Hi, we’ve patched ondemand-nginx for CVE-2021-23017. This CVE does not affect OnDemand because we do not use the resolver directive, but we’ve patched it just for good measure.
To update perform the following operation:
# EL7
yum update ondemand-nginx
# EL8
dnf update ondemand-nginx
In order to ensure all PUNs are using the patched NGINX it’s recommended to force kill all PUNs:
/opt/ood/nginx_stage/sbin/nginx_stage nginx_clean --force
For more information see
To update perform the following operation:
# EL7
yum update ondemand-nginx
# EL8
dnf update ondemand-nginx
In order to ensure all PUNs are using the patched NGINX it’s recommended to force kill all PUNs:
/opt/ood/nginx_stage/sbin/nginx_stage nginx_clean --force
For more information see:
NVD - CVE-2021-23017 or
[nginx-announce] nginx security advisory (CVE-2021-23017)