nginx 1.9.10 and 1.8.1 have been released

Erulezz

Verified User
Joined
Sep 14, 2015
Messages
956
Location
🇳🇱
Changelog for 1.9.10:

Changes with nginx 1.9.10 26 Jan 2016

*) Security: invalid pointer dereference might occur during DNS server
response processing if the "resolver" directive was used, allowing an
attacker who is able to forge UDP packets from the DNS server to
cause segmentation fault in a worker process (CVE-2016-0742).

*) Security: use-after-free condition might occur during CNAME response
processing if the "resolver" directive was used, allowing an attacker
who is able to trigger name resolution to cause segmentation fault in
a worker process, or might have potential other impact
(CVE-2016-0746).

*) Security: CNAME resolution was insufficiently limited if the
"resolver" directive was used, allowing an attacker who is able to
trigger arbitrary name resolution to cause excessive resource
consumption in worker processes (CVE-2016-0747).

*) Feature: the "auto" parameter of the "worker_cpu_affinity" directive.

*) Bugfix: the "proxy_protocol" parameter of the "listen" directive did
not work with IPv6 listen sockets.

*) Bugfix: connections to upstream servers might be cached incorrectly
when using the "keepalive" directive.

*) Bugfix: proxying used the HTTP method of the original request after
an "X-Accel-Redirect" redirection.

Changelog for 1.8.1:

Changes with nginx 1.8.1 26 Jan 2016

*) Security: invalid pointer dereference might occur during DNS server
response processing if the "resolver" directive was used, allowing an
attacker who is able to forge UDP packets from the DNS server to
cause segmentation fault in a worker process (CVE-2016-0742).

*) Security: use-after-free condition might occur during CNAME response
processing if the "resolver" directive was used, allowing an attacker
who is able to trigger name resolution to cause segmentation fault in
a worker process, or might have potential other impact
(CVE-2016-0746).

*) Security: CNAME resolution was insufficiently limited if the
"resolver" directive was used, allowing an attacker who is able to
trigger arbitrary name resolution to cause excessive resource
consumption in worker processes (CVE-2016-0747).

*) Bugfix: the "proxy_protocol" parameter of the "listen" directive did
not work if not specified in the first "listen" directive for a
listen socket.

*) Bugfix: nginx might fail to start on some old Linux variants; the bug
had appeared in 1.7.11.

*) Bugfix: a segmentation fault might occur in a worker process if the
"try_files" and "alias" directives were used inside a location given
by a regular expression; the bug had appeared in 1.7.1.

*) Bugfix: the "try_files" directive inside a nested location given by a
regular expression worked incorrectly if the "alias" directive was
used in the outer location.

*) Bugfix: "header already sent" alerts might appear in logs when using
cache; the bug had appeared in 1.7.5.

*) Bugfix: a segmentation fault might occur in a worker process if
different ssl_session_cache settings were used in different virtual
servers.

*) Bugfix: the "expires" directive might not work when using variables.

*) Bugfix: if nginx was built with the ngx_http_spdy_module it was
possible to use the SPDY protocol even if the "spdy" parameter of the
"listen" directive was not specified.

http://nginx.org/en/download.html

Is it now possible to update the nginx mainline version the normal way or do we need to update it with custom_versions?

--

I did the upgrade described here;

http://forum.directadmin.com/showthread.php?t=51344&p=267512#post267512

And it works perfect.
 
Last edited:
I only get 404's if I try to install 1.9.10 without downloading it manually from the nginx-servers first? Doesn't seem to be included on the files.directadmin.com servers.
 
I only get 404's if I try to install 1.9.10 without downloading it manually from the nginx-servers first? Doesn't seem to be included on the files.directadmin.com servers.

Whoops linked to the wrong post. If you look at the post below that in the quote is the old and correct post. Because 1.9.10 isn't available yet on the custombuild servers yet i downloaded it from nginx.org. So if you put the 1.9.10 version in custom_versions and wget the nginx file then you will be able to install 1.9.10. You can check it here if 1.9.10 is added to the custombuild servers;

http://files6.directadmin.com/services/custombuild/?C=M;O=D

Sort by last modified.

I don't know if the mainline version is completely supported yet in CustomBuild. But with method it is working perfectly fine.
 
Last edited:
That's how I did it before, so that's good then.
They are implementing mainline, so I tought maybe it works and I did something wrong, but not the case. Good.
 
Back
Top