Igatsha eliyinhloko le-nginx 1.27.1 likhishwe, ngaphakathi lapho ukuthuthukiswa kwezici ezintsha kuqhubeka, kanye nokukhululwa kwegatsha elizinzile elisekelwayo le-nginx 1.22.1, elihlanganisa kuphela izinguquko ezihlobene nokuqedwa kwamaphutha amakhulu kanye ubuthakathaka. Izibuyekezo zilungisa ukuba sengozini (CVE-2024-7347) kumojuli ngx_http_mp4_module, okuholela ekunqanyulweni okungavamile kokugeleza komsebenzi lapho kucutshungulwa ifayela le-MP4 elifomethwe ngokukhethekile. Inkinga ivela kusukela ekukhishweni kwe-1.5.13 lapho wakha i-nginx nge-ngx_http_mp4_module module (ayakhiwe ngokuzenzakalelayo) futhi usebenzisa isiqondiso se-mp4 kuzilungiselelo. Ukuze ulungise ubungozi ezinguqulweni ezindala, ungasebenzisa ipheshi.
Ngokungeziwe ekubeni sengozini, ukukhishwa kwe-nginx 1.27.1 kuphinde kwalungisa amaphutha ekusetshenzisweni kwephrothokholi ye-HTTP/3, kwahambisa isibambi kumojuli yokusakaza yaya esigabeni sokuzikhethela, futhi yaxazulula inkinga ngokuziba uxhumo olusha lwe-HTTP/2 lapho izinqubo zabasebenzi ziphela ngokushelela.
Source: opennet.ru
