nginx-1.29.1 mainline version has been released. This release includes a security fix for the vulnerability in the ngx_mail_smtp_module (CVE-2025-53859). See official CHANGES on nginx.org.

Below is a release summary generated by GitHub.

What's Changed

• PCRE license fix for win32 zip by @pluknet in #753
• QUIC: adjusted OpenSSL 3.5 QUIC API feature test. by @pluknet in #749
• OPENSSL_VERSION_NUMBER fix for OpenSSL 3.0 by @pluknet in #775
• kqueue build fixes by @pluknet in #777
• HTTP/3: limited prefixed integers encoded length. by @pluknet in #124
• HTTP/3: fixed handling :authority and Host with port. by @arut in #772
• HTTP/2: fixed flushing early hints. by @arut in #808
• HTTP/2 fixes for ":authority" vs "Host" by @pluknet in #803
• Certificate compression by @pluknet in #788
• Auth basic: fixed file descriptor leak on memory allocation error. by @pluknet in #833
• smtp module fixes by @pluknet in #842
• Changes 1.29.1 by @pluknet in #843

Full Changelog: release-1.29.0...release-1.29.1