Mercurial > hg > nginx-site
comparison text/en/CHANGES @ 1645:d4b29af80036
nginx-1.9.10, nginx-1.8.1
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Tue, 26 Jan 2016 18:30:39 +0300 |
parents | 822415181fb7 |
children | f2d83fc969b1 |
comparison
equal
deleted
inserted
replaced
1644:52033e4b0063 | 1645:d4b29af80036 |
---|---|
1 | |
2 Changes with nginx 1.9.10 26 Jan 2016 | |
3 | |
4 *) Security: invalid pointer dereference might occur during DNS server | |
5 response processing if the "resolver" directive was used, allowing an | |
6 attacker who is able to forge UDP packets from the DNS server to | |
7 cause segmentation fault in a worker process (CVE-2016-0742). | |
8 | |
9 *) Security: use-after-free condition might occur during CNAME response | |
10 processing if the "resolver" directive was used, allowing an attacker | |
11 who is able to trigger name resolution to cause segmentation fault in | |
12 a worker process, or might have potential other impact | |
13 (CVE-2016-0746). | |
14 | |
15 *) Security: CNAME resolution was insufficiently limited if the | |
16 "resolver" directive was used, allowing an attacker who is able to | |
17 trigger arbitrary name resolution to cause excessive resource | |
18 consumption in worker processes (CVE-2016-0747). | |
19 | |
20 *) Feature: the "auto" parameter of the "worker_cpu_affinity" directive. | |
21 | |
22 *) Bugfix: the "proxy_protocol" parameter of the "listen" directive did | |
23 not work with IPv6 listen sockets. | |
24 | |
25 *) Bugfix: connections to upstream servers might be cached incorrectly | |
26 when using the "keepalive" directive. | |
27 | |
28 *) Bugfix: proxying used the HTTP method of the original request after | |
29 an "X-Accel-Redirect" redirection. | |
30 | |
1 | 31 |
2 Changes with nginx 1.9.9 09 Dec 2015 | 32 Changes with nginx 1.9.9 09 Dec 2015 |
3 | 33 |
4 *) Bugfix: proxying to unix domain sockets did not work when using | 34 *) Bugfix: proxying to unix domain sockets did not work when using |
5 variables; the bug had appeared in 1.9.8. | 35 variables; the bug had appeared in 1.9.8. |