Security : Nginx 1.0.15

Posted by & filed under Nginx.

Nginx 1.0.15 packages are now available for Debian 6.0 “Squeeze” on both amd64 and i386 architectures. They fix a buffer overflow in the ngx_http_mp4_module : Security: specially crafted mp4 file might allow to overwrite memory locations in a worker process if the ngx_http_mp4_module was used, potentially resulting in arbitrary code execution (CVE-2012-2089). Thanks to Matthew Daley…. Read more »

Nginx with 2 new flavors : Naxsi & Passenger

Posted by & filed under Nginx, Passenger.

Dotdeb’s packages of Nginx 1.0.14 for Debian 6.0 “Squeeze” (amd64/i386) have been synchronized with Debian’s ones to benefit from the great work of Cyril Lavier. As a consequence, two new flavors of Nginx are now available, in addition to the regular nginx-light, nginx-full and nginx-extras packages : nginx-naxsi inherits from nginx-light with a great new… Read more »

Security : Nginx 1.0.14

Posted by & filed under Nginx.

Nginx 1.0.14 packages are now available for Debian 6.0 “Squeeze” on both amd64 and i386 architectures. They fix a potential memory disclosure : Security: content of previously freed memory might be sent to a client if backend returned specially crafted response. Thanks to Matthew Daley. Upgrading is strongly recommended.

Nginx 1.0.13

Posted by & filed under Nginx.

Nginx 1.0.13 packages are now available for Debian 6.0 “Squeeze” on both amd64 and i386 architectures. Here are the changes on the Dotdeb side : nginx-upload-module has been added to nginx-extras nginx-auth-pam has been added to nginx-extras and nginx-full. Closes #5. http_secure_link_module has been added to nginx-full. Closes #3. file-aio is now supported by all nginx… Read more »

Nginx 1.0.12

Posted by & filed under Nginx.

Nginx 1.0.12 packages are now available for Debian 6.0 “Squeeze” on both amd64 and i386 architectures. Here are the changes on the Dotdeb side : Add the Cache purge module in nginx-full and nginx-extras Use “default_server” instead of “default” in sites-available/default Please take a look at Nginx’ Changelog before upgrading.

Nginx 1.0.11 : Passenger 3.0.11 and Push stream support

Posted by & filed under Nginx, Passenger.

Nginx 1.0.11 packages are now available : for both Debian 6.0 “Squeeze” and 5.0 “Lenny” for both amd64 and i386 architectures Here are the changes on the Dotdeb side : nginx-extras now includes the Push stream module, instead of the bogus HTTP Push. Please review your configuration. nginx-extras now uses Passenger 3.0.11 Please take a look at… Read more »

Nginx 1.0.10

Posted by & filed under Nginx.

Nginx 1.0.10 has been released a few hours ago and is now available on Dotdeb for : both Debian 6.0 “Squeeze” and Debian 5.0 “Lenny” both amd64 and i386 architectures Here are the changes since the 1.0.9 release : *) Bugfix: a segmentation fault might occur in a worker process if resolver got a big… Read more »

Nginx 1.0.9

Posted by & filed under Nginx.

Nginx 1.0.9 has just been released, bringing 12 bug fixes. The packages are now available on Dotdeb : for both Debian 6.0 “Squeeze” and 5.0 “Lenny”, for both amd64 and i386 architectures. Take a look at the full list of changes before upgrading.

Packages of Nginx 1.0.8 are available

Posted by & filed under Nginx.

A new stable version of Nginx, numbered 1.0.8, has been released two weeks ago. It brings bug fixes and a new mp4 module. Take a look at the full list of changes before upgrading. Here are the changes on the Dotdeb side : the Http Headers More module has been included in nginx-extras, the Http… Read more »

Nginx 1.0.6 updated : Passenger 3.0.9 and syslog support

Posted by & filed under Nginx, Passenger.

Nginx 1.0.6 has been updated : the nginx-full and nginx-extras packages now support syslog nginx-extras now uses Passenger 3.0.9 Here are the changes in Passenger 3.0.9 : [Nginx] Fixed a NULL pointer crash that occurs on HTTP/1.0 requests when the Host header isn’t given. Fixed deprecation warnings on RubyGems >= 1.6. Improved Union Station support… Read more »