Nginx-1.8.1

Changes with nginx 1.8.1 26 Jan
2016

*) Security: invalid pointer dereference might occur during DNS 

server
response processing if the “resolver” directive was used,
allowing an
attacker who is able to forge UDP packets from the DNS server to
cause segmentation fault in a worker process (CVE-2016-0742).

*) Security: use-after-free condition might occur during CNAME 

response
processing if the “resolver” directive was used, allowing an
attacker
who is able to trigger name resolution to cause segmentation
fault in
a worker process, or might have potential other impact
(CVE-2016-0746).

*) Security: CNAME resolution was insufficiently limited if the
   "resolver" directive was used, allowing an attacker who is able 

to
trigger arbitrary name resolution to cause excessive resource
consumption in worker processes (CVE-2016-0747).

*) Bugfix: the "proxy_protocol" parameter of the "listen" directive 

did
not work if not specified in the first “listen” directive for a
listen socket.

*) Bugfix: nginx might fail to start on some old Linux variants; the 

bug
had appeared in 1.7.11.

*) Bugfix: a segmentation fault might occur in a worker process if 

the
“try_files” and “alias” directives were used inside a location
given
by a regular expression; the bug had appeared in 1.7.1.

*) Bugfix: the "try_files" directive inside a nested location given 

by a
regular expression worked incorrectly if the “alias” directive
was
used in the outer location.

*) Bugfix: "header already sent" alerts might appear in logs when 

using
cache; the bug had appeared in 1.7.5.

*) Bugfix: a segmentation fault might occur in a worker process if
   different ssl_session_cache settings were used in different 

virtual
servers.

*) Bugfix: the "expires" directive might not work when using 

variables.

*) Bugfix: if nginx was built with the ngx_http_spdy_module it was
   possible to use the SPDY protocol even if the "spdy" parameter of 

the
“listen” directive was not specified.


Maxim D.
http://nginx.org/

Hello Nginx users,

Now available: Nginx 1.8.1 for Windows
https://kevinworthington.com/nginxwin181 (32-bit and 64-bit versions)

These versions are to support legacy users who are already using Cygwin
based builds of Nginx. Officially supported native Windows binaries are
at
nginx.org.

Announcements are also available here:
Twitter http://twitter.com/kworthington
Google+ https://plus.google.com/+KevinWorthington/

Thank you,
Kevin

Kevin W.
kworthington @ (gmail] [dot} {com)
http://kevinworthington.com/
http://twitter.com/kworthington
https://plus.google.com/+KevinWorthington/

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs