Kong 2.0.4 nginx version

Hi,

I´m using Kong 2.0.4 and after a security check I found this two-issues:

How do you guys deal with Nginx upgrades?
How can we know the version of the Nginx?

@flowdopip Hello,

The first one (CVE-2020-12440) has been disputed. The second one (CVE-2019-20372), while valid, isn’t a concern since Kong does not define error_page directives with URLs.

How do you guys deal with Nginx upgrades?

There is no NGINX upgrade planned in the near future given the upcoming OpenResty release (1.17.8.1) is still a release candidate only (see http://openresty.org/en/ann-1017008001rc1.html).

How can we know the version of the Nginx?

Reading the changelog to know the bundled OpenResty (keep in mind Kong does not run on plain, vanilla NGINX), running nginx -v in an environment with Kong installed, start Kong while specifying the CLI verbose flag (-v), or using kong version:

$ kong version -a
Kong: 2.0.4
ngx_lua: 10015
nginx: 1015008
Lua: LuaJIT 2.1.0-beta3
1 Like

© 2019 Kong Inc.    Terms  •  Privacy  •  FAQ