[nginx-announce] nginx-1.6.2

Maxim Dounin mdounin at mdounin.ru
Tue Sep 16 14:46:57 UTC 2014


Changes with nginx 1.6.2                                         16 Sep 2014

    *) Security: it was possible to reuse SSL sessions in unrelated contexts
       if a shared SSL session cache or the same TLS session ticket key was
       used for multiple "server" blocks (CVE-2014-3616).
       Thanks to Antoine Delignat-Lavaud.

    *) Bugfix: requests might hang if resolver was used and a DNS server
       returned a malformed response; the bug had appeared in 1.5.8.

    *) Bugfix: requests might hang if resolver was used and a timeout
       occurred during a DNS request.


-- 
Maxim Dounin
http://nginx.org/en/donation.html



More information about the nginx-announce mailing list