-
Notifications
You must be signed in to change notification settings - Fork 0
/
CHANGES
7828 lines (4792 loc) · 272 KB
/
CHANGES
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
Changes with nginx 1.12.2 17 Oct 2017
*) Bugfix: client SSL connections were immediately closed if deferred
accept and the "proxy_protocol" parameter of the "listen" directive
were used.
*) Bugfix: client connections might be dropped during configuration
testing when using the "reuseport" parameter of the "listen"
directive on Linux.
*) Bugfix: incorrect response length was returned on 32-bit platforms
when requesting more than 4 gigabytes with multiple ranges.
*) Bugfix: switching to the next upstream server in the stream module
did not work when using the "ssl_preread" directive.
*) Bugfix: when using HTTP/2 client request body might be corrupted.
*) Bugfix: in handling of client addresses when using unix domain
sockets.
Changes with nginx 1.12.1 11 Jul 2017
*) Security: a specially crafted request might result in an integer
overflow and incorrect processing of ranges in the range filter,
potentially resulting in sensitive information leak (CVE-2017-7529).
Changes with nginx 1.12.0 12 Apr 2017
*) 1.12.x stable branch.
Changes with nginx 1.11.13 04 Apr 2017
*) Feature: the "http_429" parameter of the "proxy_next_upstream",
"fastcgi_next_upstream", "scgi_next_upstream", and
"uwsgi_next_upstream" directives.
Thanks to Piotr Sikora.
*) Bugfix: in memory allocation error handling.
*) Bugfix: requests might hang when using the "sendfile" and
"timer_resolution" directives on Linux.
*) Bugfix: requests might hang when using the "sendfile" and "aio_write"
directives with subrequests.
*) Bugfix: in the ngx_http_v2_module.
Thanks to Piotr Sikora.
*) Bugfix: a segmentation fault might occur in a worker process when
using HTTP/2.
*) Bugfix: requests might hang when using the "limit_rate",
"sendfile_max_chunk", "limit_req" directives, or the $r->sleep()
embedded perl method with subrequests.
*) Bugfix: in the ngx_http_slice_module.
Changes with nginx 1.11.12 24 Mar 2017
*) Bugfix: nginx might hog CPU; the bug had appeared in 1.11.11.
Changes with nginx 1.11.11 21 Mar 2017
*) Feature: the "worker_shutdown_timeout" directive.
*) Feature: vim syntax highlighting scripts improvements.
Thanks to Wei-Ko Kao.
*) Bugfix: a segmentation fault might occur in a worker process if the
$limit_rate variable was set to an empty string.
*) Bugfix: the "proxy_cache_background_update",
"fastcgi_cache_background_update", "scgi_cache_background_update",
and "uwsgi_cache_background_update" directives might work incorrectly
if the "if" directive was used.
*) Bugfix: a segmentation fault might occur in a worker process if
number of large_client_header_buffers in a virtual server was
different from the one in the default server.
*) Bugfix: in the mail proxy server.
Changes with nginx 1.11.10 14 Feb 2017
*) Change: cache header format has been changed, previously cached
responses will be invalidated.
*) Feature: support of "stale-while-revalidate" and "stale-if-error"
extensions in the "Cache-Control" backend response header line.
*) Feature: the "proxy_cache_background_update",
"fastcgi_cache_background_update", "scgi_cache_background_update",
and "uwsgi_cache_background_update" directives.
*) Feature: nginx is now able to cache responses with the "Vary" header
line up to 128 characters long (instead of 42 characters in previous
versions).
*) Feature: the "build" parameter of the "server_tokens" directive.
Thanks to Tom Thorogood.
*) Bugfix: "[crit] SSL_write() failed" messages might appear in logs
when handling requests with the "Expect: 100-continue" request header
line.
*) Bugfix: the ngx_http_slice_module did not work in named locations.
*) Bugfix: a segmentation fault might occur in a worker process when
using AIO after an "X-Accel-Redirect" redirection.
*) Bugfix: reduced memory consumption for long-lived requests using
gzipping.
