Welcome! Log In Create A New Profile

Advanced

[nginx-announce] nginx-1.25.4

Posted by Sergey Kandaurov 
Sergey Kandaurov
[nginx-announce] nginx-1.25.4
February 14, 2024 12:00PM
Changes with nginx 1.25.4 14 Feb 2024

*) Security: when using HTTP/3 a segmentation fault might occur in a
worker process while processing a specially crafted QUIC session
(CVE-2024-24989, CVE-2024-24990).

*) Bugfix: connections with pending AIO operations might be closed
prematurely during graceful shutdown of old worker processes.

*) Bugfix: socket leak alerts no longer logged when fast shutdown was
requested after graceful shutdown of old worker processes.

*) Bugfix: a socket descriptor error, a socket leak, or a segmentation
fault in a worker process (for SSL proxying) might occur if AIO was
used in a subrequest.

*) Bugfix: a segmentation fault might occur in a worker process if SSL
proxying was used along with the "image_filter" directive and errors
with code 415 were redirected with the "error_page" directive.

*) Bugfixes and improvements in HTTP/3.


--
Sergey Kandaurov
_______________________________________________
nginx-announce mailing list
nginx-announce@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-announce
Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 151
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready