Mercurial > hg > nginx-site
comparison text/en/CHANGES-1.8 @ 1645:d4b29af80036
nginx-1.9.10, nginx-1.8.1
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Tue, 26 Jan 2016 18:30:39 +0300 |
| parents | b5851f3b7347 |
| children |
comparison
equal
deleted
inserted
replaced
| 1644:52033e4b0063 | 1645:d4b29af80036 |
|---|---|
| 1 | |
| 2 Changes with nginx 1.8.1 26 Jan 2016 | |
| 3 | |
| 4 *) Security: invalid pointer dereference might occur during DNS server | |
| 5 response processing if the "resolver" directive was used, allowing an | |
| 6 attacker who is able to forge UDP packets from the DNS server to | |
| 7 cause segmentation fault in a worker process (CVE-2016-0742). | |
| 8 | |
| 9 *) Security: use-after-free condition might occur during CNAME response | |
| 10 processing if the "resolver" directive was used, allowing an attacker | |
| 11 who is able to trigger name resolution to cause segmentation fault in | |
| 12 a worker process, or might have potential other impact | |
| 13 (CVE-2016-0746). | |
| 14 | |
| 15 *) Security: CNAME resolution was insufficiently limited if the | |
| 16 "resolver" directive was used, allowing an attacker who is able to | |
| 17 trigger arbitrary name resolution to cause excessive resource | |
| 18 consumption in worker processes (CVE-2016-0747). | |
| 19 | |
| 20 *) Bugfix: the "proxy_protocol" parameter of the "listen" directive did | |
| 21 not work if not specified in the first "listen" directive for a | |
| 22 listen socket. | |
| 23 | |
| 24 *) Bugfix: nginx might fail to start on some old Linux variants; the bug | |
| 25 had appeared in 1.7.11. | |
| 26 | |
| 27 *) Bugfix: a segmentation fault might occur in a worker process if the | |
| 28 "try_files" and "alias" directives were used inside a location given | |
| 29 by a regular expression; the bug had appeared in 1.7.1. | |
| 30 | |
| 31 *) Bugfix: the "try_files" directive inside a nested location given by a | |
| 32 regular expression worked incorrectly if the "alias" directive was | |
| 33 used in the outer location. | |
| 34 | |
| 35 *) Bugfix: "header already sent" alerts might appear in logs when using | |
| 36 cache; the bug had appeared in 1.7.5. | |
| 37 | |
| 38 *) Bugfix: a segmentation fault might occur in a worker process if | |
| 39 different ssl_session_cache settings were used in different virtual | |
| 40 servers. | |
| 41 | |
| 42 *) Bugfix: the "expires" directive might not work when using variables. | |
| 43 | |
| 44 *) Bugfix: if nginx was built with the ngx_http_spdy_module it was | |
| 45 possible to use the SPDY protocol even if the "spdy" parameter of the | |
| 46 "listen" directive was not specified. | |
| 47 | |
| 1 | 48 |
| 2 Changes with nginx 1.8.0 21 Apr 2015 | 49 Changes with nginx 1.8.0 21 Apr 2015 |
| 3 | 50 |
| 4 *) 1.8.x stable branch. | 51 *) 1.8.x stable branch. |
| 5 | 52 |