Changes with nginx 1.11.9 24 Jan 2017
*) Bugfix: nginx might hog CPU when using the stream module; the bug had
appeared in 1.11.5.
*) Bugfix: EXTERNAL authentication mechanism in mail proxy was accepted
even if it was not enabled in the configuration.
*) Bugfix: a segmentation fault might occur in a worker process if the
"ssl_verify_client" directive of the stream module was used.
*) Bugfix: the "ssl_verify_client" directive of the stream module might
not work.
*) Bugfix: closing keepalive connections due to no free worker
connections might be too aggressive.
Thanks to Joel Cunningham.
*) Bugfix: an incorrect response might be returned when using the
"sendfile" directive on FreeBSD and macOS; the bug had appeared in
1.7.8.
*) Bugfix: a truncated response might be stored in cache when using the
"aio_write" directive.
*) Bugfix: a socket leak might occur when using the "aio_write"
directive.
Changes with nginx 1.11.8 27 Dec 2016
*) Feature: the "absolute_redirect" directive.
*) Feature: the "escape" parameter of the "log_format" directive.
*) Feature: client SSL certificates verification in the stream module.
*) Feature: the "ssl_session_ticket_key" directive supports AES256
encryption of TLS session tickets when used with 80-byte keys.
*) Feature: vim-commentary support in vim scripts.
Thanks to Armin Grodon.
*) Bugfix: recursion when evaluating variables was not limited.
*) Bugfix: in the ngx_stream_ssl_preread_module.
*) Bugfix: if a server in an upstream in the stream module failed, it
was considered alive only when a test connection sent to it after
fail_timeout was closed; now a successfully established connection is
enough.
*) Bugfix: nginx/Windows could not be built with 64-bit Visual Studio.
*) Bugfix: nginx/Windows could not be built with OpenSSL 1.1.0.
Changes with nginx 1.11.7 13 Dec 2016
*) Change: now in case of a client certificate verification error the
$ssl_client_verify variable contains a string with the failure
reason, for example, "FAILED:certificate has expired".
*) Feature: the $ssl_ciphers, $ssl_curves, $ssl_client_v_start,
$ssl_client_v_end, and $ssl_client_v_remain variables.
*) Feature: the "volatile" parameter of the "map" directive.
*) Bugfix: dependencies specified for a module were ignored while
building dynamic modules.
*) Bugfix: when using HTTP/2 and the "limit_req" or "auth_request"
directives client request body might be corrupted; the bug had
appeared in 1.11.0.
*) Bugfix: a segmentation fault might occur in a worker process when
using HTTP/2; the bug had appeared in 1.11.3.
*) Bugfix: in the ngx_http_mp4_module.
Thanks to Congcong Hu.
*) Bugfix: in the ngx_http_perl_module.
Changes with nginx 1.11.6 15 Nov 2016
*) Change: format of the $ssl_client_s_dn and $ssl_client_i_dn variables
has been changed to follow RFC 2253 (RFC 4514); values in the old
format are available in the $ssl_client_s_dn_legacy and
$ssl_client_i_dn_legacy variables.
*) Change: when storing temporary files in a cache directory they will
be stored in the same subdirectories as corresponding cache files
instead of a separate subdirectory for temporary files.
*) Feature: EXTERNAL authentication mechanism support in mail proxy.
Thanks to Robert Norris.
*) Feature: WebP support in the ngx_http_image_filter_module.
*) Feature: variables support in the "proxy_method" directive.
Thanks to Dmitry Lazurkin.
*) Feature: the "http2_max_requests" directive in the
ngx_http_v2_module.
*) Feature: the "proxy_cache_max_range_offset",
"fastcgi_cache_max_range_offset", "scgi_cache_max_range_offset", and
"uwsgi_cache_max_range_offset" directives.
*) Bugfix: graceful shutdown of old worker processes might require
infinite time when using HTTP/2.
*) Bugfix: in the ngx_http_mp4_module.
*) Bugfix: "ignore long locked inactive cache entry" alerts might appear
in logs when proxying WebSocket connections with caching enabled.
