Categories
Nginx

Nginx 1.6.3, for Wheezy and Squeeze

Nginx 1.6.3 has been released on April 7th 2015, with the following changes :

  • Feature: now the tcp_nodelay directive works with SPDY connections.
  • Bugfix: in error handling. Thanks to Yichun Zhang and Daniil Bondarev.
  • Bugfix: alerts header already sent appeared in logs if the post_action directive was used; the bug had appeared in 1.5.4.
  • Bugfix: alerts sem_post() failed might appear in logs.
  • Bugfix: in hash table handling. Thanks to Chris West.
  • Bugfix: in integer overflow handling. Thanks to RĂ©gis Leroy.

As a consequence, packages of Nginx 1.6.3 are now available for both Debian 7 “Wheezy” and Debian 6 “Squeeze” (amd64/i386).

All the modules have been updated to their latest version.

For more details about which modules are included in the different Nginx flavors, just have to look at this document.

Categories
Nginx

Nginx 1.6.2, for Wheezy and Squeeze

Nginx 1.6.2 has been released on September 16th 2014, with the following changes :

  • Security: it was possible to reuse SSL sessions in unrelated contexts if a shared SSL session cache or the same TLS session ticket key was used for multiple “server” blocks (CVE-2014-3616). Thanks to Antoine Delignat-Lavaud.
  • Bugfix: requests might hang if resolver was used and a DNS server returned a malformed response; the bug had appeared in 1.5.8.
  • Bugfix: requests might hang if resolver was used and a timeout occurred during a DNS request.

As a consequence, packages of Nginx 1.6.2 are now available for both Debian 7 “Wheezy” and Debian 6 “Squeeze” (amd64/i386).

Please note that the nginx-rtmp-module has been added to nginx-extras and that the other modules have been updated to their latest version.

For more details about which modules are included in the different Nginx flavors, just have to look at this document.

Categories
Nginx

Nginx 1.6.1, for Wheezy and Squeeze

Nginx 1.6.1 has been released on August 5th 2014, with the following changes :

  • Security: pipelined commands were not discarded after STARTTLS command in SMTP proxy (CVE-2014-3556); the bug had appeared in 1.5.6. Thanks to Chris Boulton.
  • Bugfix: the $uri variable might contain garbage when returning errors with code 400. Thanks to Sergey Bobrov.
  • Bugfix: in the none parameter in the smtp_auth directive; the bug had appeared in 1.5.6. Thanks to Svyatoslav Nikolsky.

As a consequence, packages of Nginx 1.6.1 are now available for both Debian 7.0 “Wheezy” and Debian 6.0 “Squeeze” (amd64/i386).

For more details about which modules are included in the different Nginx flavors, just have to look at this document.

Categories
Nginx

Nginx 1.6.0 has been updated for Wheezy and Squeeze

Packages of Nginx 1.6.0 for Debian Wheezy and Squeeze have just been updated to fix a vulnerability in the ngx_pagespeed-embeded OpenSSL library.

The nginx-auth-ldap, nginx-cache-purge, nginx-lua and nginx-upload-progress modules have also been updated.

Categories
Nginx

Nginx 1.6.0, for Wheezy and Squeeze

Nginx 1.6.0 has been released on April 24th 2014 (exactly one year after 1.4.0), incorporating many new features/enhancements developed in the 1.5.x branch :

As a consequence, packages of Nginx 1.6.0 are now available for both Debian 7.0 “Wheezy” and Debian 6.0 “Squeeze” (amd64/i386). Please note that :

For more details about which modules are included in the different Nginx flavors, just have to look at this document.

I hope you’ll love these new packages and, if so, feel free to show your support.

Categories
Miscellaneous Nginx

Security : Nginx 1.4.7, for Wheezy and Squeeze

Nginx 1.4.7 has been released on March 18th 2014, fixing a potential heap memory buffer overflow when using SPDY, and also the fastcgi_next_upstream directive. More info in the changelog.

As a consequence, Dotdeb’s packages of Nginx 1.4.7 are now available for both Debian 7.0 “Wheezy” and Debian 6.0 “Squeeze” (amd64/i386).

As usual, if you want to know which module has been included in each Nginx flavor, you just have to look at this document.

Categories
Nginx

Security : Nginx 1.4.6, for Wheezy and Squeeze

Nginx 1.4.6 has been released on March 4th 2014, fixing client_max_body_size when used with chunked transfer encoding and a segfault when proxying WebSocket connections. More info in the changelog.

As a consequence, Dotdeb’s packages of Nginx 1.4.6 are now available for both Debian 7.0 “Wheezy” and Debian 6.0 “Squeeze” (amd64/i386), with some extra changes :

  • nginx-auth-ldap is now available in nginx-extras,
  • modules have been updated.

As usual, if you want to know which module has been included in each Nginx flavor, you just have to look at this document.

Categories
Nginx

Nginx 1.4.5 for Wheezy and Squeeze

Nginx 1.4.5 has been released on February 11th 2014, fixing 7 bugs. More info in the changelog.

As a consequence, Dotdeb’s packages of Nginx 1.4.5 are now available for both Debian 7.0 “Wheezy” and Debian 6.0 “Squeeze” (amd64/i386). Pagespeed and some more modules have been updated, dependencies have been reviewed and proxy settings have been improved (all this according to the Debian Sid changes).

As usual, if you want to know which module has been included in each Nginx flavor, you just have to look at this document.

Categories
Nginx

Security : Nginx 1.4.4 for Wheezy and Squeeze

Nginx 1.4.4 has been released on November 19th 2013, fixing a request line parsing vulnerability by Ivan Fratric of the Google Security Team (CVE-2013-4547). More info in the changelog.

As a consequence, Dotdeb’s packages of Nginx 1.4.4 are now available for both Debian 7.0 “Wheezy” and Debian 6.0 “Squeeze” (amd64/i386).

Reminder : Users of naxsi-ui should be aware that it has been deprecated in the upcoming Naxsi 0.53 and that it won’t be provided by Dotdeb starting with the next Nginx packages.

As usual, if you want to know which module has been included in each Nginx flavor, you just have to look at this document.

Categories
Nginx

Nginx 1.4.3 for Wheezy and Squeeze

Nginx 1.4.3 has been released on October 8th 2013, fixing 6 bugs (see the changes).

As a consequence, Dotdeb’s packages of Nginx 1.4.3 are now available for both Debian 7.0 “Wheezy” and Debian 6.0 “Squeeze” (amd64/i386) with the following changes :

  • the http_geoip module in now included in nginx-naxsi
  • PageSpeed has been upgraded to 1.6.29.7 to fix CVE-2013-6111 (nginx-extras only)
  • Various modules has been updated

Users of naxsi-ui should be aware that it has been deprecated in the upcoming Naxsi 0.53 and that it won’t be provided by Dotdeb starting with the next Nginx packages.

As usual, if you want to know which module has been included in each Nginx flavor, you just have to look at this document.