[nginx-announce] unit-1.7.1

Valentin V. Bartenev vbart at nginx.com
Thu Feb 7 16:53:32 UTC 2019


Hi,

This is a bugfix release of NGINX Unit that eliminates a security flaw.
All versions of Unit from 0.3 to 1.7 are affected.

Everybody is strongly advised to update to a new version.

Changes with Unit 1.7.1                                          07 Feb 2019

    *) Security: a heap memory buffer overflow might have been caused in the
       router process by a specially crafted request, potentially resulting
       in a segmentation fault or other unspecified behavior
       (CVE-2019-7401).

    *) Bugfix: install of Go module failed without prior building of Unit
       daemon; the bug had appeared in 1.7.

Release of Unit 1.8 with support for internal request routing and an
experimental Java module is planned for end of February.

  wbr, Valentin V. Bartenev



More information about the nginx-announce mailing list