New Nginx Exploit - Hacker News

Posted by hetsaraiya 20 hours ago

399 points | 89 commentspage 3

pjmlp 19 hours ago|

Looks into the CVE, ah an heap memory corruption, business as usual.

jmaw 20 hours ago|

Wow, coming from the webdev world. It is so funny seeing NGINX, one of the widest used web servers in the world, on version 1.x. React is on version 19. Really shows how differently new vs. old software is designed and built, and not necessarily in a good way.

https://world.hey.com/dhh/finished-software-8ee43637 https://josem.co/the-beauty-of-finished-software/

0x457 20 hours ago||

That's because nginx doesn't break things for end user every release, so there is no reason to bump major version.

embedding-shape 19 hours ago||

I bet nginx doesn't even follow semantic versioning, which you seem to be talking about.

0x457 15 hours ago||

Don't have to bet: Nginx doesn't follow it. It has its own linux-kernel (odd vs evens) inspired convention.

Doesn't change the fact that only "breaking" changes in 1.x.x line are changes to defaults.

chasd00 20 hours ago|||

anyone can choose any version string convention they want for their project. Comparing two different pieces of software by their version string doesn't make sense.

TheDong 13 hours ago|||

Only 19?

The venerable unix tool "less" is on v701 and was probably already over 300 before react was born

https://github.com/gwsw/less/releases/tag/v701

syoc 20 hours ago|||

I guess someone need to update https://0ver.org/ then.

Yokohiii 10 hours ago|||

Guys, this is what happens when you .useEffect()

ranger_danger 20 hours ago|||

I chalk that up more to different versioning schemes rather than how much work is being done. If nginx changed whole numbers like react did, I bet it would be even higher.

joecool1029 20 hours ago|||

lighttpd still around too, on 1.4.82, not too much changed there.

ranger_danger 20 hours ago||

They've been working on version 2.0 for many years now as well, I wonder when they think a release might happen.

shooly 20 hours ago||

> not necessarily in a good way

How do you think versioning works? You know that it's completely arbitrary and up to the author, right? Very ironic comment.