Skip to content

v1.25.4
Compare
Choose a tag to compare
@Ran-snow Ran-snow released this 25 Feb 08:56
· 6 commits to master since this release
1.25.4
423dec0

Changes with nginx 1.25.4 14 Feb 2024

*) Security: when using HTTP/3 a segmentation fault might occur in a
   worker process while processing a specially crafted QUIC session
   (CVE-2024-24989, CVE-2024-24990).

*) Bugfix: connections with pending AIO operations might be closed
   prematurely during graceful shutdown of old worker processes.

*) Bugfix: socket leak alerts no longer logged when fast shutdown was
   requested after graceful shutdown of old worker processes.

*) Bugfix: a socket descriptor error, a socket leak, or a segmentation
   fault in a worker process (for SSL proxying) might occur if AIO was
   used in a subrequest.

*) Bugfix: a segmentation fault might occur in a worker process if SSL
   proxying was used along with the "image_filter" directive and errors
   with code 415 were redirected with the "error_page" directive.

*) Bugfixes and improvements in HTTP/3.
Assets 2