This release includes a comprehensive set of upstream security patches addressing multiple vulnerabilities across core NGINX modules, improving overall stability and hardening key request-handling paths. 

• Fixed WebDAV module buffer overflow
  Resolved a vulnerability in ngx_http_dav_module where specially crafted requests could cause memory corruption, potentially leading to crashes or arbitrary code execution.
• Fixed MP4 streaming module buffer overflows
  Fixed multiple vulnerabilities in ngx_http_mp4_module where malformed MP4 files or requests could trigger memory corruption and destabilize the server.
• Fixed NULL pointer dereference in authentication methods
  Corrected a flaw in CRAM-MD5 and APOP authentication that could cause NGINX to crash when handling invalid authentication data.
• Fixed injection vulnerability in mail proxy (auth_http and XCLIENT)
  Patched an issue that could allow injection of unintended commands or data during mail authentication or client identification.
• Fixed OCSP validation bypass in stream module
  Closed a gap where SSL certificate revocation checks (OCSP) could be bypassed under certain configurations, improving TLS validation.
• Fixed SSL upstream injection issue
  Resolved a vulnerability that could allow manipulation of data in SSL connections to upstream servers.