| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Changes with nginx 1.18.0
*) 1.18.x stable branch.
Changes with nginx 1.17.10
*) Feature: the "auth_delay" directive.
|
|
|
|
|
|
Allows nginx to be used as a proxy to share a port between https and
ssh/openvpn or similar
Not enabled by default
|
|
Patch provided by Brian Ewell in joyent/pkgsrc#240.
|
|
pkglint -r --network --only "migrate"
As a side-effect of migrating the homepages, pkglint also fixed a few
indentations in unrelated lines. These and the new homepages have been
checked manually.
|
|
|
|
|
|
|
|
pkglint -Wall -F --only aligned --only indent -r
Manually excluded phraseanet since pkglint got the indentation wrong.
|
|
Changes with nginx 1.16.1
*) Security: when using HTTP/2 a client might cause excessive memory
consumption and CPU usage (CVE-2019-9511, CVE-2019-9513,
CVE-2019-9516).
|
|
|
|
Changes with nginx 1.16.0 23 Apr 2019
*) 1.16.x stable branch.
Changes with nginx 1.15.12 16 Apr 2019
*) Bugfix: a segmentation fault might occur in a worker process if
variables were used in the "ssl_certificate" or "ssl_certificate_key"
directives and OCSP stapling was enabled.
Changes with nginx 1.15.11 09 Apr 2019
*) Bugfix: in the "ssl_stapling_file" directive on Windows.
Changes with nginx 1.15.10 26 Mar 2019
*) Change: when using a hostname in the "listen" directive nginx now
creates listening sockets for all addresses the hostname resolves to
(previously, only the first address was used).
*) Feature: port ranges in the "listen" directive.
*) Feature: loading of SSL certificates and secret keys from variables.
*) Workaround: the $ssl_server_name variable might be empty when using
OpenSSL 1.1.1.
*) Bugfix: nginx/Windows could not be built with Visual Studio 2015 or
newer; the bug had appeared in 1.15.9.
Changes with nginx 1.15.9 26 Feb 2019
*) Feature: variables support in the "ssl_certificate" and
"ssl_certificate_key" directives.
*) Feature: the "poll" method is now available on Windows when using
Windows Vista or newer.
*) Bugfix: if the "select" method was used on Windows and an error
occurred while establishing a backend connection, nginx waited for
the connection establishment timeout to expire.
*) Bugfix: the "proxy_upload_rate" and "proxy_download_rate" directives
in the stream module worked incorrectly when proxying UDP datagrams.
Changes with nginx 1.15.8 25 Dec 2018
*) Feature: the $upstream_bytes_sent variable.
Thanks to Piotr Sikora.
*) Feature: new directives in vim syntax highlighting scripts.
Thanks to Gena Makhomed.
*) Bugfix: in the "proxy_cache_background_update" directive.
*) Bugfix: in the "geo" directive when using unix domain listen sockets.
*) Workaround: the "ignoring stale global SSL error ... bad length"
alerts might appear in logs when using the "ssl_early_data" directive
with OpenSSL.
*) Bugfix: in nginx/Windows.
*) Bugfix: in the ngx_http_autoindex_module on 32-bit platforms.
Changes with nginx 1.15.7 27 Nov 2018
*) Feature: the "proxy_requests" directive in the stream module.
*) Feature: the "delay" parameter of the "limit_req" directive.
Thanks to Vladislav Shabanov and Peter Shchuchkin.
*) Bugfix: memory leak on errors during reconfiguration.
*) Bugfix: in the $upstream_response_time, $upstream_connect_time, and
$upstream_header_time variables.
*) Bugfix: a segmentation fault might occur in a worker process if the
ngx_http_mp4_module was used on 32-bit platforms.
Changes with nginx 1.15.6 06 Nov 2018
*) Security: when using HTTP/2 a client might cause excessive memory
consumption (CVE-2018-16843) and CPU usage (CVE-2018-16844).
*) Security: processing of a specially crafted mp4 file with the
ngx_http_mp4_module might result in worker process memory disclosure
(CVE-2018-16845).
*) Feature: the "proxy_socket_keepalive", "fastcgi_socket_keepalive",
"grpc_socket_keepalive", "memcached_socket_keepalive",
"scgi_socket_keepalive", and "uwsgi_socket_keepalive" directives.
*) Bugfix: if nginx was built with OpenSSL 1.1.0 and used with OpenSSL
1.1.1, the TLS 1.3 protocol was always enabled.
*) Bugfix: working with gRPC backends might result in excessive memory
consumption.
