Hi,
I´m using Kong 2.0.4 and after a security check I found this two-issues:
How do you guys deal with Nginx upgrades?
How can we know the version of the Nginx?
@flowdopip Hello,
The first one (CVE-2020-12440) has been disputed. The second one (CVE-2019-20372), while valid, isn’t a concern since Kong does not define error_page directives with URLs.
How do you guys deal with Nginx upgrades?
There is no NGINX upgrade planned in the near future given the upcoming OpenResty release (1.17.8.1) is still a release candidate only (see OpenResty - OpenResty 1.17.8.1 RC1 is out).
How can we know the version of the Nginx?
Reading the changelog to know the bundled OpenResty (keep in mind Kong does not run on plain, vanilla NGINX), running nginx -v in an environment with Kong installed, start Kong while specifying the CLI verbose flag (-v), or using kong version:
$ kong version -a
Kong: 2.0.4
ngx_lua: 10015
nginx: 1015008
Lua: LuaJIT 2.1.0-beta3
1 Like