Changes with nginx 1.12.1 11 Jul 2017 *) Security: a specially crafted request might result in an integer overflow and incorrect processing of ranges in the range filter, potentially resulting in sensitive information leak (CVE-2017-7529). -- Maxim Dounin http://nginx.org/ _______________________________________________ nginx-announce mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx-announce Continue reading...
expected for initial security release giving folks time to update their systems other CVE databases also don't reveal info yet CVE - CVE-2017-7529 more info Nginx - [nginx-announce] nginx security advisory (CVE-2017-7529)
Sure security is important. But Nginx released 1.12.0, 3 months ago. Time enough to port fixes from 1.13 to 1.12.
From what I gather Nginx don't port all fixes from mainline to stable only critical ones. It's why Nginx officially recommends using Nginx mainline releases and hence why Centmin Mod uses mainline = 1.13 IIRC, there's a 12 month interval/cycle for mainline to stable porting.
Yes IIRC, they did that at the 12 month cycle mark when 1.9.x mainline went to 1.10 stable and mainline moved to 1.11 branch Nginx - New Nginx 1.10 and 1.11 releases announced So you will probably see the next major backport when 1.13 mainline becomes 1.14 stable and mainline moves to 1.15 branch. Basically, don't expect to see all current 1.13 mainline features and bug fixes in 1.12 stable. If you want stable, you need to wait for when Nginx 1.14 stable is out at which time Centmin Mod Nginx moves to 1.15 mainline from 1.13 mainline