Changes with nginx 1.15.5 02 Oct 2018
*) Bugfix: a segmentation fault might occur in a worker process when
using OpenSSL 1.1.0h or newer; the bug had appeared in 1.15.4.
*) Bugfix: of minor potential bugs.
Changes with nginx 1.15.4 25 Sep 2018
*) Feature: now the "ssl_early_data" directive can be used with OpenSSL.
*) Bugfix: in the ngx_http_uwsgi_module.
Thanks to Chris Caputo.
*) Bugfix: connections with some gRPC backends might not be cached when
using the "keepalive" directive.
*) Bugfix: a socket leak might occur when using the "error_page"
directive to redirect early request processing errors, notably errors
with code 400.
*) Bugfix: the "return" directive did not change the response code when
returning errors if the request was redirected by the "error_page"
directive.
*) Bugfix: standard error pages and responses of the
ngx_http_autoindex_module module used the "bgcolor" attribute, and
might be displayed incorrectly when using custom color settings in
browsers.
Thanks to Nova DasSarma.
*) Change: the logging level of the "no suitable key share" and "no
suitable signature algorithm" SSL errors has been lowered from "crit"
to "info".
Changes with nginx 1.15.3 28 Aug 2018
*) Feature: now TLSv1.3 can be used with BoringSSL.
*) Feature: the "ssl_early_data" directive, currently available with
BoringSSL.
*) Feature: the "keepalive_timeout" and "keepalive_requests" directives
in the "upstream" block.
*) Bugfix: the ngx_http_dav_module did not truncate destination file
when copying a file over an existing one with the COPY method.
*) Bugfix: the ngx_http_dav_module used zero access rights on the
destination file and did not preserve file modification time when
moving a file between different file systems with the MOVE method.
*) Bugfix: the ngx_http_dav_module used default access rights when
copying a file with the COPY method.
*) Workaround: some clients might not work when using HTTP/2; the bug
had appeared in 1.13.5.
*) Bugfix: nginx could not be built with LibreSSL 2.8.0.
Changes with nginx 1.15.2 24 Jul 2018
*) Feature: the $ssl_preread_protocol variable in the
ngx_stream_ssl_preread_module.
*) Feature: now when using the "reset_timedout_connection" directive
nginx will reset connections being closed with the 444 code.
*) Change: a logging level of the "http request", "https proxy request",
"unsupported protocol", and "version too low" SSL errors has been
lowered from "crit" to "info".
*) Bugfix: DNS requests were not resent if initial sending of a request
failed.
*) Bugfix: the "reuseport" parameter of the "listen" directive was
ignored if the number of worker processes was specified after the
"listen" directive.
*) Bugfix: when using OpenSSL 1.1.0 or newer it was not possible to
switch off "ssl_prefer_server_ciphers" in a virtual server if it was
switched on in the default server.
*) Bugfix: SSL session reuse with upstream servers did not work with the
TLS 1.3 protocol.
Changes with nginx 1.15.1 03 Jul 2018
*) Feature: the "random" directive inside the "upstream" block.
*) Feature: improved performance when using the "hash" and "ip_hash"
directives with the "zone" directive.
*) Feature: the "reuseport" parameter of the "listen" directive now uses
SO_REUSEPORT_LB on FreeBSD 12.
*) Bugfix: HTTP/2 server push did not work if SSL was terminated by a
proxy server in front of nginx.
*) Bugfix: the "tcp_nopush" directive was always used on backend
connections.
*) Bugfix: sending a disk-buffered request body to a gRPC backend might
fail.
Changes with nginx 1.15.0 05 Jun 2018
*) Change: the "ssl" directive is deprecated; the "ssl" parameter of the
"listen" directive should be used instead.
*) Change: now nginx detects missing SSL certificates during
configuration testing when using the "ssl" parameter of the "listen"
directive.
*) Feature: now the stream module can handle multiple incoming UDP
datagrams from a client within a single session.
*) Bugfix: it was possible to specify an incorrect response code in the
"proxy_cache_valid" directive.
*) Bugfix: nginx could not be built by gcc 8.1.
*) Bugfix: logging to syslog stopped on local IP address changes.
*) Bugfix: nginx could not be built by clang with CUDA SDK installed;
the bug had appeared in 1.13.8.
*) Bugfix: "getsockopt(TCP_FASTOPEN) ... failed" messages might appear
in logs during binary upgrade when using unix domain listen sockets
on FreeBSD.
*) Bugfix: nginx could not be built on Fedora 28 Linux.
*) Bugfix: request processing rate might exceed configured rate when
using the "limit_req" directive.
