| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
* Update naxsi to 0.55.3.
Approximate changelog since nginx 1.10.3 follows.
Changes with nginx 1.12.0 12 Apr 2017
- 1.12.x stable branch.
Changes with nginx 1.11.13 04 Apr 2017
- Feature: the "http_429" parameter of the "proxy_next_upstream",
"fastcgi_next_upstream", "scgi_next_upstream", and
"uwsgi_next_upstream" directives.
Thanks to Piotr Sikora.
- Bugfix: in memory allocation error handling.
- Bugfix: requests might hang when using the "sendfile" and
"timer_resolution" directives on Linux.
- Bugfix: requests might hang when using the "sendfile" and "aio_write"
directives with subrequests.
- Bugfix: in the ngx_http_v2_module.
Thanks to Piotr Sikora.
- Bugfix: a segmentation fault might occur in a worker process when
using HTTP/2.
- Bugfix: requests might hang when using the "limit_rate",
"sendfile_max_chunk", "limit_req" directives, or the $r->sleep()
embedded perl method with subrequests.
- Bugfix: in the ngx_http_slice_module.
Changes with nginx 1.11.12 24 Mar 2017
- Bugfix: nginx might hog CPU; the bug had appeared in 1.11.11.
Changes with nginx 1.11.11 21 Mar 2017
- Feature: the "worker_shutdown_timeout" directive.
- Feature: vim syntax highlighting scripts improvements.
Thanks to Wei-Ko Kao.
- Bugfix: a segmentation fault might occur in a worker process if the
$limit_rate variable was set to an empty string.
- Bugfix: the "proxy_cache_background_update",
"fastcgi_cache_background_update", "scgi_cache_background_update",
and "uwsgi_cache_background_update" directives might work incorrectly
if the "if" directive was used.
- Bugfix: a segmentation fault might occur in a worker process if
number of large_client_header_buffers in a virtual server was
different from the one in the default server.
- Bugfix: in the mail proxy server.
Changes with nginx 1.11.10 14 Feb 2017
- Change: cache header format has been changed, previously cached
responses will be invalidated.
- Feature: support of "stale-while-revalidate" and "stale-if-error"
extensions in the "Cache-Control" backend response header line.
- Feature: the "proxy_cache_background_update",
"fastcgi_cache_background_update", "scgi_cache_background_update",
and "uwsgi_cache_background_update" directives.
- Feature: nginx is now able to cache responses with the "Vary" header
line up to 128 characters long (instead of 42 characters in previous
versions).
- Feature: the "build" parameter of the "server_tokens" directive.
Thanks to Tom Thorogood.
- Bugfix: "[crit] SSL_write() failed" messages might appear in logs
when handling requests with the "Expect: 100-continue" request header
line.
- Bugfix: the ngx_http_slice_module did not work in named locations.
- Bugfix: a segmentation fault might occur in a worker process when
using AIO after an "X-Accel-Redirect" redirection.
- Bugfix: reduced memory consumption for long-lived requests using
gzipping.
Changes with nginx 1.11.9 24 Jan 2017
- Bugfix: nginx might hog CPU when using the stream module; the bug had
appeared in 1.11.5.
- Bugfix: EXTERNAL authentication mechanism in mail proxy was accepted
even if it was not enabled in the configuration.
- Bugfix: a segmentation fault might occur in a worker process if the
"ssl_verify_client" directive of the stream module was used.
- Bugfix: the "ssl_verify_client" directive of the stream module might
not work.
- Bugfix: closing keepalive connections due to no free worker
connections might be too aggressive.
Thanks to Joel Cunningham.
- Bugfix: an incorrect response might be returned when using the
"sendfile" directive on FreeBSD and macOS; the bug had appeared in
1.7.8.
- Bugfix: a truncated response might be stored in cache when using the
"aio_write" directive.
- Bugfix: a socket leak might occur when using the "aio_write"
directive.
Changes with nginx 1.11.8 27 Dec 2016
- Feature: the "absolute_redirect" directive.
- Feature: the "escape" parameter of the "log_format" directive.
- Feature: client SSL certificates verification in the stream module.
- Feature: the "ssl_session_ticket_key" directive supports AES256
encryption of TLS session tickets when used with 80-byte keys.
- Feature: vim-commentary support in vim scripts.
Thanks to Armin Grodon.
- Bugfix: recursion when evaluating variables was not limited.
- Bugfix: in the ngx_stream_ssl_preread_module.
- Bugfix: if a server in an upstream in the stream module failed, it
was considered alive only when a test connection sent to it after
fail_timeout was closed; now a successfully established connection is
enough.
- Bugfix: nginx/Windows could not be built with 64-bit Visual Studio.
- Bugfix: nginx/Windows could not be built with OpenSSL 1.1.0.
Changes with nginx 1.11.7 13 Dec 2016
- Change: now in case of a client certificate verification error the
$ssl_client_verify variable contains a string with the failure
reason, for example, "FAILED:certificate has expired".
- Feature: the $ssl_ciphers, $ssl_curves, $ssl_client_v_start,
$ssl_client_v_end, and $ssl_client_v_remain variables.
- Feature: the "volatile" parameter of the "map" directive.
- Bugfix: dependencies specified for a module were ignored while
building dynamic modules.
- Bugfix: when using HTTP/2 and the "limit_req" or "auth_request"
directives client request body might be corrupted; the bug had
appeared in 1.11.0.
- Bugfix: a segmentation fault might occur in a worker process when
using HTTP/2; the bug had appeared in 1.11.3.
- Bugfix: in the ngx_http_mp4_module.
Thanks to Congcong Hu.
- Bugfix: in the ngx_http_perl_module.
|
|
so existing users won't need to modify their configs
|
|
http2 is defined in pkgsrc/mk/defaults/options.description
|
|
|
|
Changes with nginx 1.10.3 31 Jan 2017
*) Bugfix: in the "add_after_body" directive when used with the
"sub_filter" directive.
*) Bugfix: unix domain listen sockets might not be inherited during
binary upgrade on Linux.
*) Bugfix: graceful shutdown of old worker processes might require
infinite time when using HTTP/2.
*) Bugfix: when using HTTP/2 and the "limit_req" or "auth_request"
directives client request body might be corrupted; the bug had
appeared in 1.10.2.
