Hi guys,<br><br>Just for your information, there is a security hole that may be exploited by<br>malicious users, when PHP and older versions of nginx (0.5.*, 0.6.*,<br>0.7 <= 0.7.65, 0.8 <= 0.8.37) being used. And it has been widely spread these<br>
days.<br><br>This vulnerability was found by Neal Poole and has been reported to Igor:<br><a href="https://nealpoole.com/blog/2011/07/possible-arbitrary-code-execution-with-null-bytes-php-and-old-versions-of-nginx/">https://nealpoole.com/blog/2011/07/possible-arbitrary-code-execution-with-null-bytes-php-and-old-versions-of-nginx/</a><br>
<br>I do agree with Igor that it's not an issue of Nginx itself, but those lazy <br>system administrators should upgrade their Nginx to the latest version right <br>now.<br><br><br>Regards,<br><br>-- <br>Joshua Zhu<br>
Senior Software Engineer<br>Server Platforms Team at Taobao<br>