Kutulutsidwa koyamba kwa nthambi yayikulu yatsopano ya nginx 1.21.0 kwawonetsedwa, momwe chitukuko chazinthu zatsopano chidzapitilira. Panthawi imodzimodziyo, kumasulidwa kokonzekera kunakonzedwa mofanana ndi nthambi yokhazikika yothandizidwa 1.20.1, yomwe imangoyambitsa kusintha kokhudzana ndi kuthetsa zolakwika zazikulu ndi zofooka. Chaka chamawa, kutengera nthambi yayikulu 1.21.x, nthambi yokhazikika 1.22 idzapangidwa.
Mabaibulo atsopanowa amakonza chiwopsezo (CVE-2021-23017) mu code yothetsa mayina a alendo mu DNS, zomwe zingayambitse kuwonongeka kapena kupha anthu otsutsa. Vutoli limawonekera pakukonza mayankho ena a seva ya DNS zomwe zimapangitsa kusefukira kwa bayiti imodzi. Chiwopsezochi chimangowoneka chikayatsidwa pazosintha za DNS resolution pogwiritsa ntchito "resolver" malangizo. Kuti achite chiwembu, wowukira ayenera kuwononga mapaketi a UDP kuchokera pa seva ya DNS kapena kuwongolera seva ya DNS. Chiwopsezo chawonekera kuyambira kutulutsidwa kwa nginx 0.6.18. Chigamba chingagwiritsidwe ntchito kukonza vuto m'mabuku akale.
Zosintha zopanda chitetezo mu nginx 1.21.0:
- Thandizo losinthika lawonjezedwa ku malangizo "proxy_ssl_certificate", "proxy_ssl_certificate_key", "grpc_ssl_certificate", "grpc_ssl_certificate_key", "uwsgi_ssl_certificate" ndi "uwsgi_sssl_certificate".
- Magawo a proxy mail awonjezera chithandizo cha "kupaipila" potumiza zopempha zingapo za POP3 kapena IMAP munjira imodzi, ndikuwonjezeranso malangizo atsopano "max_errors", omwe amatanthawuza kuchuluka kwa zolakwika za protocol pambuyo pake kulumikizanako kutsekedwa.
- Onjezani gawo la "fastopen" ku gawo la mtsinje, ndikupangitsa mawonekedwe a "TCP Fast Open" pama soketi omvera.
- Mavuto othawa zilembo zapadera panthawi yolondolera mwaokha powonjezera slash kumapeto kwathetsedwa.
- Vuto lotseka maulumikizidwe kwa makasitomala mukamagwiritsa ntchito mapaipi a SMTP lathetsedwa.
Source: opennet.ru