Web服务器Nginx于2014-08-05日发布1.6.1版。这是自2014-04-24日发布1.6稳定版后第一个补丁版。遗留稳定版1.4.7/1.2.9/1.0.15。修正了一个STARTTLS相关安全漏洞(CVE- 2014-3556),以及$uri变量和smtp_auth指令的2个Bug。同时发布了1.7.4开发版。
完全改进:
Changes with nginx 1.6.1
05 Aug 2014
*) Security: pipelined commands were not discarded after STARTTLS
command in SMTP proxy (CVE-2014-3556); the bug had appeared in 1.5.6.
Thanks to Chris Boulton.
*) Bugfix: the $uri variable might contain garbage when returning errors
with code 400.
Thanks to Sergey Bobrov.
*) Bugfix: in the "none" parameter in the "smtp_auth" directive; the bug
had appeared in 1.5.6.
Thanks to Svyatoslav Nikolsky.
