Welcome to Centmin Mod Community
Register Now

Nginx [nginx-announce] nginx-1.12.1

Discussion in 'Nginx and PHP-FPM news & discussions' started by eva2000, Jul 12, 2017.

  1. eva2000

    eva2000 Administrator Staff Member

    30,195
    6,789
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,144
    Local Time:
    2:11 PM
    Nginx 1.13.x
    MariaDB 5.5
    Changes with nginx 1.12.1 11 Jul 2017

    *) Security: a specially crafted request might result in an integer
    overflow and incorrect processing of ranges in the range filter,
    potentially resulting in sensitive information leak (CVE-2017-7529).


    --
    Maxim Dounin
    http://nginx.org/
    _______________________________________________
    nginx-announce mailing list
    nginx-announce@nginx.org
    http://mailman.nginx.org/mailman/listinfo/nginx-announce

    Continue reading...
     
  2. bassie

    bassie Active Member

    535
    116
    43
    Apr 29, 2016
    Ratings:
    +348
    Local Time:
    6:11 AM
    Useless release.
    In no way the advertised changes.

     
  3. eva2000

    eva2000 Administrator Staff Member

    30,195
    6,789
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,144
    Local Time:
    2:11 PM
    Nginx 1.13.x
    MariaDB 5.5
    Last edited: Jul 12, 2017
  4. bassie

    bassie Active Member

    535
    116
    43
    Apr 29, 2016
    Ratings:
    +348
    Local Time:
    6:11 AM
    Sure security is important.
    But Nginx released 1.12.0, 3 months ago.
    Time enough to port fixes from 1.13 to 1.12.
     
  5. eva2000

    eva2000 Administrator Staff Member

    30,195
    6,789
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,144
    Local Time:
    2:11 PM
    Nginx 1.13.x
    MariaDB 5.5
    From what I gather Nginx don't port all fixes from mainline to stable only critical ones. It's why Nginx officially recommends using Nginx mainline releases and hence why Centmin Mod uses mainline = 1.13 :)

    IIRC, there's a 12 month interval/cycle for mainline to stable porting.
     
  6. bassie

    bassie Active Member

    535
    116
    43
    Apr 29, 2016
    Ratings:
    +348
    Local Time:
    6:11 AM
  7. eva2000

    eva2000 Administrator Staff Member

    30,195
    6,789
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,144
    Local Time:
    2:11 PM
    Nginx 1.13.x
    MariaDB 5.5
    Yes IIRC, they did that at the 12 month cycle mark when 1.9.x mainline went to 1.10 stable and mainline moved to 1.11 branch Nginx - New Nginx 1.10 and 1.11 releases announced

    So you will probably see the next major backport when 1.13 mainline becomes 1.14 stable and mainline moves to 1.15 branch. Basically, don't expect to see all current 1.13 mainline features and bug fixes in 1.12 stable. If you want stable, you need to wait for when Nginx 1.14 stable is out at which time Centmin Mod Nginx moves to 1.15 mainline from 1.13 mainline :)
     
    Last edited: Jul 12, 2017