*) Bugfix: a segmentation fault might occur in a worker process when
using HTTP/2; the bug had appeared in 1.10.2.
*) Bugfix: an incorrect response might be returned when using the
"sendfile" directive on FreeBSD and macOS; the bug had appeared in
1.7.8.
*) Bugfix: a truncated response might be stored in cache when using the
"aio_write" directive.
*) Bugfix: a socket leak might occur when using the "aio_write"
directive.
Changes with nginx 1.10.2 18 Oct 2016
*) Change: the "421 Misdirected Request" response now used when
rejecting requests to a virtual server different from one negotiated
during an SSL handshake; this improves interoperability with some
HTTP/2 clients when using client certificates.
*) Change: HTTP/2 clients can now start sending request body
immediately; the "http2_body_preread_size" directive controls size of
the buffer used before nginx will start reading client request body.
*) Bugfix: a segmentation fault might occur in a worker process when
using HTTP/2 and the "proxy_request_buffering" directive.
*) Bugfix: the "Content-Length" request header line was always added to
requests passed to backends, including requests without body, when
using HTTP/2.
*) Bugfix: "http request count is zero" alerts might appear in logs when
using HTTP/2.
*) Bugfix: unnecessary buffering might occur when using the "sub_filter"
directive; the issue had appeared in 1.9.4.
*) Bugfix: socket leak when using HTTP/2.
*) Bugfix: an incorrect response might be returned when using the "aio
threads" and "sendfile" directives; the bug had appeared in 1.9.13.
*) Workaround: OpenSSL 1.1.0 compatibility.
|
|
servicing events when port_getn() returns a timeout.
|
|
|
|
PR pkg/51593: nginx configure error the HTTP rewrite module requires the PCRE library
|
|
|
|
Update 3rd party modules in options.mk.
Changes with nginx 1.10.1
- Security: a segmentation fault might occur in a worker process while
writing a specially crafted request body to a temporary file
(CVE-2016-4450); the bug had appeared in 1.3.9.
Changes with nginx 1.10.0
- 1.10.x stable branch.
Changes with nginx 1.9.15
- Bugfix: "recv() failed" errors might occur when using HHVM as a
FastCGI server.
- Bugfix: when using HTTP/2 and the "limit_req" or "auth_request"
directives a timeout or a "client violated flow control" error might
occur while reading client request body; the bug had appeared in
1.9.14.
- Workaround: a response might not be shown by some browsers if HTTP/2
was used and client request body was not fully read; the bug had
appeared in 1.9.14.
- Bugfix: connections might hang when using the "aio threads"
directive.
Thanks to Mindaugas Rasiukevicius.
Changes with nginx 1.9.14
- Feature: OpenSSL 1.1.0 compatibility.
- Feature: the "proxy_request_buffering", "fastcgi_request_buffering",
"scgi_request_buffering", and "uwsgi_request_buffering" directives
now work with HTTP/2.
- Bugfix: "zero size buf in output" alerts might appear in logs when
using HTTP/2.
- Bugfix: the "client_max_body_size" directive might work incorrectly
when using HTTP/2.
- Bugfix: of minor bugs in logging.
Changes with nginx 1.9.13
- Change: non-idempotent requests (POST, LOCK, PATCH) are no longer
passed to the next server by default if a request has been sent to a
backend; the "non_idempotent" parameter of the "proxy_next_upstream"
directive explicitly allows retrying such requests.
- Feature: the ngx_http_perl_module can be built dynamically.
- Feature: UDP support in the stream module.
- Feature: the "aio_write" directive.
- Feature: now cache manager monitors number of elements in caches and
tries to avoid cache keys zone overflows.
- Bugfix: "task already active" and "second aio post" alerts might
appear in logs when using the "sendfile" and "aio" directives with
subrequests.
- Bugfix: "zero size buf in output" alerts might appear in logs if
caching was used and a client closed a connection prematurely.
- Bugfix: connections with clients might be closed needlessly if
caching was used.
Thanks to Justin Li.
- Bugfix: nginx might hog CPU if the "sendfile" directive was used on
Linux or Solaris and a file being sent was changed during sending.
- Bugfix: connections might hang when using the "sendfile" and "aio
threads" directives.
- Bugfix: in the "proxy_pass", "fastcgi_pass", "scgi_pass", and
"uwsgi_pass" directives when using variables.
Thanks to Piotr Sikora.
- Bugfix: in the ngx_http_sub_filter_module.
- Bugfix: if an error occurred in a cached backend connection, the
request was passed to the next server regardless of the
proxy_next_upstream directive.
- Bugfix: "CreateFile() failed" errors when creating temporary files
on
Windows.
Changes with nginx 1.9.12
- Feature: Huffman encoding of response headers in HTTP/2.
Thanks to Vlad Krasnov.
- Feature: the "worker_cpu_affinity" directive now supports more than
64 CPUs.
- Bugfix: compatibility with 3rd party C++ modules; the bug had
appeared in 1.9.11.
Thanks to Piotr Sikora.
- Bugfix: nginx could not be built statically with OpenSSL on Linux;
the bug had appeared in 1.9.11.
- Bugfix: the "add_header ... always" directive with an empty value
did
not delete "Last-Modified" and "ETag" header lines from error
responses.
- Workaround: "called a function you should not call" and "shutdown
while in init" messages might appear in logs when using OpenSSL
1.0.2f.
- Bugfix: invalid headers might be logged incorrectly.
- Bugfix: socket leak when using HTTP/2.
- Bugfix: in the ngx_http_v2_module.
Changes with nginx 1.9.11
- Feature: TCP support in resolver.
- Feature: dynamic modules.
- Bugfix: the $request_length variable did not include size of request
headers when using HTTP/2.
- Bugfix: in the ngx_http_v2_module.
Changes with nginx 1.9.10
- Security: invalid pointer dereference might occur during DNS server
response processing if the "resolver" directive was used, allowing an
attacker who is able to forge UDP packets from the DNS server to
cause segmentation fault in a worker process (CVE-2016-0742).
- Security: use-after-free condition might occur during CNAME response
processing if the "resolver" directive was used, allowing an attacker
who is able to trigger name resolution to cause segmentation fault in
a worker process, or might have potential other impact
(CVE-2016-0746).