*) Bugfix: in handling of client addresses when using unix domain listen
sockets to work with datagrams on Linux.
*) Bugfix: in memory allocation error handling.
|
|
Changes with nginx 1.15.10:
*) Change: when using a hostname in the "listen" directive nginx now
creates listening sockets for all addresses the hostname resolves to
(previously, only the first address was used).
*) Feature: port ranges in the "listen" directive.
*) Feature: loading of SSL certificates and secret keys from variables.
*) Workaround: the $ssl_server_name variable might be empty when using
OpenSSL 1.1.1.
*) Bugfix: nginx/Windows could not be built with Visual Studio 2015 or
newer; the bug had appeared in 1.15.9.
nginx-nchan:
1.2.5:
fix: using multiplexed channels with Redis in backup mode may result in worker crash
fix: nchan_publisher_channel_id could not be set exclusively in a publisher location
fix: Google pagespeed module compatibility
fix: nchan prevents nginx from starting if no http {} block is configured
1.2.4:
fix: Redis cluster info with zero-length hostname may result in worker crash
fix: build problems with included hiredis lib in FreeBSD
feature: nchan_redis_namespace and nchan_redis_ping_interval now work in upstream blocks
fix: websocket publisher did not publishing channel events
fix: Redis namespace was limited to 8 bytes
|
|
|
|
Changes with nginx 1.14.2
*) Bugfix: nginx could not be built by gcc 8.1.
*) Bugfix: nginx could not be built on Fedora 28 Linux.
*) Bugfix: in handling of client addresses when using unix domain listen
sockets to work with datagrams on Linux.
*) Change: the logging level of the "http request", "https proxy
request", "unsupported protocol", "version too low", "no suitable key
share", and "no suitable signature algorithm" SSL errors has been
lowered from "crit" to "info".
*) Bugfix: when using OpenSSL 1.1.0 or newer it was not possible to
switch off "ssl_prefer_server_ciphers" in a virtual server if it was
switched on in the default server.
*) Bugfix: nginx could not be built with LibreSSL 2.8.0.
*) Bugfix: if nginx was built with OpenSSL 1.1.0 and used with OpenSSL
1.1.1, the TLS 1.3 protocol was always enabled.
*) Bugfix: sending a disk-buffered request body to a gRPC backend might
fail.
*) Bugfix: connections with some gRPC backends might not be cached when
using the "keepalive" directive.
*) Bugfix: a segmentation fault might occur in a worker process if the
ngx_http_mp4_module was used on 32-bit platforms.
|
|
Changes with nginx 1.14.1 06 Nov 2018
*) Security: when using HTTP/2 a client might cause excessive memory
consumption (CVE-2018-16843) and CPU usage (CVE-2018-16844).
*) Security: processing of a specially crafted mp4 file with the
ngx_http_mp4_module might result in worker process memory disclosure
(CVE-2018-16845).
*) Bugfix: working with gRPC backends might result in excessive memory
consumption.
|
|
* Fix scgi temp path
* Fix uwsgi temp path (if option is activated)
* Remove ipv6 option (./configure: warning: the "--with-ipv6"
option is deprecated)
|
|
Changes with nginx 1.15.2:
*) Feature: the $ssl_preread_protocol variable in the
ngx_stream_ssl_preread_module.
*) Feature: now when using the "reset_timedout_connection" directive
nginx will reset connections being closed with the 444 code.
*) Change: a logging level of the "http request", "https proxy request",
"unsupported protocol", and "version too low" SSL errors has been
lowered from "crit" to "info".
*) Bugfix: DNS requests were not resent if initial sending of a request
failed.
*) Bugfix: the "reuseport" parameter of the "listen" directive was
ignored if the number of worker processes was specified after the
"listen" directive.
*) Bugfix: when using OpenSSL 1.1.0 or newer it was not possible to
switch off "ssl_prefer_server_ciphers" in a virtual server if it was
switched on in the default server.
*) Bugfix: SSL session reuse with upstream servers did not work with the
TLS 1.3 protocol.
Changes with nginx 1.15.1:
*) Feature: the "random" directive inside the "upstream" block.
*) Feature: improved performance when using the "hash" and "ip_hash"
directives with the "zone" directive.
*) Feature: the "reuseport" parameter of the "listen" directive now uses
SO_REUSEPORT_LB on FreeBSD 12.
*) Bugfix: HTTP/2 server push did not work if SSL was terminated by a
proxy server in front of nginx.
*) Bugfix: the "tcp_nopush" directive was always used on backend
connections.
*) Bugfix: sending a disk-buffered request body to a gRPC backend might
fail.
