Nginx CVE-2026-42945

k0tsk · May 16, 2026, 12:14am

Has anyone checked if Discourse containers are vulnerable to this rewrite vulnerability?

darkpixlz · May 16, 2026, 12:21am

This is not a Discourse issue and topics regarding it should not be opened here.

sam · May 16, 2026, 2:26am

We will update our base image our default rewrite rules are not vulnerable

fitzy · May 25, 2026, 3:20am

This has now been completed.

The base image now includes NGINX 1.30.1 :

and the default image was bumped to the new base image:

Topic		Replies	Views
Management of NVTs and CVEs Self-hosting unsupported-install	8	1032	July 25, 2022
Upgrading failing with: The "before-server" Nginx outlet is missing... discourse_docker is not compatible with the chosen Discourse version Support	8	206	August 11, 2025
Nginx version pinning Bug	7	177	January 30, 2026
Docker installation vulnerable to CVE-2015-8126? Support	4	1048	November 18, 2015
Nginx config in Discourse Docker? Self-hosting	3	3314	February 10, 2022