| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
ChangeLog: https://github.com/openresty/lua-nginx-module/compare/v0.10.21...v0.10.22
Bump PKGREVISIONs.
|
|
Also, update third-party modules:
o) headers_more: 0.33 -> d502e41
o) http_push: 1.2.15 -> 1.3.0
o) naxsi: 1.3 -> 29793dc
o) njs: 0.7.4 -> 0.7.5
Patches obtained from the corresponding port in FreeBSD ports tree.
<ChangeLog>
*) Change in internal API: now header lines are represented as linked
lists.
*) Change: now nginx combines arbitrary header lines with identical
names when sending to FastCGI, SCGI, and uwsgi backends, in the
$r->header_in() method of the ngx_http_perl_module, and during lookup
of the "$http_...", "$sent_http_...", "$sent_trailer_...",
"$upstream_http_...", and "$upstream_trailer_..." variables.
*) Bugfix: if there were multiple "Vary" header lines in the backend
response, nginx only used the last of them when caching.
*) Bugfix: if there were multiple "WWW-Authenticate" header lines in the
backend response and errors with code 401 were intercepted or the
"auth_request" directive was used, nginx only sent the first of the
header lines to the client.
*) Change: the logging level of the "application data after close
notify" SSL errors has been lowered from "crit" to "info".
*) Bugfix: connections might hang if nginx was built on Linux 2.6.17 or
newer, but was used on systems without EPOLLRDHUP support, notably
with epoll emulation layers; the bug had appeared in 1.17.5.
Thanks to Marcus Ball.
*) Bugfix: nginx did not cache the response if the "Expires" response
header line disabled caching, but following "Cache-Control" header
line enabled caching.
</ChangeLog>
|
|
Changes with nginx 1.13.12:
*) Bugfix: connections with gRPC backends might be closed unexpectedly
when returning a large response.
Changes with nginx 1.13.11:
*) Feature: the "proxy_protocol" parameter of the "listen" directive now
supports the PROXY protocol version 2.
*) Bugfix: nginx could not be built with OpenSSL 1.1.1 statically on
Linux.
*) Bugfix: in the "http_404", "http_500", etc. parameters of the
"proxy_next_upstream" directive.
|
|
|
|
servicing events when port_getn() returns a timeout.
|
|
Changes with nginx 1.11.1
- Security: a segmentation fault might occur in a worker process
while writing a specially crafted request body to a temporary
file (CVE-2016-4450); the bug had appeared in 1.3.9.
Changes with nginx 1.11.0
- Feature: the "transparent" parameter of the "proxy_bind",
"fastcgi_bind", "memcached_bind", "scgi_bind", and "uwsgi_bind"
directives.
- Feature: the $request_id variable.
- Feature: the "map" directive supports combinations of multiple
variables as resulting values.
- Feature: now nginx checks if EPOLLRDHUP events are supported by
kernel, and optimizes connection handling accordingly if the
"epoll" method is used.
- Feature: the "ssl_certificate" and "ssl_certificate_key"
directives can be specified multiple times to load certificates
of different types (for example, RSA and ECDSA).
- Feature: the "ssl_ecdh_curve" directive now allows specifying a
list of curves when using OpenSSL 1.0.2 or newer; by default
a list built into OpenSSL is used.
- Change: to use DHE ciphers it is now required to specify
parameters using the "ssl_dhparam" directive.
- Feature: the $proxy_protocol_port variable.
- Feature: the $realip_remote_port variable in the
ngx_http_realip_module.
- Feature: the ngx_http_realip_module is now able to set the
client port in addition to the address.
- Change: the "421 Misdirected Request" response now used when
rejecting requests to a virtual server different from one
negotiated during an SSL handshake; this improves interoperability
with some HTTP/2 clients when using client certificates.
- Change: HTTP/2 clients can now start sending request body
immediately; the "http2_body_preread_size" directive controls
size of the buffer used before nginx will start reading client
request body.
- Bugfix: cached error responses were not updated when using the
"proxy_cache_bypass" directive.
Changes with nginx 1.9.15
- Bugfix: "recv() failed" errors might occur when using HHVM as a
FastCGI server.