Changes with nginx 1.15.0:
*) Change: the "ssl" directive is deprecated; the "ssl" parameter of the
"listen" directive should be used instead.
*) Change: now nginx detects missing SSL certificates during
configuration testing when using the "ssl" parameter of the "listen"
directive.
*) Feature: now the stream module can handle multiple incoming UDP
datagrams from a client within a single session.
*) Bugfix: it was possible to specify an incorrect response code in the
"proxy_cache_valid" directive.
*) Bugfix: nginx could not be built by gcc 8.1.
*) Bugfix: logging to syslog stopped on local IP address changes.
*) Bugfix: nginx could not be built by clang with CUDA SDK installed;
the bug had appeared in 1.13.8.
*) Bugfix: "getsockopt(TCP_FASTOPEN) ... failed" messages might appear
in logs during binary upgrade when using unix domain listen sockets
on FreeBSD.
*) Bugfix: nginx could not be built on Fedora 28 Linux.
*) Bugfix: request processing rate might exceed configured rate when
using the "limit_req" directive.
*) Bugfix: in handling of client addresses when using unix domain listen
sockets to work with datagrams on Linux.
*) Bugfix: in memory allocation error handling.
|
|
|
|
nginx-1.14.0 stable version has been released, incorporating new features and bug fixes from the 1.13.x mainline branch - including the mirror module, HTTP/2 push, the gRPC proxy module, and more.
|
|
push, rtmp
|
|
|
|
|
|
by upstream 5 years ago: https://trac.nginx.org/nginx/ticket/65
|
|
This notably fixes building with RELRO enabled (without cwrappers).
|
|
|
|
Changes with nginx 1.12.2:
*) Bugfix: client SSL connections were immediately closed if deferred
accept and the "proxy_protocol" parameter of the "listen" directive
were used.
*) Bugfix: client connections might be dropped during configuration
testing when using the "reuseport" parameter of the "listen"
directive on Linux.
*) Bugfix: incorrect response length was returned on 32-bit platforms
when requesting more than 4 gigabytes with multiple ranges.
*) Bugfix: switching to the next upstream server in the stream module
did not work when using the "ssl_preread" directive.
*) Bugfix: when using HTTP/2 client request body might be corrupted.
*) Bugfix: in handling of client addresses when using unix domain
sockets.
|
|
|
|
*) Security: a specially crafted request might result in an integer
overflow and incorrect processing of ranges in the range filter,
potentially resulting in sensitive information leak (CVE-2017-7529).
PkgSrc:
*) Updated external modules
*) Added RTMP module (Media Streaming Server)
|
|
Approved by joerg@.
|
|
Fixes joyent/pkgsrc/issues/515
|
|
|
|
* Update naxsi to 0.55.3.
Approximate changelog since nginx 1.10.3 follows.
Changes with nginx 1.12.0 12 Apr 2017
- 1.12.x stable branch.
Changes with nginx 1.11.13 04 Apr 2017
- Feature: the "http_429" parameter of the "proxy_next_upstream",
"fastcgi_next_upstream", "scgi_next_upstream", and
"uwsgi_next_upstream" directives.
Thanks to Piotr Sikora.
- Bugfix: in memory allocation error handling.
- Bugfix: requests might hang when using the "sendfile" and
"timer_resolution" directives on Linux.
- Bugfix: requests might hang when using the "sendfile" and "aio_write"
directives with subrequests.
- Bugfix: in the ngx_http_v2_module.
Thanks to Piotr Sikora.
- Bugfix: a segmentation fault might occur in a worker process when
using HTTP/2.
- Bugfix: requests might hang when using the "limit_rate",
"sendfile_max_chunk", "limit_req" directives, or the $r->sleep()
embedded perl method with subrequests.
- Bugfix: in the ngx_http_slice_module.
Changes with nginx 1.11.12 24 Mar 2017
- Bugfix: nginx might hog CPU; the bug had appeared in 1.11.11.
Changes with nginx 1.11.11 21 Mar 2017
- Feature: the "worker_shutdown_timeout" directive.
- Feature: vim syntax highlighting scripts improvements.
Thanks to Wei-Ko Kao.
- Bugfix: a segmentation fault might occur in a worker process if the
$limit_rate variable was set to an empty string.
- Bugfix: the "proxy_cache_background_update",
"fastcgi_cache_background_update", "scgi_cache_background_update",
and "uwsgi_cache_background_update" directives might work incorrectly
if the "if" directive was used.
- Bugfix: a segmentation fault might occur in a worker process if
number of large_client_header_buffers in a virtual server was
different from the one in the default server.
