Opened 10 years ago
Closed 10 years ago
#534 closed defect (fixed)
windows Binary openssl-1.0.1f
| Reported by: | Paul Boca | Owned by: | |
|---|---|---|---|
| Priority: | critical | Milestone: | |
| Component: | other | Version: | 1.4.x |
| Keywords: | Cc: | ||
| uname -a: | |||
| nginx -V: |
configure arguments: --with-cc=cl --builddir=objs.msvc8 --with-debug --prefix= -
-conf-path=conf/nginx.conf --pid-path=logs/nginx.pid --http-log-path=logs/access .log --error-log-path=logs/error.log --sbin-path=nginx.exe --http-client-body-te mp-path=temp/client_body_temp --http-proxy-temp-path=temp/proxy_temp --http-fast cgi-temp-path=temp/fastcgi_temp --http-scgi-temp-path=temp/scgi_temp --http-uwsg i-temp-path=temp/uwsgi_temp --with-cc-opt=-DFD_SETSIZE=1024 --with-pcre=objs.msv c8/lib/pcre-8.32 --with-zlib=objs.msvc8/lib/zlib-1.2.8 --with-select_module --wi th-http_realip_module --with-http_addition_module --with-http_sub_module --with- http_dav_module --with-http_stub_status_module --with-http_flv_module --with-htt p_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-htt p_random_index_module --with-http_secure_link_module --with-mail --with-openssl= objs.msvc8/lib/openssl-1.0.1f --with-openssl-opt=enable-tlsext --with-http_ssl_m odule --with-mail_ssl_module --with-ipv6 |
||
Description
The windows Binary for nginx http://nginx.org/download/nginx-1.4.7.zip seems to be using open-ssl-1.0.1f which is vulnerable to the heartbleed bug.
Can this be updated.
Note:
See TracTickets
for help on using tickets.
Latest mainline version, nginx 1.5.13, was released today and is built with latest OpenSSL 1.0.1g (that is, with CVE-2014-0160 fixed). Note that mainline branch is recommended for win32, see nginx for Windows article.
Nevertheless, nginx 1.4.7 windows binary was updated as well and it's now built with OpenSSL 1.0.1g, too.