|
5 | 5 | <change_log title="nginx"> |
6 | 6 |
|
7 | 7 |
|
| 8 | +<changes ver="1.27.4" date="2025-02-05"> |
| 9 | + |
| 10 | +<change type="security"> |
| 11 | +<para lang="ru"> |
| 12 | +недостаточная проверка в обработке виртуальных серверов |
| 13 | +при использовании SNI в TLSv1.3 позволяла повторно использовать |
| 14 | +SSL-сессию в контексте другого виртуального сервера, |
| 15 | +чтобы обойти проверку клиентских SSL-сертификатов (CVE-2025-23419). |
| 16 | +</para> |
| 17 | +<para lang="en"> |
| 18 | +insufficient check in virtual servers handling with TLSv1.3 SNI |
| 19 | +allowed to reuse SSL sessions in a different virtual server, |
| 20 | +to bypass client SSL certificates verification (CVE-2025-23419). |
| 21 | +</para> |
| 22 | +</change> |
| 23 | + |
| 24 | +<change type="feature"> |
| 25 | +<para lang="ru"> |
| 26 | +директивы ssl_object_cache_inheritable, ssl_certificate_cache, |
| 27 | +proxy_ssl_certificate_cache, grpc_ssl_certificate_cache |
| 28 | +и uwsgi_ssl_certificate_cache. |
| 29 | +</para> |
| 30 | +<para lang="en"> |
| 31 | +the "ssl_object_cache_inheritable", "ssl_certificate_cache", |
| 32 | +"proxy_ssl_certificate_cache", "grpc_ssl_certificate_cache", |
| 33 | +and "uwsgi_ssl_certificate_cache" directives. |
| 34 | +</para> |
| 35 | +</change> |
| 36 | + |
| 37 | +<change type="feature"> |
| 38 | +<para lang="ru"> |
| 39 | +директива keepalive_min_timeout. |
| 40 | +</para> |
| 41 | +<para lang="en"> |
| 42 | +the "keepalive_min_timeout" directive. |
| 43 | +</para> |
| 44 | +</change> |
| 45 | + |
| 46 | +<change type="workaround"> |
| 47 | +<para lang="ru"> |
| 48 | +при использовании zlib-ng |
| 49 | +в логах появлялись сообщения "gzip filter failed to use preallocated memory". |
| 50 | +</para> |
| 51 | +<para lang="en"> |
| 52 | +"gzip filter failed to use preallocated memory" alerts appeared in logs |
| 53 | +when using zlib-ng. |
| 54 | +</para> |
| 55 | +</change> |
| 56 | + |
| 57 | +<change type="bugfix"> |
| 58 | +<para lang="ru"> |
| 59 | +nginx не мог собрать библиотеку libatomic из исходных текстов, |
| 60 | +если использовался параметр --with-libatomic=DIR. |
| 61 | +</para> |
| 62 | +<para lang="en"> |
| 63 | +nginx could not build libatomic library using the library sources |
| 64 | +if the --with-libatomic=DIR option was used. |
| 65 | +</para> |
| 66 | +</change> |
| 67 | + |
| 68 | +<change type="bugfix"> |
| 69 | +<para lang="ru"> |
| 70 | +могла происходить ошибка установления соединения |
| 71 | +при использовании 0-RTT в QUIC; |
| 72 | +ошибка появилась в 1.27.1. |
| 73 | +</para> |
| 74 | +<para lang="en"> |
| 75 | +QUIC connection might not be established when using 0-RTT; |
| 76 | +the bug had appeared in 1.27.1. |
| 77 | +</para> |
| 78 | +</change> |
| 79 | + |
| 80 | +<change type="bugfix"> |
| 81 | +<para lang="ru"> |
| 82 | +теперь nginx игнорирует пакеты согласования версий QUIC от клиентов. |
| 83 | +</para> |
| 84 | +<para lang="en"> |
| 85 | +nginx now ignores QUIC version negotiation packets from clients. |
| 86 | +</para> |
| 87 | +</change> |
| 88 | + |
| 89 | +<change type="bugfix"> |
| 90 | +<para lang="ru"> |
| 91 | +nginx не собирался на Solaris 10 и более ранних |
| 92 | +с модулем ngx_http_v3_module. |
| 93 | +</para> |
| 94 | +<para lang="en"> |
| 95 | +nginx could not be built on Solaris 10 and earlier |
| 96 | +with the ngx_http_v3_module. |
| 97 | +</para> |
| 98 | +</change> |
| 99 | + |
| 100 | +<change> |
| 101 | +<para lang="ru"> |
| 102 | +Исправления в HTTP/3. |
| 103 | +</para> |
| 104 | +<para lang="en"> |
| 105 | +Bugfixes in HTTP/3. |
| 106 | +</para> |
| 107 | +</change> |
| 108 | + |
| 109 | +</changes> |
| 110 | + |
| 111 | + |
8 | 112 | <changes ver="1.27.3" date="2024-11-26"> |
9 | 113 |
|
10 | 114 | <change type="feature"> |
|
0 commit comments