Isebe eliphambili le-nginx 1.27.1 likhutshiwe, ngaphakathi apho uphuhliso lweempawu ezintsha luqhubeka, kunye nokukhululwa kwesebe elizinzileyo elixhasayo le-nginx 1.22.1, elibandakanya kuphela utshintsho olunxulumene nokupheliswa kweempazamo ezinzulu kunye ubuthathaka. Uhlaziyo lulungisa ubuthathaka (CVE-2024-7347) kwimodyuli ye-ngx_http_mp4_modyuli, ekhokelela ekuphelisweni okungaqhelekanga kokuhamba komsebenzi xa kusetyenzwa ifayile yeMP4 efomathwe ngokukodwa. Ingxaki ibonakala iqala ukusuka ekukhululweni kwe-1.5.13 xa usakha nginx ngemodyuli ye-ngx_http_mp4_modyuli (ayakhiwe ngokungagqibekanga) kwaye usebenzisa i-direction ye-mp4 kwizicwangciso. Ukulungisa ubuthathaka kwiinguqulelo ezindala, ungasebenzisa i-patch.
Ukongeza kubuthathaka, i-nginx 1.27.1 ikhupha kwakhona iimpazamo ezilungisiweyo ekuphunyezweni kweprotocol yeHTTP/3, ishukumise isibambi kwimodyuli yomlambo ukuya kudidi olukhethiweyo, kwaye yasombulula ingxaki ngokungahoywa kodibaniso olutsha lweHTTP/2 xa iinkqubo zabasebenzi ziphela ngaphandle kwamagingxigingxi.
umthombo: opennet.ru