- Security: CNAME resolution was insufficiently limited if the
"resolver" directive was used, allowing an attacker who is able to
trigger arbitrary name resolution to cause excessive resource
consumption in worker processes (CVE-2016-0747).
- Feature: the "auto" parameter of the "worker_cpu_affinity"
directive.
- Bugfix: the "proxy_protocol" parameter of the "listen" directive did
not work with IPv6 listen sockets.
- Bugfix: connections to upstream servers might be cached incorrectly
when using the "keepalive" directive.
- Bugfix: proxying used the HTTP method of the original request after
an "X-Accel-Redirect" redirection.
Changes with nginx 1.9.9
- Bugfix: proxying to unix domain sockets did not work when using
variables; the bug had appeared in 1.9.8.
Changes with nginx 1.9.8
- Feature: pwritev() support.
- Feature: the "include" directive inside the "upstream" block.
- Feature: the ngx_http_slice_module.
- Bugfix: a segmentation fault might occur in a worker process when
using LibreSSL; the bug had appeared in 1.9.6.
- Bugfix: nginx could not be built on OS X in some cases.
Changes with nginx 1.9.7
- Feature: the "nohostname" parameter of logging to syslog.
- Feature: the "proxy_cache_convert_head" directive.
- Feature: the $realip_remote_addr variable in the
ngx_http_realip_module.
- Bugfix: the "expires" directive might not work when using variables.
- Bugfix: a segmentation fault might occur in a worker process when
using HTTP/2; the bug had appeared in 1.9.6.
- Bugfix: if nginx was built with the ngx_http_v2_module it was
possible to use the HTTP/2 protocol even if the "http2" parameter of
the "listen" directive was not specified.
- Bugfix: in the ngx_http_v2_module.
Changes with nginx 1.9.6
- Bugfix: a segmentation fault might occur in a worker process when
using HTTP/2.
Thanks to Piotr Sikora and Denis Andzakovic.
- Bugfix: the $server_protocol variable was empty when using HTTP/2.
- Bugfix: backend SSL connections in the stream module might be timed
out unexpectedly.
- Bugfix: a segmentation fault might occur in a worker process if
different ssl_session_cache settings were used in different virtual
servers.
- Bugfix: nginx/Windows could not be built with MinGW gcc; the bug had
appeared in 1.9.4.
Thanks to Kouhei Sutou.
- Bugfix: time was not updated when the timer_resolution directive was
used on Windows.
- Miscellaneous minor fixes and improvements.
Thanks to Markus Linnala, Kurtis Nusbaum and Piotr Sikora.
Changes with nginx 1.9.5
- Feature: the ngx_http_v2_module (replaces ngx_http_spdy_module).
Thanks to Dropbox and Automattic for sponsoring this work.
- Change: now the "output_buffers" directive uses two buffers by
default.
- Change: now nginx limits subrequests recursion, not simultaneous
subrequests.
- Change: now nginx checks the whole cache key when returning a
response from cache.
Thanks to Gena Makhomed and Sergey Brester.
- Bugfix: "header already sent" alerts might appear in logs when using
cache; the bug had appeared in 1.7.5.
- Bugfix: "writev() failed (4: Interrupted system call)" errors might
appear in logs when using CephFS and the "timer_resolution" directive
on Linux.
- Bugfix: in invalid configurations handling.
Thanks to Markus Linnala.
- Bugfix: a segmentation fault occurred in a worker process if the
"sub_filter" directive was used at http level; the bug had appeared
in 1.9.4.
Changes with nginx 1.9.4
- Change: the "proxy_downstream_buffer" and "proxy_upstream_buffer"
directives of the stream module are replaced with the
"proxy_buffer_size" directive.
- Feature: the "tcp_nodelay" directive in the stream module.
- Feature: multiple "sub_filter" directives can be used
simultaneously.
- Feature: variables support in the search string of the "sub_filter"
directive.
- Workaround: configuration testing might fail under Linux OpenVZ.
Thanks to Gena Makhomed.
- Bugfix: old worker processes might hog CPU after reconfiguration
with
a large number of worker_connections.
- Bugfix: a segmentation fault might occur in a worker process if the
"try_files" and "alias" directives were used inside a location given
by a regular expression; the bug had appeared in 1.7.1.
- Bugfix: the "try_files" directive inside a nested location given by
a regular expression worked incorrectly if the "alias" directive was
used in the outer location.
- Bugfix: in hash table initialization error handling.
- Bugfix: nginx could not be built with Visual Studio 2015.
Changes with nginx 1.9.3
- Change: duplicate "http", "mail", and "stream" blocks are now
disallowed.
- Feature: connection limiting in the stream module.
- Feature: data rate limiting in the stream module.
- Bugfix: the "zone" directive inside the "upstream" block did not
work on Windows.
- Bugfix: compatibility with LibreSSL in the stream module.
Thanks to Piotr Sikora.
- Bugfix: in the "--builddir" configure parameter.
Thanks to Piotr Sikora.
- Bugfix: the "ssl_stapling_file" directive did not work; the bug had
appeared in 1.9.2.
Thanks to Faidon Liambotis and Brandon Black.
- Bugfix: a segmentation fault might occur in a worker process if the
"ssl_stapling" directive was used; the bug had appeared in 1.9.2.
Thanks to Matthew Baldwin.
Changes with nginx 1.9.2
- Feature: the "backlog" parameter of the "listen" directives of the
mail proxy and stream modules.
- Feature: the "allow" and "deny" directives in the stream module.
- Feature: the "proxy_bind" directive in the stream module.
- Feature: the "proxy_protocol" directive in the stream module.
- Feature: the -T switch.
- Feature: the REQUEST_SCHEME parameter added to the fastcgi.conf,
fastcgi_params, scgi_params, and uwsgi_params standard configuration
files.
- Bugfix: the "reuseport" parameter of the "listen" directive of the
stream module did not work.
- Bugfix: OCSP stapling might return an expired OCSP response in some
cases.
Changes with nginx 1.9.1
- Change: now SSLv3 protocol is disabled by default.
- Change: some long deprecated directives are not supported anymore.
