Bazi guru re nginx 1.27.1 rakabudiswa, mukati umo kuvandudzwa kwezvinhu zvitsva kunoenderera mberi, pamwe nekusunungurwa kwebazi rakafanana rinotsigirwa rakagadzikana re nginx 1.22.1, rinongosanganisira kuchinja kune chokuita nekubviswa kwezvikanganiso zvakakomba uye vulnerabilities. Iwo anogadziridza anogadzirisa kusagadzikana (CVE-2024-7347) mune ngx_http_mp4_module module, izvo zvinotungamira kumisa kusingaite kwekufamba kwebasa kana uchigadzira yakanyatso kurongeka MP4 faira. Dambudziko rinoratidzika kutanga kubva pakuburitswa 1.5.13 paunenge uchivaka nginx ne ngx_http_mp4_module module (isina kuvakwa neyakagadzika) uye uchishandisa iyo mp4 kuraira muzvirongwa. Kuti ugadzirise kusagadzikana muzvinyorwa zvekare, unogona kushandisa chigamba.
Pamusoro pekusagadzikana, iyo nginx 1.27.1 kuburitswa yakagadzirisawo zvikanganiso mukushandiswa kweHTTP/3 protocol, yakafambisa mubatiri murukova module kune chikamu chesarudzo, uye yakagadzirisa dambudziko nekuregeredza mitsva yeHTTP/2 maitiro evashandi anopera zvakanaka.
Source: opennet.ru
