Mercurial > hg > nginx-site

diff text/en/CHANGES @ 1098:bc2a379c4cb6

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
nginx-1.5.12, nginx-1.4.7
author Maxim Dounin <mdounin@mdounin.ru>
date Tue, 18 Mar 2014 20:21:27 +0400
parents fbb81cb6b012
children 2b9dc2c5e129
line wrap: on
line diff
--- a/text/en/CHANGES	Tue Mar 18 19:59:24 2014 +0400
+++ b/text/en/CHANGES	Tue Mar 18 20:21:27 2014 +0400
@@ -1,4 +1,20 @@
 
+Changes with nginx 1.5.12                                        18 Mar 2014
+
+    *) Security: a heap memory buffer overflow might occur in a worker
+       process while handling a specially crafted request by
+       ngx_http_spdy_module, potentially resulting in arbitrary code
+       execution (CVE-2014-0133).
+       Thanks to Lucas Molas, researcher at Programa STIC, FundaciĆ³n Dr.
+       Manuel Sadosky, Buenos Aires, Argentina.
+
+    *) Feature: the "proxy_protocol" parameters of the "listen" and
+       "real_ip_header" directives, the $proxy_protocol_addr variable.
+
+    *) Bugfix: in the "fastcgi_next_upstream" directive.
+       Thanks to Lucas Molas.
+
+
 Changes with nginx 1.5.11                                        04 Mar 2014
 
     *) Security: memory corruption might occur in a worker process on 32-bit