Hi there,
OpenResty 1.15.8.3 is a patch release addressing recent security
vulnerabilities in both the Nginx core and the ngx_http_lua module.
The (portable) source code distribution, the Win32/Win64 binary
distributions, and the pre-built binary Linux packages for Ubuntu,
Debian, Fedora, CentOS, RHEL, OpenSUSE, Amazon Linux are provided on
this page:
https://openresty.org/en/download.html
We also upgraded PCRE to 8.44 and OpenSSL to 1.1.0l for our
binary packages.
This is the third OpenResty release based on the nginx 1.15.8 core.
Acknowledgments
Thanks the HackerOne team for reporting the memory content leak
vulnerabilities.
Thanks Thibault Charbonnier and Dejiang Zhu for helping this
release.
Full Changelog
Complete change logs since the last (formal) release, 1.15.8.2, can
be browsed in the page Change Log for 1.15.8.x:
https://openresty.org/en/changelog-1015008.html
Feedback
Feedback on this release is more than welcome. Feel free to create
new [GitHub issues](https://github.com/openresty/openresty/issues)
or send emails to one of our mailing lists.
The Next Release
The next release will be OpenResty 1.17.8.1 based on the recent
nginx 1.17.8 core and its RC1 version is already out for community
testing. See
https://openresty.org/en/ann-1017008001rc1.html
Thanks!
Best regards,
Yichun