A problem was identified in nginx code responsible for saving client request body to a temporary file. A specially crafted request might result in worker process crash due to a NULL pointer dereference while writing client request body to a temporary file (CVE-2016-4450).
The problem affects nginx 1.3.9 – 1.11.0.
The problem is fixed in nginx 1.11.1, 1.10.1.
Nginx 1.10.1 for Windows (32-bit and 64-bit builds) are now available for free download. As always, packages are built from the upstream stable branch. Nginx (pronounced “engine x”) is a high performance web server, caching proxy and a Layer 7 load balancing solution. Millions of web sites on the Internet use and benefit from Nginx because of its extreme performance, scalability, reliability, flexibility, and security.
Note: these builds are built with older versions of OpenSSL and therefore SSL/TLS is NOT recommended for use. USE AT YOUR OWN RISK. Using http only is recommended.
On 2016-05-31, the stable version of Nginx 1.10.1 was released at nginx.org. The upstream changelog is as follows: [continue reading…]
Nginx 1.11.0 for Windows (32-bit and 64-bit builds) are now available for free download. As always, packages are built from the upstream mainline branch. Nginx (pronounced “engine x”) is a high performance web server, caching proxy and a Layer 7 load balancing solution. Millions of web sites on the Internet use and benefit from Nginx because of its extreme performance, scalability, reliability, flexibility, and security.
Note: these builds are built with older versions of OpenSSL and therefore SSL/TLS is NOT recommended for use. USE AT YOUR OWN RISK. Using http only is recommended.
On 2016-05-24, the mainline version of Nginx 1.11.0 was released at nginx.org. The upstream changelog is as follows: [continue reading…]
I am a long time fan and user of Nginx. Consequently, I even maintain packages for Nginx for Windows. Because I like trying alternative web servers, and follow this topic, I heard of a newer web server written in Go called Caddy. Ultimately, I gave the Caddy Web Server a try over on my business site, kevindustries.com. I wrote up a quick introduction and summary about my experience with it.
Also included is a Github Gist (code snippet) showing my actual configuration (known as a Caddyfile) that I use to serve the Kevindustries site. See the blog post and configuration here: Caddy Web Server.
