Xiaochen Wang
Xiaochen Wang
fixed in https://github.com/alibaba/tengine/pull/1660
只有在 紧接着 `chain = c->send_chain(c, r->out, limit); `后才能保证拿到准确发送的数据,任何往后推迟的阶段都可能导致你的统计逻辑无法被运行到(尤其是output filter,任意3方逻辑和nginx core错误处理逻辑都可能跳过后续统计)
think it resolved
如果需要紧急修复。可以直接打上这个patch(见下)。我稍微看了下patch,直接打在最新的tengine的master分支应该是没有问题(即对core和3方模块没有其他影响),但是我目前没有测试环境,无法验证。 --- patch: https://nginx.org/download/patch.2021.resolver.txt security issue descritpion: 1-byte memory overwrite in resolver in https://nginx.org/en/security_advisories.html ``` Changes with nginx 1.21.0 25 May 2021 *) Security: 1-byte memory overwrite might occur during...
cc @Yanmei-Liu hi yanmei, 看看这个安全问题。修复难度比较低,可以做个release
fixed in [Tengine 2.3.4](https://github.com/alibaba/tengine/releases/tag/2.3.4), and in this pr: https://github.com/alibaba/tengine/pull/1655
travis is no longer free, we use github workflow currently, check its config file : https://github.com/alibaba/tengine/blob/master/.github/workflows/ci.yml Any new changes for extra arch (such as arm) can be put into this...
cc @[dongbeiouba](https://github.com/dongbeiouba)
参考http://tengine.taobao.org/document_cn/http_upstream_check_cn.html > type:健康检查包的类型,现在支持以下多种类型 > ssl_hello:发送一个初始的SSL hello包并接受服务器的SSL hello包。 > ... 不支持ssl+http,只支持ssl hello包检测