Actions
Bug #12061
closedUpdate NGINX to address CVE-2021-23017
Start date:
06/18/2021
Due date:
% Done:
0%
Estimated time:
Plus Target Version:
22.01
Release Notes:
Default
Affected Version:
Affected Architecture:
All
Description
https://vuxml.freebsd.org/freebsd/0882f019-bd60-11eb-9bdd-8c164567ca3c.html
NGINX needs to be updated to resolve this vulnerability
Updated by Jim Pingle over 3 years ago
http://nginx.org/en/CHANGES shows it's fixed in 1.20.1, but 1.20.1 is not yet in the ports tree: https://github.com/freebsd/freebsd-ports/blob/main/www/nginx/Makefile
Updated by Renato Botelho over 3 years ago
- Status changed from New to Feedback
- Assignee set to Renato Botelho
I've cherry-picked commits to upgrade it to 1.20.1,2 on RELENG_2_5_2. Development branches will get it on next round of merges from upstream
Updated by Jim Pingle over 3 years ago
- Subject changed from Update NGINX to Fix Vulnerability to Update NGINX to address CVE-2021-23017
- Status changed from Feedback to Closed
- Plus Target Version changed from Plus-Next to 21.09
nginx-1.20.1,2
is in the latest test build. GUI, XMLRPC, and captive portal are all working as expected.
While I'm here, update subject for the release notes.
Updated by Jim Pingle about 3 years ago
- Category changed from Web Interface to Operating System
Updated by Jim Pingle almost 3 years ago
- Plus Target Version changed from 21.09 to 22.01
Actions