Hi folks,
I am happy to announce the new formal release, 1.25.3.2, of our OpenResty
web platform based on NGINX and LuaJIT.
OpenResty 1.25.3.2 is a security update addressing a performance issue in
our OpenResty branch of LuaJIT related to hash computation optimization.
This update disables a specific optimization in our LuaJIT fork that could
potentially lead to performance degradation under certain circumstances
(CVE-2024-39702).
It's important to note that this issue is specific to our OpenResty branch
of LuaJIT and does not affect the upstream mainline LuaJIT.
We would like to express our gratitude to Zhongwei Yao from Kong INC. for
reporting this issue.
The full announcement, download links, and change logs can be found below:
http://openresty.org/en/ann-1025003002.html
You can download the software packages here:
https://openresty.org/en/download.html
OpenResty is a high performance and dynamic web platform based on our
enhanced version of Nginx core, our enhanced version of LuaJIT, and many
powerful Nginx modules and Lua libraries. See OpenResty's homepage for
details:
https://openresty.org/en/
We strongly recommend all users to upgrade to this version to ensure
optimal performance and security.
OpenResty Inc. provides commercial support and private module development
for the open-source OpenResty. For more information, please visit
https://openresty.com.
Enjoy!
Best regards,
Jiahao
_______________________________________________
nginx mailing list
nginx@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx