Last checked and updated on 10 Jun 2026
What Is New in NGINX 1.18
NGINX 1.18 brings incremental improvements focused on core functionality and bug fixes. This release continues the stable branch's tradition of reliability rather than introducing flashy new features.
| Category | Key Changes |
|---|---|
| New Features | None introduced in this specific release. |
| Improvements | Handling of HTTP/2 requests; SSL-related operations. |
| Bug Fixes | Memory leaks; issues with HTTP/2, the proxy module, and the gzip filter. |
| Security | No specific CVEs addressed in these noted changes. |
What core server improvements were made?
The most significant work was under the hood, fixing leaks and improving protocol handling. A memory leak occurring during SSL operations was patched, which is crucial for long-running, high-traffic servers where even small leaks add up.
Another fix addressed a potential issue in the HTTP/2 implementation that could lead to excessive memory consumption when dealing with certain types of requests. This makes the HTTP/2 implementation more robust for modern web applications.
Were there any module-specific fixes?
Yes, several key modules received attention. The gzip filter was fixed to properly handle responses with the Vary header, preventing potential problems with caching intermediaries.
In the proxy module, a bug was squashed where the "proxy_cache_background_update" directive might not work as expected. This ensures cached content updates correctly without serving stale data to users.
How does this affect my current configuration?
For most users, upgrading to 1.18 from a previous 1.18.x version will be seamless. Your existing configs will work exactly the same, but with slightly better stability and resource management.
If you're using HTTP/2 or heavily relying on SSL termination, you'll benefit directly from the memory-related fixes. There are no new directives to learn or deprecated features to migrate away from in this release.
FAQ
Does NGINX 1.18 add any new HTTP directives?
No, this release does not introduce any new configuration directives. The changes are focused on bug fixes and internal improvements.
I use HTTP/2 extensively. Should I upgrade?
Yes, the fix for an issue that could cause excessive memory consumption under certain HTTP/2 request conditions directly improves stability for HTTP/2 users.
Was there a security patch (CVE) in this release?
Based on the official changelog, NGINX 1.18 did not address any specific CVEs. It was a maintenance release focused on stability.
What was the gzip filter fix about?
It corrected how responses with a Vary header were handled, ensuring proper behavior with caching systems to avoid serving the wrong compressed content.
Is it safe to upgrade from NGINX 1.16?
While always test in staging first, moving from 1.16 to 1.18 should be low risk. You gain multiple bug fixes from the 1.17 and 1.18 branches without major breaking changes.