From ac75320980c6db50ae40b0493f119ca4131e2f17 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 8 Oct 2025 13:44:50 +0000 Subject: [PATCH 1/3] Update nginx Docker tag to v1.29.2 | datasource | package | from | to | | ---------- | ------- | ------ | ------ | | docker | nginx | 1.29.1 | 1.29.2 | Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- build/Dockerfile.nginx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build/Dockerfile.nginx b/build/Dockerfile.nginx index ef9eddfada..ac0c93d50a 100644 --- a/build/Dockerfile.nginx +++ b/build/Dockerfile.nginx @@ -4,7 +4,7 @@ FROM scratch AS nginx-files # the following links can be replaced with local files if needed, i.e. ADD --chown=101:1001 ADD --link --chown=101:1001 https://cs.nginx.com/static/keys/nginx_signing.rsa.pub nginx_signing.rsa.pub -FROM nginx:1.29.1-alpine-otel +FROM nginx:1.29.2-alpine-otel # the following apk update and add are to address CVE-2025-59375, CVE-2025-8961/CVE-2025-9165, CVE-2025-9230, and CVE-2025-9231/CVE-2025-9232 respectively. # once a new base image is available with these package updates, they can be removed. RUN apk update && apk add --no-cache 'libexpat>=2.7.2-r0' 'tiff>=4.7.1-r0' 'libcrypto3>=3.5.4-r0' 'libssl3>=3.5.4-r0' From fa793af1bac2efbec0f1ec46d938498a44bdc58c Mon Sep 17 00:00:00 2001 From: Ciara Stacke Date: Wed, 8 Oct 2025 15:31:04 +0100 Subject: [PATCH 2/3] Update README --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index f62476df30..b3706a6284 100644 --- a/README.md +++ b/README.md @@ -68,7 +68,7 @@ The following table lists the software versions NGINX Gateway Fabric supports. | NGINX Gateway Fabric | Gateway API | Kubernetes | NGINX OSS | NGINX Plus | NGINX Agent | |----------------------|-------------|------------|-----------|------------|-------------| -| Edge | 1.3.0 | 1.25+ | 1.29.1 | R35 | v3.3.2 | +| Edge | 1.3.0 | 1.25+ | 1.29.2 | R35 | v3.3.2 | | 2.1.4 | 1.3.0 | 1.25+ | 1.29.1 | R35 | v3.3.1 | | 2.1.3 | 1.3.0 | 1.25+ | 1.29.1 | R35 | v3.3.1 | | 2.1.2 | 1.3.0 | 1.25+ | 1.29.1 | R35 | v3.3.1 | From 40940449e56976a5cf61b8352d040d084de36c4e Mon Sep 17 00:00:00 2001 From: Ciara Stacke Date: Wed, 8 Oct 2025 16:02:14 +0100 Subject: [PATCH 3/3] Remove package updates --- build/Dockerfile.nginx | 3 --- 1 file changed, 3 deletions(-) diff --git a/build/Dockerfile.nginx b/build/Dockerfile.nginx index ac0c93d50a..e219eb9b79 100644 --- a/build/Dockerfile.nginx +++ b/build/Dockerfile.nginx @@ -5,9 +5,6 @@ FROM scratch AS nginx-files ADD --link --chown=101:1001 https://cs.nginx.com/static/keys/nginx_signing.rsa.pub nginx_signing.rsa.pub FROM nginx:1.29.2-alpine-otel -# the following apk update and add are to address CVE-2025-59375, CVE-2025-8961/CVE-2025-9165, CVE-2025-9230, and CVE-2025-9231/CVE-2025-9232 respectively. -# once a new base image is available with these package updates, they can be removed. -RUN apk update && apk add --no-cache 'libexpat>=2.7.2-r0' 'tiff>=4.7.1-r0' 'libcrypto3>=3.5.4-r0' 'libssl3>=3.5.4-r0' # renovate: datasource=github-tags depName=nginx/agent ARG NGINX_AGENT_VERSION=v3.3.2