Forum: NGINX Tengine-1.5.2 is released (fix CVE-2013-4547)

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
8a92465c849dda1cd172e8727e5c77d2?d=identicon&s=25 Weibin Yao (yaoweibin)
on 2013-11-22 12:06
(Received via mailing list)
Hi folks,

Tengine-1.5.2 (stable version) has been released.
You can either checkout the source code from github:
https://github.com/alibaba/tengine/tree/stable or download the tar
ball directly:
http://tengine.taobao.org/download/tengine-1.5.2.tar.gz

We have fixed the security problem CVE-2013-4547. A character
following an unescaped space in a request line was handled
incorrectly. This bug had appeared since 1.2.0.

The full change log follows below:
  *) Security: a character following an unescaped space in a request
line
       was handled incorrectly (CVE-2013-4547); the bug had appeared in
       0.8.41. Thanks to Ivan Fratric of the Google Security Team.

 *) Bugfix: fix a bug of 'nodelay' might be ignored in limit_req module.
      (cfsego)

 *) Bugfix: fix a bug in trim module when processing javascript comment.
      (taoyuanyuan)

For those who don't know Tengine, it is a free and open source
distribution of Nginx with some advanced features. See our website for
more details: http://tengine.taobao.org

Regards,

--
Weibin Yao
Developer @ Server Platform Team of Taobao
This topic is locked and can not be replied to.