As we announce version 1.0.0 of the NGINX Modern Apps Reference Architecture (MARA), we review recent projects, lessons learned, and our near-term roadmap.
Addressing Security Weaknesses in the NGINX LDAP Reference Implementation
We describe security vulnerabilities recently discovered in the NGINX LDAP reference implementation, and how to mitigate them. NGINX Open Source and NGINX Plus are not affected, and no corrective action is required if you do not use the reference implementation.
Announcing NGINX Plus R26
NGINX Plus R26 introduces faster JWT validation with JSON Web Key Set caching and hardened TLS handshakes for improved security. New NGINX JavaScript features include enhanced support for asynchronous functions and an implementation of the WebCrypto API.
Supporting Open Source for a More Secure World: F5 NGINX Announces Sponsorships of Let’s Encrypt and OpenSSL
F5 NGINX is proud to sponsor two open source organizations that are key to improving security on the Internet: Let's Encrypt and OpenSSL. Learn more about what they do.
Do Svidaniya, Igor, and Thank You for NGINX
With profound gratitude for his contributions to both F5 and the Internet at large, we announce that Igor Sysoev, author of NGINX and co-founder of NGINX, Inc., is retiring to spend time with friends and family and work on personal projects. Спасибо, Игорь.
Mitigating the log4j Vulnerability (CVE-2021-44228) with NGINX
NGINX can help you protect your apps against the Log4Shell vulnerability in Apache log4j (CVE-2021-44228), with NGINX App Protect, NGINX ModSecurity WAF, or a script using the NGINX JavaScript Module.
Improving NGINX Performance with Kernel TLS and SSL_sendfile( )
NGINX Open Source 1.21.4 introduces support for kernel TLS (kTLS), which boosts performance by significantly reducing the need to copy data between user space and the kernel. We provide complete instructions for enabling kTLS in NGINX and share results of our performance testing.
Announcing NGINX Plus R25
NGINX Plus R25 introduces more sophisticated authentication use cases with JWT, JWS, and JWE; counts of individual HTTP status codes; dynamic certificate loading for mTLS with upstream servers; hardened security for HTTP request processing; and NGINX JavaScript enhancements.
Bringing F5 and NGINX WAF Policies into Controller App Security
With NGINX Controller App Security for version 3.20 of the Application Delivery Module, you can now import your custom F5 Advanced WAF and NGINX App Protect WAF policies and distribute them across all your managed deployments. We call this Bring Your Own NGINX App Protect WAF Policy.
A New, Open Source Modern Apps Reference Architecture
We announce the Modern Apps Reference Architecture, an open source architecture and deployment model for modern apps deployed in Kubernetes.