"nginx maintainers, what's the status?" ... Look at the link to the root bug. There's a reason they haven't taken that patch and committed it yet. This isn't trivial and we're not going to decide how this "non-issue" should be rectified. Us making a small change could cause a big headache down the road. Patience.
Honestly... If you don't trust the network in which proxy_pass is being sent to or the network in between, you're already screwed. I don't even see a legitimate need for proxy_pass to https backends. "Trusting Trust" * This issue will be closed when upstream closes it. We won't be doing any special patching for this bug without careful consideration. -- Michael Lustfield -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org