nginx 1.1.19 *) Security: specially crafted mp4 file might allow to overwrite memory locations in a worker process if the ngx_http_mp4_module was used, potentially resulting in arbitrary code execution (CVE-2012-2089). Thanks to Matthew Daley. *) Bugfix: nginx/Windows might be terminated abnormally. Thanks to Vincent Lee. *) Bugfix: nginx hogged CPU if all servers in an upstream were marked as "backup". *) Bugfix: the "allow" and "deny" directives might be inherited incorrectly if they were used with IPv6 addresses. *) Bugfix: the "modern_browser" and "ancient_browser" directives might be inherited incorrectly. *) Bugfix: timeouts might be handled incorrectly on Solaris/SPARC. *) Bugfix: in the ngx_http_mp4_module.

--- a/src/http/modules/ngx_http_access_module.c
+++ b/src/http/modules/ngx_http_access_module.c
@@ -351,14 +351,19 @@ ngx_http_access_merge_loc_conf(ngx_conf_
     ngx_http_access_loc_conf_t  *prev = parent;
     ngx_http_access_loc_conf_t  *conf = child;
 
+#if (NGX_HAVE_INET6)
+
+    if (conf->rules == NULL && conf->rules6 == NULL) {
+        conf->rules = prev->rules;
+        conf->rules6 = prev->rules6;
+    }
+
+#else
+
     if (conf->rules == NULL) {
         conf->rules = prev->rules;
     }
 
-#if (NGX_HAVE_INET6)
-    if (conf->rules6 == NULL) {
-        conf->rules6 = prev->rules6;
-    }
 #endif
 
     return NGX_CONF_OK;