Passenger 從 5.1 開始導入了 SecurityUpdateCheck 功能，一旦發現有重大補丁更新，就會自動推送。
本來是件好事情，然而 Passenger 的老版本有一個 Bug，如果收到的 Response 超過 500B 的話，就會崩掉… 這個問題在 5.1.5 得到了修復。
於是全世界的 < 5.1.5 版本的 Passenger 都死掉了…
For more details: https://github.com/phusion/passenger/issues/2089
Never thought that I would have to criticize Namecheap again, after I left their services.
Let me explain, I bought myself a new domain this month, and found out that there is a 3-year SSL certificate valid for my domain through crt.sh. Naturally I contacted Comodo SSL Abuse Dept. and got redirected to the reseller – Namecheap. After reaching out to Namecheap they insisted that as long as I issued a new certificate, the valid certificate that the former domain owner had will have no power whatsoever ( which is not true ), even after ticket escalation, they’re just re-assuring me that MITM somehow will not exist as long as I set up a new SSL cert and “there is no need to worry about the security of your website and the information transmitted via Internet”.
So, according to Namecheap’s statement, Wosign accident is just a fraud and people obtained github.com’s certificate will do absolutely no harm to Github. Good to know.
A public discussion is under way: https://groups.google.com/forum/#!topic/mozilla.dev.security.policy/4R1parm1XCc