Hi folks,
Tengine-1.5.2 (stable version) has been released.
You can either checkout the source code from github:
GitHub - alibaba/tengine at stable or download the tar
ball directly:
http://tengine.taobao.org/download/tengine-1.5.2.tar.gz
We have fixed the security problem CVE-2013-4547. A character
following an unescaped space in a request line was handled
incorrectly. This bug had appeared since 1.2.0.
The full change log follows below:
*) Security: a character following an unescaped space in a request
line
was handled incorrectly (CVE-2013-4547); the bug had appeared in
0.8.41. Thanks to Ivan Fratric of the Google Security Team.
*) Bugfix: fix a bug of ‘nodelay’ might be ignored in limit_req module.
(cfsego)
*) Bugfix: fix a bug in trim module when processing javascript comment.
(taoyuanyuan)
For those who don’t know Tengine, it is a free and open source
distribution of Nginx with some advanced features. See our website for
more details: http://tengine.taobao.org
Regards,
–
Weibin Y.
Developer @ Server Platform Team of Taobao