Angie and Angie PRO updated to version 1.12.1#

17.07.2026

Maintenance releases of Angie and Angie PRO 1.12.1 have been published, fixing three vulnerabilities, an error in the Metric module, and, in open-source Angie only, an error in least_time load balancing.

Maintenance releases of Angie and its commercial version Angie PRO — 1.12.1 — have been published. They fix three vulnerabilities whose corrections were ported from nginx 1.31.3.

Two vulnerabilities involve configurations with unnamed capture variables and non-cacheable variables of the map directive. They could cause worker process memory corruption, crashes, or exposure of arbitrary bytes from worker process memory (CVE-2026-42533 and CVE-2026-60005). Another vulnerability affects the SSI module with unbuffered proxying and could cause worker process memory corruption or a crash (CVE-2026-56434).

Both editions fix an error in the Metric module that could corrupt metric data and, in expire=on mode, cause a worker process crash. Open-source Angie only also fixes an infinite loop in least_time load balancing when all servers in a shared memory zone are unavailable.

The Auth JWT package has also been updated to version 0.14.2 for both editions.

More details about the changes:

Have a great day!