The OpenSSL project announced fixes to 7 security vulnerabilities on 5 June 2014. An update to OpenSSL is generally sufficient to address this.
Learn how to protect NGINX against the OpenSSL vulnerability announced in June 2015 (CVE-2015-1793)
Read this important information about what should be checked in regards to NGINX and OpenSSL installation with the Heartbleed vulnerability in the wild
The DROWN vulnerability in OpenSSL, CVE-2016-0800, does not affect most NGINX users. See this article for details and preventative steps.
This blog post provides an overview of an early alpha patch to enable HTTP/2 support in NGINX. Installation instructions are also provided.