Maxim Dounin
[nginx-announce] nginx-1.23.2
October 19, 2022 08:48AM
Changes with nginx 1.23.2 19 Oct 2022

*) Security: processing of a specially crafted mp4 file by the
ngx_http_mp4_module might cause a worker process crash, worker
process memory disclosure, or might have potential other impact
(CVE-2022-41741, CVE-2022-41742).

*) Feature: the "$proxy_protocol_tlv_..." variables.

*) Feature: TLS session tickets encryption keys are now automatically
rotated when using shared memory in the "ssl_session_cache"

*) Change: the logging level of the "bad record type" SSL errors has
been lowered from "crit" to "info".
Thanks to Murilo Andrade.

*) Change: now when using shared memory in the "ssl_session_cache"
directive the "could not allocate new session" errors are logged at
the "warn" level instead of "alert" and not more often than once per

*) Bugfix: nginx/Windows could not be built with OpenSSL 3.0.x.

*) Bugfix: in logging of the PROXY protocol errors.
Thanks to Sergey Brester.

*) Workaround: shared memory from the "ssl_session_cache" directive was
spent on sessions using TLS session tickets when using TLSv1.3 with

*) Workaround: timeout specified with the "ssl_session_timeout"
directive did not work when using TLSv1.3 with OpenSSL or BoringSSL.

Maxim Dounin
nginx-announce mailing list --
To unsubscribe send an email to
Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 155
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready