Join the community today
Register Now

Nginx PageSpeed ngx_pagespeed security update release

Discussion in 'Nginx, PHP-FPM & MariaDB MySQL' started by rdan, Jun 19, 2014.

  1. rdan

    rdan Well-Known Member

    May 25, 2014
    Local Time:
    5:10 AM
    ngx_pagespeed version fixes a major security vulnerability in HTTPS fetching. All versions of ngx_pagespeed since are affected. The vulnerability only affects users that have enabled the FetchHttps feature; users that have not explicitly enabled FetchHttps are not affected.

    All users running a vulnerable version of PageSpeed with FetchHttps enabled should update their pagespeed packages.

    A vulnerability was found in the version of OpenSSL used by PageSpeed. CVE-2014-0224 ( ) which allowed a malicious user to perform a man-in-the middle attack on encrypted traffic.

    The previous release of ngx_pagespeed (1.8.31-3-beta) used OpenSSL 1.0.1 and is impacted by CVE-2014-0224. Latest version uses a version of OpenSSL in which the vulnerability has been fixed.

    Upgrade instructions:

    Follow the installation instructions here:
  2. eva2000

    eva2000 Administrator Staff Member

    May 24, 2014
    Brisbane, Australia
    Local Time:
    7:10 AM
    Nginx 1.25.x
    MariaDB 10.x
    Wow nice fine @RoldanLT (y)

    Updated .07 beta 21 Github and 290514 dated zip with new version of ngx_pagespeed 1.8.31-4 beta release notes

    Last edited: Jun 19, 2014