From 09c684b2d53b46b6ffb706c686ca4dbed62cf6da Mon Sep 17 00:00:00 2001 From: Igor Sysoev Date: Wed, 9 Nov 2005 17:25:55 +0000 Subject: nginx-0.3.8-RELEASE import *) Security: nginx now checks URI got from a backend in "X-Accel-Redirect" header line or in SSI file for the "/../" paths and zeroes. *) Change: nginx now does not treat the empty user name in the "Authorization" header line as valid one. *) Feature: the "ssl_session_timeout" directives of the ngx_http_ssl_module and ngx_imap_ssl_module. *) Feature: the "auth_http_header" directive of the ngx_imap_auth_http_module. *) Feature: the "add_header" directive. *) Feature: the ngx_http_realip_module. *) Feature: the new variables to use in the "log_format" directive: $bytes_sent, $apache_bytes_sent, $status, $time_gmt, $uri, $request_time, $request_length, $upstream_status, $upstream_response_time, $gzip_ratio, $uid_got, $uid_set, $connection, $pipe, and $msec. The parameters in the "%name" form will be canceled soon. *) Change: now the false variable values in the "if" directive are the empty string "" and string starting with "0". *) Bugfix: while using proxied or FastCGI-server nginx may leave connections and temporary files with client requests in open state. *) Bugfix: the worker processes did not flush the buffered logs on graceful exit. *) Bugfix: if the request URI was changes by the "rewrite" directive and the request was proxied in location given by regular expression, then the incorrect request was transferred to backend; the bug had appeared in 0.2.6. *) Bugfix: the "expires" directive did not remove the previous "Expires" header. *) Bugfix: nginx may stop to accept requests if the "rtsig" method and several worker processes were used. *) Bugfix: the "\"" and "\'" escape symbols were incorrectly handled in SSI commands. *) Bugfix: if the response was ended just after the SSI command and gzipping was used, then the response did not transferred complete or did not transferred at all. --- docs/xml/nginx/changes.xml | 175 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 175 insertions(+) (limited to 'docs/xml/nginx/changes.xml') diff --git a/docs/xml/nginx/changes.xml b/docs/xml/nginx/changes.xml index 3b1aa1088..dfac2a065 100644 --- a/docs/xml/nginx/changes.xml +++ b/docs/xml/nginx/changes.xml @@ -9,6 +9,181 @@ nginx changelog + + + + +nginx теперь проверят URI, полученные от бэкенда в строке "X-Accel-Redirect" +в заголовке ответа, или в SSI файле на наличие путей "/../" и нулей. + + +nginx now checks URI got from a backend in "X-Accel-Redirect" header line +or in SSI file for the "/../" paths and zeroes. + + + + + +nginx теперь не воспринимает пустое имя как правильное +в строке "Authorization" в заголовке запроса. + + +nginx now does not treat the empty user name in the "Authorization" header +line as valid one. + + + + + +директива ssl_session_timeout модулей +ngx_http_ssl_module и ngx_imap_ssl_module. + + +the "ssl_session_timeout" directives +of the ngx_http_ssl_module and ngx_imap_ssl_module. + + + + + +директива auth_http_header модуля ngx_imap_auth_http_module. + + +the "auth_http_header" directive of the ngx_imap_auth_http_module. + + + + + +директива add_header. + + +the "add_header" directive. + + + + + +модуль ngx_http_realip_module. + + +the ngx_http_realip_module. +directives. + + + + + +новые переменные для использования в директиве log_format: +$bytes_sent, $apache_bytes_sent, $status, $time_gmt, +$uri, $request_time, $request_length, +$upstream_status, $upstream_response_time, +$gzip_ratio, +$uid_got, $uid_set, +$connection, $pipe и $msec. +Параметры в виде "%name" скоро будут упразднены. + + +the new variables to use in the "log_format" directive: +$bytes_sent, $apache_bytes_sent, $status, $time_gmt, +$uri, $request_time, $request_length, +$upstream_status, $upstream_response_time, +$gzip_ratio, +$uid_got, $uid_set, +$connection, $pipe, and $msec. +The parameters in the "%name" form will be canceled soon. + + + + + +в директиве "if" ложными значениями переменных теперь являются +пустая строка "" и строки, начинающиеся на "0". + + +now the false variable values in the "if" directive are the empty string "" +and string starting with "0". + + + + + +при работает с проксированными или FastCGI-серверами nginx мог оставлять +открытыми соединения и временные файлы с запросами клиентов. + + +while using proxied or FastCGI-server nginx may leave connections +and temporary files with client requests in open state. + + + + + +рабочие процессы не сбрасывал буферизированные логи при плавном выходе. + + +the worker processes did not flush the buffered logs on graceful exit. + + + + + +если URI запроса изменялось с помощью rewrite, а затем запрос проксировался +в location, заданном регулярным выражением, то бэкенду передавался +неверный запрос; +ошибка появилась в 0.2.6. + + +if the request URI was changes by the "rewrite" directive and the request +was proxied in location given by regular expression, then the incorrect +request was transferred to backend; +bug appeared in 0.2.6. + + + + + +директива expires не удаляла уже установленную строку заголовка "Expires". + + +the "expires" directive did not remove the previous "Expires" header. + + + + + +при использовании метода rtsig и нескольких рабочих процессах nginx +мог перестать принимать запросы. + + +nginx may stop to accept requests if the "rtsig" method and several worker +processes were used. + + + + + +в SSI командах неверно обрабатывались строки "\"" и "\'". + + +the "\"" and "\'" escape symbols were incorrectly handled in SSI commands. + + + + + +если ответ заканчивался сразу же после SSI команды, то при использовании +сжатия ответ передавался не до конца или не передавался вообще. + + +if the response was ended just after the SSI command and gzipping was used, +then the response did not transferred complete or did not transferred at all. + + + + + + -- cgit