We've just released Phusion Passenger 4.0.2 in response to a recently
discovered remote code execution vulnerability in Nginx
(CVE-2013-2028). Many versions of Nginx 1.3, as well as Nginx 1.4.0,
are affected. Phusion Passenger 4.0.2 installs Nginx 1.4.1 by default.
There are no other code changes. You can read the announcement on:
http://blog.phusion.nl/2013/05/07/phusion-passenger-4-0-2-released/
--
Phusion | Ruby & Rails deployment, scaling and tuning solutions
Web:
http://www.phusion.nl/
E-mail:
in...@phusion.nl
Chamber of commerce no: 08173483 (The Netherlands)