- Bugfix: in the mail proxy server.
Changes with nginx 1.11.10 14 Feb 2017
- Change: cache header format has been changed, previously cached
responses will be invalidated.
- Feature: support of "stale-while-revalidate" and "stale-if-error"
extensions in the "Cache-Control" backend response header line.
- Feature: the "proxy_cache_background_update",
"fastcgi_cache_background_update", "scgi_cache_background_update",
and "uwsgi_cache_background_update" directives.
- Feature: nginx is now able to cache responses with the "Vary" header
line up to 128 characters long (instead of 42 characters in previous
versions).
- Feature: the "build" parameter of the "server_tokens" directive.
Thanks to Tom Thorogood.
- Bugfix: "[crit] SSL_write() failed" messages might appear in logs
when handling requests with the "Expect: 100-continue" request header
line.
- Bugfix: the ngx_http_slice_module did not work in named locations.
- Bugfix: a segmentation fault might occur in a worker process when
using AIO after an "X-Accel-Redirect" redirection.
- Bugfix: reduced memory consumption for long-lived requests using
gzipping.
Changes with nginx 1.11.9 24 Jan 2017
- Bugfix: nginx might hog CPU when using the stream module; the bug had
appeared in 1.11.5.
- Bugfix: EXTERNAL authentication mechanism in mail proxy was accepted
even if it was not enabled in the configuration.
- Bugfix: a segmentation fault might occur in a worker process if the
"ssl_verify_client" directive of the stream module was used.
- Bugfix: the "ssl_verify_client" directive of the stream module might
not work.
- Bugfix: closing keepalive connections due to no free worker
connections might be too aggressive.
Thanks to Joel Cunningham.
- Bugfix: an incorrect response might be returned when using the
"sendfile" directive on FreeBSD and macOS; the bug had appeared in
1.7.8.
- Bugfix: a truncated response might be stored in cache when using the
"aio_write" directive.
- Bugfix: a socket leak might occur when using the "aio_write"
directive.
Changes with nginx 1.11.8 27 Dec 2016
- Feature: the "absolute_redirect" directive.
- Feature: the "escape" parameter of the "log_format" directive.
- Feature: client SSL certificates verification in the stream module.
- Feature: the "ssl_session_ticket_key" directive supports AES256
encryption of TLS session tickets when used with 80-byte keys.
- Feature: vim-commentary support in vim scripts.
Thanks to Armin Grodon.
- Bugfix: recursion when evaluating variables was not limited.
- Bugfix: in the ngx_stream_ssl_preread_module.
- Bugfix: if a server in an upstream in the stream module failed, it
was considered alive only when a test connection sent to it after
fail_timeout was closed; now a successfully established connection is
enough.
- Bugfix: nginx/Windows could not be built with 64-bit Visual Studio.
- Bugfix: nginx/Windows could not be built with OpenSSL 1.1.0.
Changes with nginx 1.11.7 13 Dec 2016
- Change: now in case of a client certificate verification error the
$ssl_client_verify variable contains a string with the failure
reason, for example, "FAILED:certificate has expired".
- Feature: the $ssl_ciphers, $ssl_curves, $ssl_client_v_start,
$ssl_client_v_end, and $ssl_client_v_remain variables.
- Feature: the "volatile" parameter of the "map" directive.
- Bugfix: dependencies specified for a module were ignored while
building dynamic modules.
- Bugfix: when using HTTP/2 and the "limit_req" or "auth_request"
directives client request body might be corrupted; the bug had
appeared in 1.11.0.
- Bugfix: a segmentation fault might occur in a worker process when
using HTTP/2; the bug had appeared in 1.11.3.
- Bugfix: in the ngx_http_mp4_module.
Thanks to Congcong Hu.
- Bugfix: in the ngx_http_perl_module.
|
|
so existing users won't need to modify their configs
|
|
http2 is defined in pkgsrc/mk/defaults/options.description
|
|
|
|
Changes with nginx 1.10.3 31 Jan 2017
*) Bugfix: in the "add_after_body" directive when used with the
"sub_filter" directive.
*) Bugfix: unix domain listen sockets might not be inherited during
binary upgrade on Linux.
*) Bugfix: graceful shutdown of old worker processes might require
infinite time when using HTTP/2.
*) Bugfix: when using HTTP/2 and the "limit_req" or "auth_request"
directives client request body might be corrupted; the bug had
appeared in 1.10.2.
*) Bugfix: a segmentation fault might occur in a worker process when
using HTTP/2; the bug had appeared in 1.10.2.
