Discover Centmin Mod today
Register Now

Nginx PageSpeed ngx_pagespeed security update release 1.8.31.4-beta

Discussion in 'Nginx, PHP-FPM & MariaDB MySQL' started by rdan, Jun 19, 2014.

  1. rdan

    rdan Well-Known Member

    5,444
    1,408
    113
    May 25, 2014
    Ratings:
    +2,201
    Local Time:
    12:08 AM
    Mainline
    10.2
    ngx_pagespeed version 1.8.31.4-beta fixes a major security vulnerability in HTTPS fetching. All versions of ngx_pagespeed since 1.8.31.2-beta are affected. The vulnerability only affects users that have enabled the FetchHttps feature; users that have not explicitly enabled FetchHttps are not affected.

    All users running a vulnerable version of PageSpeed with FetchHttps enabled should update their pagespeed packages.

    A vulnerability was found in the version of OpenSSL used by PageSpeed. CVE-2014-0224 ( http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0224 ) which allowed a malicious user to perform a man-in-the middle attack on encrypted traffic.

    The previous release of ngx_pagespeed (1.8.31-3-beta) used OpenSSL 1.0.1 and is impacted by CVE-2014-0224. Latest version 1.8.31.4-beta uses a version of OpenSSL in which the vulnerability has been fixed.

    Upgrade instructions:


    Follow the installation instructions here: https://github.com/pagespeed/ngx_pagespeed#readme
     
  2. eva2000

    eva2000 Administrator Staff Member

    54,340
    12,198
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,763
    Local Time:
    2:08 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Wow nice fine @RoldanLT (y)

    Updated .07 beta 21 Github and 290514 dated zip with new version of ngx_pagespeed 1.8.31-4 beta https://community.centminmod.com/threads/update-ngx_pagespeed-1-8-31-4-beta.511/

    1.8.31.4 release notes https://developers.google.com/speed/pagespeed/module/release_notes

     
    Last edited: Jun 19, 2014