tag name | v1.6.2 (269f20748ff30d95143c37dd2d712699103365a2) |
tag date | 2014-09-16 14:45:43 +0000 |
tagged by | Jon Kolb <kolbyjack@gmail.com> |
tagged object | commit ab9c4cd3a4... |
download | nginx-1.6.2.tar.gz |
---|
Changes with nginx 1.6.2 16 Sep 2014
*) Security: it was possible to reuse SSL sessions in unrelated contexts
if a shared SSL session cache or the same TLS session ticket key was
used for multiple "server" blocks (CVE-2014-3616).
Thanks to Antoine Delignat-Lavaud.
*) Bugfix: requests might hang if resolver was used and a DNS server
returned a malformed response; the bug had appeared in 1.5.8.
*) Bugfix: requests might hang if resolver was used and a timeout
occurred during a DNS request.