- Feature: the "reuseport" parameter of the "listen" directive.
Thanks to Yingqi Lu at Intel and Sepherosa Ziehau.
- Feature: the $upstream_connect_time variable.
- Bugfix: in the "hash" directive on big-endian platforms.
- Bugfix: nginx might fail to start on some old Linux variants; the
bug had appeared in 1.7.11.
- Bugfix: in IP address parsing.
Thanks to Sergey Polovko.
Changes with nginx 1.9.0
- Change: obsolete aio and rtsig event methods have been removed.
- Feature: the "zone" directive inside the "upstream" block.
- Feature: the stream module.
- Feature: byte ranges support in the ngx_http_memcached_module.
Thanks to Martin Mlynar.
- Feature: shared memory can now be used on Windows versions with
address space layout randomization.
Thanks to Sergey Brester.
- Feature: the "error_log" directive can now be used on mail and
server levels in mail proxy.
- Bugfix: the "proxy_protocol" parameter of the "listen" directive did
not work if not specified in the first "listen" directive for a
listen socket.
|
|
|
|
|
|
original manifest.xml file and the output from "svccfg export".
|
|
temporary file). Bump revision.
|
|
|
|
- security fixes when using the "resolver" directive
- bugfixes for "proxy_protocol" parameter of "listen", "try_files" and
"alias" directives, when using different ssl_session_cache settings
across vhosts, "spdy" could be active when builtin but not explicitly
enabled
|
|
|
|
|
|
Problems found locating distfiles:
Package haskell-cgi: missing distfile haskell-cgi-20001206.tar.gz
Package nginx: missing distfile array-var-nginx-module-0.04.tar.gz
Package nginx: missing distfile encrypted-session-nginx-module-0.04.tar.gz
Package nginx: missing distfile headers-more-nginx-module-0.261.tar.gz
Package nginx: missing distfile nginx_http_push_module-0.692.tar.gz
Package nginx: missing distfile set-misc-nginx-module-0.29.tar.gz
Package nginx-devel: missing distfile echo-nginx-module-0.58.tar.gz
Package nginx-devel: missing distfile form-input-nginx-module-0.11.tar.gz
Package nginx-devel: missing distfile lua-nginx-module-0.9.16.tar.gz
Package nginx-devel: missing distfile nginx_http_push_module-0.692.tar.gz
Package nginx-devel: missing distfile set-misc-nginx-module-0.29.tar.gz
Package php-owncloud: missing distfile owncloud-8.2.0.tar.bz2
Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden). All existing
SHA1 digests retained for now as an audit trail.
|
|
|
|
instead of ftp.NetBSD.org.
* lua-nginx-module 0.9.5 updated to 0.9.16
* echo-nginx-module 0.51 updated to 0.58
* set-misc-nginx-module 0.24 updated to 0.29
* array-var-nginx-module 0.03 updated to 0.04
* encrypted-session-nginx-module 0.03 updated to 0.04
* form-input-nginx-module 0.07 updated to 0.11
* headers-more-nginx-module 0.25 updated to 0.26.1
Only minor revision changes, no features added. Modules don't have Changelog,
git history shows only cosmetic changes and bugfixes.
|
|
From 0.53-2 "AppleJack":
* increased PCRE output vector from 6 to 30 (from 2 match groups to 10)
* removed negative rule on content-types (naxsi_core.rules) as naxsi supports
json
* Fixed broken EXLOG on |NAME match zones (issues/110)
* Integrated libinjection (xss/sqli)
Modified `options.mk' to allow www/nginx-devel to use ngx_http_v2_module instead
of ngx_http_spdy_module.
|
|
Not supported since 1.3.8 (we have 1.8.x and 1.9.x in pkgsrc).
Reported by Timshel Knoll-Miller in PR 50272.
|
|
|
|
Changes with nginx 1.8.0 21 Apr 2015
*) 1.8.x stable branch.
Changes with nginx 1.7.12 07 Apr 2015
*) Feature: now the "tcp_nodelay" directive works with backend SSL
connections.
*) Feature: now thread pools can be used to read cache file headers.
*) Bugfix: in the "proxy_request_buffering" directive.
*) Bugfix: a segmentation fault might occur in a worker process when
using thread pools on Linux.
*) Bugfix: in error handling when using the "ssl_stapling" directive.
*) Bugfix: in the ngx_http_spdy_module.
Changes with nginx 1.7.11 24 Mar 2015
*) Change: the "sendfile" parameter of the "aio" directive is
deprecated; now nginx automatically uses AIO to pre-load data for
sendfile if both "aio" and "sendfile" directives are used.
*) Feature: experimental thread pools support.
*) Feature: the "proxy_request_buffering", "fastcgi_request_buffering",
"scgi_request_buffering", and "uwsgi_request_buffering" directives.
*) Feature: request body filters experimental API.
*) Feature: client SSL certificates support in mail proxy.
*) Feature: startup speedup when using the "hash ... consistent"
directive in the upstream block.
*) Feature: debug logging into a cyclic memory buffer.
*) Bugfix: in hash table handling.
*) Bugfix: in the "proxy_cache_revalidate" directive.
*) Bugfix: SSL connections might hang if deferred accept or the
"proxy_protocol" parameter of the "listen" directive were used.
*) Bugfix: the $upstream_response_time variable might contain a wrong
value if the "image_filter" directive was used.
*) Bugfix: in integer overflow handling.
*) Bugfix: it was not possible to enable SSLv3 with LibreSSL.
*) Bugfix: the "ignoring stale global SSL error ... called a function
you should not call" alerts appeared in logs when using LibreSSL.
*) Bugfix: certificates specified by the "ssl_client_certificate" and
"ssl_trusted_certificate" directives were inadvertently used to
automatically construct certificate chains.
Changes with nginx 1.7.10 10 Feb 2015
*) Feature: the "use_temp_path" parameter of the "proxy_cache_path",
"fastcgi_cache_path", "scgi_cache_path", and "uwsgi_cache_path"
directives.
*) Feature: the $upstream_header_time variable.
*) Workaround: now on disk overflow nginx tries to write error logs once
a second only.
*) Bugfix: the "try_files" directive did not ignore normal files while
testing directories.
