Forum maintenance needed!

Question

Forum maintenance needed!

Closed this issue 7 years ago · 2 comments

Zweihorn commented 7 years ago

Apparently https://forum.minetest.net/ needs an upgrade and some maintenance.

In recent times there is some hassle in access and a 504 Gateway Time-out nginx/1.12.2 error message occurs.

Ref to the web server used:

nginx-1.12.2 used by the a.m. forum software
nginx-1.16.0 stable version has been released 2019-04-23

The issue should be considered in the light of both user access and security I presume.

Please have a look at the nginx security advisories and you should consider the impact of at least three CVEs relevant to nginx-1.12.X presumably.

Excessive memory usage in HTTP/2
Severity: low
Advisory
CVE-2018-16843
Not vulnerable: 1.15.6+, 1.14.1+
Vulnerable: 1.9.5-1.15.5

Excessive CPU usage in HTTP/2
Severity: low
Advisory
CVE-2018-16844
Not vulnerable: 1.15.6+, 1.14.1+
Vulnerable: 1.9.5-1.15.5

Memory disclosure in the ngx_http_mp4_module
Severity: medium
Advisory
CVE-2018-16845
Not vulnerable: 1.15.6+, 1.14.1+
Vulnerable: 1.1.3-1.15.5, 1.0.7-1.0.15
The patch pgp

Unfortunately, I cannot volunteer for this. Furthermore, this problem report may not be placed optimally but I am not aware how to distribute this issue without the forum.

Answer 1 · 2019-05-10T20:33:46.000Z

Wrong assumptions. See my correction and apolgies in the forum.

Answer 2 · 2020-06-02T13:35:03.000Z

@Zweihorn I wish I could see the forum post you're redirecting to 😄 504 Time-out all the way