We describe security vulnerabilities recently discovered in the NGINX LDAP reference implementation, and how to mitigate them. NGINX Open Source and NGINX Plus are not affected, and no corrective action is required if you do not use the reference implementation.
With NGINX Plus as an API gateway, you can use JSON Web Tokens (JWTs) to control access to your APIs. We explain how to configure the gateway for JWT-based authentication, issue JWTs to API clients, rate limit, log claims from the JWT, and revoke JWTs.
We describe the state of our QUIC+HTTP/3 implementation, starting with a review of the work we've done so far. Our roadmap includes merging the nginx-quic development branch into the NGINX mainline and implementing performance optimizations. You can help by testing the implementation.
We have released updates to NGINX Open Source, NGINX Plus, and NGINX Ingress Controller to fix a vulnerability in DNS resolution (CVE-2021-23017). We consider the vulnerability to be low-severity, but encourage users to upgrade to the latest versions.
Learn about the latest release of NGINX Plus and how it can help you solve your most pressing traffic management and security challenges.
This part of our series on deploying NGINX Plus as an API gateway - along with its other rich functionality - focuses on gatewaying gRPC services. gRPC is an alternative to REST APIs for building distributed applications, service mesh implementations in particular.