*) Bugfix: nginx did not write anything to log and returned a response
with code 502 instead of 504 when a timeout occurred during an SSL
handshake to a backend.
Changes with nginx 1.11.5 11 Oct 2016
*) Change: the --with-ipv6 configure option was removed, now IPv6
support is configured automatically.
*) Change: now if there are no available servers in an upstream, nginx
will not reset number of failures of all servers as it previously
did, but will wait for fail_timeout to expire.
*) Feature: the ngx_stream_ssl_preread_module.
*) Feature: the "server" directive in the "upstream" context supports
the "max_conns" parameter.
*) Feature: the --with-compat configure option.
*) Feature: "manager_files", "manager_threshold", and "manager_sleep"
parameters of the "proxy_cache_path", "fastcgi_cache_path",
"scgi_cache_path", and "uwsgi_cache_path" directives.
*) Bugfix: flags passed by the --with-ld-opt configure option were not
used while building perl module.
*) Bugfix: in the "add_after_body" directive when used with the
"sub_filter" directive.
*) Bugfix: in the $realip_remote_addr variable.
*) Bugfix: the "dav_access", "proxy_store_access",
"fastcgi_store_access", "scgi_store_access", and "uwsgi_store_access"
directives ignored permissions specified for user.
*) Bugfix: unix domain listen sockets might not be inherited during
binary upgrade on Linux.
*) Bugfix: nginx returned the 400 response on requests with the "-"
character in the HTTP method.
Changes with nginx 1.11.4 13 Sep 2016
*) Feature: the $upstream_bytes_received variable.
*) Feature: the $bytes_received, $session_time, $protocol, $status,
$upstream_addr, $upstream_bytes_sent, $upstream_bytes_received,
$upstream_connect_time, $upstream_first_byte_time, and
$upstream_session_time variables in the stream module.
*) Feature: the ngx_stream_log_module.
*) Feature: the "proxy_protocol" parameter of the "listen" directive,
the $proxy_protocol_addr and $proxy_protocol_port variables in the
stream module.
*) Feature: the ngx_stream_realip_module.
*) Bugfix: nginx could not be built with the stream module and the
ngx_http_ssl_module, but without ngx_stream_ssl_module; the bug had
appeared in 1.11.3.
*) Feature: the IP_BIND_ADDRESS_NO_PORT socket option was not used; the
bug had appeared in 1.11.2.
*) Bugfix: in the "ranges" parameter of the "geo" directive.
*) Bugfix: an incorrect response might be returned when using the "aio
threads" and "sendfile" directives; the bug had appeared in 1.9.13.
Changes with nginx 1.11.3 26 Jul 2016
*) Change: now the "accept_mutex" directive is turned off by default.
*) Feature: now nginx uses EPOLLEXCLUSIVE on Linux.
*) Feature: the ngx_stream_geo_module.
*) Feature: the ngx_stream_geoip_module.
*) Feature: the ngx_stream_split_clients_module.
*) Feature: variables support in the "proxy_pass" and "proxy_ssl_name"
directives in the stream module.
*) Bugfix: socket leak when using HTTP/2.
*) Bugfix: in configure tests.
Thanks to Piotr Sikora.
Changes with nginx 1.11.2 05 Jul 2016
*) Change: now nginx always uses internal MD5 and SHA1 implementations;
the --with-md5 and --with-sha1 configure options were canceled.
*) Feature: variables support in the stream module.
*) Feature: the ngx_stream_map_module.
*) Feature: the ngx_stream_return_module.
*) Feature: a port can be specified in the "proxy_bind", "fastcgi_bind",
"memcached_bind", "scgi_bind", and "uwsgi_bind" directives.
*) Feature: now nginx uses the IP_BIND_ADDRESS_NO_PORT socket option
when available.
*) Bugfix: a segmentation fault might occur in a worker process when
using HTTP/2 and the "proxy_request_buffering" directive.
*) Bugfix: the "Content-Length" request header line was always added to
requests passed to backends, including requests without body, when
using HTTP/2.
*) Bugfix: "http request count is zero" alerts might appear in logs when
using HTTP/2.
