[ANNOUNCE] Tengine-1.4.6 (fixed CVE-2013-2070)
yaoweibin at gmail.com
Tue May 14 09:40:36 UTC 2013
Tengine-1.4.6 (development version) has been released.
You can either checkout the source code from github:
https://github.com/alibaba/tengine or download the tar ball directly:
We have merged the changes from nginx-1.2.9 which fixed the security
problem CVE-2013-2070. Contents of worker process memory might be
disclosed if HTTP backend server returned specially crafted response.
This could cause denial of service or a disclosure of memory.
If you are using Tengine-1.4.x and proxy_pass to untrusted upstream HTTP
servers, please upgrade to this version as soon as possible!
Developer @ Server Platform Team of Taobao
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the nginx