nginx-1.16.1

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

nginx-1.16.1

Maxim Dounin
Changes with nginx 1.16.1                                        13 Aug 2019

    *) Security: when using HTTP/2 a client might cause excessive memory
       consumption and CPU usage (CVE-2019-9511, CVE-2019-9513,
       CVE-2019-9516).


--
Maxim Dounin
http://nginx.org/
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
xrd
Reply | Threaded
Open this post in threaded view
|

Re: nginx-1.16.1

xrd
Can the patches be safely applied on the nginx-1.14.2?
Thanks.

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,285234,285314#msg-285314

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
xrd
Reply | Threaded
Open this post in threaded view
|

Re: nginx-1.16.1

xrd
Hello,

Can you please comment on the question? Or at least say that there are no
guarantees of safety in applying the patches on the nginx-1.14.2 branch?

Thanks.

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,285234,285366#msg-285366

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: nginx-1.16.1

Maxim Dounin
Hello!

On Thu, Aug 22, 2019 at 08:37:48AM -0400, b8077691 wrote:

> Can you please comment on the question? Or at least say that there are no
> guarantees of safety in applying the patches on the nginx-1.14.2 branch?

The 1.14.x branch is obsolete and not supported.  If you want to
apply these patches to 1.14.2 - it is your responsibility to check
if it is safe or not.  If you are not qualified enough to check it
yourself, please consider upgrading to a supported version - nginx
1.16.1 or nginx 1.17.3.

--
Maxim Dounin
http://mdounin.ru/
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx