Mercurial > hg > nginx-site

diff text/en/CHANGES-1.8 @ 1645:d4b29af80036

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
nginx-1.9.10, nginx-1.8.1
author Maxim Dounin <mdounin@mdounin.ru>
date Tue, 26 Jan 2016 18:30:39 +0300
parents b5851f3b7347
children
line wrap: on
line diff
--- a/text/en/CHANGES-1.8	Thu Jan 21 14:42:36 2016 +0300
+++ b/text/en/CHANGES-1.8	Tue Jan 26 18:30:39 2016 +0300
@@ -1,4 +1,51 @@
 
+Changes with nginx 1.8.1                                         26 Jan 2016
+
+    *) Security: invalid pointer dereference might occur during DNS server
+       response processing if the "resolver" directive was used, allowing an
+       attacker who is able to forge UDP packets from the DNS server to
+       cause segmentation fault in a worker process (CVE-2016-0742).
+
+    *) Security: use-after-free condition might occur during CNAME response
+       processing if the "resolver" directive was used, allowing an attacker
+       who is able to trigger name resolution to cause segmentation fault in
+       a worker process, or might have potential other impact
+       (CVE-2016-0746).
+
+    *) Security: CNAME resolution was insufficiently limited if the
+       "resolver" directive was used, allowing an attacker who is able to
+       trigger arbitrary name resolution to cause excessive resource
+       consumption in worker processes (CVE-2016-0747).
+
+    *) Bugfix: the "proxy_protocol" parameter of the "listen" directive did
+       not work if not specified in the first "listen" directive for a
+       listen socket.
+
+    *) Bugfix: nginx might fail to start on some old Linux variants; the bug
+       had appeared in 1.7.11.
+
+    *) Bugfix: a segmentation fault might occur in a worker process if the
+       "try_files" and "alias" directives were used inside a location given
+       by a regular expression; the bug had appeared in 1.7.1.
+
+    *) Bugfix: the "try_files" directive inside a nested location given by a
+       regular expression worked incorrectly if the "alias" directive was
+       used in the outer location.
+
+    *) Bugfix: "header already sent" alerts might appear in logs when using
+       cache; the bug had appeared in 1.7.5.
+
+    *) Bugfix: a segmentation fault might occur in a worker process if
+       different ssl_session_cache settings were used in different virtual
+       servers.
+
+    *) Bugfix: the "expires" directive might not work when using variables.
+
+    *) Bugfix: if nginx was built with the ngx_http_spdy_module it was
+       possible to use the SPDY protocol even if the "spdy" parameter of the
+       "listen" directive was not specified.
+
+
 Changes with nginx 1.8.0                                         21 Apr 2015
 
     *) 1.8.x stable branch.