diff --git a/.circleci/config.yml b/.circleci/config.yml
index 5e9ff420d..fb1d85d18 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -105,7 +105,7 @@ executors:
   openresty:
     working_directory: /opt/app-root/apicast
     docker:
-      - image: quay.io/3scale/apicast-ci:openresty-1.21.4-5
+      - image: quay.io/3scale/apicast-ci:openresty-1.27.1-1
       - image: mirror.gcr.io/library/redis
     environment:
       TEST_NGINX_BINARY: openresty
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 10bb84cda..7c068ca4c 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -21,6 +21,9 @@ and this project adheres to [Semantic Versioning](http://semver.org/).
 - Bump lua-resty-openssl to 1.7.1 [PR #1580](https://github.com/3scale/APIcast/pull/1580)
 - Lock lua-resty-jit-uuid to 0.0.7 [PR #1581](https://github.com/3scale/APIcast/pull/1581)
 - Bump busted to 2.3.0 [PR #1582](https://github.com/3scale/APIcast/pull/1582)
+- Bump openresty to 1.27.1.2 [PR #1577](https://github.com/3scale/APIcast/pull/1577) [THREESCALE-14177](https://issues.redhat.com/browse/THREESCALE-14177)
+- Bump pcre to pcre2 10.47 [PR #1577](https://github.com/3scale/APIcast/pull/1577) [THREESCALE-14541](https://redhat.atlassian.net/browse/THREESCALE-14541)
+- Bump zlib to 1.3.1 [PR #1577](https://github.com/3scale/APIcast/pull/1577) [THREESCALE-12242](https://redhat.atlassian.net/browse/THREESCALE-12242)
 
 ### Removed
 
diff --git a/Dockerfile b/Dockerfile
index 149fe42be..be46967b0 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,6 +1,6 @@
 FROM registry.access.redhat.com/ubi9/ubi-minimal
 
-ARG OPENRESTY_RPM_VERSION="1.21.4-4.el9"
+ARG OPENRESTY_RPM_VERSION="1.27.1-1.el9"
 ARG LUAROCKS_VERSION="3.12.0"
 
 LABEL summary="The 3scale API gateway (APIcast) is an OpenResty application, which consists of two parts: NGINX configuration and Lua files." \
diff --git a/Dockerfile.devel b/Dockerfile.devel
index de41fa05f..ae3d654e6 100644
--- a/Dockerfile.devel
+++ b/Dockerfile.devel
@@ -1,6 +1,6 @@
 FROM registry.access.redhat.com/ubi9/ubi-minimal
 
-ARG OPENRESTY_RPM_VERSION="1.21.4-4.el9"
+ARG OPENRESTY_RPM_VERSION="1.27.1-1.el9"
 ARG LUAROCKS_VERSION="3.12.0"
 ARG LUAROVER_VERSION="0.2.3"
 
diff --git a/Makefile b/Makefile
index 671ec8e43..4c0d55e6f 100644
--- a/Makefile
+++ b/Makefile
@@ -13,7 +13,7 @@ NPROC ?= $(firstword $(shell nproc 2>/dev/null) 1)
 
 SEPARATOR="\n=============================================\n"
 
-DEVEL_IMAGE ?= quay.io/3scale/apicast-ci:openresty-1.21.4-5
+DEVEL_IMAGE ?= quay.io/3scale/apicast-ci:openresty-1.27.1-1
 DEVEL_DOCKERFILE ?= Dockerfile.devel
 
 RUNTIME_IMAGE ?= quay.io/3scale/apicast:latest
@@ -69,7 +69,7 @@ export COMPOSE_PROJECT_NAME
 #     docker push quay.io/3scale/apicast-ci:openresty-X.Y.Z-{release_number}
 # * update .circleci/config.yaml openresty executor with the image URL
 .PHONY: dev-build
-dev-build: export OPENRESTY_RPM_VERSION?=1.21.4
+dev-build: export OPENRESTY_RPM_VERSION?=1.27.1-1.el9
 dev-build: export LUAROCKS_VERSION?=3.12.0
 dev-build: IMAGE_NAME ?= apicast-development:latest
 dev-build: ## Build development image
diff --git a/docker-compose-devel.yml b/docker-compose-devel.yml
index 07e2d2f6d..aeef7468d 100644
--- a/docker-compose-devel.yml
+++ b/docker-compose-devel.yml
@@ -2,7 +2,7 @@
 version: '2.2'
 services:
   development:
-    image: ${IMAGE:-quay.io/3scale/apicast-ci:openresty-1.21.4-5}
+    image: ${IMAGE:-quay.io/3scale/apicast-ci:openresty-1.27.1-1}
     platform: "linux/amd64"
     depends_on:
       - redis
diff --git a/gateway/http.d/apicast.conf.liquid b/gateway/http.d/apicast.conf.liquid
index e22832821..dffe0935a 100644
--- a/gateway/http.d/apicast.conf.liquid
+++ b/gateway/http.d/apicast.conf.liquid
@@ -78,7 +78,8 @@ server {
   {% endif %}
 
   {% if https_port -%}
-    listen {{ https_port }} ssl http2 {% if https_proxy_protocol %}proxy_protocol{% endif %};
+    listen {{ https_port }} ssl {% if https_proxy_protocol %}proxy_protocol{% endif %};
+    http2 on;
 
     ssl_protocols TLSv1.2 TLSv1.3;
   {%- assign https_certificate = env.APICAST_HTTPS_CERTIFICATE -%}
diff --git a/gateway/src/apicast/mapping_rule.lua b/gateway/src/apicast/mapping_rule.lua
index a9d99e6e1..adc6eec0c 100644
--- a/gateway/src/apicast/mapping_rule.lua
+++ b/gateway/src/apicast/mapping_rule.lua
@@ -42,7 +42,7 @@ local function regexpify(pattern)
 
   pattern = re_gsub(pattern, [[\?.*]], '', 'oj')
   -- dollar sign is escaped by another $, see https://github.com/openresty/lua-nginx-module#ngxresub
-  pattern = re_gsub(pattern, [[\{.+?\}]], [[([\w-.~%!$$&'()*+,;=@:]+)]], 'oj')
+  pattern = re_gsub(pattern, [[\{.+?\}]], [[([\w\-.~%!$$&'()*+,;=@:]+)]], 'oj')
   pattern = re_gsub(pattern, [[\.]], [[\.]], 'oj')
   return pattern
 end
diff --git a/gateway/src/apicast/policy/rewrite_url_captures/named_args_matcher.lua b/gateway/src/apicast/policy/rewrite_url_captures/named_args_matcher.lua
index 851a52d4d..5b795d856 100644
--- a/gateway/src/apicast/policy/rewrite_url_captures/named_args_matcher.lua
+++ b/gateway/src/apicast/policy/rewrite_url_captures/named_args_matcher.lua
@@ -53,7 +53,7 @@ local function transform_rule_to_regex(match_rule)
   return re_gsub(
     match_rule,
     [[\{.+?\}]],
-    [[([\w-.~%!$$&'()*+,;=@:]+)]], -- Same as in the MappingRule module
+    [[([\w\-.~%!$$&'()*+,;=@:]+)]], -- Same as in the MappingRule module
     'oj'
   )
 end