Thanks everyone for the additional reports. Based on the comments, this appears to be broader than headers-more or more_set_headers specifically. My original reproduction still confirms one trigger:
- Ubuntu 24.04 noble arm64 - nginx/nginx-extras 1.24.0-2ubuntu7.10 - libnginx-mod-http-headers-more-filter 1:0.37-2build1 - HTTP/2 enabled - loading headers_more and using more_set_headers causes worker crashes; disabling headers_more stops the crashes. However, other users are now reporting similar crashes with uploadprogress, xslt, lua, modsecurity/nchan-related modules, and in some cases the module only needs to be loaded, not actively used. So the bug title/scope may need to be broadened from “headers-more dynamic module crash” to something like: “nginx 1.24.0-2ubuntu7.10 dynamic module ABI regression causes worker crashes” If Florian/Ville’s analysis is correct, this looks like dynamic modules built against the previous nginx ABI being used with the 1.24.0-2ubuntu7.10 nginx core. A rebuild of affected libnginx-mod-* packages against the updated nginx source may be required. Given that this was introduced by a security update and is breaking production servers via unattended-upgrades, please consider whether the importance should be raised from High to Critical, or whether a coordinated rebuild/update of all affected dynamic modules is already planned. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2155992 Title: headers-more dynamic module crash To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libnginx-mod-http-headers-more-filter/+bug/2155992/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
