Project

General

Profile

Actions

Bug #12061

closed

Update NGINX to address CVE-2021-23017

Added by Kris Phillips 4 months ago. Updated about 2 months ago.

Status:
Closed
Priority:
Normal
Category:
Operating System
Target version:
Start date:
06/18/2021
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
21.09
Release Notes:
Default
Affected Version:
Affected Architecture:
All

Description

https://vuxml.freebsd.org/freebsd/0882f019-bd60-11eb-9bdd-8c164567ca3c.html

NGINX needs to be updated to resolve this vulnerability

Actions #1

Updated by Jim Pingle 4 months ago

http://nginx.org/en/CHANGES shows it's fixed in 1.20.1, but 1.20.1 is not yet in the ports tree: https://github.com/freebsd/freebsd-ports/blob/main/www/nginx/Makefile

Actions #2

Updated by Renato Botelho 4 months ago

  • Status changed from New to Feedback
  • Assignee set to Renato Botelho

I've cherry-picked commits to upgrade it to 1.20.1,2 on RELENG_2_5_2. Development branches will get it on next round of merges from upstream

Actions #3

Updated by Jim Pingle 4 months ago

  • Subject changed from Update NGINX to Fix Vulnerability to Update NGINX to address CVE-2021-23017
  • Status changed from Feedback to Closed
  • Plus Target Version changed from Plus-Next to 21.09

nginx-1.20.1,2 is in the latest test build. GUI, XMLRPC, and captive portal are all working as expected.

While I'm here, update subject for the release notes.

Actions #4

Updated by Jim Pingle about 2 months ago

  • Category changed from Web Interface to Operating System
Actions

Also available in: Atom PDF