Question

Can you update the default nginx package from 1.4.6 to 1.6.2?

Running a new Ubuntu 14.04 instance @ DO

$ apt-get update $ apt-get install nginx $ nginx -V

nginx version: nginx/1.4.6

Can you guys update your nginx package to 1.6.2? I haven’t checked the other One-click installers or O/S instances to check which nginx versions they are running.

1.6.2 includes fixes for SSL/TLS exploits as well as other things like SPDY 3.1 support

Thanks!!


Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

Well I prefer to install the project repository and install the latest stable package. Here are instructions on how to install the repository and the signing key for nginx. http://nginx.org/en/linux_packages.html

Thank you for the quick reply and detailed answer. That explains it very well, thanks!

Just found this, now the light bulb turns on lol http://packages.ubuntu.com/trusty/nginx

Hi,

This isn’t quite how it works.

DigitalOcean doesn’t decide what version of software ends up on your droplet - you choose that yourself by picking a distribution such as Ubuntu.

Now, the people who make Ubuntu (canonical as well as the open source community) decide on what version of packages they’ll support for a given version of Ubuntu. This is why you’re getting 1.4.6 rather than the latest 1.6.2.

Thus, there are obviously no security issues to worry about. It’s part of the work of a distribution’s team to ensure that the particular version of the software that they decide to bundle is security bug free - you’ll find that literally every piece of software on your Linux computer is the same way. Your version of ‘top’ isn’t the latest, your version of ‘gcc’ isn’t the latest either, etc.

Ubuntu 14.04 is a Long Term Support version, which means such fixes will happen for the next couple years.

Hope this answers your question.