- Bugfix: when using HTTP/2 and the "limit_req" or "auth_request"
directives a timeout or a "client violated flow control" error
might occur while reading client request body; the bug had appeared
in 1.9.14.
- Workaround: a response might not be shown by some browsers if
HTTP/2 was used and client request body was not fully read; the
bug had appeared in 1.9.14.
- Bugfix: connections might hang when using the "aio threads"
directive.
Thanks to Mindaugas Rasiukevicius.
Changes with nginx 1.9.14
- Feature: OpenSSL 1.1.0 compatibility.
- Feature: the "proxy_request_buffering",
"fastcgi_request_buffering",
"scgi_request_buffering", and "uwsgi_request_buffering"
directives now work with HTTP/2.
- Bugfix: "zero size buf in output" alerts might appear in logs
when using HTTP/2.
- Bugfix: the "client_max_body_size" directive might work
incorrectly when using HTTP/2.
- Bugfix: of minor bugs in logging.
Changes with nginx 1.9.13
- Change: non-idempotent requests (POST, LOCK, PATCH) are no
longer passed to the next server by default if a request has
been sent to a backend; the "non_idempotent" parameter of the
"proxy_next_upstream" directive explicitly allows retrying such
requests.
- Feature: the ngx_http_perl_module can be built dynamically.
- Feature: UDP support in the stream module.
- Feature: the "aio_write" directive.
- Feature: now cache manager monitors number of elements in caches
and tries to avoid cache keys zone overflows.
- Bugfix: "task already active" and "second aio post" alerts might
appear in logs when using the "sendfile" and "aio" directives
with subrequests.
- Bugfix: "zero size buf in output" alerts might appear in logs if
caching was used and a client closed a connection prematurely.
- Bugfix: connections with clients might be closed needlessly if
caching was used.
Thanks to Justin Li.
- Bugfix: nginx might hog CPU if the "sendfile" directive was used
on Linux or Solaris and a file being sent was changed during
sending.
- Bugfix: connections might hang when using the "sendfile" and
"aio threads" directives.
- Bugfix: in the "proxy_pass", "fastcgi_pass", "scgi_pass", and
"uwsgi_pass" directives when using variables.
Thanks to Piotr Sikora.
- Bugfix: in the ngx_http_sub_filter_module.
- Bugfix: if an error occurred in a cached backend connection, the
request was passed to the next server regardless of the
proxy_next_upstream directive.
- Bugfix: "CreateFile() failed" errors when creating temporary
files on Windows.
Changes with nginx 1.9.12
- Feature: Huffman encoding of response headers in HTTP/2.
Thanks to Vlad Krasnov.
- Feature: the "worker_cpu_affinity" directive now supports more
than 64 CPUs.
- Bugfix: compatibility with 3rd party C++ modules; the bug had
appeared in 1.9.11.
Thanks to Piotr Sikora.
- Bugfix: nginx could not be built statically with OpenSSL on
Linux; the bug had appeared in 1.9.11.
- Bugfix: the "add_header ... always" directive with an empty
value did not delete "Last-Modified" and "ETag" header lines
from error responses.
- Workaround: "called a function you should not call" and
"shutdown while in init" messages might appear in logs when
using OpenSSL 1.0.2f.
- Bugfix: invalid headers might be logged incorrectly.
- Bugfix: socket leak when using HTTP/2.
- Bugfix: in the ngx_http_v2_module.
Changes with nginx 1.9.11
- Feature: TCP support in resolver.
- Feature: dynamic modules.
- Bugfix: the $request_length variable did not include size of
request headers when using HTTP/2.
- Bugfix: in the ngx_http_v2_module.
|
|
temporary file). Bump revision.
|
|
Changes with nginx 1.5.7 19 Nov 2013
*) Security: a character following an unescaped space in a request line
was handled incorrectly (CVE-2013-4547); the bug had appeared in
0.8.41.
Thanks to Ivan Fratric of the Google Security Team.
*) Change: a logging level of auth_basic errors about no user/password
provided has been lowered from "error" to "info".
*) Feature: the "proxy_cache_revalidate", "fastcgi_cache_revalidate",
"scgi_cache_revalidate", and "uwsgi_cache_revalidate" directives.
