An gabatar da sakin farko na sabon babban reshe na nginx 1.21.0, wanda a ciki za a ci gaba da haɓaka sabbin abubuwa. A lokaci guda, an shirya sakin gyara daidai da reshe mai goyan bayan 1.20.1, wanda kawai ke gabatar da canje-canje masu alaƙa da kawar da manyan kurakurai da lahani. Shekara mai zuwa, dangane da babban reshe na 1.21.x, za a kafa reshe mai tsayi 1.22.
Sabbin nau'ikan suna gyara rauni (CVE-2021-23017) a cikin lambar don warware sunayen baƙi a cikin DNS, wanda zai iya haifar da haɗari ko yuwuwar aiwatar da lambar maharan. Matsalar tana bayyana kanta a cikin sarrafa wasu martanin sabar uwar garken DNS wanda ke haifar da cikar buffer-byte daya. Rashin lahani yana bayyana kawai lokacin da aka kunna shi a cikin saitunan masu warwarewar DNS ta amfani da umarnin "masu warwarewa". Don kai hari, dole ne maharin ya iya kwasar fakitin UDP daga sabar DNS ko samun iko da sabar DNS. Rashin lahani ya bayyana tun lokacin da aka saki nginx 0.6.18. Ana iya amfani da faci don gyara matsalar a cikin tsofaffin sakewa.
Canje-canje marasa tsaro a cikin nginx 1.21.0:
- An ƙara goyan baya dabam-dabam zuwa umarnin "proxy_ssl_certificate", "proxy_ssl_certificate_key", "grpc_ssl_certificate", "grpc_ssl_certificate_key", "uwsgi_ssl_certificate" da "uwsgi_ssl_certificate".
- Samfurin wakili na mail ya ƙara tallafi don "bututun bututu" don aika buƙatun POP3 ko IMAP da yawa a cikin haɗin gwiwa guda ɗaya, sannan kuma ya ƙara sabon umarni "max_errors", wanda ke bayyana matsakaicin adadin kurakuran yarjejeniya bayan haka haɗin zai rufe.
- Ƙara ma'auni na "fastopen" zuwa tsarin rafi, yana ba da damar "TCP Fast Buɗe" yanayin don sauraran saurara.
- Matsaloli tare da guje wa haruffa na musamman yayin turawa ta atomatik ta ƙara slash a ƙarshe an warware su.
- An warware matsalar rufe haɗin kai ga abokan ciniki yayin amfani da bututun SMTP.
source: budenet.ru