Last checked and updated on 10 Jun 2026
What is new in NGINX 1.28
NGINX 1.28 is the new stable branch released in April 2025. It incorporates all features and improvements from the 1.27 mainline series, with a strong focus on performance optimizations, better resource usage, and enhanced support for modern protocols like QUIC and HTTP/3.
This version brings significant improvements in handling complex SSL configurations, dynamic DNS resolution for upstreams, and congestion control for QUIC connections. It is ideal for production environments that need stability combined with the latest performance and security enhancements.
Key Features and Improvements
NGINX 1.28 includes the following major enhancements from the previous mainline branch:
| Area | Description |
|---|---|
| SSL Configuration Optimization | Reduced memory usage and CPU consumption when working with complex SSL setups involving many certificates and keys. |
| Dynamic DNS Resolution | Automatic re-resolution of hostnames in upstream server groups without requiring a configuration reload. |
| QUIC Performance | Added support for the CUBIC congestion control algorithm, delivering better throughput on high-latency and high-bandwidth networks. |
| Stream Module Enhancements | Support for OCSP checking of client certificates and OCSP Stapling in the stream module. |
| SSL Certificate Caching | Certificates, private keys, and CRLs are now cached at startup and during configuration reloads for faster processing. |
Bug Fixes
NGINX 1.28 addresses important build-related issues carried over from the mainline branch:
- Fixed compilation failure with GCC 15 when the HTTP/2 or HTTP/3 modules are enabled.
- Resolved build problems with GCC 14 and newer versions when using
-O3 -fltooptimization together with the HTTP/3 module.
Additionally, this stable release includes all security fixes and bug fixes from the 1.27.x mainline versions up to 1.27.5.
How does dynamic DNS resolution work in NGINX 1.28?
NGINX 1.28 can now automatically update the IP addresses of upstream servers when their hostnames change in DNS. This happens without needing to reload the configuration, making it much easier to manage upstreams behind dynamic DNS or cloud environments where backend addresses may change frequently.
What are the benefits of CUBIC congestion control for QUIC in NGINX 1.28?
The new CUBIC algorithm improves data transfer speeds significantly on networks with high latency and high bandwidth-delay product (BDP). In real-world tests, it delivered up to 73% faster transfer times for large files compared to previous congestion control methods.
Why choose NGINX 1.28 for production?
As the current stable branch, NGINX 1.28 offers a balanced mix of new performance features, security improvements, and long-term stability. It is recommended for most production deployments that want the latest optimizations without the frequent changes of the mainline branch.
FAQ
What is the difference between NGINX 1.28 and the mainline branch?
NGINX 1.28 is the stable branch. It receives only bug fixes and security updates, while the mainline branch (currently 1.29.x) continues to receive new features and experimental improvements.
Does NGINX 1.28 support HTTP/3 and QUIC?
Yes. It includes all HTTP/3 and QUIC improvements from the 1.27 mainline, including the new CUBIC congestion control for better performance.
Are there build fixes in NGINX 1.28?
Yes. This release fixes compilation issues with recent versions of GCC (14 and 15) when using the HTTP/2 or HTTP/3 modules, including problems with link-time optimization.
Should I upgrade from NGINX 1.26 to NGINX 1.28?
Yes, especially if you use complex SSL configurations, dynamic upstreams, or HTTP/3. The performance gains in SSL handling and QUIC make the upgrade worthwhile for most users. Always test in a staging environment before moving to production.
Does NGINX 1.28 include security fixes?
Yes. As a stable release, it includes all important security patches from the preceding mainline versions.