)]}'
{
  "commit": "d17ab0e56fde9666f5eb9918a918db965b82c2a9",
  "tree": "d5b20ceb8275a543c044fe6f2b7747204c45ed41",
  "parents": [
    "2ded731cf8f6972044ad4b4ac6d0c8f910bc9939"
  ],
  "author": {
    "name": "Ruslan Ermilov",
    "email": "ru@nginx.com",
    "time": "Wed Apr 08 01:02:17 2020 +0300"
  },
  "committer": {
    "name": "Ruslan Ermilov",
    "email": "ru@nginx.com",
    "time": "Wed Apr 08 01:02:17 2020 +0300"
  },
  "message": "The new auth_delay directive for delaying unauthorized requests.\n\nThe request processing is delayed by a timer.  Since nginx updates\ninternal time once at the start of each event loop iteration, this\nnormally ensures constant time delay, adding a mitigation from\ntime-based attacks.\n\nA notable exception to this is the case when there are no additional\nevents before the timer expires.  To ensure constant-time processing\nin this case as well, we trigger an additional event loop iteration\nby posting a dummy event for the next event loop iteration.\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "4867bed2b37c61307e06cc68ecd67c16b059ac21",
      "old_mode": 33188,
      "old_path": "src/http/ngx_http_core_module.c",
      "new_id": "3671558d874f208127a961e0a86b1b089ffa7d6e",
      "new_mode": 33188,
      "new_path": "src/http/ngx_http_core_module.c"
    },
    {
      "type": "modify",
      "old_id": "f5434cc511e681962ed365a45925a3b70370b6a7",
      "old_mode": 33188,
      "old_path": "src/http/ngx_http_core_module.h",
      "new_id": "2aadae7ff06a8d1abd11fb8ba68f9acf125a21bd",
      "new_mode": 33188,
      "new_path": "src/http/ngx_http_core_module.h"
    }
  ]
}
