details: http://hg.nginx.org/nginx/rev/2351853ce686 branches: changeset: 7380:2351853ce686 user: Maxim Dounin <mdou...@mdounin.ru> date: Tue Nov 06 16:32:08 2018 +0300 description: nginx-1.15.6-RELEASE
diffstat: docs/xml/nginx/changes.xml | 64 ++++++++++++++++++++++++++++++++++++++++++++++ 1 files changed, 64 insertions(+), 0 deletions(-) diffs (74 lines): diff --git a/docs/xml/nginx/changes.xml b/docs/xml/nginx/changes.xml --- a/docs/xml/nginx/changes.xml +++ b/docs/xml/nginx/changes.xml @@ -5,6 +5,70 @@ <change_log title="nginx"> +<changes ver="1.15.6" date="2018-11-06"> + +<change type="security"> +<para lang="ru"> +при использовании HTTP/2 клиент мог вызвать +чрезмерное потреблению памяти (CVE-2018-16843) +и ресурсов процессора (CVE-2018-16844). +</para> +<para lang="en"> +when using HTTP/2 a client might cause +excessive memory consumption (CVE-2018-16843) +and CPU usage (CVE-2018-16844). +</para> +</change> + +<change type="security"> +<para lang="ru"> +при обработке специально созданного mp4-файла модулем ngx_http_mp4_module +содержимое памяти рабочего процесса могло быть отправлено клиенту +(CVE-2018-16845). +</para> +<para lang="en"> +processing of a specially crafted mp4 file with the ngx_http_mp4_module +might result in worker process memory disclosure +(CVE-2018-16845). +</para> +</change> + +<change type="feature"> +<para lang="ru"> +директивы proxy_socket_keepalive, fastcgi_socket_keepalive, +grpc_socket_keepalive, memcached_socket_keepalive, +scgi_socket_keepalive и uwsgi_socket_keepalive. +</para> +<para lang="en"> +the "proxy_socket_keepalive", "fastcgi_socket_keepalive", +"grpc_socket_keepalive", "memcached_socket_keepalive", +"scgi_socket_keepalive", and "uwsgi_socket_keepalive" directives. +</para> +</change> + +<change type="bugfix"> +<para lang="ru"> +если nginx был собран с OpenSSL 1.1.0, а использовался с OpenSSL 1.1.1, +протокол TLS 1.3 всегда был разрешён. +</para> +<para lang="en"> +if nginx was built with OpenSSL 1.1.0 and used with OpenSSL 1.1.1, +the TLS 1.3 protocol was always enabled. +</para> +</change> + +<change type="bugfix"> +<para lang="ru"> +при работе с gRPC-бэкендами могло расходоваться большое количество памяти. +</para> +<para lang="en"> +working with gRPC backends might result in excessive memory consumption. +</para> +</change> + +</changes> + + <changes ver="1.15.5" date="2018-10-02"> <change type="bugfix"> _______________________________________________ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
