[nginx-announce] nginx-1.6.2
Maxim Dounin
mdounin at mdounin.ru
Tue Sep 16 14:46:57 UTC 2014
Changes with nginx 1.6.2 16 Sep 2014
*) Security: it was possible to reuse SSL sessions in unrelated contexts
if a shared SSL session cache or the same TLS session ticket key was
used for multiple "server" blocks (CVE-2014-3616).
Thanks to Antoine Delignat-Lavaud.
*) Bugfix: requests might hang if resolver was used and a DNS server
returned a malformed response; the bug had appeared in 1.5.8.
*) Bugfix: requests might hang if resolver was used and a timeout
occurred during a DNS request.
--
Maxim Dounin
http://nginx.org/en/donation.html
More information about the nginx-announce
mailing list