We describe security vulnerabilities recently discovered in the NGINX LDAP reference implementation, and how to mitigate them. NGINX Open Source and NGINX Plus are not affected, and no corrective action is required if you do not use the reference implementation.
Mitigating the log4j Vulnerability (CVE-2021-44228) with NGINX
Authenticating API Clients with JWT and NGINX Plus
With NGINX Plus as an API gateway, you can use JSON Web Tokens (JWTs) to control access to your APIs. We explain how to configure the gateway for JWT-based authentication, issue JWTs to API clients, rate limit, log claims from the JWT, and revoke JWTs.
Scaling MySQL with TCP Load Balancing and Galera Cluster
Our Roadmap for QUIC and HTTP/3 Support in NGINX
We describe the state of our QUIC+HTTP/3 implementation, starting with a review of the work we've done so far. Our roadmap includes merging the nginx-quic development branch into the NGINX mainline and implementing performance optimizations. You can help by testing the implementation.
Updating NGINX for a DNS Resolver Vulnerability (CVE-2021-23017)
We have released updates to NGINX Open Source, NGINX Plus, and NGINX Ingress Controller to fix a vulnerability in DNS resolution (CVE-2021-23017). We consider the vulnerability to be low-severity, but encourage users to upgrade to the latest versions.
Announcing NGINX Plus R24
Learn about the latest release of NGINX Plus and how it can help you solve your most pressing traffic management and security challenges.
Deploying NGINX as an API Gateway, Part 3: Publishing gRPC Services
This part of our series on deploying NGINX Plus as an API gateway - along with its other rich functionality - focuses on gatewaying gRPC services. gRPC is an alternative to REST APIs for building distributed applications, service mesh implementations in particular.