*) Bugfix: an incorrect response might be returned when using the
"sendfile" directive on FreeBSD and macOS; the bug had appeared in
1.7.8.
*) Bugfix: a truncated response might be stored in cache when using the
"aio_write" directive.
*) Bugfix: a socket leak might occur when using the "aio_write"
directive.
Changes with nginx 1.10.2 18 Oct 2016
*) Change: the "421 Misdirected Request" response now used when
rejecting requests to a virtual server different from one negotiated
during an SSL handshake; this improves interoperability with some
HTTP/2 clients when using client certificates.
*) Change: HTTP/2 clients can now start sending request body
immediately; the "http2_body_preread_size" directive controls size of
the buffer used before nginx will start reading client request body.
*) Bugfix: a segmentation fault might occur in a worker process when
using HTTP/2 and the "proxy_request_buffering" directive.
*) Bugfix: the "Content-Length" request header line was always added to
requests passed to backends, including requests without body, when
using HTTP/2.
*) Bugfix: "http request count is zero" alerts might appear in logs when
using HTTP/2.
*) Bugfix: unnecessary buffering might occur when using the "sub_filter"
directive; the issue had appeared in 1.9.4.
*) Bugfix: socket leak when using HTTP/2.
*) Bugfix: an incorrect response might be returned when using the "aio
threads" and "sendfile" directives; the bug had appeared in 1.9.13.
*) Workaround: OpenSSL 1.1.0 compatibility.
|
|
servicing events when port_getn() returns a timeout.
|
|
|
|
PR pkg/51593: nginx configure error the HTTP rewrite module requires the PCRE library
|
|
|
|
Update 3rd party modules in options.mk.
Changes with nginx 1.10.1
- Security: a segmentation fault might occur in a worker process while
writing a specially crafted request body to a temporary file
(CVE-2016-4450); the bug had appeared in 1.3.9.
Changes with nginx 1.10.0
- 1.10.x stable branch.
Changes with nginx 1.9.15
- Bugfix: "recv() failed" errors might occur when using HHVM as a
FastCGI server.
- Bugfix: when using HTTP/2 and the "limit_req" or "auth_request"
directives a timeout or a "client violated flow control" error might
occur while reading client request body; the bug had appeared in
1.9.14.
- Workaround: a response might not be shown by some browsers if HTTP/2
was used and client request body was not fully read; the bug had
appeared in 1.9.14.
- Bugfix: connections might hang when using the "aio threads"
directive.
Thanks to Mindaugas Rasiukevicius.
Changes with nginx 1.9.14
- Feature: OpenSSL 1.1.0 compatibility.
- Feature: the "proxy_request_buffering", "fastcgi_request_buffering",
"scgi_request_buffering", and "uwsgi_request_buffering" directives
now work with HTTP/2.
- Bugfix: "zero size buf in output" alerts might appear in logs when
using HTTP/2.
- Bugfix: the "client_max_body_size" directive might work incorrectly
when using HTTP/2.
- Bugfix: of minor bugs in logging.
Changes with nginx 1.9.13
- Change: non-idempotent requests (POST, LOCK, PATCH) are no longer
passed to the next server by default if a request has been sent to a
backend; the "non_idempotent" parameter of the "proxy_next_upstream"
directive explicitly allows retrying such requests.
- Feature: the ngx_http_perl_module can be built dynamically.
- Feature: UDP support in the stream module.
- Feature: the "aio_write" directive.
- Feature: now cache manager monitors number of elements in caches and
tries to avoid cache keys zone overflows.
- Bugfix: "task already active" and "second aio post" alerts might
appear in logs when using the "sendfile" and "aio" directives with
subrequests.
- Bugfix: "zero size buf in output" alerts might appear in logs if
caching was used and a client closed a connection prematurely.
- Bugfix: connections with clients might be closed needlessly if
caching was used.
Thanks to Justin Li.
- Bugfix: nginx might hog CPU if the "sendfile" directive was used on
Linux or Solaris and a file being sent was changed during sending.
- Bugfix: connections might hang when using the "sendfile" and "aio
threads" directives.
- Bugfix: in the "proxy_pass", "fastcgi_pass", "scgi_pass", and
"uwsgi_pass" directives when using variables.
Thanks to Piotr Sikora.
- Bugfix: in the ngx_http_sub_filter_module.
- Bugfix: if an error occurred in a cached backend connection, the
request was passed to the next server regardless of the
proxy_next_upstream directive.
- Bugfix: "CreateFile() failed" errors when creating temporary files
on
Windows.
Changes with nginx 1.9.12
- Feature: Huffman encoding of response headers in HTTP/2.
