Mercurial > hg > nginx-site
diff text/en/CHANGES @ 2272:3fa4584907b8
nginx-1.15.6, nginx-1.14.1
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Tue, 06 Nov 2018 17:51:30 +0300 |
| parents | 8cc7642ba82e |
| children | 83f1b1e6d8a9 |
line wrap: on
line diff
--- a/text/en/CHANGES +++ b/text/en/CHANGES @@ -1,4 +1,24 @@ +Changes with nginx 1.15.6 06 Nov 2018 + + *) Security: when using HTTP/2 a client might cause excessive memory + consumption (CVE-2018-16843) and CPU usage (CVE-2018-16844). + + *) Security: processing of a specially crafted mp4 file with the + ngx_http_mp4_module might result in worker process memory disclosure + (CVE-2018-16845). + + *) Feature: the "proxy_socket_keepalive", "fastcgi_socket_keepalive", + "grpc_socket_keepalive", "memcached_socket_keepalive", + "scgi_socket_keepalive", and "uwsgi_socket_keepalive" directives. + + *) Bugfix: if nginx was built with OpenSSL 1.1.0 and used with OpenSSL + 1.1.1, the TLS 1.3 protocol was always enabled. + + *) Bugfix: working with gRPC backends might result in excessive memory + consumption. + + Changes with nginx 1.15.5 02 Oct 2018 *) Bugfix: a segmentation fault might occur in a worker process when