1.7.407 Aug 2014 06:32 security: nginx 1.6.1 stable 1.7.4 mainline have been released, with a fix for the STARTTLS vulnerability (CVE-2014-3556). Pipelined commands were not discarded after STARTTLS command in SMTP proxy. URI escaping now uses uppercase hexadecimal digits. Now nginx can be build with BoringSSL and LibreSSL. Requests might have hanged if resolver was used and a DNS server returned a malformed response. Bugfix in the ngx_http_spdy_module. Bugfix: the uri variable might contain garbage when returning errors with code 400. Bugfix in error handling in the "proxy_store" directive and the ngx_http_dav_module. Bugfix for segmentation faults if logging of errors to syslog was used. The geoip_latitude, geoip_longitude, geoip_dma_code, and geoip_area_code variables weren't working reliable. Bugfix for memory allocation error handling.
ManageYou can also help out here by:
← Update project
or flagging this entry for moderator attention.
Share project 1776