Mercurial > hg > nginx-site

comparison text/en/CHANGES @ 1645:d4b29af80036

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
nginx-1.9.10, nginx-1.8.1
author Maxim Dounin <mdounin@mdounin.ru>
date Tue, 26 Jan 2016 18:30:39 +0300
parents 822415181fb7
children f2d83fc969b1
comparison
equal deleted inserted replaced
1644:52033e4b0063 1645:d4b29af80036
1
2 Changes with nginx 1.9.10 26 Jan 2016
3
4 *) Security: invalid pointer dereference might occur during DNS server
5 response processing if the "resolver" directive was used, allowing an
6 attacker who is able to forge UDP packets from the DNS server to
7 cause segmentation fault in a worker process (CVE-2016-0742).
8
9 *) Security: use-after-free condition might occur during CNAME response
10 processing if the "resolver" directive was used, allowing an attacker
11 who is able to trigger name resolution to cause segmentation fault in
12 a worker process, or might have potential other impact
13 (CVE-2016-0746).
14
15 *) Security: CNAME resolution was insufficiently limited if the
16 "resolver" directive was used, allowing an attacker who is able to
17 trigger arbitrary name resolution to cause excessive resource
18 consumption in worker processes (CVE-2016-0747).
19
20 *) Feature: the "auto" parameter of the "worker_cpu_affinity" directive.
21
22 *) Bugfix: the "proxy_protocol" parameter of the "listen" directive did
23 not work with IPv6 listen sockets.
24
25 *) Bugfix: connections to upstream servers might be cached incorrectly
26 when using the "keepalive" directive.
27
28 *) Bugfix: proxying used the HTTP method of the original request after
29 an "X-Accel-Redirect" redirection.
30
1 31
2 Changes with nginx 1.9.9 09 Dec 2015 32 Changes with nginx 1.9.9 09 Dec 2015
3 33
4 *) Bugfix: proxying to unix domain sockets did not work when using 34 *) Bugfix: proxying to unix domain sockets did not work when using
5 variables; the bug had appeared in 1.9.8. 35 variables; the bug had appeared in 1.9.8.