Mercurial > hg > nginx-site
diff text/en/CHANGES-1.6 @ 1292:bb18e3bd3fb9
nginx-1.7.5, nginx-1.6.2
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Tue, 16 Sep 2014 17:20:27 +0400 |
parents | f6d12250cda5 |
children | 493fb0be4f58 |
line wrap: on
line diff
--- a/text/en/CHANGES-1.6 Tue Sep 16 12:27:55 2014 +0400 +++ b/text/en/CHANGES-1.6 Tue Sep 16 17:20:27 2014 +0400 @@ -1,4 +1,18 @@ +Changes with nginx 1.6.2 16 Sep 2014 + + *) Security: it was possible to reuse SSL sessions in unrelated contexts + if a shared SSL session cache or the same TLS session ticket key was + used for multiple "server" blocks (CVE-2014-3616). + Thanks to Antoine Delignat-Lavaud. + + *) Bugfix: requests might hang if resolver was used and a DNS server + returned a malformed response; the bug had appeared in 1.5.8. + + *) Bugfix: requests might hang if resolver was used and a timeout + occurred during a DNS request. + + Changes with nginx 1.6.1 05 Aug 2014 *) Security: pipelined commands were not discarded after STARTTLS