Unit 1.7.1 Released§
This is a bugfix release of NGINX Unit that eliminates a security flaw. All versions of Unit from 0.3 to 1.7 are affected.
Everybody is strongly advised to update to a new version.
Changes with Unit 1.7.1 07 Feb 2019 *) Security: a heap memory buffer overflow might have been caused in the router process by a specially crafted request, potentially resulting in a segmentation fault or other unspecified behavior (CVE-2019-7401). *) Bugfix: install of Go module failed without prior building of Unit daemon; the bug had appeared in 1.7.
Release of Unit 1.8 with support for internal request routing and an experimental Java module is planned for end of February.
wbr, Valentin V. Bartenev