Thanks to Vlad Krasnov.
- Feature: the "worker_cpu_affinity" directive now supports more than
64 CPUs.
- Bugfix: compatibility with 3rd party C++ modules; the bug had
appeared in 1.9.11.
Thanks to Piotr Sikora.
- Bugfix: nginx could not be built statically with OpenSSL on Linux;
the bug had appeared in 1.9.11.
- Bugfix: the "add_header ... always" directive with an empty value
did
not delete "Last-Modified" and "ETag" header lines from error
responses.
- Workaround: "called a function you should not call" and "shutdown
while in init" messages might appear in logs when using OpenSSL
1.0.2f.
- Bugfix: invalid headers might be logged incorrectly.
- Bugfix: socket leak when using HTTP/2.
- Bugfix: in the ngx_http_v2_module.
Changes with nginx 1.9.11
- Feature: TCP support in resolver.
- Feature: dynamic modules.
- Bugfix: the $request_length variable did not include size of request
headers when using HTTP/2.
- Bugfix: in the ngx_http_v2_module.
Changes with nginx 1.9.10
- Security: invalid pointer dereference might occur during DNS server
response processing if the "resolver" directive was used, allowing an
attacker who is able to forge UDP packets from the DNS server to
cause segmentation fault in a worker process (CVE-2016-0742).
- Security: use-after-free condition might occur during CNAME response
processing if the "resolver" directive was used, allowing an attacker
who is able to trigger name resolution to cause segmentation fault in
a worker process, or might have potential other impact
(CVE-2016-0746).
- Security: CNAME resolution was insufficiently limited if the
"resolver" directive was used, allowing an attacker who is able to
trigger arbitrary name resolution to cause excessive resource
consumption in worker processes (CVE-2016-0747).
- Feature: the "auto" parameter of the "worker_cpu_affinity"
directive.
- Bugfix: the "proxy_protocol" parameter of the "listen" directive did
not work with IPv6 listen sockets.
- Bugfix: connections to upstream servers might be cached incorrectly
when using the "keepalive" directive.
- Bugfix: proxying used the HTTP method of the original request after
an "X-Accel-Redirect" redirection.
Changes with nginx 1.9.9
- Bugfix: proxying to unix domain sockets did not work when using
variables; the bug had appeared in 1.9.8.
Changes with nginx 1.9.8
- Feature: pwritev() support.
- Feature: the "include" directive inside the "upstream" block.
- Feature: the ngx_http_slice_module.
- Bugfix: a segmentation fault might occur in a worker process when
using LibreSSL; the bug had appeared in 1.9.6.
- Bugfix: nginx could not be built on OS X in some cases.
Changes with nginx 1.9.7
- Feature: the "nohostname" parameter of logging to syslog.
- Feature: the "proxy_cache_convert_head" directive.
- Feature: the $realip_remote_addr variable in the
ngx_http_realip_module.
- Bugfix: the "expires" directive might not work when using variables.
- Bugfix: a segmentation fault might occur in a worker process when
using HTTP/2; the bug had appeared in 1.9.6.
- Bugfix: if nginx was built with the ngx_http_v2_module it was
possible to use the HTTP/2 protocol even if the "http2" parameter of
the "listen" directive was not specified.
- Bugfix: in the ngx_http_v2_module.
Changes with nginx 1.9.6
- Bugfix: a segmentation fault might occur in a worker process when
using HTTP/2.
Thanks to Piotr Sikora and Denis Andzakovic.
- Bugfix: the $server_protocol variable was empty when using HTTP/2.
- Bugfix: backend SSL connections in the stream module might be timed
out unexpectedly.
- Bugfix: a segmentation fault might occur in a worker process if
different ssl_session_cache settings were used in different virtual
servers.
- Bugfix: nginx/Windows could not be built with MinGW gcc; the bug had
appeared in 1.9.4.
Thanks to Kouhei Sutou.
- Bugfix: time was not updated when the timer_resolution directive was
used on Windows.
- Miscellaneous minor fixes and improvements.
Thanks to Markus Linnala, Kurtis Nusbaum and Piotr Sikora.
Changes with nginx 1.9.5
- Feature: the ngx_http_v2_module (replaces ngx_http_spdy_module).
Thanks to Dropbox and Automattic for sponsoring this work.
- Change: now the "output_buffers" directive uses two buffers by
default.
- Change: now nginx limits subrequests recursion, not simultaneous
subrequests.
- Change: now nginx checks the whole cache key when returning a
response from cache.
Thanks to Gena Makhomed and Sergey Brester.