*) Feature: the "ssl_session_ticket_key" directive.
Thanks to Piotr Sikora.
*) Bugfix: the directive "add_header Cache-Control ''" added a
"Cache-Control" response header line with an empty value.
*) Bugfix: the "satisfy any" directive might return 403 error instead of
401 if auth_request and auth_basic directives were used.
Thanks to Jan Marc Hoffmann.
*) Bugfix: the "accept_filter" and "deferred" parameters of the "listen"
directive were ignored for listen sockets created during binary
upgrade.
Thanks to Piotr Sikora.
*) Bugfix: some data received from a backend with unbufferred proxy
might not be sent to a client immediately if "gzip" or "gunzip"
directives were used.
Thanks to Yichun Zhang.
*) Bugfix: in error handling in ngx_http_gunzip_filter_module.
*) Bugfix: responses might hang if the ngx_http_spdy_module was used
with the "auth_request" directive.
*) Bugfix: memory leak in nginx/Windows.
Changes with nginx 1.5.6 01 Oct 2013
*) Feature: the "fastcgi_buffering" directive.
*) Feature: the "proxy_ssl_protocols" and "proxy_ssl_ciphers"
directives.
Thanks to Piotr Sikora.
*) Feature: optimization of SSL handshakes when using long certificate
chains.
*) Feature: the mail proxy supports SMTP pipelining.
*) Bugfix: in the ngx_http_auth_basic_module when using "$apr1$"
password encryption method.
Thanks to Markus Linnala.
*) Bugfix: in MacOSX, Cygwin, and nginx/Windows incorrect location might
be used to process a request if locations were given using characters
in different cases.
*) Bugfix: automatic redirect with appended trailing slash for proxied
locations might not work.
*) Bugfix: in the mail proxy server.
*) Bugfix: in the ngx_http_spdy_module.
Changes with nginx 1.5.5 17 Sep 2013
*) Change: now nginx assumes HTTP/1.0 by default if it is not able to
detect protocol reliably.
*) Feature: the "disable_symlinks" directive now uses O_PATH on Linux.
*) Feature: now nginx uses EPOLLRDHUP events to detect premature
connection close by clients if the "epoll" method is used.
*) Bugfix: in the "valid_referers" directive if the "server_names"
parameter was used.
*) Bugfix: the $request_time variable did not work in nginx/Windows.
*) Bugfix: in the "image_filter" directive.
Thanks to Lanshun Zhou.
*) Bugfix: OpenSSL 1.0.1f compatibility.
Thanks to Piotr Sikora.
Changes with nginx 1.5.4 27 Aug 2013
*) Change: the "js" extension MIME type has been changed to
"application/javascript"; default value of the "charset_types"
directive was changed accordingly.
*) Change: now the "image_filter" directive with the "size" parameter
returns responses with the "application/json" MIME type.
*) Feature: the ngx_http_auth_request_module.
*) Bugfix: a segmentation fault might occur on start or during
reconfiguration if the "try_files" directive was used with an empty
parameter.
*) Bugfix: memory leak if relative paths were specified using variables
in the "root" or "auth_basic_user_file" directives.
*) Bugfix: the "valid_referers" directive incorrectly executed regular
expressions if a "Referer" header started with "https://".
Thanks to Liangbin Li.
*) Bugfix: responses might hang if subrequests were used and an SSL
handshake error happened during subrequest processing.
Thanks to Aviram Cohen.
*) Bugfix: in the ngx_http_autoindex_module.
*) Bugfix: in the ngx_http_spdy_module.
|
|
Collection.
nginx (pronounced "engine X") is a lightweight web (HTTP) server/reverse proxy
and mail (IMAP/POP3) proxy written by Igor Sysoev.
nginx has been running for more than three years on many heavily loaded Russian
sites including Rambler (RamblerMedia.com). In March 2007 about 20% of all
Russian virtual hosts were served or proxied by nginx. According to Google
Online Security Blog nginx serves or proxies about 4% of all Internet virtual
hosts, although Netcraft shows much less percent.
The sources are licensed under a BSD-like license.
|
