This version update for nginx to 1.2.9 includes a security fix and several
bugfixes and feature enhancements. (bnc#821184)
*) Security: contents of worker process memory might be sent to a client
if HTTP backend returned specially crafted response (CVE-2013-2070);
the bug had appeared in 1.1.4.
- changes with 1.2.8:
*) Bugfix: new sessions were not always stored if the "ssl_session_cache
shared" directive was used and there was no free space in shared
memory.
*) Bugfix: responses might hang if subrequests were used and a DNS error
happened during subrequest processing.
*) Bugfix: in the ngx_http_mp4_module.
*) Bugfix: in backend usage accounting.
- changes with nginx 1.2.7
*) Change: now if the "include" directive with mask is used on Unix
systems, included files are sorted in alphabetical order.
*) Change: the "add_header" directive adds headers to 201 responses.
*) Feature: the "geo" directive now supports IPv6 addresses in CIDR
notation.
*) Feature: the "flush" and "gzip" parameters of the "access_log"
directive.
*) Feature: variables support in the "auth_basic" directive.
*) Feature: the $pipe, $request_length, $time_iso8601, and $time_local
variables can now be used not only in the "log_format" directive.
*) Feature: IPv6 support in the ngx_http_geoip_module.
*) Bugfix: nginx could not be built with the ngx_http_perl_module in
some cases.
*) Bugfix: a segmentation fault might occur in a worker process if the
ngx_http_xslt_module was used.
*) Bugfix: nginx could not be built on MacOSX in some cases.
*) Bugfix: the "limit_rate" directive with high rates might result in
truncated responses on 32-bit platforms.
*) Bugfix: a segmentation fault might occur in a worker process if the
"if" directive was used.
*) Bugfix: a "100 Continue" response was issued with "413 Request Entity
Too Large" responses.
*) Bugfix: the "image_filter", "image_filter_jpeg_quality" and
"image_filter_sharpen" directives might be inherited incorrectly.
*) Bugfix: "crypt_r() failed" errors might appear if the "auth_basic"
directive was used on Linux.
*) Bugfix: in backup servers handling.
*) Bugfix: proxied HEAD requests might return incorrect response if the
"gzip" directive was used.
*) Bugfix: a segmentation fault occurred on start or during
reconfiguration if the "keepalive" directive was specified more than
once in a single upstream block.
*) Bugfix: in the "proxy_method" directive.
*) Bugfix: a segmentation fault might occur in a worker process if
resolver was used with the poll method.
*) Bugfix: nginx might hog CPU during SSL handshake with a backend if
the select, poll, or /dev/poll methods were used.
*) Bugfix: the "[crit] SSL_write() failed (SSL:)" error.
*) Bugfix: in the "fastcgi_keep_conn" directive.