Angie and Angie PRO Receive Update 1.8.2#
Version 1.8.2 of the open-source web server Angie and its commercial version, Angie PRO, includes important security fixes as well as several other improvements.
We have updated the open-source web server Angie and its commercial version, Angie PRO, to version 1.8.2.
First, this release includes a backported fix for the vulnerability CVE-2025-23419, which was recently patched in nginx 1.27.4. The vulnerability was caused by the reuse of a TLS session in a virtual host different from where it was initially created, potentially bypassing client TLS certificate validation. This issue arose when multiple virtual hosts had different client certificate validation settings while session resumption or session caching was enabled.
Additionally, this update addresses issues with HTTP/3 protocol statistics, API request handling, and a bug in processing domain names via the ACME protocol. It also fixes a worker process crash that occurred when using probes in the stream module.
For more details on this update, see: