about summary refs log tree commit homepage
path: root/GIT-VERSION-GEN
diff options
context:
space:
mode:
authorEric Wong <normalperson@yhbt.net>2010-04-19 13:50:40 -0700
committerEric Wong <normalperson@yhbt.net>2010-04-19 13:51:39 -0700
commit3ce92574b356e4cb054b1291e1f035173420f12a (patch)
tree15aad77461579e41a252a82bf3123296615a0a78 /GIT-VERSION-GEN
parente2c16da9ddf2572887f29f9a7d1165531cacbcbd (diff)
downloadunicorn-0.97.1.tar.gz
This release fixes a denial-of-service vector for derived
servers exposed directly to untrusted clients.

This bug does not affect most Unicorn deployments as Unicorn is
only supported with trusted clients (such as nginx) on a LAN.
nginx is known to reject clients that send invalid
Content-Length headers, so any deployments on a trusted LAN
and/or behind nginx are safe.

Servers affected by this bug include (but are not limited to)
Rainbows! and Zbatery.  This bug does not affect Thin nor
Mongrel, as neither got the request body filtering treatment
that the Unicorn HTTP parser got in August 2009.

The bug fixed in this release could result in a
denial-of-service as it would trigger a process-wide assertion
instead of raising an exception.  For servers such as
Rainbows!/Zbatery that serve multiple clients per worker
process, this could abort all clients connected to the
particular worker process that hit the assertion.
Diffstat (limited to 'GIT-VERSION-GEN')
-rwxr-xr-xGIT-VERSION-GEN2
1 files changed, 1 insertions, 1 deletions
diff --git a/GIT-VERSION-GEN b/GIT-VERSION-GEN
index 1e6f505..9142570 100755
--- a/GIT-VERSION-GEN
+++ b/GIT-VERSION-GEN
@@ -1,7 +1,7 @@
 #!/bin/sh
 
 GVF=GIT-VERSION-FILE
-DEF_VER=v0.97.0.GIT
+DEF_VER=v0.97.1.GIT
 
 LF='
 '