Nginx security vulnerability for versions 0.6.x < 1.20.1
Good morning,
I have Nessus scans done on the systems I manage and I received a hit against the Nginx version bundled with the Omnibus package - see https://www.tenable.com/plugins/nessus/150154. This corresponds to a very recent CVE - see http://mailman.nginx.org/pipermail/nginx-announce/2021/000300.html. I was looking at the Omnibus version of Nginx and saw that it was 1.18 for Omnibus EE 13.12.2-ee.0. Is there a reason why Nginx cannot be updated to a later version as part of the Omnibus? If so I can manage Nginx separately, but would prefer to continue using the Omnibus package to avoid conflicts or undesired behaviours.
Thank you for your time and assistance,
Adam Brousseau