*) Security: when using HTTP/3, processing of a specially crafted QUIC
session might cause a worker process crash, worker process memory
disclosure on systems with MTU larger than 4096 bytes, or might have
potential other impact (CVE-2024-32760, CVE-2024-31079,
CVE-2024-35200, CVE-2024-34161).
Thanks to Nils Bars of CISPA.
*) Bugfix: reduced memory consumption for long-lived requests if "gzip",
"gunzip", "ssi", "sub_filter", or "grpc_pass" directives are used.
*) Bugfix: nginx could not be built by gcc 14 if the --with-atomic
option was used.
Thanks to Edgar Bonet.
*) Bugfix: in HTTP/3.
Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:
sudo dnf upgrade --refresh --advisory=FEDORA-2024-2e4858330cPlease login to add feedback.
This update has been submitted for testing by heffer.
This update's test gating status has been changed to 'ignored'.
heffer edited this update.
This update has been pushed to testing.
Tested ok on Fedora 39 server
This update has been submitted for stable by bodhi.
This update has been pushed to stable.