Mercurial > hg > nginx-site
diff text/en/CHANGES-1.8 @ 1645:d4b29af80036
nginx-1.9.10, nginx-1.8.1
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Tue, 26 Jan 2016 18:30:39 +0300 |
parents | b5851f3b7347 |
children |
line wrap: on
line diff
--- a/text/en/CHANGES-1.8 Thu Jan 21 14:42:36 2016 +0300 +++ b/text/en/CHANGES-1.8 Tue Jan 26 18:30:39 2016 +0300 @@ -1,4 +1,51 @@ +Changes with nginx 1.8.1 26 Jan 2016 + + *) Security: invalid pointer dereference might occur during DNS server + response processing if the "resolver" directive was used, allowing an + attacker who is able to forge UDP packets from the DNS server to + cause segmentation fault in a worker process (CVE-2016-0742). + + *) Security: use-after-free condition might occur during CNAME response + processing if the "resolver" directive was used, allowing an attacker + who is able to trigger name resolution to cause segmentation fault in + a worker process, or might have potential other impact + (CVE-2016-0746). + + *) Security: CNAME resolution was insufficiently limited if the + "resolver" directive was used, allowing an attacker who is able to + trigger arbitrary name resolution to cause excessive resource + consumption in worker processes (CVE-2016-0747). + + *) Bugfix: the "proxy_protocol" parameter of the "listen" directive did + not work if not specified in the first "listen" directive for a + listen socket. + + *) Bugfix: nginx might fail to start on some old Linux variants; the bug + had appeared in 1.7.11. + + *) Bugfix: a segmentation fault might occur in a worker process if the + "try_files" and "alias" directives were used inside a location given + by a regular expression; the bug had appeared in 1.7.1. + + *) Bugfix: the "try_files" directive inside a nested location given by a + regular expression worked incorrectly if the "alias" directive was + used in the outer location. + + *) Bugfix: "header already sent" alerts might appear in logs when using + cache; the bug had appeared in 1.7.5. + + *) Bugfix: a segmentation fault might occur in a worker process if + different ssl_session_cache settings were used in different virtual + servers. + + *) Bugfix: the "expires" directive might not work when using variables. + + *) Bugfix: if nginx was built with the ngx_http_spdy_module it was + possible to use the SPDY protocol even if the "spdy" parameter of the + "listen" directive was not specified. + + Changes with nginx 1.8.0 21 Apr 2015 *) 1.8.x stable branch.