*) Bugfix: alerts "sendfile() failed" if the "sendfile" directive was
used on OS X; the bug had appeared in 1.7.8.
*) Bugfix: alerts "sem_post() failed" might appear in logs.
*) Bugfix: nginx could not be built with musl libc.
*) Bugfix: nginx could not be built on Tru64 UNIX.
Changes with nginx 1.7.9 23 Dec 2014
*) Feature: variables support in the "proxy_cache", "fastcgi_cache",
"scgi_cache", and "uwsgi_cache" directives.
*) Feature: variables support in the "expires" directive.
*) Feature: loading of secret keys from hardware tokens with OpenSSL
engines.
*) Feature: the "autoindex_format" directive.
*) Bugfix: cache revalidation is now only used for responses with 200
and 206 status codes.
*) Bugfix: the "TE" client request header line was passed to backends
while proxying.
*) Bugfix: the "proxy_pass", "fastcgi_pass", "scgi_pass", and
"uwsgi_pass" directives might not work correctly inside the "if" and
"limit_except" blocks.
*) Bugfix: the "proxy_store" directive with the "on" parameter was
ignored if the "proxy_store" directive with an explicitly specified
file path was used on a previous level.
*) Bugfix: nginx could not be built with BoringSSL.
Changes with nginx 1.7.8 02 Dec 2014
*) Change: now the "If-Modified-Since", "If-Range", etc. client request
header lines are passed to a backend while caching if nginx knows in
advance that the response will not be cached (e.g., when using
proxy_cache_min_uses).
*) Change: now after proxy_cache_lock_timeout nginx sends a request to a
backend with caching disabled; the new directives
"proxy_cache_lock_age", "fastcgi_cache_lock_age",
"scgi_cache_lock_age", and "uwsgi_cache_lock_age" specify a time
after which the lock will be released and another attempt to cache a
response will be made.
*) Change: the "log_format" directive can now be used only at http
level.
*) Feature: the "proxy_ssl_certificate", "proxy_ssl_certificate_key",
"proxy_ssl_password_file", "uwsgi_ssl_certificate",
"uwsgi_ssl_certificate_key", and "uwsgi_ssl_password_file"
directives.
*) Feature: it is now possible to switch to a named location using
"X-Accel-Redirect".
*) Feature: now the "tcp_nodelay" directive works with SPDY connections.
*) Feature: new directives in vim syntax highliting scripts.
*) Bugfix: nginx ignored the "s-maxage" value in the "Cache-Control"
backend response header line.
*) Bugfix: in the ngx_http_spdy_module.
*) Bugfix: in the "ssl_password_file" directive when using OpenSSL
0.9.8zc, 1.0.0o, 1.0.1j.
*) Bugfix: alerts "header already sent" appeared in logs if the
"post_action" directive was used; the bug had appeared in 1.5.4.
*) Bugfix: alerts "the http output chain is empty" might appear in logs
if the "postpone_output 0" directive was used with SSI includes.
*) Bugfix: in the "proxy_cache_lock" directive with SSI subrequests.
Changes with nginx 1.7.7 28 Oct 2014
*) Change: now nginx takes into account the "Vary" header line in a
backend response while caching.
*) Feature: the "proxy_force_ranges", "fastcgi_force_ranges",
"scgi_force_ranges", and "uwsgi_force_ranges" directives.
*) Feature: the "proxy_limit_rate", "fastcgi_limit_rate",
"scgi_limit_rate", and "uwsgi_limit_rate" directives.
*) Feature: the "Vary" parameter of the "proxy_ignore_headers",
"fastcgi_ignore_headers", "scgi_ignore_headers", and
"uwsgi_ignore_headers" directives.
*) Bugfix: the last part of a response received from a backend with
unbufferred proxy might not be sent to a client if "gzip" or "gunzip"
directives were used.
*) Bugfix: in the "proxy_cache_revalidate" directive.
*) Bugfix: in error handling.
*) Bugfix: in the "proxy_next_upstream_tries" and
"proxy_next_upstream_timeout" directives.
*) Bugfix: nginx/Windows could not be built with MinGW-w64 gcc.
Changes with nginx 1.7.6 30 Sep 2014
*) Change: the deprecated "limit_zone" directive is not supported
anymore.
*) Feature: the "limit_conn_zone" and "limit_req_zone" directives now
can be used with combinations of multiple variables.
*) Bugfix: request body might be transmitted incorrectly when retrying a
FastCGI request to the next upstream server.
*) Bugfix: in logging to syslog.
Changes with nginx 1.7.5 16 Sep 2014
*) Security: it was possible to reuse SSL sessions in unrelated contexts
if a shared SSL session cache or the same TLS session ticket key was
used for multiple "server" blocks (CVE-2014-3616).
*) Change: now the "stub_status" directive does not require a parameter.
*) Feature: the "always" parameter of the "add_header" directive.
*) Feature: the "proxy_next_upstream_tries",
"proxy_next_upstream_timeout", "fastcgi_next_upstream_tries",
"fastcgi_next_upstream_timeout", "memcached_next_upstream_tries",
"memcached_next_upstream_timeout", "scgi_next_upstream_tries",
"scgi_next_upstream_timeout", "uwsgi_next_upstream_tries", and
"uwsgi_next_upstream_timeout" directives.
*) Bugfix: in the "if" parameter of the "access_log" directive.
*) Bugfix: in the ngx_http_perl_module.
*) Bugfix: the "listen" directive of the mail proxy module did not allow
to specify more than two parameters.
*) Bugfix: the "sub_filter" directive did not work with a string to
replace consisting of a single character.
*) Bugfix: requests might hang if resolver was used and a timeout
occurred during a DNS request.
*) Bugfix: in the ngx_http_spdy_module when using with AIO.
*) Bugfix: a segmentation fault might occur in a worker process if the
"set" directive was used to change the "$http_...", "$sent_http_...",
or "$upstream_http_..." variables.
*) Bugfix: in memory allocation error handling.
Changes with nginx 1.7.4 05 Aug 2014
*) Security: pipelined commands were not discarded after STARTTLS
command in SMTP proxy (CVE-2014-3556); the bug had appeared in 1.5.6.
*) Change: URI escaping now uses uppercase hexadecimal digits.
