Mercurial > hg > nginx-site

diff text/en/CHANGES @ 487:2406529bc838

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
nginx-1.1.19, nginx-1.0.15
author Maxim Dounin <mdounin@mdounin.ru>
date Thu, 12 Apr 2012 13:23:53 +0000
parents 5efd5404094f
children 9b440a217907
line wrap: on
line diff
--- a/text/en/CHANGES
+++ b/text/en/CHANGES
@@ -1,4 +1,28 @@
 
+Changes with nginx 1.1.19                                        12 Apr 2012
+
+    *) Security: specially crafted mp4 file might allow to overwrite memory
+       locations in a worker process if the ngx_http_mp4_module was used,
+       potentially resulting in arbitrary code execution (CVE-2012-2089).
+       Thanks to Matthew Daley.
+
+    *) Bugfix: nginx/Windows might be terminated abnormally.
+       Thanks to Vincent Lee.
+
+    *) Bugfix: nginx hogged CPU if all servers in an upstream were marked as
+       "backup".
+
+    *) Bugfix: the "allow" and "deny" directives might be inherited
+       incorrectly if they were used with IPv6 addresses.
+
+    *) Bugfix: the "modern_browser" and "ancient_browser" directives might
+       be inherited incorrectly.
+
+    *) Bugfix: timeouts might be handled incorrectly on Solaris/SPARC.
+
+    *) Bugfix: in the ngx_http_mp4_module.
+
+
 Changes with nginx 1.1.18                                        28 Mar 2012
 
     *) Change: keepalive connections are no longer disabled for Safari by