We advise users to run the most recent release of the NGINX S3 Gateway, and we issue software updates to the most recent release.

The NGINX S3 Gateway in and of itself is an unsupported example of a collection of NGINX configuration, containers and njs scripts. However, NGINX itself is supported.

The F5 Security Incident Response Team (F5 SIRT) has an email alias that makes it easy to report potential security vulnerabilities.

• If you’re an F5 customer with an active support contract, please contact F5 Technical Support.
• If you aren’t an F5 customer, please report any potential or current instances of security vulnerabilities with any F5 product to the F5 Security Incident Response Team at [email protected]

For more information visit https://www.f5.com/services/support/report-a-vulnerability