Nginx [nginx-announce] nginx-1.12.1

eva2000 · Jul 12, 2017

Changes with nginx 1.12.1 11 Jul 2017

*) Security: a specially crafted request might result in an integer
overflow and incorrect processing of ranges in the range filter,
potentially resulting in sensitive information leak (CVE-2017-7529).

--
Maxim Dounin
http://nginx.org/
_______________________________________________
nginx-announce mailing list
nginx-announce@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-announce

Continue reading...

bassie · Jul 12, 2017

eva2000 said: ↑

Changes with nginx 1.12.1 11 Jul 2017
Click to expand...

Useless release.
In no way the advertised changes.

Milestone 1.12.1
Completed 43 minutes ago (07/11/17 15:44:03)

Status: released

Trunk: stable

Bug fixes merge from mainline

Click to expand...

eva2000 · Jul 12, 2017

expected for initial security release giving folks time to update their systems

other CVE databases also don't reveal info yet CVE - CVE-2017-7529

more info Nginx - [nginx-announce] nginx security advisory (CVE-2017-7529)

bassie · Jul 12, 2017

eva2000 said: ↑

expected for initial security release giving folks time to update their systems
Click to expand...

Sure security is important.
But Nginx released 1.12.0, 3 months ago.
Time enough to port fixes from 1.13 to 1.12.

eva2000 · Jul 12, 2017

From what I gather Nginx don't port all fixes from mainline to stable only critical ones. It's why Nginx officially recommends using Nginx mainline releases and hence why Centmin Mod uses mainline = 1.13

IIRC, there's a 12 month interval/cycle for mainline to stable porting.

bassie · Jul 12, 2017

eva2000 said: ↑

From what I gather Nginx don't port all fixes from mainline to stable only critical ones.
Click to expand...

Nup. They did it before, backported almost the whole 1.11* HTTP/2 branch to 1.10.

eva2000 · Jul 12, 2017

Yes IIRC, they did that at the 12 month cycle mark when 1.9.x mainline went to 1.10 stable and mainline moved to 1.11 branch Nginx - New Nginx 1.10 and 1.11 releases announced

Today we’re pleased to announce NGINX 1.10 and 1.11. These version numbers define our stable andmainlinebranches – the open source releases that we will focus on developing and improving for the next 12 months.

NGINX version 1.10.0 was released today, and the next feature release of our mainline branch will be numbered 1.11.0.
Click to expand...

Each year, we deprecate the current stable branch and fork the current mainline branch to create a new stable branch that is supported for the following 12 months:
Click to expand...

So you will probably see the next major backport when 1.13 mainline becomes 1.14 stable and mainline moves to 1.15 branch. Basically, don't expect to see all current 1.13 mainline features and bug fixes in 1.12 stable. If you want stable, you need to wait for when Nginx 1.14 stable is out at which time Centmin Mod Nginx moves to 1.15 mainline from 1.13 mainline

Log in / Register

Forums

Get the most out of your Centmin Mod LEMP stack

Nginx [nginx-announce] nginx-1.12.1

eva2000 Administrator Staff Member

bassie Active Member

eva2000 Administrator Staff Member

bassie Active Member

eva2000 Administrator Staff Member

bassie Active Member

eva2000 Administrator Staff Member

.

Log in / Register

Useful Searches

Get the most out of your Centmin Mod LEMP stack

Nginx [nginx-announce] nginx-1.12.1

eva2000 Administrator Staff Member

bassie Active Member

eva2000 Administrator Staff Member

bassie Active Member

eva2000 Administrator Staff Member

bassie Active Member

eva2000 Administrator Staff Member

.