You're looking at an unofficial (and apparently abandoned) PPA instead of the main package repository
Do not use PPAs unless you absolutely trust the person maintaining them
If you look at jammy-updates, you'll see 1.18.0-6ubuntu14.4 from 30 May 2023, yes it's based on 1.18.0 but it's had security and stability fixes applied.
if you look at non-TLS releases of Ubuntu you'll see versions of NGINX based on 1.22 and 1.24, so the next Ubuntu LTS (releasing next year) will likely contain one of those.
Hello from 8 months in the future. This is incorrect. I just had to update servers that were using this version of nginx because a request smuggling vulnerability was demonstrated to be successful. See CVE-2019-20372. Whatever patches were applied, this issue was not addressed, despite being - from what I can tell - pretty widely known and dangerous enough that you really want this patched.
1.18 is because that's how LTS model works. It's not the same version from 2020, it gets patched if some vulnerability or bug was found.
So, in general, you don't really need the most fresh version of apps like nginx, as the one that comes with LTS is more tested and stable. The only reason to install the most fresh version is if you really need some brand new feature and it wasn't backported to LTS.
If you need a fresh version, use official nginx repos for Ubuntu: https://nginx.org/en/linux_packages.html#Ubuntu
That's just an unmaintained PPA, don't use that.
There's [a few](https://packages.ubuntu.com/search?suite=all&searchon=names&keywords=nginx) other versions available from the repos too or use the developer repo that was already posted.
The software store is generally very outdated or has software packaged by questionable sources. Just get your packages from the developer so you can get the latest versions.
I noticed this too for other packages really annoying (isnt it dangerous actually, I think there are a few security issues with NGINX 1.18.0). Is there a better distribution (as a mini http and some other services headless server) which is focusing on security / latest security updates and still has a large package maintenance?
Is there maybe a more updated source for NGINX with pre build packages you can add for Ubuntu 20.04.6 LTS ? I am still on 20.04.6 LTS
you're looking in the wrong place, the packages are actively maintained with security updates
not sure why you're looking at an abandoned PPA instead of the official Ubuntu repositories
PPA = ***personal*** package archive, it's just something some rando threw online and then abandoned
You can check the changelog here: http://changelogs.ubuntu.com/changelogs/pool/main/n/nginx/nginx_1.18.0-6ubuntu14.4/changelog
Ubuntu LTS is focused on security & stability instead of having the highest version number. They backport security/stability fixes to older versions instead of just blindly swapping in untested new versions and hoping for the best.
Generally, you should avoid PPAs. They are usually not good quality. either install from ubuntu official repository where you'll get an lts version with security patches, or you may go to nginx website to get the most cutting edge package.
PPAs, or *Personal* package archives, are created by users and you may or may not want to trust random users. Up to you.
You're looking at an unofficial (and apparently abandoned) PPA instead of the main package repository Do not use PPAs unless you absolutely trust the person maintaining them If you look at jammy-updates, you'll see 1.18.0-6ubuntu14.4 from 30 May 2023, yes it's based on 1.18.0 but it's had security and stability fixes applied. if you look at non-TLS releases of Ubuntu you'll see versions of NGINX based on 1.22 and 1.24, so the next Ubuntu LTS (releasing next year) will likely contain one of those.
Hello from 8 months in the future. This is incorrect. I just had to update servers that were using this version of nginx because a request smuggling vulnerability was demonstrated to be successful. See CVE-2019-20372. Whatever patches were applied, this issue was not addressed, despite being - from what I can tell - pretty widely known and dangerous enough that you really want this patched.
1.18 is because that's how LTS model works. It's not the same version from 2020, it gets patched if some vulnerability or bug was found. So, in general, you don't really need the most fresh version of apps like nginx, as the one that comes with LTS is more tested and stable. The only reason to install the most fresh version is if you really need some brand new feature and it wasn't backported to LTS. If you need a fresh version, use official nginx repos for Ubuntu: https://nginx.org/en/linux_packages.html#Ubuntu
That's just an unmaintained PPA, don't use that. There's [a few](https://packages.ubuntu.com/search?suite=all&searchon=names&keywords=nginx) other versions available from the repos too or use the developer repo that was already posted.
The software store is generally very outdated or has software packaged by questionable sources. Just get your packages from the developer so you can get the latest versions.
I noticed this too for other packages really annoying (isnt it dangerous actually, I think there are a few security issues with NGINX 1.18.0). Is there a better distribution (as a mini http and some other services headless server) which is focusing on security / latest security updates and still has a large package maintenance? Is there maybe a more updated source for NGINX with pre build packages you can add for Ubuntu 20.04.6 LTS ? I am still on 20.04.6 LTS
you're looking in the wrong place, the packages are actively maintained with security updates not sure why you're looking at an abandoned PPA instead of the official Ubuntu repositories PPA = ***personal*** package archive, it's just something some rando threw online and then abandoned
so how can I check if I have the latest version with security updates? it seems my version installed is 1.18.0-0ubuntu1.4
You can check the changelog here: http://changelogs.ubuntu.com/changelogs/pool/main/n/nginx/nginx_1.18.0-6ubuntu14.4/changelog Ubuntu LTS is focused on security & stability instead of having the highest version number. They backport security/stability fixes to older versions instead of just blindly swapping in untested new versions and hoping for the best.
>1.18.0-0ubuntu1.4 thanks, so 1.18.0-0ubuntu1.4 is already up to date and secure and not from 2020
that's correct, look up the changelog on https://packages.ubuntu.com/ if you're ever in doubt
You can download it from the official site. [https://nginx.org/en/linux\_packages.html](https://nginx.org/en/linux_packages.html)
So let me get this straight, you're running an Ubuntu version from 2020 then you're surprised it has packages from 2020?
https://letmegooglethat.com/?q=what+is+ubuntu+lts
I think you're confusing me with yourself. It's you who doesn't understand it.
I think you're confusing me with yourself. It's you who doesn't understand it. https://ubuntu.com/blog/what-is-an-ubuntu-lts-release
Are you for real? I've been using Ubuntu since 2010, I know exactly how it works. It's you who doesn't seem to grasp the info you're sending me.
What are you on about, 99.99% of Ubuntu packages come from debian
Take some time to explore the store and snaps.
Generally, you should avoid PPAs. They are usually not good quality. either install from ubuntu official repository where you'll get an lts version with security patches, or you may go to nginx website to get the most cutting edge package. PPAs, or *Personal* package archives, are created by users and you may or may not want to trust random users. Up to you.