9.3.1.2, minio RELEASE.2025-09-07T16-13-09Z).

Security fixes in nginx 1.31.2 (2026-06-17)

  • CVE-2026-42530: Use-after-free in HTTP/3 QUIC session processing (worker process crash/corruption)
  • CVE-2026-42055: Heap buffer overflow with ignore_invalid_headers off + large_client_header_buffers in HTTP/2 or gRPC proxying
  • CVE-2026-48142: Heap buffer overread in UTF-8 charset_map decoding (limited memory disclosure or segfault)

Additional: $request_id now uses SipHash-2-4; new $ssl_sigalgs variable; secure_link constant-time comparison.

Upstream release notes

web nginx 1.31.1 → 1.31.2: https://nginx.org/en/CHANGES

Operator Action Required

None. Pure patch security release. Backward-compatible with 1.31.1. No config changes needed.

Recommended release

After upstream merge:

abra recipe release lasuite-drive -z

(patch bump: security fixes only, no new features or breaking changes)

Tested green on the cc-ci recipe CI server (full suite, cold, against this PR head). NOT merged — for operator review.

cc @trav @notplants

## lasuite-drive: bump nginx 1.31.1 → 1.31.2 (security patch) ### Image changes | service | image | current → new | |---------|-------|---------------| | web | nginx | 1.31.1 → 1.31.2 | All other services unchanged (lasuite/drive-frontend v0.19.0, lasuite/drive-backend v0.19.0, redis 8.8.0, pgautoupgrade 18-debian, collabora 25.04.9.4.1, onlyoffice 9.3.1.2, minio RELEASE.2025-09-07T16-13-09Z). ### Security fixes in nginx 1.31.2 (2026-06-17) - **CVE-2026-42530**: Use-after-free in HTTP/3 QUIC session processing (worker process crash/corruption) - **CVE-2026-42055**: Heap buffer overflow with `ignore_invalid_headers off` + large_client_header_buffers in HTTP/2 or gRPC proxying - **CVE-2026-48142**: Heap buffer overread in UTF-8 charset_map decoding (limited memory disclosure or segfault) Additional: $request_id now uses SipHash-2-4; new $ssl_sigalgs variable; secure_link constant-time comparison. ### Upstream release notes **web** nginx 1.31.1 → 1.31.2: https://nginx.org/en/CHANGES ### Operator Action Required None. Pure patch security release. Backward-compatible with 1.31.1. No config changes needed. ### Recommended release After upstream merge: ``` abra recipe release lasuite-drive -z ``` (patch bump: security fixes only, no new features or breaking changes) Tested green on the cc-ci recipe CI server (full suite, cold, against this PR head). NOT merged — for operator review. cc @trav @notplants
autonomic-bot added 1 commit 2026-06-19 03:01:10 +00:00
chore: upgrade web (nginx) to 1.31.2
All checks were successful
cc-ci/testme cc-ci: success
Details
0e3daeffec
autonomic-bot requested review from trav 2026-06-19 03:01:10 +00:00
autonomic-bot requested review from notplants 2026-06-19 03:01:10 +00:00
autonomic-bot commented 2026-06-19 03:01:40 +00:00
Author
Owner
Copy Link

!testme

!testme
autonomic-bot commented 2026-06-19 03:02:04 +00:00
Author
Owner
Copy Link

🌻 cc-cilasuite-drive @ 0e3daeff passed

cc-ci result card

level

full logs · dashboard

<!-- cc-ci:testme --> 🌻 **cc-ci** — `lasuite-drive` @ `0e3daeff` ✅ **passed** [![cc-ci result card](https://ci.commoninternet.net/runs/933/summary.png)](https://drone.ci.commoninternet.net/recipe-maintainers/cc-ci/933) [![level](https://ci.commoninternet.net/runs/933/badge.svg)](https://drone.ci.commoninternet.net/recipe-maintainers/cc-ci/933) [full logs](https://drone.ci.commoninternet.net/recipe-maintainers/cc-ci/933) · [dashboard](https://ci.commoninternet.net/)
All checks were successful
cc-ci/testme cc-ci: success
Details
This pull request can be merged automatically.
You are not authorized to merge this pull request.
View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.
git fetch -u origin upgrade-0e3daef:upgrade-0e3daef
git checkout upgrade-0e3daef
Sign in to join this conversation.
Reviewers
No Reviewers
trav
notplants
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
autonomic autonomic-bot notplants trav
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: recipe-maintainers/lasuite-drive#4
No description provided.
Delete Branch "upgrade-0e3daef"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?