Mercurial > hg > nginx-site
diff text/en/CHANGES @ 1098:bc2a379c4cb6
nginx-1.5.12, nginx-1.4.7
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Tue, 18 Mar 2014 20:21:27 +0400 |
parents | fbb81cb6b012 |
children | 2b9dc2c5e129 |
line wrap: on
line diff
--- a/text/en/CHANGES Tue Mar 18 19:59:24 2014 +0400 +++ b/text/en/CHANGES Tue Mar 18 20:21:27 2014 +0400 @@ -1,4 +1,20 @@ +Changes with nginx 1.5.12 18 Mar 2014 + + *) Security: a heap memory buffer overflow might occur in a worker + process while handling a specially crafted request by + ngx_http_spdy_module, potentially resulting in arbitrary code + execution (CVE-2014-0133). + Thanks to Lucas Molas, researcher at Programa STIC, FundaciĆ³n Dr. + Manuel Sadosky, Buenos Aires, Argentina. + + *) Feature: the "proxy_protocol" parameters of the "listen" and + "real_ip_header" directives, the $proxy_protocol_addr variable. + + *) Bugfix: in the "fastcgi_next_upstream" directive. + Thanks to Lucas Molas. + + Changes with nginx 1.5.11 04 Mar 2014 *) Security: memory corruption might occur in a worker process on 32-bit