Hello to all on the Server Team! Just to put this out of the way: The nginx merge from Debian is currently giving build errors, so I am going to upload a 1.10.2 directly to Zesty, the same as we did during the Yakkety and Xenial cycles. That way, we get nginx 1.10.2 available for Zesty.
However, it was initially requested via a bug on Launchpad to update the version of nginx in Xenial (and by extension, Yakkety) to 1.10.2 as well. [1] For now, I've marked those tasks as "Won't Fix" because I wanted to touch base with the Server Team first on this. This request to update to 1.10.2 would include the following changes from Upstream: Changes with nginx 1.10.2 18 Oct 2016 *) Change: the "421 Misdirected Request" response now used when rejecting requests to a virtual server different from one negotiated during an SSL handshake; this improves interoperability with some HTTP/2 clients when using client certificates. *) Change: HTTP/2 clients can now start sending request body immediately; the "http2_body_preread_size" directive controls size of the buffer used before nginx will start reading client request body. *) Bugfix: a segmentation fault might occur in a worker process when using HTTP/2 and the "proxy_request_buffering" directive. *) Bugfix: the "Content-Length" request header line was always added to requests passed to backends, including requests without body, when using HTTP/2. *) Bugfix: "http request count is zero" alerts might appear in logs when using HTTP/2. *) Bugfix: unnecessary buffering might occur when using the "sub_filter" directive; the issue had appeared in 1.9.4. *) Bugfix: socket leak when using HTTP/2. *) Bugfix: an incorrect response might be returned when using the "aio threads" and "sendfile" directives; the bug had appeared in 1.9.13. *) Workaround: OpenSSL 1.1.0 compatibility. Note that the CVE update from 1.10.1 is already applied in Ubuntu releases. I coordinated with the Security team to make sure that got pushed out in a timely manner. 1.10.1 introduces a few changes, a lot of bugfixes, and a workaround for OpenSSL 1.1.0 compatibility. I am not 100% sure whether we should be updating Xenial to 1.10.2. Apart from the fact it is more than just a 'bug fix' release, I'm not so sure whether we need all of these bug fixes in Xenial. Because I am unsure, I'd like Server Team member input on how we should proceed. Namely, should we consider updating nginx 1.10.2 in both Xenial and Yakkety to get these bugfixes in? And if we think we should, we'll need SRU team approval. Thomas Ward Ubuntu Server Team Member LP: https://launchpad.net/~teward [1]: https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1636593
-- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam