Changes with NginX 1.5.12 – URGENT
Changes with NginX 1.5.12
Below are the list of changes from the 1.5.11 release of NginX to version 1.5.12. This is provided as reference only and was obtained from: http://nginx.org/en/CHANGES. This update includes a security fix so it is considered an urgent update to deploy.
Changes with nginx 1.5.12 18 Mar 2014 *) Security: a heap memory buffer overflow might occur in a worker process while handling a specially crafted request by ngx_http_spdy_module, potentially resulting in arbitrary code execution (CVE-2014-0133). Thanks to Lucas Molas, researcher at Programa STIC, Fundación Dr. Manuel Sadosky, Buenos Aires, Argentina. *) Feature: the "proxy_protocol" parameters of the "listen" and "real_ip_header" directives, the $proxy_protocol_addr variable. *) Bugfix: in the "fastcgi_next_upstream" directive. Thanks to Lucas Molas.