Mercurial > hg > nginx-site
comparison text/en/CHANGES-1.8 @ 1645:d4b29af80036
nginx-1.9.10, nginx-1.8.1
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Tue, 26 Jan 2016 18:30:39 +0300 |
parents | b5851f3b7347 |
children |
comparison
equal
deleted
inserted
replaced
1644:52033e4b0063 | 1645:d4b29af80036 |
---|---|
1 | |
2 Changes with nginx 1.8.1 26 Jan 2016 | |
3 | |
4 *) Security: invalid pointer dereference might occur during DNS server | |
5 response processing if the "resolver" directive was used, allowing an | |
6 attacker who is able to forge UDP packets from the DNS server to | |
7 cause segmentation fault in a worker process (CVE-2016-0742). | |
8 | |
9 *) Security: use-after-free condition might occur during CNAME response | |
10 processing if the "resolver" directive was used, allowing an attacker | |
11 who is able to trigger name resolution to cause segmentation fault in | |
12 a worker process, or might have potential other impact | |
13 (CVE-2016-0746). | |
14 | |
15 *) Security: CNAME resolution was insufficiently limited if the | |
16 "resolver" directive was used, allowing an attacker who is able to | |
17 trigger arbitrary name resolution to cause excessive resource | |
18 consumption in worker processes (CVE-2016-0747). | |
19 | |
20 *) Bugfix: the "proxy_protocol" parameter of the "listen" directive did | |
21 not work if not specified in the first "listen" directive for a | |
22 listen socket. | |
23 | |
24 *) Bugfix: nginx might fail to start on some old Linux variants; the bug | |
25 had appeared in 1.7.11. | |
26 | |
27 *) Bugfix: a segmentation fault might occur in a worker process if the | |
28 "try_files" and "alias" directives were used inside a location given | |
29 by a regular expression; the bug had appeared in 1.7.1. | |
30 | |
31 *) Bugfix: the "try_files" directive inside a nested location given by a | |
32 regular expression worked incorrectly if the "alias" directive was | |
33 used in the outer location. | |
34 | |
35 *) Bugfix: "header already sent" alerts might appear in logs when using | |
36 cache; the bug had appeared in 1.7.5. | |
37 | |
38 *) Bugfix: a segmentation fault might occur in a worker process if | |
39 different ssl_session_cache settings were used in different virtual | |
40 servers. | |
41 | |
42 *) Bugfix: the "expires" directive might not work when using variables. | |
43 | |
44 *) Bugfix: if nginx was built with the ngx_http_spdy_module it was | |
45 possible to use the SPDY protocol even if the "spdy" parameter of the | |
46 "listen" directive was not specified. | |
47 | |
1 | 48 |
2 Changes with nginx 1.8.0 21 Apr 2015 | 49 Changes with nginx 1.8.0 21 Apr 2015 |
3 | 50 |
4 *) 1.8.x stable branch. | 51 *) 1.8.x stable branch. |
5 | 52 |