Nginx 1.6.2 has been released on September 16th 2014, with the following changes :
- Security: it was possible to reuse SSL sessions in unrelated contexts if a shared SSL session cache or the same TLS session ticket key was used for multiple “server” blocks (CVE-2014-3616). Thanks to Antoine Delignat-Lavaud.
- Bugfix: requests might hang if resolver was used and a DNS server returned a malformed response; the bug had appeared in 1.5.8.
- Bugfix: requests might hang if resolver was used and a timeout occurred during a DNS request.
As a consequence, packages of Nginx 1.6.2 are now available for both Debian 7 “Wheezy” and Debian 6 “Squeeze” (amd64/i386).
Please note that the nginx-rtmp-module has been added to nginx-extras and that the other modules have been updated to their latest version.
For more details about which modules are included in the different Nginx flavors, just have to look at this document.