Opened 5 years ago

Closed 5 years ago

#534 closed defect (fixed)

windows Binary openssl-1.0.1f

Reported by: hornbillcloud@… Owned by:
Priority: critical Milestone:
Component: other Version: 1.4.x
Keywords: Cc:
uname -a:
nginx -V: configure arguments: --with-cc=cl --builddir=objs.msvc8 --with-debug --prefix= - -conf-path=conf/nginx.conf --pid-path=logs/nginx.pid --http-log-path=logs/access .log --error-log-path=logs/error.log --sbin-path=nginx.exe --http-client-body-te mp-path=temp/client_body_temp --http-proxy-temp-path=temp/proxy_temp --http-fast cgi-temp-path=temp/fastcgi_temp --http-scgi-temp-path=temp/scgi_temp --http-uwsg i-temp-path=temp/uwsgi_temp --with-cc-opt=-DFD_SETSIZE=1024 --with-pcre=objs.msv c8/lib/pcre-8.32 --with-zlib=objs.msvc8/lib/zlib-1.2.8 --with-select_module --wi th-http_realip_module --with-http_addition_module --with-http_sub_module --with- http_dav_module --with-http_stub_status_module --with-http_flv_module --with-htt p_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-htt p_random_index_module --with-http_secure_link_module --with-mail --with-openssl= objs.msvc8/lib/openssl-1.0.1f --with-openssl-opt=enable-tlsext --with-http_ssl_m odule --with-mail_ssl_module --with-ipv6

Description

The windows Binary for nginx http://nginx.org/download/nginx-1.4.7.zip seems to be using open-ssl-1.0.1f which is vulnerable to the heartbleed bug.

Can this be updated.

Change History (1)

comment:1 Changed 5 years ago by mdounin

  • Resolution set to fixed
  • Status changed from new to closed

Latest mainline version, nginx 1.5.13, was released today and is built with latest OpenSSL 1.0.1g (that is, with CVE-2014-0160 fixed). Note that mainline branch is recommended for win32, see nginx for Windows article.

Nevertheless, nginx 1.4.7 windows binary was updated as well and it's now built with OpenSSL 1.0.1g, too.

Note: See TracTickets for help on using tickets.