Get the most out of your Centmin Mod LEMP stack
Become a Member

Nginx [nginx-announce] nginx-1.12.1

Discussion in 'Nginx and PHP-FPM news & discussions' started by eva2000, Jul 12, 2017.

  1. eva2000

    eva2000 Administrator Staff Member

    53,277
    12,117
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,655
    Local Time:
    4:21 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Changes with nginx 1.12.1 11 Jul 2017

    *) Security: a specially crafted request might result in an integer
    overflow and incorrect processing of ranges in the range filter,
    potentially resulting in sensitive information leak (CVE-2017-7529).


    --
    Maxim Dounin
    http://nginx.org/
    _______________________________________________
    nginx-announce mailing list
    nginx-announce@nginx.org
    http://mailman.nginx.org/mailman/listinfo/nginx-announce


    Continue reading...
     
  2. buik

    buik “The best traveler is one without a camera.”

    1,990
    518
    113
    Apr 29, 2016
    Flanders
    Ratings:
    +1,647
    Local Time:
    8:21 AM
    Useless release.
    In no way the advertised changes.

     
  3. eva2000

    eva2000 Administrator Staff Member

    53,277
    12,117
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,655
    Local Time:
    4:21 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Last edited: Jul 12, 2017
  4. buik

    buik “The best traveler is one without a camera.”

    1,990
    518
    113
    Apr 29, 2016
    Flanders
    Ratings:
    +1,647
    Local Time:
    8:21 AM
    Sure security is important.
    But Nginx released 1.12.0, 3 months ago.
    Time enough to port fixes from 1.13 to 1.12.
     
  5. eva2000

    eva2000 Administrator Staff Member

    53,277
    12,117
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,655
    Local Time:
    4:21 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    From what I gather Nginx don't port all fixes from mainline to stable only critical ones. It's why Nginx officially recommends using Nginx mainline releases and hence why Centmin Mod uses mainline = 1.13 :)

    IIRC, there's a 12 month interval/cycle for mainline to stable porting.
     
  6. buik

    buik “The best traveler is one without a camera.”

    1,990
    518
    113
    Apr 29, 2016
    Flanders
    Ratings:
    +1,647
    Local Time:
    8:21 AM
  7. eva2000

    eva2000 Administrator Staff Member

    53,277
    12,117
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,655
    Local Time:
    4:21 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Yes IIRC, they did that at the 12 month cycle mark when 1.9.x mainline went to 1.10 stable and mainline moved to 1.11 branch Nginx - New Nginx 1.10 and 1.11 releases announced

    So you will probably see the next major backport when 1.13 mainline becomes 1.14 stable and mainline moves to 1.15 branch. Basically, don't expect to see all current 1.13 mainline features and bug fixes in 1.12 stable. If you want stable, you need to wait for when Nginx 1.14 stable is out at which time Centmin Mod Nginx moves to 1.15 mainline from 1.13 mainline :)
     
    Last edited: Jul 12, 2017