Mercurial > hg > nginx-site

diff text/en/CHANGES-1.6 @ 1292:bb18e3bd3fb9

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
nginx-1.7.5, nginx-1.6.2
author Maxim Dounin <mdounin@mdounin.ru>
date Tue, 16 Sep 2014 17:20:27 +0400
parents f6d12250cda5
children 493fb0be4f58
line wrap: on
line diff
--- a/text/en/CHANGES-1.6	Tue Sep 16 12:27:55 2014 +0400
+++ b/text/en/CHANGES-1.6	Tue Sep 16 17:20:27 2014 +0400
@@ -1,4 +1,18 @@
 
+Changes with nginx 1.6.2                                         16 Sep 2014
+
+    *) Security: it was possible to reuse SSL sessions in unrelated contexts
+       if a shared SSL session cache or the same TLS session ticket key was
+       used for multiple "server" blocks (CVE-2014-3616).
+       Thanks to Antoine Delignat-Lavaud.
+
+    *) Bugfix: requests might hang if resolver was used and a DNS server
+       returned a malformed response; the bug had appeared in 1.5.8.
+
+    *) Bugfix: requests might hang if resolver was used and a timeout
+       occurred during a DNS request.
+
+
 Changes with nginx 1.6.1                                         05 Aug 2014
 
     *) Security: pipelined commands were not discarded after STARTTLS