Nginx [nginx-announce] nginx-1.12.1

Changes with nginx 1.12.1 11 Jul 2017

*) Security: a specially crafted request might result in an integer
overflow and incorrect processing of ranges in the range filter,
potentially resulting in sensitive information leak (CVE-2017-7529).

--
Maxim Dounin
http://nginx.org/
_______________________________________________
nginx-announce mailing list
[email protected]
http://mailman.nginx.org/mailman/listinfo/nginx-announce

Continue reading...

 

expected for initial security release giving folks time to update their systems

other CVE databases also don't reveal info yet CVE - CVE-2017-7529

more info Nginx - [nginx-announce] nginx security advisory (CVE-2017-7529)

 

From what I gather Nginx don't port all fixes from mainline to stable only critical ones. It's why Nginx officially recommends using Nginx mainline releases and hence why Centmin Mod uses mainline = 1.13

IIRC, there's a 12 month interval/cycle for mainline to stable porting.

 

Yes IIRC, they did that at the 12 month cycle mark when 1.9.x mainline went to 1.10 stable and mainline moved to 1.11 branch Nginx - New Nginx 1.10 and 1.11 releases announced

So you will probably see the next major backport when 1.13 mainline becomes 1.14 stable and mainline moves to 1.15 branch. Basically, don't expect to see all current 1.13 mainline features and bug fixes in 1.12 stable. If you want stable, you need to wait for when Nginx 1.14 stable is out at which time Centmin Mod Nginx moves to 1.15 mainline from 1.13 mainline