Mercurial > hg > nginx-site

diff text/en/CHANGES-1.20 @ 2726:a7a36efd10af

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
nginx-1.21.0, nginx-1.20.1
author Maxim Dounin <mdounin@mdounin.ru>
date Tue, 25 May 2021 18:32:30 +0300
parents caa04d53b7af
children cf75284a3557
line wrap: on
line diff
--- a/text/en/CHANGES-1.20	Tue May 25 12:53:00 2021 +0100
+++ b/text/en/CHANGES-1.20	Tue May 25 18:32:30 2021 +0300
@@ -1,4 +1,13 @@
 
+Changes with nginx 1.20.1                                        25 May 2021
+
+    *) Security: 1-byte memory overwrite might occur during DNS server
+       response processing if the "resolver" directive was used, allowing an
+       attacker who is able to forge UDP packets from the DNS server to
+       cause worker process crash or, potentially, arbitrary code execution
+       (CVE-2021-23017).
+
+
 Changes with nginx 1.20.0                                        20 Apr 2021
 
     *) 1.20.x stable branch.