diff --git a/SPECS/nginx/CVE-2024-7347.patch b/SPECS/nginx/CVE-2024-7347.patch
deleted file mode 100644
index bbfad40576a..00000000000
--- a/SPECS/nginx/CVE-2024-7347.patch
+++ /dev/null
@@ -1,78 +0,0 @@
-From 7362d01658b61184108c21278443910da68f93b4 Mon Sep 17 00:00:00 2001
-From: Roman Arutyunyan <arut@nginx.com>
-Date: Mon, 12 Aug 2024 18:20:43 +0400
-Subject: [PATCH] Mp4: fixed buffer underread while updating stsz atom.
-
-While cropping an stsc atom in ngx_http_mp4_crop_stsc_data(), a 32-bit integer
-overflow could happen, which could result in incorrect seeking and a very large
-value stored in "samples".  This resulted in a large invalid value of
-trak->end_chunk_samples.  This value is further used to calculate the value of
-trak->end_chunk_samples_size in ngx_http_mp4_update_stsz_atom().  While doing
-this, a large invalid value of trak->end_chunk_samples could result in reading
-memory before stsz atom start.  This could potentially result in a segfault.
----
- src/http/modules/ngx_http_mp4_module.c | 7 ++++---
- 1 file changed, 4 insertions(+), 3 deletions(-)
-
-diff --git a/src/http/modules/ngx_http_mp4_module.c b/src/http/modules/ngx_http_mp4_module.c
-index 03175dea21..1cd017c274 100644
---- a/src/http/modules/ngx_http_mp4_module.c
-+++ b/src/http/modules/ngx_http_mp4_module.c
-@@ -3099,7 +3099,8 @@ static ngx_int_t
- ngx_http_mp4_crop_stsc_data(ngx_http_mp4_file_t *mp4,
-     ngx_http_mp4_trak_t *trak, ngx_uint_t start)
- {
--    uint32_t               start_sample, chunk, samples, id, next_chunk, n,
-+    uint64_t               n;
-+    uint32_t               start_sample, chunk, samples, id, next_chunk,
-                            prev_samples;
-     ngx_buf_t             *data, *buf;
-     ngx_uint_t             entries, target_chunk, chunk_samples;
-@@ -3160,7 +3161,7 @@ ngx_http_mp4_crop_stsc_data(ngx_http_mp4_file_t *mp4,
-                        "samples:%uD, id:%uD",
-                        start_sample, chunk, next_chunk - chunk, samples, id);
- 
--        n = (next_chunk - chunk) * samples;
-+        n = (uint64_t) (next_chunk - chunk) * samples;
- 
-         if (start_sample < n) {
-             goto found;
-@@ -3182,7 +3183,7 @@ ngx_http_mp4_crop_stsc_data(ngx_http_mp4_file_t *mp4,
-                    "sample:%uD, chunk:%uD, chunks:%uD, samples:%uD",
-                    start_sample, chunk, next_chunk - chunk, samples);
- 
--    n = (next_chunk - chunk) * samples;
-+    n = (uint64_t) (next_chunk - chunk) * samples;
- 
-     if (start_sample > n) {
-         ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
-From 88955b1044ef38315b77ad1a509d63631a790a0f Mon Sep 17 00:00:00 2001
-From: Roman Arutyunyan <arut@nginx.com>
-Date: Mon, 12 Aug 2024 18:20:45 +0400
-Subject: [PATCH] Mp4: rejecting unordered chunks in stsc atom.
-
-Unordered chunks could result in trak->end_chunk smaller than trak->start_chunk
-in ngx_http_mp4_crop_stsc_data().  Later in ngx_http_mp4_update_stco_atom()
-this caused buffer overread while trying to calculate trak->end_offset.
