NGINX to Release Unit 1.3 Beta

Developers expanded the ability to run web applications in Python, PHP, Perl, Ruby and Go
16 July 2018   716

In open access, a beta version of the NGINX Unit 1.3 application server was released. Developers continued to expand the ability to run web applications in Python, PHP, Perl, Ruby and Go. The project code is written in C and is distributed under the Apache 2.0 license.

Features

Version 1.3 eliminates the problems with handling errors when installing HTTP connections.

Among other changes:

  • parameter max_body_size to limit the size of the body of the request;
  • new parameters for setting timeouts when setting up an HTTP connection:
         "settings": {
              "http": {
                  "header_read_timeout": 30,
                  "body_read_timeout": 30,
                  "send_timeout": 30,
                  "idle_timeout": 180,
                  "max_body_size": 8388608
              }
          },
  • automatic use of the Bundler where possible in the Ruby module;
  • http.Flusher interface in the module for the Go language;
  • The possibility of using characters in the UTF-8 encoding in the request headers.

The first version of the NGINX 1.1 application server was released in mid-April 2018. Under the control of NGINX Unit, several applications can be executed simultaneously in different programming languages, the startup parameters of which can be changed dynamically without the need to edit the configuration files and restart.

Ethereum VM May Have Vulnerability

The vulnerability is reported by NettaLab Twitter account
12 November 2018   129

On November 9, a statement appeared in Netta Lab’s Twitter account that the organization discovered a vulnerability in the Ethereum virtual machine that allows to execute smart contracts endlessly without paying for gas online. The researchers also allegedly turned to the operator of the American database of vulnerabilities, where they registered the corresponding discovery.

Netta Labs discovered an Ethereum EVM vulnerability, which could be exploited by hackers. The vulnerability can cause smart contracts can be executed indefinitely without gas being paied.
 

Netta Lab's Twitter

At Netta Lab's request, Google demonstrates the site of the netto.io project, which specializes in auditing smart contracts under the Netta Lab brand, but the Twitter accounts of the projects do not match. Note that the profile that reported the vulnerability was registered in November.

Many users expressed doubts about the authenticity of the information that appeared, but then the creator of the NEO project Da Hongwei said that he spoke with the CEO of Netta Labs and asked the researchers to audit the NEO virtual machine.

Nevertheless, Vitalik Buterin wrote on Reddit that this is a vulnerability in the Python-implementation of the virtual machine, which was first reported on GitHub 9 days ago. This means that the main clients (go-ethereum; parity and cpp-ethereum) are not affected.