beanieboi
commented
3 years ago thx, I released a new version with 1.20.1
Closed alex-wearisma closed 3 years ago
beanieboi
commented
3 years ago thx, I released a new version with 1.20.1
alex-wearisma
commented
3 years ago Thank you, @beanieboi !
Hello,
Nginx published security advisory: "1-byte memory overwrite in resolver" [1]. This vulnerability affects Nginx versions 0.6.18-1.20.0. The latest version of Nginx in this build pack is 1.20.0. Does the version included in the build pack covers the vulnerability, and if not, would it be possible to update it to version 1.20.1?
Thank you!
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23017 [2] https://github.com/heroku/heroku-buildpack-nginx/pull/80