Announcing ngx_pagespeed security release 1.9.32.11
Jeffrey Crowell
Release 1.9.32.11-beta security release.
Release 1.9.32.11 fixes one security issue. It is otherwise identical to the previous release (1.9.32.10). We recommend that all users upgrade to receive these fixes.
In versions between 1.8.31.2 and 1.9.32.10, PageSpeed was built with a version of OpenSSL that was vulnerable to the issues detailed in the December 4, 2015 security advisory ( https://www.openssl.org/news/secadv/20151203.txt ). We have updated our crypto library to fix these issues.
We recommend that all users upgrade. If this is not possible, however, the following workaround is available:
The OpenSSL vulnerability only applies if you have FetchHttps enabled and have configured PageSpeed to fetch HTTPS content over the open internet. Disabling FetchHttps will prevent these crashes, but will also disable PageSpeed's optimizations for any content that must be fetched over HTTPS.
Issues Resolved since 1.9.32.10
https://www.openssl.org/news/secadv/20151203.txt Update BoringSSL to pull in OpenSSL changes.
Installation Instructions
To install this update, see: https://developers.google.com/speed/pagespeed/module/build_ngx_pagespeed_from_source
The installation process remains the same, even if you've already installed a previous version.
Jeff Crowell
PageSpeed Team
GoogleCentmin Mod George
Jeffrey Crowell
--
You received this message because you are subscribed to the Google Groups "ngx-pagespeed-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ngx-pagespeed-di...@googlegroups.com.
Visit this group at http://groups.google.com/group/ngx-pagespeed-discuss.
For more options, visit https://groups.google.com/d/optout.
Centmin Mod George
John Mase
is this the latest version ?
Otto van der Schaaf
On Saturday, December 12, 2015 at 8:30:42 PM UTC+1, John Mase wrote:
i see 1.10.33.0
is this the latest version ?