*) Feature: now nginx can be build with BoringSSL and LibreSSL.
*) Bugfix: requests might hang if resolver was used and a DNS server
returned a malformed response; the bug had appeared in 1.5.8.
*) Bugfix: in the ngx_http_spdy_module.
*) Bugfix: the $uri variable might contain garbage when returning errors
with code 400.
*) Bugfix: in error handling in the "proxy_store" directive and the
ngx_http_dav_module.
*) Bugfix: a segmentation fault might occur if logging of errors to
syslog was used; the bug had appeared in 1.7.1.
*) Bugfix: the $geoip_latitude, $geoip_longitude, $geoip_dma_code, and
$geoip_area_code variables might not work.
*) Bugfix: in memory allocation error handling.
Changes with nginx 1.7.3 08 Jul 2014
*) Feature: weak entity tags are now preserved on response
modifications, and strong ones are changed to weak.
*) Feature: cache revalidation now uses If-None-Match header if
possible.
*) Feature: the "ssl_password_file" directive.
*) Bugfix: the If-None-Match request header line was ignored if there
was no Last-Modified header in a response returned from cache.
*) Bugfix: "peer closed connection in SSL handshake" messages were
logged at "info" level instead of "error" while connecting to
backends.
*) Bugfix: in the ngx_http_dav_module module in nginx/Windows.
*) Bugfix: SPDY connections might be closed prematurely if caching was
used.
Changes with nginx 1.7.2 17 Jun 2014
*) Feature: the "hash" directive inside the "upstream" block.
*) Feature: defragmentation of free shared memory blocks.
*) Bugfix: a segmentation fault might occur in a worker process if the
default value of the "access_log" directive was used; the bug had
appeared in 1.7.0.
*) Bugfix: trailing slash was mistakenly removed from the last parameter
of the "try_files" directive.
*) Bugfix: nginx could not be built on OS X in some cases.
*) Bugfix: in the ngx_http_spdy_module.
Changes with nginx 1.7.1 27 May 2014
*) Feature: the "$upstream_cookie_..." variables.
*) Feature: the $ssl_client_fingerprint variable.
*) Feature: the "error_log" and "access_log" directives now support
logging to syslog.
*) Feature: the mail proxy now logs client port on connect.
*) Bugfix: memory leak if the "ssl_stapling" directive was used.
*) Bugfix: the "alias" directive used inside a location given by a
regular expression worked incorrectly if the "if" or "limit_except"
directives were used.
*) Bugfix: the "charset" directive did not set a charset to encoded
backend responses.
*) Bugfix: a "proxy_pass" directive without URI part might use original
request after the $args variable was set.
*) Bugfix: in the "none" parameter in the "smtp_auth" directive; the bug
had appeared in 1.5.6.
*) Bugfix: if sub_filter and SSI were used together, then responses
might be transferred incorrectly.
*) Bugfix: nginx could not be built with the --with-file-aio option on
Linux/aarch64.
Changes with nginx 1.7.0 24 Apr 2014
*) Feature: backend SSL certificate verification.
*) Feature: support for SNI while working with SSL backends.
*) Feature: the $ssl_server_name variable.
*) Feature: the "if" parameter of the "access_log" directive.
|
|
having a PKGNAME of p5-*, or depending such a package,
for perl-5.22.0.
|
|
|
|
Restore module checksums that were lost in last update.
Changes with nginx 1.6.2 16 Sep 2014
*) Security: it was possible to reuse SSL sessions in unrelated contexts
if a shared SSL session cache or the same TLS session ticket key was
used for multiple "server" blocks (CVE-2014-3616).
Thanks to Antoine Delignat-Lavaud.
*) Bugfix: requests might hang if resolver was used and a DNS server
returned a malformed response; the bug had appeared in 1.5.8.
*) Bugfix: requests might hang if resolver was used and a timeout
occurred during a DNS request.
|
|
*) Security: pipelined commands were not discarded after STARTTLS
command in SMTP proxy (CVE-2014-3556); the bug had appeared in 1.5.6.
*) Bugfix: the $uri variable might contain garbage when returning errors
with code 400.
*) Bugfix: in the "none" parameter in the "smtp_auth" directive; the bug
had appeared in 1.5.6.
|
|
with Perl 5.20.
|
|
|
|
|
|
|
|
features from the previous development branch (1.5.x) - including various
SSL improvements, SPDY 3.1 support, cache revalidation with conditional
requests, auth request module and more. Resolves CVE-2013-4547.
files/nginx.sh now has a configtest command for lazy admins (me) who don't
want to remember command line options. CHANGELOG:
Changes with nginx 1.5.13 08 Apr 2014
*) Change: improved hash table handling; the default values of the
"variables_hash_max_size" and "types_hash_bucket_size" were changed
to 1024 and 64 respectively.
*) Feature: the ngx_http_mp4_module now supports the "end" argument.
*) Feature: byte ranges support in the ngx_http_mp4_module and while
saving responses to cache.
*) Bugfix: alerts "ngx_slab_alloc() failed: no memory" no longer logged
when using shared memory in the "ssl_session_cache" directive and in
the ngx_http_limit_req_module.
*) Bugfix: the "underscores_in_headers" directive did not allow
underscore as a first character of a header.
*) Bugfix: cache manager might hog CPU on exit in nginx/Windows.
*) Bugfix: nginx/Windows terminated abnormally if the
"ssl_session_cache" directive was used with the "shared" parameter.
*) Bugfix: in the ngx_http_spdy_module.
Changes with nginx 1.5.12 18 Mar 2014
*) Security: a heap memory buffer overflow might occur in a worker
process while handling a specially crafted request by
ngx_http_spdy_module, potentially resulting in arbitrary code
execution (CVE-2014-0133).
*) Feature: the "proxy_protocol" parameters of the "listen" and
"real_ip_header" directives, the $proxy_protocol_addr variable.
*) Bugfix: in the "fastcgi_next_upstream" directive.
Changes with nginx 1.5.11 04 Mar 2014
*) Security: memory corruption might occur in a worker process on 32-bit
platforms while handling a specially crafted request by
ngx_http_spdy_module, potentially resulting in arbitrary code
execution (CVE-2014-0088); the bug had appeared in 1.5.10.
