Merge PR "[AUTO-CHERRYPICK] [AUTOPATCHER-CORE] Upgrade nginx to 1.28.3 for CVE-2026-27654, CVE-2026-27784, CVE-2026-32647, CVE-2026-27651, CVE-2026-28753, CVE-2026-28755 [High] - branch 3.0-dev" #16318

CBL-Mariner-Bot · Kanishk-Bansal · web-flow · commit a3b69cf457c5 · 2026-03-26T18:41:32.000-07:00
Co-authored-by: Kanishk Bansal &lt;103916909+Kanishk-Bansal@users.noreply.github.com&gt;
diff --git a/SPECS/nginx/nginx.signatures.json b/SPECS/nginx/nginx.signatures.json
@@ -1,8 +1,8 @@
 {
- "Signatures": {
-  "nginx-1.28.2.tar.gz": "20e5e0f2c917acfb51120eec2fba9a4ba4e1e10fd28465067cc87a7d81a829a3",
-  "nginx-njs-0.9.4.tar.gz": "7b3a9f14b0f09311d9031c2a252cb0e23c06baac2e586a7d12c75aa6cba4ca0e",
-  "nginx-tests.tgz": "5847fdc454543df77e07026e7de737f9e7ff093c8ce4afcbc2093a64e570ff83",
-  "nginx.service": "73a1321ae35eafc4e02614cde224fc0bf20ceba97f969b3373dd73c15c22a0e1"
- }
+  "Signatures": {
+    "nginx-njs-0.9.4.tar.gz": "7b3a9f14b0f09311d9031c2a252cb0e23c06baac2e586a7d12c75aa6cba4ca0e",
+    "nginx-tests.tgz": "5847fdc454543df77e07026e7de737f9e7ff093c8ce4afcbc2093a64e570ff83",
+    "nginx.service": "73a1321ae35eafc4e02614cde224fc0bf20ceba97f969b3373dd73c15c22a0e1",
+    "nginx-1.28.3.tar.gz": "2c96a946bfb0882a21744ed429770a2123ae1828c7c48665092993ddee91a918"
+  }
 }
diff --git a/SPECS/nginx/nginx.spec b/SPECS/nginx/nginx.spec
@@ -5,7 +5,7 @@ Summary:        High-performance HTTP server and reverse proxy
 Name:           nginx
 # Currently on "stable" version of nginx from https://nginx.org/en/download.html.
 # Note: Stable versions are even (1.20), mainline versions are odd (1.21)
-Version:        1.28.2
+Version:        1.28.3
 Release:        1%{?dist}
 License:        BSD-2-Clause
 Vendor:         Microsoft Corporation
@@ -167,6 +167,9 @@ rm -rf nginx-tests
 %dir %{_sysconfdir}/%{name}
 
 %changelog
+* Thu Mar 26 2026 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 1.28.3-1
+- Auto-upgrade to 1.28.3 - for CVE-2026-27654, CVE-2026-27784, CVE-2026-32647, CVE-2026-27651, CVE-2026-28753, CVE-2026-28755
+
 * Tue Feb 10 2026 Akarsh Chaudhary <v-akarshc@microsoft.com> - 1.28.2-1
 - Upgrade to version 1.28.2 (fixes CVE-2026-1642).
 
@@ -183,7 +186,7 @@ rm -rf nginx-tests
 - Enable webdav module
 - Added tests to verify nginx server and its supported modules
 
-* Tue Feb 10 2025 Mitch Zhu <mitchzhu@microsoft.com> - 1.25.4-3
+* Mon Feb 10 2025 Mitch Zhu <mitchzhu@microsoft.com> - 1.25.4-3
 - Fix CVE-2025-23419
 
 * Tue Aug 20 2024 Cameron Baird <cameronbaird@microsoft.com> - 1.25.4-2
diff --git a/cgmanifest.json b/cgmanifest.json
@@ -14392,8 +14392,8 @@
         "type": "other",
         "other": {
           "name": "nginx",
-          "version": "1.28.2",
-          "downloadUrl": "https://nginx.org/download/nginx-1.28.2.tar.gz"
+          "version": "1.28.3",
+          "downloadUrl": "https://nginx.org/download/nginx-1.28.3.tar.gz"
         }
       }
     },

Original file line number	Diff line number	Diff line change
`@@ -14392,8 +14392,8 @@`
`14392`	`14392`	`"type": "other",`
`14393`	`14393`	`"other": {`
`14394`	`14394`	`"name": "nginx",`
`14395`		`- "version": "1.28.2",`
`14396`		`- "downloadUrl": "https://nginx.org/download/nginx-1.28.2.tar.gz"`
	`14395`	`+ "version": "1.28.3",`
	`14396`	`+ "downloadUrl": "https://nginx.org/download/nginx-1.28.3.tar.gz"`
`14397`	`14397`	`}`
`14398`	`14398`	`}`
`14399`	`14399`	`},`