M
Maxim Dounin
Guest
Changes with nginx 1.6.2 16 Sep 2014
*) Security: it was possible to reuse SSL sessions in unrelated contexts
if a shared SSL session cache or the same TLS session ticket key was
used for multiple "server" blocks (CVE-2014-3616).
Thanks to Antoine Delignat-Lavaud.
*) Bugfix: requests might hang if resolver was used and a DNS server
returned a malformed response; the bug had appeared in 1.5.8.
*) Bugfix: requests might hang if resolver was used and a timeout
occurred during a DNS request.
--
Maxim Dounin
http://nginx.org/en/donation.html
_______________________________________________
nginx-announce mailing list
[email protected]
http://mailman.nginx.org/mailman/listinfo/nginx-announce
Continue reading...
*) Security: it was possible to reuse SSL sessions in unrelated contexts
if a shared SSL session cache or the same TLS session ticket key was
used for multiple "server" blocks (CVE-2014-3616).
Thanks to Antoine Delignat-Lavaud.
*) Bugfix: requests might hang if resolver was used and a DNS server
returned a malformed response; the bug had appeared in 1.5.8.
*) Bugfix: requests might hang if resolver was used and a timeout
occurred during a DNS request.
--
Maxim Dounin
http://nginx.org/en/donation.html
_______________________________________________
nginx-announce mailing list
[email protected]
http://mailman.nginx.org/mailman/listinfo/nginx-announce
Continue reading...