*) Bugfix: unnecessary buffering might occur when using the "sub_filter"
directive; the issue had appeared in 1.9.4.
Changes with nginx 1.11.1 31 May 2016
*) Security: a segmentation fault might occur in a worker process while
writing a specially crafted request body to a temporary file
(CVE-2016-4450); the bug had appeared in 1.3.9.
Changes with nginx 1.11.0 24 May 2016
*) Feature: the "transparent" parameter of the "proxy_bind",
"fastcgi_bind", "memcached_bind", "scgi_bind", and "uwsgi_bind"
directives.
*) Feature: the $request_id variable.
*) Feature: the "map" directive supports combinations of multiple
variables as resulting values.
*) Feature: now nginx checks if EPOLLRDHUP events are supported by
kernel, and optimizes connection handling accordingly if the "epoll"
method is used.
*) Feature: the "ssl_certificate" and "ssl_certificate_key" directives
can be specified multiple times to load certificates of different
types (for example, RSA and ECDSA).
*) Feature: the "ssl_ecdh_curve" directive now allows specifying a list
of curves when using OpenSSL 1.0.2 or newer; by default a list built
into OpenSSL is used.
*) Change: to use DHE ciphers it is now required to specify parameters
using the "ssl_dhparam" directive.
*) Feature: the $proxy_protocol_port variable.
*) Feature: the $realip_remote_port variable in the
ngx_http_realip_module.
*) Feature: the ngx_http_realip_module is now able to set the client
port in addition to the address.
*) Change: the "421 Misdirected Request" response now used when
rejecting requests to a virtual server different from one negotiated
during an SSL handshake; this improves interoperability with some
HTTP/2 clients when using client certificates.
*) Change: HTTP/2 clients can now start sending request body
immediately; the "http2_body_preread_size" directive controls size of
the buffer used before nginx will start reading client request body.
*) Bugfix: cached error responses were not updated when using the
"proxy_cache_bypass" directive.
Changes with nginx 1.9.15 19 Apr 2016
*) Bugfix: "recv() failed" errors might occur when using HHVM as a
FastCGI server.
*) Bugfix: when using HTTP/2 and the "limit_req" or "auth_request"
directives a timeout or a "client violated flow control" error might
occur while reading client request body; the bug had appeared in
1.9.14.
*) Workaround: a response might not be shown by some browsers if HTTP/2
was used and client request body was not fully read; the bug had
appeared in 1.9.14.
*) Bugfix: connections might hang when using the "aio threads"
directive.
Thanks to Mindaugas Rasiukevicius.
Changes with nginx 1.9.14 05 Apr 2016
*) Feature: OpenSSL 1.1.0 compatibility.
*) Feature: the "proxy_request_buffering", "fastcgi_request_buffering",
"scgi_request_buffering", and "uwsgi_request_buffering" directives
now work with HTTP/2.
*) Bugfix: "zero size buf in output" alerts might appear in logs when
using HTTP/2.
*) Bugfix: the "client_max_body_size" directive might work incorrectly
when using HTTP/2.
*) Bugfix: of minor bugs in logging.
Changes with nginx 1.9.13 29 Mar 2016
*) Change: non-idempotent requests (POST, LOCK, PATCH) are no longer
passed to the next server by default if a request has been sent to a
backend; the "non_idempotent" parameter of the "proxy_next_upstream"
directive explicitly allows retrying such requests.
*) Feature: the ngx_http_perl_module can be built dynamically.
*) Feature: UDP support in the stream module.
*) Feature: the "aio_write" directive.
*) Feature: now cache manager monitors number of elements in caches and
tries to avoid cache keys zone overflows.
*) Bugfix: "task already active" and "second aio post" alerts might
appear in logs when using the "sendfile" and "aio" directives with
subrequests.
*) Bugfix: "zero size buf in output" alerts might appear in logs if
caching was used and a client closed a connection prematurely.
*) Bugfix: connections with clients might be closed needlessly if
caching was used.
Thanks to Justin Li.
*) Bugfix: nginx might hog CPU if the "sendfile" directive was used on
Linux or Solaris and a file being sent was changed during sending.
