Angie and Angie PRO updated to version 1.12.1#
Maintenance releases of Angie and Angie PRO 1.12.1 have been published, fixing three vulnerabilities, an error in the Metric module, and, in open-source Angie only, an error in least_time load balancing.
Maintenance releases of Angie and its commercial version Angie PRO — 1.12.1 — have been published. They fix three vulnerabilities whose corrections were ported from nginx 1.31.3.
Two vulnerabilities involve configurations with unnamed capture variables and non-cacheable variables of the map directive. They could cause worker process memory corruption, crashes, or exposure of arbitrary bytes from worker process memory (CVE-2026-42533 and CVE-2026-60005). Another vulnerability affects the SSI module with unbuffered proxying and could cause worker process memory corruption or a crash (CVE-2026-56434).
Both editions fix an error in the Metric module that could
corrupt metric data and, in expire=on mode, cause a worker process
crash. Open-source Angie only also fixes an infinite loop in
least_time load balancing when all servers in a shared
memory zone are unavailable.
The Auth JWT package has also been updated to version 0.14.2 for both editions.
More details about the changes:
Have a great day!