----
- src/http/modules/ngx_http_mp4_module.c | 7 +++++++
- 1 file changed, 7 insertions(+)
-
-diff --git a/src/http/modules/ngx_http_mp4_module.c b/src/http/modules/ngx_http_mp4_module.c
-index 1cd017c274..041ad263b5 100644
---- a/src/http/modules/ngx_http_mp4_module.c
-+++ b/src/http/modules/ngx_http_mp4_module.c
-@@ -3156,6 +3156,13 @@ ngx_http_mp4_crop_stsc_data(ngx_http_mp4_file_t *mp4,
- 
-         next_chunk = ngx_mp4_get_32value(entry->chunk);
- 
-+        if (next_chunk < chunk) {
-+            ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
-+                          "unordered mp4 stsc chunks in \"%s\"",
-+                          mp4->file.name.data);
-+            return NGX_ERROR;
-+        }
-+
-         ngx_log_debug5(NGX_LOG_DEBUG_HTTP, mp4->file.log, 0,
-                        "sample:%uD, chunk:%uD, chunks:%uD, "
-                        "samples:%uD, id:%uD",
diff --git a/SPECS/nginx/CVE-2025-23419.patch b/SPECS/nginx/CVE-2025-23419.patch
deleted file mode 100644
index eac62698187..00000000000
--- a/SPECS/nginx/CVE-2025-23419.patch
+++ /dev/null
@@ -1,72 +0,0 @@
-From 117654149dea3a5ff72eae8c9ff2484c35f77732 Mon Sep 17 00:00:00 2001
-From: Sergey Kandaurov <pluknet@nginx.com>
-Date: Wed, 22 Jan 2025 18:55:44 +0400
-Subject: [PATCH] SNI: added restriction for TLSv1.3 cross-SNI session
- resumption.
-
-In OpenSSL, session resumption always happens in the default SSL context,
-prior to invoking the SNI callback.  Further, unlike in TLSv1.2 and older
-protocols, SSL_get_servername() returns values received in the resumption
-handshake, which may be different from the value in the initial handshake.
-Notably, this makes the restriction added in b720f650b insufficient for
-sessions resumed with different SNI server name.
-
-Considering the example from b720f650b, previously, a client was able to
-request example.org by presenting a certificate for example.org, then to
-resume and request example.com.
-
-The fix is to reject handshakes resumed with a different server name, if
-verification of client certificates is enabled in a corresponding server
-configuration.
----
- src/http/ngx_http_request.c | 27 +++++++++++++++++++++++++--
- 1 file changed, 25 insertions(+), 2 deletions(-)
-
-diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c
-index 3cca57c..9593b7f 100644
---- a/src/http/ngx_http_request.c
-+++ b/src/http/ngx_http_request.c
-@@ -932,6 +932,31 @@ ngx_http_ssl_servername(ngx_ssl_conn_t *ssl_conn, int *ad, void *arg)
-         goto done;
-     }
- 
-+    sscf = ngx_http_get_module_srv_conf(cscf->ctx, ngx_http_ssl_module);
-+
-+#if (defined TLS1_3_VERSION                                                   \
-+     && !defined LIBRESSL_VERSION_NUMBER && !defined OPENSSL_IS_BORINGSSL)
-+
-+    /*
-+     * SSL_SESSION_get0_hostname() is only available in OpenSSL 1.1.1+,
-+     * but servername being negotiated in every TLSv1.3 handshake
-+     * is only returned in OpenSSL 1.1.1+ as well
-+     */
-+
-+    if (sscf->verify) {
-+        const char  *hostname;
-+
-+        hostname = SSL_SESSION_get0_hostname(SSL_get0_session(ssl_conn));
-+
-+        if (hostname != NULL && ngx_strcmp(hostname, servername) != 0) {
-+            c->ssl->handshake_rejected = 1;