*) Bugfix: connections might hang when using the "sendfile" and "aio
threads" directives.
*) Bugfix: in the "proxy_pass", "fastcgi_pass", "scgi_pass", and
"uwsgi_pass" directives when using variables.
Thanks to Piotr Sikora.
*) Bugfix: in the ngx_http_sub_filter_module.
*) Bugfix: if an error occurred in a cached backend connection, the
request was passed to the next server regardless of the
proxy_next_upstream directive.
*) Bugfix: "CreateFile() failed" errors when creating temporary files on
Windows.
Changes with nginx 1.9.12 24 Feb 2016
*) Feature: Huffman encoding of response headers in HTTP/2.
Thanks to Vlad Krasnov.
*) Feature: the "worker_cpu_affinity" directive now supports more than
64 CPUs.
*) Bugfix: compatibility with 3rd party C++ modules; the bug had
appeared in 1.9.11.
Thanks to Piotr Sikora.
*) Bugfix: nginx could not be built statically with OpenSSL on Linux;
the bug had appeared in 1.9.11.
*) Bugfix: the "add_header ... always" directive with an empty value did
not delete "Last-Modified" and "ETag" header lines from error
responses.
*) Workaround: "called a function you should not call" and "shutdown
while in init" messages might appear in logs when using OpenSSL
1.0.2f.
*) Bugfix: invalid headers might be logged incorrectly.
*) Bugfix: socket leak when using HTTP/2.
*) Bugfix: in the ngx_http_v2_module.
Changes with nginx 1.9.11 09 Feb 2016
*) Feature: TCP support in resolver.
*) Feature: dynamic modules.
*) Bugfix: the $request_length variable did not include size of request
headers when using HTTP/2.
*) Bugfix: in the ngx_http_v2_module.
Changes with nginx 1.9.10 26 Jan 2016
*) Security: invalid pointer dereference might occur during DNS server
response processing if the "resolver" directive was used, allowing an
attacker who is able to forge UDP packets from the DNS server to
cause segmentation fault in a worker process (CVE-2016-0742).
*) Security: use-after-free condition might occur during CNAME response
processing if the "resolver" directive was used, allowing an attacker
who is able to trigger name resolution to cause segmentation fault in
a worker process, or might have potential other impact
(CVE-2016-0746).
*) Security: CNAME resolution was insufficiently limited if the
"resolver" directive was used, allowing an attacker who is able to
trigger arbitrary name resolution to cause excessive resource
consumption in worker processes (CVE-2016-0747).
*) Feature: the "auto" parameter of the "worker_cpu_affinity" directive.
*) Bugfix: the "proxy_protocol" parameter of the "listen" directive did
not work with IPv6 listen sockets.
*) Bugfix: connections to upstream servers might be cached incorrectly
when using the "keepalive" directive.
*) Bugfix: proxying used the HTTP method of the original request after
an "X-Accel-Redirect" redirection.
Changes with nginx 1.9.9 09 Dec 2015
*) Bugfix: proxying to unix domain sockets did not work when using
variables; the bug had appeared in 1.9.8.
Changes with nginx 1.9.8 08 Dec 2015
*) Feature: pwritev() support.
*) Feature: the "include" directive inside the "upstream" block.
*) Feature: the ngx_http_slice_module.
*) Bugfix: a segmentation fault might occur in a worker process when
using LibreSSL; the bug had appeared in 1.9.6.
*) Bugfix: nginx could not be built on OS X in some cases.
Changes with nginx 1.9.7 17 Nov 2015
*) Feature: the "nohostname" parameter of logging to syslog.
*) Feature: the "proxy_cache_convert_head" directive.
*) Feature: the $realip_remote_addr variable in the
ngx_http_realip_module.
*) Bugfix: the "expires" directive might not work when using variables.
*) Bugfix: a segmentation fault might occur in a worker process when
using HTTP/2; the bug had appeared in 1.9.6.
*) Bugfix: if nginx was built with the ngx_http_v2_module it was
possible to use the HTTP/2 protocol even if the "http2" parameter of
the "listen" directive was not specified.
