Has anyone checked if Discourse containers are vulnerable to this rewrite vulnerability?

This is not a Discourse issue and topics regarding it should not be opened here.

This has now been completed. The base image now includes NGINX 1.30.1 : DEV: bump nginx to v1.30.1 (CVE-2026-42945) (#1054) main ← fitzy/bump-nginx merged 03:50AM - 18 May 26 UTC (UTC) …

Nginx CVE-2026-42945

Support

sam (Sam Saffron) May 16, 2026, 2:26am 5

We will update our base image our default rewrite rules are not vulnerable

Topic		Replies	Views
Management of NVTs and CVEs Self-hosting unsupported-install	7	1033	July 25, 2022
Upgrading failing with: The "before-server" Nginx outlet is missing... discourse_docker is not compatible with the chosen Discourse version Support	7	207	July 12, 2025
Nginx version pinning Bug	6	183	January 29, 2026
Docker installation vulnerable to CVE-2015-8126? Support	3	1049	November 18, 2015
Nginx config in Discourse Docker? Self-hosting	3	3323	February 10, 2022

Nginx CVE-2026-42945

Related topics