For anyone else using SWAG, it looks like a fix is on its way but not available yet. This SWAG issue points to an upstream Alpine package dependency that needs to be updated first. Looking at the source, they just recently committed backported patches, so presumably a new version will be released soon; then the SWAG image can be updated.

Seems to be specific to rewrites using an un-named capture.

grep -rnE “\$[0-9.*].*\?” /etc/ngnix

should show if you have any potentially vulnerable directives in your config.

I have an old Debian 11 “bullseye” installation running on one of my servers. It’s stuck at nginx 1.18.0, but it should theoretically still be covered by Debian 11 LTS security updates, right? wiki.debian.org/LTS/Using
nginx/oldoldstable-security,now 1.18.0-6.1+deb11u5

It’s days like this where I’m happy I’m unemployed. I have a group chat with a few friends and they’re pushing out patches and it’s a bit of a rush.

All my publicly accessible servers update every 6 hours and reboot after whenever they need to. It’s rare I need to step in and fix something. I checked a few hours ago and I’m not at risk.

Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:

2 acronyms in this thread; the most compressed thread commented on today has 17 acronyms.

[Thread #290 for this comm, first seen 15th May 2026, 02:30] [FAQ] [Full list] [Contact] [Source code]