Hi,
I´m using Kong 2.0.4 and after a security check I found this two-issues:
How do you guys deal with Nginx upgrades?
How can we know the version of the Nginx?
@flowdopip Hello,
The first one (CVE-2020-12440) has been disputed. The second one (CVE-2019-20372), while valid, isn’t a concern since Kong does not define error_page directives with URLs.
How do you guys deal with Nginx upgrades?
There is no NGINX upgrade planned in the near future given the upcoming OpenResty release (1.17.8.1) is still a release candidate only (see http://openresty.org/en/ann-1017008001rc1.html).
How can we know the version of the Nginx?
Reading the changelog to know the bundled OpenResty (keep in mind Kong does not run on plain, vanilla NGINX), running nginx -v in an environment with Kong installed, start Kong while specifying the CLI verbose flag (-v), or using kong version:
$ kong version -a
Kong: 2.0.4
ngx_lua: 10015
nginx: 1015008
Lua: LuaJIT 2.1.0-beta3
1 Like