diff options
author | Eric Wong <normalperson@yhbt.net> | 2010-04-19 13:50:40 -0700 |
---|---|---|
committer | Eric Wong <normalperson@yhbt.net> | 2010-04-19 13:51:39 -0700 |
commit | 3ce92574b356e4cb054b1291e1f035173420f12a (patch) | |
tree | 15aad77461579e41a252a82bf3123296615a0a78 /GIT-VERSION-GEN | |
parent | e2c16da9ddf2572887f29f9a7d1165531cacbcbd (diff) | |
download | unicorn-3ce92574b356e4cb054b1291e1f035173420f12a.tar.gz |
This release fixes a denial-of-service vector for derived servers exposed directly to untrusted clients. This bug does not affect most Unicorn deployments as Unicorn is only supported with trusted clients (such as nginx) on a LAN. nginx is known to reject clients that send invalid Content-Length headers, so any deployments on a trusted LAN and/or behind nginx are safe. Servers affected by this bug include (but are not limited to) Rainbows! and Zbatery. This bug does not affect Thin nor Mongrel, as neither got the request body filtering treatment that the Unicorn HTTP parser got in August 2009. The bug fixed in this release could result in a denial-of-service as it would trigger a process-wide assertion instead of raising an exception. For servers such as Rainbows!/Zbatery that serve multiple clients per worker process, this could abort all clients connected to the particular worker process that hit the assertion.
Diffstat (limited to 'GIT-VERSION-GEN')
-rwxr-xr-x | GIT-VERSION-GEN | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/GIT-VERSION-GEN b/GIT-VERSION-GEN index 1e6f505..9142570 100755 --- a/GIT-VERSION-GEN +++ b/GIT-VERSION-GEN @@ -1,7 +1,7 @@ #!/bin/sh GVF=GIT-VERSION-FILE -DEF_VER=v0.97.0.GIT +DEF_VER=v0.97.1.GIT LF=' ' |