Added a previously missed changes entry in 1.29.1 relnotes.

author: Sergey Kandaurov <pluknet@nginx.com> 2025-08-13 20:26:56 +0400
committer: pluknet <pluknet@nginx.com> 2025-08-13 21:21:40 +0400
commit: 1a82df8cca80458fc3da0968f64624f40cafdf37 (patch)
tree: 0b290f25cb5dd0e422c4d370ed7f3fec85064351
parent: 36d40e5610ff07b422db62bec687c06608a0bd84 (diff)
download: nginx-1a82df8cca80458fc3da0968f64624f40cafdf37.tar.gz
nginx-1a82df8cca80458fc3da0968f64624f40cafdf37.tar.bz2
1 files changed, 15 insertions, 0 deletions
diff --git a/docs/xml/nginx/changes.xml b/docs/xml/nginx/changes.xml
index 132a8d835..c07de09b7 100644
--- a/docs/xml/nginx/changes.xml
+++ b/docs/xml/nginx/changes.xml
@@ -7,6 +7,21 @@
 
 <changes ver="1.29.1" date="2025-08-13">
 
+<change type="security">
+<para lang="ru">
+обработка специально созданного логина/пароля при использовании
+метода аутентификации "none" в модуле ngx_mail_smtp_module
+могла приводить к отправке серверу аутентификации
+части содержимого памяти рабочего процесса (CVE-2025-53859).
+</para>
+<para lang="en">
+processing of a specially crafted login/password when using
+the "none" authentication method in the ngx_mail_smtp_module
+might cause worker process memory disclosure
+to the authentication server (CVE-2025-53859).
+</para>
+</change>
+
 <change type="change">
 <para lang="ru">
 теперь сжатие сертификатов в протоколе TLSv1.3 по умолчанию запрещено.
author	Sergey Kandaurov <pluknet@nginx.com>	2025-08-13 20:26:56 +0400
committer	pluknet <pluknet@nginx.com>	2025-08-13 21:21:40 +0400
commit	1a82df8cca80458fc3da0968f64624f40cafdf37 (patch)
tree	0b290f25cb5dd0e422c4d370ed7f3fec85064351
parent	36d40e5610ff07b422db62bec687c06608a0bd84 (diff)
download	nginx-1a82df8cca80458fc3da0968f64624f40cafdf37.tar.gz nginx-1a82df8cca80458fc3da0968f64624f40cafdf37.tar.bz2