|
|
|
|
@ -5,6 +5,110 @@ |
|
|
|
|
<change_log title="nginx"> |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<changes ver="1.27.4" date="2025-02-05"> |
|
|
|
|
|
|
|
|
|
<change type="security"> |
|
|
|
|
<para lang="ru"> |
|
|
|
|
недостаточная проверка в обработке виртуальных серверов |
|
|
|
|
при использовании SNI в TLSv1.3 позволяла повторно использовать |
|
|
|
|
SSL-сессию в контексте другого виртуального сервера, |
|
|
|
|
чтобы обойти проверку клиентских SSL-сертификатов (CVE-2025-23419). |
|
|
|
|
</para> |
|
|
|
|
<para lang="en"> |
|
|
|
|
insufficient check in virtual servers handling with TLSv1.3 SNI |
|
|
|
|
allowed to reuse SSL sessions in a different virtual server, |
|
|
|
|
to bypass client SSL certificates verification (CVE-2025-23419). |
|
|
|
|
</para> |
|
|
|
|
</change> |
|
|
|
|
|
|
|
|
|
<change type="feature"> |
|
|
|
|
<para lang="ru"> |
|
|
|
|
директивы ssl_object_cache_inheritable, ssl_certificate_cache, |
|
|
|
|
proxy_ssl_certificate_cache, grpc_ssl_certificate_cache |
|
|
|
|
и uwsgi_ssl_certificate_cache. |
|
|
|
|
</para> |
|
|
|
|
<para lang="en"> |
|
|
|
|
the "ssl_object_cache_inheritable", "ssl_certificate_cache", |
|
|
|
|
"proxy_ssl_certificate_cache", "grpc_ssl_certificate_cache", |
|
|
|
|
and "uwsgi_ssl_certificate_cache" directives. |
|
|
|
|
</para> |
|
|
|
|
</change> |
|
|
|
|
|
|
|
|
|
<change type="feature"> |
|
|
|
|
<para lang="ru"> |
|
|
|
|
директива keepalive_min_timeout. |
|
|
|
|
</para> |
|
|
|
|
<para lang="en"> |
|
|
|
|
the "keepalive_min_timeout" directive. |
|
|
|
|
</para> |
|
|
|
|
</change> |
|
|
|
|
|
|
|
|
|
<change type="workaround"> |
|
|
|
|
<para lang="ru"> |
|
|
|
|
при использовании zlib-ng |
|
|
|
|
в логах появлялись сообщения "gzip filter failed to use preallocated memory". |
|
|
|
|
</para> |
|
|
|
|
<para lang="en"> |
|
|
|
|
"gzip filter failed to use preallocated memory" alerts appeared in logs |
|
|
|
|
when using zlib-ng. |
|
|
|
|
</para> |
|
|
|
|
</change> |
|
|
|
|
|
|
|
|
|
<change type="bugfix"> |
|
|
|
|
<para lang="ru"> |
|
|
|
|
nginx не мог собрать библиотеку libatomic из исходных текстов, |
|
|
|
|
если использовался параметр --with-libatomic=DIR. |
|
|
|
|
</para> |
|
|
|
|
<para lang="en"> |
|
|
|
|
nginx could not build libatomic library using the library sources |
|
|
|
|
if the --with-libatomic=DIR option was used. |
|
|
|
|
</para> |
|
|
|
|
</change> |
|
|
|
|
|
|
|
|
|
<change type="bugfix"> |
|
|
|
|
<para lang="ru"> |
|
|
|
|
могла происходить ошибка установления соединения |
|
|
|
|
при использовании 0-RTT в QUIC; |
|
|
|
|
ошибка появилась в 1.27.1. |
|
|
|
|
</para> |
|
|
|
|
<para lang="en"> |
|
|
|
|
QUIC connection might not be established when using 0-RTT; |
|
|
|
|
the bug had appeared in 1.27.1. |
|
|
|
|
</para> |
|
|
|
|
</change> |
|
|
|
|
|
|
|
|
|
<change type="bugfix"> |
|
|
|
|
<para lang="ru"> |
|
|
|
|
теперь nginx игнорирует пакеты согласования версий QUIC от клиентов. |
|
|
|
|
</para> |
|
|
|
|
<para lang="en"> |
|
|
|
|
nginx now ignores QUIC version negotiation packets from clients. |
|
|
|
|
</para> |
|
|
|
|
</change> |
|
|
|
|
|
|
|
|
|
<change type="bugfix"> |
|
|
|
|
<para lang="ru"> |
|
|
|
|
nginx не собирался на Solaris 10 и более ранних |
|
|
|
|
с модулем ngx_http_v3_module. |
|
|
|
|
</para> |
|
|
|
|
<para lang="en"> |
|
|
|
|
nginx could not be built on Solaris 10 and earlier |
|
|
|
|
with the ngx_http_v3_module. |
|
|
|
|
</para> |
|
|
|
|
</change> |
|
|
|
|
|
|
|
|
|
<change> |
|
|
|
|
<para lang="ru"> |
|
|
|
|
Исправления в HTTP/3. |
|
|
|
|
</para> |
|
|
|
|
<para lang="en"> |
|
|
|
|
Bugfixes in HTTP/3. |
|
|
|
|
</para> |
|
|
|
|
</change> |
|
|
|
|
|
|
|
|
|
</changes> |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<changes ver="1.27.3" date="2024-11-26"> |
|
|
|
|
|
|
|
|
|
<change type="feature"> |
|
|
|
|
|
Sergey Kandaurov
11 months ago
committed by