- Bugfix: "header already sent" alerts might appear in logs when using
cache; the bug had appeared in 1.7.5.
- Bugfix: "writev() failed (4: Interrupted system call)" errors might
appear in logs when using CephFS and the "timer_resolution" directive
on Linux.
- Bugfix: in invalid configurations handling.
Thanks to Markus Linnala.
- Bugfix: a segmentation fault occurred in a worker process if the
"sub_filter" directive was used at http level; the bug had appeared
in 1.9.4.
Changes with nginx 1.9.4
- Change: the "proxy_downstream_buffer" and "proxy_upstream_buffer"
directives of the stream module are replaced with the
"proxy_buffer_size" directive.
- Feature: the "tcp_nodelay" directive in the stream module.
- Feature: multiple "sub_filter" directives can be used
simultaneously.
- Feature: variables support in the search string of the "sub_filter"
directive.
- Workaround: configuration testing might fail under Linux OpenVZ.
Thanks to Gena Makhomed.
- Bugfix: old worker processes might hog CPU after reconfiguration
with
a large number of worker_connections.
- Bugfix: a segmentation fault might occur in a worker process if the
"try_files" and "alias" directives were used inside a location given
by a regular expression; the bug had appeared in 1.7.1.
- Bugfix: the "try_files" directive inside a nested location given by
a regular expression worked incorrectly if the "alias" directive was
used in the outer location.
- Bugfix: in hash table initialization error handling.
- Bugfix: nginx could not be built with Visual Studio 2015.
Changes with nginx 1.9.3
- Change: duplicate "http", "mail", and "stream" blocks are now
disallowed.
- Feature: connection limiting in the stream module.
- Feature: data rate limiting in the stream module.
- Bugfix: the "zone" directive inside the "upstream" block did not
work on Windows.
- Bugfix: compatibility with LibreSSL in the stream module.
Thanks to Piotr Sikora.
- Bugfix: in the "--builddir" configure parameter.
Thanks to Piotr Sikora.
- Bugfix: the "ssl_stapling_file" directive did not work; the bug had
appeared in 1.9.2.
Thanks to Faidon Liambotis and Brandon Black.
- Bugfix: a segmentation fault might occur in a worker process if the
"ssl_stapling" directive was used; the bug had appeared in 1.9.2.
Thanks to Matthew Baldwin.
Changes with nginx 1.9.2
- Feature: the "backlog" parameter of the "listen" directives of the
mail proxy and stream modules.
- Feature: the "allow" and "deny" directives in the stream module.
- Feature: the "proxy_bind" directive in the stream module.
- Feature: the "proxy_protocol" directive in the stream module.
- Feature: the -T switch.
- Feature: the REQUEST_SCHEME parameter added to the fastcgi.conf,
fastcgi_params, scgi_params, and uwsgi_params standard configuration
files.
- Bugfix: the "reuseport" parameter of the "listen" directive of the
stream module did not work.
- Bugfix: OCSP stapling might return an expired OCSP response in some
cases.
Changes with nginx 1.9.1
- Change: now SSLv3 protocol is disabled by default.
- Change: some long deprecated directives are not supported anymore.
- Feature: the "reuseport" parameter of the "listen" directive.
Thanks to Yingqi Lu at Intel and Sepherosa Ziehau.
- Feature: the $upstream_connect_time variable.
- Bugfix: in the "hash" directive on big-endian platforms.
- Bugfix: nginx might fail to start on some old Linux variants; the
bug had appeared in 1.7.11.
- Bugfix: in IP address parsing.
Thanks to Sergey Polovko.
Changes with nginx 1.9.0
- Change: obsolete aio and rtsig event methods have been removed.
- Feature: the "zone" directive inside the "upstream" block.
- Feature: the stream module.
- Feature: byte ranges support in the ngx_http_memcached_module.
Thanks to Martin Mlynar.
- Feature: shared memory can now be used on Windows versions with
address space layout randomization.
Thanks to Sergey Brester.
- Feature: the "error_log" directive can now be used on mail and
server levels in mail proxy.
- Bugfix: the "proxy_protocol" parameter of the "listen" directive did
not work if not specified in the first "listen" directive for a
listen socket.
|
|
|
|
|
|
original manifest.xml file and the output from "svccfg export".
|
|
temporary file). Bump revision.
|
|
|
|
- security fixes when using the "resolver" directive
- bugfixes for "proxy_protocol" parameter of "listen", "try_files" and
"alias" directives, when using different ssl_session_cache settings
across vhosts, "spdy" could be active when builtin but not explicitly
enabled
|
|
|
