Nginx-1.9.10

Changes with nginx 1.9.10 26 Jan
2016

*) Security: invalid pointer dereference might occur during DNS 

server
response processing if the “resolver” directive was used,
allowing an
attacker who is able to forge UDP packets from the DNS server to
cause segmentation fault in a worker process (CVE-2016-0742).

*) Security: use-after-free condition might occur during CNAME 

response
processing if the “resolver” directive was used, allowing an
attacker
who is able to trigger name resolution to cause segmentation
fault in
a worker process, or might have potential other impact
(CVE-2016-0746).

*) Security: CNAME resolution was insufficiently limited if the
   "resolver" directive was used, allowing an attacker who is able 

to
trigger arbitrary name resolution to cause excessive resource
consumption in worker processes (CVE-2016-0747).

*) Feature: the "auto" parameter of the "worker_cpu_affinity" 

directive.

*) Bugfix: the "proxy_protocol" parameter of the "listen" directive 

did
not work with IPv6 listen sockets.

*) Bugfix: connections to upstream servers might be cached 

incorrectly
when using the “keepalive” directive.

*) Bugfix: proxying used the HTTP method of the original request 

after
an “X-Accel-Redirect” redirection.

–
Maxim D.
http://nginx.org/

Thanks updated to 1.9.10 fine with ngx_brotli + ngx_pagespeed 1.10
branch

Posted at Nginx Forum:

Hello Nginx users,

Now available: Nginx 1.9.10 for Windows
https://kevinworthington.com/nginxwin1910 (32-bit and 64-bit versions)

These versions are to support legacy users who are already using Cygwin
based builds of Nginx. Officially supported native Windows binaries are
at
nginx.org.

Announcements are also available here:
Twitter http://twitter.com/kworthington
Google+ https://plus.google.com/+KevinWorthington/

Thank you,
Kevin

Kevin W.
kworthington @ (gmail] [dot} {com)

http://twitter.com/kworthington
https://plus.google.com/+KevinWorthington/