*) Feature: the $ssl_session_reused variable.
*) Bugfix: the "client_max_body_size" directive might not work when
reading a request body using chunked transfer encoding; the bug had
appeared in 1.3.9.
*) Bugfix: a segmentation fault might occur in a worker process when
proxying WebSocket connections.
*) Bugfix: a segmentation fault might occur in a worker process if the
ngx_http_spdy_module was used on 32-bit platforms; the bug had
appeared in 1.5.10.
*) Bugfix: the $upstream_status variable might contain wrong data if the
"proxy_cache_use_stale" or "proxy_cache_revalidate" directives were
used.
*) Bugfix: a segmentation fault might occur in a worker process if
errors with code 400 were redirected to a named location using the
"error_page" directive.
*) Bugfix: nginx/Windows could not be built with Visual Studio 2013.
Changes with nginx 1.5.10 04 Feb 2014
*) Feature: the ngx_http_spdy_module now uses SPDY 3.1 protocol.
*) Feature: the ngx_http_mp4_module now skips tracks too short for a
seek requested.
*) Bugfix: a segmentation fault might occur in a worker process if the
$ssl_session_id variable was used in logs; the bug had appeared in
1.5.9.
*) Bugfix: the $date_local and $date_gmt variables used wrong format
outside of the ngx_http_ssi_filter_module.
*) Bugfix: client connections might be immediately closed if deferred
accept was used; the bug had appeared in 1.3.15.
*) Bugfix: alerts "getsockopt(TCP_FASTOPEN) ... failed" appeared in logs
during binary upgrade on Linux; the bug had appeared in 1.5.8.
Changes with nginx 1.5.9 22 Jan 2014
*) Change: now nginx expects escaped URIs in "X-Accel-Redirect" headers.
*) Feature: the "ssl_buffer_size" directive.
*) Feature: the "limit_rate" directive can now be used to rate limit
responses sent in SPDY connections.
*) Feature: the "spdy_chunk_size" directive.
*) Feature: the "ssl_session_tickets" directive.
*) Bugfix: the $ssl_session_id variable contained full session
serialized instead of just a session id.
*) Bugfix: nginx incorrectly handled escaped "?" character in the
"include" SSI command.
*) Bugfix: the ngx_http_dav_module did not unescape destination URI of
the COPY and MOVE methods.
*) Bugfix: resolver did not understand domain names with a trailing dot.
*) Bugfix: alerts "zero size buf in output" might appear in logs while
proxying; the bug had appeared in 1.3.9.
*) Bugfix: a segmentation fault might occur in a worker process if the
ngx_http_spdy_module was used.
*) Bugfix: proxied WebSocket connections might hang right after
handshake if the select, poll, or /dev/poll methods were used.
*) Bugfix: the "xclient" directive of the mail proxy module incorrectly
handled IPv6 client addresses.
Changes with nginx 1.5.8 17 Dec 2013
*) Feature: IPv6 support in resolver.
*) Feature: the "listen" directive supports the "fastopen" parameter.
*) Feature: SSL support in the ngx_http_uwsgi_module.
*) Feature: vim syntax highlighting scripts were added to contrib.
*) Bugfix: a timeout might occur while reading client request body in an
SSL connection using chunked transfer encoding.
*) Bugfix: the "master_process" directive did not work correctly in
nginx/Windows.
*) Bugfix: the "setfib" parameter of the "listen" directive might not
work.
*) Bugfix: in the ngx_http_spdy_module.
Changes with nginx 1.5.7 19 Nov 2013
*) Security: a character following an unescaped space in a request line
was handled incorrectly (CVE-2013-4547); the bug had appeared in
0.8.41.
*) Change: a logging level of auth_basic errors about no user/password
provided has been lowered from "error" to "info".
*) Feature: the "proxy_cache_revalidate", "fastcgi_cache_revalidate",
"scgi_cache_revalidate", and "uwsgi_cache_revalidate" directives.
*) Feature: the "ssl_session_ticket_key" directive.
*) Bugfix: the directive "add_header Cache-Control ''" added a
"Cache-Control" response header line with an empty value.
*) Bugfix: the "satisfy any" directive might return 403 error instead of
401 if auth_request and auth_basic directives were used.
*) Bugfix: the "accept_filter" and "deferred" parameters of the "listen"
directive were ignored for listen sockets created during binary
upgrade.
*) Bugfix: some data received from a backend with unbufferred proxy
might not be sent to a client immediately if "gzip" or "gunzip"
directives were used.
*) Bugfix: in error handling in ngx_http_gunzip_filter_module.
*) Bugfix: responses might hang if the ngx_http_spdy_module was used
with the "auth_request" directive.
*) Bugfix: memory leak in nginx/Windows.
Changes with nginx 1.5.6 01 Oct 2013
*) Feature: the "fastcgi_buffering" directive.
*) Feature: the "proxy_ssl_protocols" and "proxy_ssl_ciphers"
directives.
*) Feature: optimization of SSL handshakes when using long certificate
chains.
*) Feature: the mail proxy supports SMTP pipelining.
*) Bugfix: in the ngx_http_auth_basic_module when using "$apr1$"
password encryption method.
*) Bugfix: in MacOSX, Cygwin, and nginx/Windows incorrect location might
be used to process a request if locations were given using characters
in different cases.
*) Bugfix: automatic redirect with appended trailing slash for proxied
locations might not work.
*) Bugfix: in the mail proxy server.
*) Bugfix: in the ngx_http_spdy_module.
Changes with nginx 1.5.5 17 Sep 2013
*) Change: now nginx assumes HTTP/1.0 by default if it is not able to
detect protocol reliably.
*) Feature: the "disable_symlinks" directive now uses O_PATH on Linux.
*) Feature: now nginx uses EPOLLRDHUP events to detect premature
connection close by clients if the "epoll" method is used.
*) Bugfix: in the "valid_referers" directive if the "server_names"
parameter was used.
*) Bugfix: the $request_time variable did not work in nginx/Windows.
*) Bugfix: in the "image_filter" directive.
*) Bugfix: OpenSSL 1.0.1f compatibility.
