bunkerity
diff --git a/‎.github/ISSUE_TEMPLATE/bug_report.yml‎
Lines changed: 1 addition & 1 deletion b/‎.github/ISSUE_TEMPLATE/bug_report.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/staging.yml‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/staging.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎CHANGELOG.md‎
Lines changed: 5 additions & 1 deletion b/‎CHANGELOG.md‎
Lines changed: 5 additions & 1 deletion
diff --git a/‎README.md‎
Lines changed: 43 additions & 43 deletions b/‎README.md‎
Lines changed: 43 additions & 43 deletions
@@ -51,7 +51,7 @@ body:
       label: BunkerWeb version
       description: What version of BunkerWeb are you running?
       placeholder: Version
-      value: 1.6.10
+      value: 1.6.11
     validations:
       required: true
   - type: dropdown
 
@@ -4,7 +4,7 @@ permissions: read-all
 
 on:
   push:
-    branches: [staging]
+    branches: [staging, fix-cve]
   workflow_dispatch:
 
 jobs:
 
@@ -1,6 +1,10 @@
 # Changelog
 
-## v1.6.10
+## v1.6.11 - 2026/05/23
+
+- [SECURITY] `nginx`: update nginx to 1.30.2 (except for Fedora as it is not yet available) to fix CVE-2026-9256 — a heap buffer overflow in `ngx_http_rewrite_module` with overlapping captures that could lead to worker-process arbitrary code execution.
+
+## v1.6.10 - 2026/05/19
 
 - [SECURITY] `nginx` : update nginx to 1.30.1 to fix various CVEs
 - [BUGFIX] `reverseproxy`: pin a `USE_UI=yes` service upstream to HTTP/1.1 so a global `REVERSE_PROXY_HTTP_VERSION=2` no longer locks out the web UI. (Fixes #3550)