Nginx 1.6.1 has been released on August 5th 2014, with the following changes :
- Security: pipelined commands were not discarded after
STARTTLScommand in SMTP proxy (CVE-2014-3556); the bug had appeared in 1.5.6. Thanks to Chris Boulton. - Bugfix: the
$urivariable might contain garbage when returning errors with code 400. Thanks to Sergey Bobrov. - Bugfix: in the
noneparameter in thesmtp_authdirective; the bug had appeared in 1.5.6. Thanks to Svyatoslav Nikolsky.
As a consequence, packages of Nginx 1.6.1 are now available for both Debian 7.0 “Wheezy” and Debian 6.0 “Squeeze” (amd64/i386).
For more details about which modules are included in the different Nginx flavors, just have to look at this document.