> here's an untested diff for 1.14.1, for:
> *) Security: when using HTTP/2 a client might cause excessive memory
> consumption (CVE-2018-16843) and CPU usage (CVE-2018-16844).
> *) Security: processing of a specially crafted mp4 file with the
> ngx_http_mp4_module might result in worker process memory
> *) Bugfix: working with gRPC backends might result in excessive memory
OK with me.
> still have to build it locally but it seems ruby passenger pkgs are not
> available on the mirrors right now.
That's fixed in -current (incompatible change in the curl update).