Hi, On 10.09.2021 09:42, 暗花 wrote: > Dear Sir/ Madam, > > I'm a college student from Malaysia, I would like to develop a secure > web application for my final year project, I love nginx so much. So I > got a question about the nginx legacy versions(e.g nginx 1.14.0), it's > still supported by the nginx team. > > I mean if some bug hunter found some cve or hacker attack, or > vulnerability found for the legacy version, will I be able to get the > security patch release from your official web? > > It's wise to use the legacy version? or should i choose the latest > version, as i am building a secure web app. > Any releases from the nginx-1.14 branch are not supported for sure.
For nginx open source we support the mainline and stable branches, which are 1.21 and 1.20 at the moment. You can learn more about how the mainline and stable nginx branches work in the blog post written a couple of years ago and dedicated to nginx 1.18 and 1.19 branches. https://www.nginx.com/blog/nginx-1-18-1-19-released/ I personally see no reasons to choose 1.14 releases these days and would encourage you to use the latest releases from the current mainline or stable (which is much more more conservative comparing to the mainline) branches such as nginx-1.21.3 or nginx-1.20.1, see http://nginx.org/en/download.html Just a reminder that we have a service that exposes the latest versions of various products we develop and maintain, i.e.: http://version.nginx.com/nginx/mainline http://version.nginx.com/nginx/stable -- Maxim Konovalov _______________________________________________ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