-+            *ad = SSL_AD_ACCESS_DENIED;
-+            return SSL_TLSEXT_ERR_ALERT_FATAL;
-+        }
-+    }
-+
-+#endif
-+
-     hc->ssl_servername = ngx_palloc(c->pool, sizeof(ngx_str_t));
-     if (hc->ssl_servername == NULL) {
-         goto error;
-@@ -945,8 +970,6 @@ ngx_http_ssl_servername(ngx_ssl_conn_t *ssl_conn, int *ad, void *arg)
- 
-     ngx_set_connection_log(c, clcf->error_log);
- 
--    sscf = ngx_http_get_module_srv_conf(hc->conf_ctx, ngx_http_ssl_module);
--
-     c->ssl->buffer_size = sscf->buffer_size;
- 
-     if (sscf->ssl.ctx) {
--- 
-2.34.1
-
diff --git a/SPECS/nginx/nginx.signatures.json b/SPECS/nginx/nginx.signatures.json
index fa4c0b10854..0c1c15eaf93 100644
--- a/SPECS/nginx/nginx.signatures.json
+++ b/SPECS/nginx/nginx.signatures.json
@@ -1,7 +1,7 @@
 {
  "Signatures": {
-  "nginx-1.25.4.tar.gz": "760729901acbaa517996e681ee6ea259032985e37c2768beef80df3a877deed9",
-  "nginx-njs-0.8.3.tar.gz": "5e1341ee8c1dfce420ea6456475dafa7d5f4b9aed310faca32597cf4d221cfe0",
+  "nginx-1.28.0.tar.gz": "c6b5c6b086c0df9d3ca3ff5e084c1d0ef909e6038279c71c1c3e985f576ff76a",
+  "nginx-njs-0.9.3.tar.gz": "a1ad089a52ebd295489443faea3089d12df414f5da624446d6c2bf7d99ec36cb",
   "nginx-tests.tgz": "5847fdc454543df77e07026e7de737f9e7ff093c8ce4afcbc2093a64e570ff83",
   "nginx.service": "73a1321ae35eafc4e02614cde224fc0bf20ceba97f969b3373dd73c15c22a0e1"
  }
diff --git a/SPECS/nginx/nginx.spec b/SPECS/nginx/nginx.spec
index 9c73c8fc85f..f0911b6132d 100644
--- a/SPECS/nginx/nginx.spec
+++ b/SPECS/nginx/nginx.spec
@@ -1,12 +1,12 @@
 %global nginx_user nginx
-%global njs_version 0.8.3
+%global njs_version 0.9.3
 
 Summary:        High-performance HTTP server and reverse proxy
 Name:           nginx
 # Currently on "stable" version of nginx from https://nginx.org/en/download.html.
 # Note: Stable versions are even (1.20), mainline versions are odd (1.21)
-Version:        1.25.4
-Release:        6%{?dist}
+Version:        1.28.0
+Release:        1%{?dist}
 License:        BSD-2-Clause
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -20,9 +20,7 @@ Source2:        https://github.com/nginx/njs/archive/refs/tags/%{njs_version}.ta
 Source3:        nginx-tests.tgz
 %endif
 
-Patch0:         CVE-2024-7347.patch
-Patch1:         CVE-2025-23419.patch
-Patch2:         CVE-2025-53859.patch
+Patch1:         CVE-2025-53859.patch
 BuildRequires:  libxml2-devel
 BuildRequires:  libxslt-devel
 BuildRequires:  openssl-devel
@@ -165,6 +163,9 @@ rm -rf nginx-tests
 %dir %{_sysconfdir}/%{name}
 
 %changelog
+* Thu Oct 23 2025 Sandeep Karambelkar <skarambelkar@microsoft.com> - 1.28.0-1
+- Upgrade to 1.28.0 Upstream Stable Version
+
 * Tue Sep 09 2025 Mayank Singh <mayansingh@microsoft.com> - 1.25.4-6
 - Enable stream ssl preread module
 
diff --git a/cgmanifest.json b/cgmanifest.json
index 416e4c4435e..96ec3ece316 100644
--- a/cgmanifest.json
+++ b/cgmanifest.json
@@ -14372,8 +14372,8 @@
         "type": "other",
         "other": {
           "name": "nginx",
-          "version": "1.25.4",
-          "downloadUrl": "https://nginx.org/download/nginx-1.25.4.tar.gz"
+          "version": "1.28.0",
+          "downloadUrl": "https://nginx.org/download/nginx-1.28.0.tar.gz"
         }
       }
     },