Has anyone checked if Discourse containers are vulnerable to this rewrite vulnerability?

This is not a Discourse issue and topics regarding it should not be opened here.

We will update our base image our default rewrite rules are not vulnerable

This has now been completed. The base image now includes NGINX 1.30.1 : DEV: bump nginx to v1.30.1 (CVE-2026-42945) (#1054) main ← fitzy/bump-nginx merged 03:50AM - 18 May 26 UTC (UTC) …

Nginx CVE-2026-42945

Support

fitzy (Michael Fitz-Payne) May 25, 2026, 3:20am 6

This has now been completed.

The base image now includes NGINX 1.30.1 :

and the default image was bumped to the new base image:

Topic		Replies	Views
Management of NVTs and CVEs Self-hosting unsupported-install	8	1029	July 25, 2022
Upgrading failing with: The "before-server" Nginx outlet is missing... discourse_docker is not compatible with the chosen Discourse version Support	8	199	August 11, 2025
Nginx version pinning Bug	7	163	January 30, 2026
Docker installation vulnerable to CVE-2015-8126? Support	4	1046	November 18, 2015
Nginx config in Discourse Docker? Self-hosting	3	3307	February 10, 2022

Nginx CVE-2026-42945

Related topics