Changes with nginx 1.5.4 27 Aug 2013
*) Change: the "js" extension MIME type has been changed to
"application/javascript"; default value of the "charset_types"
directive was changed accordingly.
*) Change: now the "image_filter" directive with the "size" parameter
returns responses with the "application/json" MIME type.
*) Feature: the ngx_http_auth_request_module.
*) Bugfix: a segmentation fault might occur on start or during
reconfiguration if the "try_files" directive was used with an empty
parameter.
*) Bugfix: memory leak if relative paths were specified using variables
in the "root" or "auth_basic_user_file" directives.
*) Bugfix: the "valid_referers" directive incorrectly executed regular
expressions if a "Referer" header started with "https://".
*) Bugfix: responses might hang if subrequests were used and an SSL
handshake error happened during subrequest processing.
*) Bugfix: in the ngx_http_autoindex_module.
*) Bugfix: in the ngx_http_spdy_module.
Changes with nginx 1.5.3 30 Jul 2013
*) Change in internal API: now u->length defaults to -1 if working with
backends in unbuffered mode.
*) Change: now after receiving an incomplete response from a backend
server nginx tries to send an available part of the response to a
client, and then closes client connection.
*) Bugfix: a segmentation fault might occur in a worker process if the
ngx_http_spdy_module was used with the "client_body_in_file_only"
directive.
*) Bugfix: the "so_keepalive" parameter of the "listen" directive might
be handled incorrectly on DragonFlyBSD.
*) Bugfix: in the ngx_http_xslt_filter_module.
*) Bugfix: in the ngx_http_sub_filter_module.
Changes with nginx 1.5.2 02 Jul 2013
*) Feature: now several "error_log" directives can be used.
*) Bugfix: the $r->header_in() embedded perl method did not return value
of the "Cookie" and "X-Forwarded-For" request header lines; the bug
had appeared in 1.3.14.
*) Bugfix: in the ngx_http_spdy_module.
*) Bugfix: nginx could not be built on Linux with x32 ABI.
Changes with nginx 1.5.1 04 Jun 2013
*) Feature: the "ssi_last_modified", "sub_filter_last_modified", and
"xslt_last_modified" directives.
*) Feature: the "http_403" parameter of the "proxy_next_upstream",
"fastcgi_next_upstream", "scgi_next_upstream", and
"uwsgi_next_upstream" directives.
*) Feature: the "allow" and "deny" directives now support unix domain
sockets.
*) Bugfix: nginx could not be built with the ngx_mail_ssl_module, but
without ngx_http_ssl_module; the bug had appeared in 1.3.14.
*) Bugfix: in the "proxy_set_body" directive.
*) Bugfix: in the "lingering_time" directive.
*) Bugfix: the "fail_timeout" parameter of the "server" directive in the
"upstream" context might not work if "max_fails" parameter was used;
the bug had appeared in 1.3.0.
*) Bugfix: a segmentation fault might occur in a worker process if the
"ssl_stapling" directive was used.
*) Bugfix: in the mail proxy server.
*) Bugfix: nginx/Windows might stop accepting connections if several
worker processes were used.
Changes with nginx 1.5.0 07 May 2013
*) Security: a stack-based buffer overflow might occur in a worker
process while handling a specially crafted request, potentially
resulting in arbitrary code execution (CVE-2013-2028); the bug had
appeared in 1.3.9.
|
|
|
|
encrypted-session https://github.com/agentzh/encrypted-session-nginx-module
|
|
|
|
http://wiki.nginx.org/HttpHeadersMoreModule
|
|
|
|
*) Security: a heap memory buffer overflow might occur in a worker
process while handling a specially crafted request by
ngx_http_spdy_module, potentially resulting in arbitrary code
execution (CVE-2014-0133).
Thanks to Lucas Molas, researcher at Programa STIC, Fundación Dr.
Manuel Sadosky, Buenos Aires, Argentina.
*) Bugfix: in the "fastcgi_next_upstream" directive.
Thanks to Lucas Molas.
|
|
|
|
* Added Lua support: https://github.com/chaoslawful/lua-nginx-module
|
|
|
|
These are now handled dynamically if INIT_SYSTEM is set to "rc.d", or
ignored otherwise.
|
|
*) Bugfix: the "client_max_body_size" directive might not work when
reading a request body using chunked transfer encoding; the bug had
appeared in 1.3.9.
Thanks to Lucas Molas.
*) Bugfix: a segmentation fault might occur in a worker process when
proxying WebSocket connections.
|
|
*) Bugfix: the $ssl_session_id variable contained full session
serialized instead of just a session id.
Thanks to Ivan Risti\u0107.
*) Bugfix: client connections might be immediately closed if deferred
accept was used; the bug had appeared in 1.3.15.
*) Bugfix: alerts "zero size buf in output" might appear in logs while
proxying; the bug had appeared in 1.3.9.
*) Bugfix: a segmentation fault might occur in a worker process if the
ngx_http_spdy_module was used.
*) Bugfix: proxied WebSocket connections might hang right after
handshake if the select, poll, or /dev/poll methods were used.
*) Bugfix: a timeout might occur while reading client request body in an
SSL connection using chunked transfer encoding.
*) Bugfix: memory leak in nginx/Windows.
|
|
|
|
with --enable-jit, this option doesn't break the build. If it is, users can
still disable this feature by setting pcre_jit=off in nginx.conf.
|
|
Changes with nginx 1.4.4 19 Nov 2013
*) Security: a character following an unescaped space in a request line
was handled incorrectly (CVE-2013-4547); the bug had appeared in
0.8.41.
Thanks to Ivan Fratric of the Google Security Team.
Changes with nginx 1.4.3 08 Oct 2013
*) Bugfix: a segmentation fault might occur in a worker process if the
ngx_http_spdy_module was used with the "client_body_in_file_only"
directive.
*) Bugfix: a segmentation fault might occur on start or during
reconfiguration if the "try_files" directive was used with an empty
parameter.
*) Bugfix: the $request_time variable did not work in nginx/Windows.
*) Bugfix: in the ngx_http_auth_basic_module when using "$apr1$"
password encryption method.
Thanks to Markus Linnala.
*) Bugfix: in the ngx_http_autoindex_module.
*) Bugfix: in the mail proxy server.
|
|
|
