Running a new Ubuntu 14.04 instance @ DO
$ apt-get update
$ apt-get install nginx
$ nginx -V
nginx version: nginx/1.4.6
Can you guys update your nginx package to 1.6.2? I haven't checked the other One-click installers or O/S instances to check which nginx versions they are running.
1.6.2 includes fixes for SSL/TLS exploits as well as other things like SPDY 3.1 support
Thanks!!
Hi,
This isn't quite how it works.
DigitalOcean doesn't decide what version of software ends up on your droplet - you choose that yourself by picking a distribution such as Ubuntu.
Now, the people who make Ubuntu (canonical as well as the open source community) decide on what version of packages they'll support for a given version of Ubuntu. This is why you're getting 1.4.6 rather than the latest 1.6.2.
Thus, there are obviously no security issues to worry about. It's part of the work of a distribution's team to ensure that the particular version of the software that they decide to bundle is security bug free - you'll find that literally every piece of software on your Linux computer is the same way. Your version of 'top' isn't the latest, your version of 'gcc' isn't the latest either, etc.
Ubuntu 14.04 is a Long Term Support version, which means such fixes will happen for the next couple years.
Hope this answers your question.
Thank you for the quick reply and detailed answer. That explains it very well, thanks!
Just found this, now the light bulb turns on lol
http://packages.ubuntu.com/trusty/nginx
Well I prefer to install the project repository and install the latest stable package. Here are instructions on how to install the repository and the signing key for nginx.
http://nginx.org/en/linux_packages.html