*) Bugfix: in the ngx_http_v2_module.
Changes with nginx 1.9.6 27 Oct 2015
*) Bugfix: a segmentation fault might occur in a worker process when
using HTTP/2.
Thanks to Piotr Sikora and Denis Andzakovic.
*) Bugfix: the $server_protocol variable was empty when using HTTP/2.
*) Bugfix: backend SSL connections in the stream module might be timed
out unexpectedly.
*) Bugfix: a segmentation fault might occur in a worker process if
different ssl_session_cache settings were used in different virtual
servers.
*) Bugfix: nginx/Windows could not be built with MinGW gcc; the bug had
appeared in 1.9.4.
Thanks to Kouhei Sutou.
*) Bugfix: time was not updated when the timer_resolution directive was
used on Windows.
*) Miscellaneous minor fixes and improvements.
Thanks to Markus Linnala, Kurtis Nusbaum and Piotr Sikora.
Changes with nginx 1.9.5 22 Sep 2015
*) Feature: the ngx_http_v2_module (replaces ngx_http_spdy_module).
Thanks to Dropbox and Automattic for sponsoring this work.
*) Change: now the "output_buffers" directive uses two buffers by
default.
*) Change: now nginx limits subrequests recursion, not simultaneous
subrequests.
*) Change: now nginx checks the whole cache key when returning a
response from cache.
Thanks to Gena Makhomed and Sergey Brester.
*) Bugfix: "header already sent" alerts might appear in logs when using
cache; the bug had appeared in 1.7.5.
*) Bugfix: "writev() failed (4: Interrupted system call)" errors might
appear in logs when using CephFS and the "timer_resolution" directive
on Linux.
*) Bugfix: in invalid configurations handling.
Thanks to Markus Linnala.
*) Bugfix: a segmentation fault occurred in a worker process if the
"sub_filter" directive was used at http level; the bug had appeared
in 1.9.4.
Changes with nginx 1.9.4 18 Aug 2015
*) Change: the "proxy_downstream_buffer" and "proxy_upstream_buffer"
directives of the stream module are replaced with the
"proxy_buffer_size" directive.
*) Feature: the "tcp_nodelay" directive in the stream module.
*) Feature: multiple "sub_filter" directives can be used simultaneously.
*) Feature: variables support in the search string of the "sub_filter"
directive.
*) Workaround: configuration testing might fail under Linux OpenVZ.
Thanks to Gena Makhomed.
*) Bugfix: old worker processes might hog CPU after reconfiguration with
a large number of worker_connections.
*) Bugfix: a segmentation fault might occur in a worker process if the
"try_files" and "alias" directives were used inside a location given
by a regular expression; the bug had appeared in 1.7.1.
*) Bugfix: the "try_files" directive inside a nested location given by a
regular expression worked incorrectly if the "alias" directive was
used in the outer location.
*) Bugfix: in hash table initialization error handling.
*) Bugfix: nginx could not be built with Visual Studio 2015.
Changes with nginx 1.9.3 14 Jul 2015
*) Change: duplicate "http", "mail", and "stream" blocks are now
disallowed.
*) Feature: connection limiting in the stream module.
*) Feature: data rate limiting in the stream module.
*) Bugfix: the "zone" directive inside the "upstream" block did not work
on Windows.
*) Bugfix: compatibility with LibreSSL in the stream module.
Thanks to Piotr Sikora.
*) Bugfix: in the "--builddir" configure parameter.
Thanks to Piotr Sikora.
*) Bugfix: the "ssl_stapling_file" directive did not work; the bug had
appeared in 1.9.2.
Thanks to Faidon Liambotis and Brandon Black.
*) Bugfix: a segmentation fault might occur in a worker process if the
"ssl_stapling" directive was used; the bug had appeared in 1.9.2.
Thanks to Matthew Baldwin.
Changes with nginx 1.9.2 16 Jun 2015
*) Feature: the "backlog" parameter of the "listen" directives of the
mail proxy and stream modules.
*) Feature: the "allow" and "deny" directives in the stream module.
*) Feature: the "proxy_bind" directive in the stream module.
*) Feature: the "proxy_protocol" directive in the stream module.
*) Feature: the -T switch.
*) Feature: the REQUEST_SCHEME parameter added to the fastcgi.conf,
fastcgi_params, scgi_params, and uwsgi_params standard configuration
files.
*) Bugfix: the "reuseport" parameter of the "listen" directive of the
stream module did not work.
*) Bugfix: OCSP stapling might return an expired OCSP response in some
cases.
Changes with nginx 1.9.1 26 May 2015
*) Change: now SSLv3 protocol is disabled by default.
*) Change: some long deprecated directives are not supported anymore.
*) Feature: the "reuseport" parameter of the "listen" directive.
Thanks to Yingqi Lu at Intel and Sepherosa Ziehau.
*) Feature: the $upstream_connect_time variable.
*) Bugfix: in the "hash" directive on big-endian platforms.
*) Bugfix: nginx might fail to start on some old Linux variants; the bug
had appeared in 1.7.11.
*) Bugfix: in IP address parsing.
Thanks to Sergey Polovko.
Changes with nginx 1.9.0 28 Apr 2015
*) Change: obsolete aio and rtsig event methods have been removed.
*) Feature: the "zone" directive inside the "upstream" block.
*) Feature: the stream module.
*) Feature: byte ranges support in the ngx_http_memcached_module.
Thanks to Martin Mlynář.
*) Feature: shared memory can now be used on Windows versions with
address space layout randomization.
Thanks to Sergey Brester.
*) Feature: the "error_log" directive can now be used on mail and server
levels in mail proxy.
*) Bugfix: the "proxy_protocol" parameter of the "listen" directive did
not work if not specified in the first "listen" directive for a
listen socket.
Changes with nginx 1.7.12 07 Apr 2015
*) Feature: now the "tcp_nodelay" directive works with backend SSL
connections.
*) Feature: now thread pools can be used to read cache file headers.
*) Bugfix: in the "proxy_request_buffering" directive.
*) Bugfix: a segmentation fault might occur in a worker process when
using thread pools on Linux.
*) Bugfix: in error handling when using the "ssl_stapling" directive.
Thanks to Filipe da Silva.
*) Bugfix: in the ngx_http_spdy_module.
Changes with nginx 1.7.11 24 Mar 2015
*) Change: the "sendfile" parameter of the "aio" directive is
deprecated; now nginx automatically uses AIO to pre-load data for
sendfile if both "aio" and "sendfile" directives are used.
*) Feature: experimental thread pools support.
*) Feature: the "proxy_request_buffering", "fastcgi_request_buffering",
"scgi_request_buffering", and "uwsgi_request_buffering" directives.
*) Feature: request body filters experimental API.
*) Feature: client SSL certificates support in mail proxy.
Thanks to Sven Peter, Franck Levionnois, and Filipe Da Silva.
*) Feature: startup speedup when using the "hash ... consistent"
directive in the upstream block.
Thanks to Wai Keen Woon.
*) Feature: debug logging into a cyclic memory buffer.
*) Bugfix: in hash table handling.
Thanks to Chris West.
*) Bugfix: in the "proxy_cache_revalidate" directive.
*) Bugfix: SSL connections might hang if deferred accept or the
"proxy_protocol" parameter of the "listen" directive were used.
Thanks to James Hamlin.
*) Bugfix: the $upstream_response_time variable might contain a wrong
value if the "image_filter" directive was used.
*) Bugfix: in integer overflow handling.
Thanks to Régis Leroy.
*) Bugfix: it was not possible to enable SSLv3 with LibreSSL.
*) Bugfix: the "ignoring stale global SSL error ... called a function
you should not call" alerts appeared in logs when using LibreSSL.
*) Bugfix: certificates specified by the "ssl_client_certificate" and
"ssl_trusted_certificate" directives were inadvertently used to
automatically construct certificate chains.
Changes with nginx 1.7.10 10 Feb 2015
*) Feature: the "use_temp_path" parameter of the "proxy_cache_path",
"fastcgi_cache_path", "scgi_cache_path", and "uwsgi_cache_path"
directives.
*) Feature: the $upstream_header_time variable.
*) Workaround: now on disk overflow nginx tries to write error logs once
a second only.
*) Bugfix: the "try_files" directive did not ignore normal files while
testing directories.
Thanks to Damien Tournoud.
*) Bugfix: alerts "sendfile() failed" if the "sendfile" directive was
used on OS X; the bug had appeared in 1.7.8.
*) Bugfix: alerts "sem_post() failed" might appear in logs.
*) Bugfix: nginx could not be built with musl libc.
Thanks to James Taylor.
*) Bugfix: nginx could not be built on Tru64 UNIX.
Thanks to Goetz T. Fischer.
Changes with nginx 1.7.9 23 Dec 2014
*) Feature: variables support in the "proxy_cache", "fastcgi_cache",
"scgi_cache", and "uwsgi_cache" directives.
*) Feature: variables support in the "expires" directive.
*) Feature: loading of secret keys from hardware tokens with OpenSSL
engines.
Thanks to Dmitrii Pichulin.
*) Feature: the "autoindex_format" directive.
*) Bugfix: cache revalidation is now only used for responses with 200
and 206 status codes.
Thanks to Piotr Sikora.
*) Bugfix: the "TE" client request header line was passed to backends
while proxying.
*) Bugfix: the "proxy_pass", "fastcgi_pass", "scgi_pass", and
"uwsgi_pass" directives might not work correctly inside the "if" and
"limit_except" blocks.
*) Bugfix: the "proxy_store" directive with the "on" parameter was
ignored if the "proxy_store" directive with an explicitly specified
file path was used on a previous level.
*) Bugfix: nginx could not be built with BoringSSL.
Thanks to Lukas Tribus.
Changes with nginx 1.7.8 02 Dec 2014
*) Change: now the "If-Modified-Since", "If-Range", etc. client request
header lines are passed to a backend while caching if nginx knows in
advance that the response will not be cached (e.g., when using
proxy_cache_min_uses).
*) Change: now after proxy_cache_lock_timeout nginx sends a request to a
backend with caching disabled; the new directives
"proxy_cache_lock_age", "fastcgi_cache_lock_age",
"scgi_cache_lock_age", and "uwsgi_cache_lock_age" specify a time
after which the lock will be released and another attempt to cache a
response will be made.
*) Change: the "log_format" directive can now be used only at http
level.
*) Feature: the "proxy_ssl_certificate", "proxy_ssl_certificate_key",
"proxy_ssl_password_file", "uwsgi_ssl_certificate",
"uwsgi_ssl_certificate_key", and "uwsgi_ssl_password_file"
directives.
Thanks to Piotr Sikora.
*) Feature: it is now possible to switch to a named location using
"X-Accel-Redirect".
Thanks to Toshikuni Fukaya.
*) Feature: now the "tcp_nodelay" directive works with SPDY connections.
*) Feature: new directives in vim syntax highliting scripts.
Thanks to Peter Wu.
*) Bugfix: nginx ignored the "s-maxage" value in the "Cache-Control"
backend response header line.
Thanks to Piotr Sikora.
*) Bugfix: in the ngx_http_spdy_module.
Thanks to Piotr Sikora.
*) Bugfix: in the "ssl_password_file" directive when using OpenSSL
0.9.8zc, 1.0.0o, 1.0.1j.
*) Bugfix: alerts "header already sent" appeared in logs if the
"post_action" directive was used; the bug had appeared in 1.5.4.
*) Bugfix: alerts "the http output chain is empty" might appear in logs
if the "postpone_output 0" directive was used with SSI includes.
*) Bugfix: in the "proxy_cache_lock" directive with SSI subrequests.
Thanks to Yichun Zhang.
Changes with nginx 1.7.7 28 Oct 2014
*) Change: now nginx takes into account the "Vary" header line in a
backend response while caching.
*) Feature: the "proxy_force_ranges", "fastcgi_force_ranges",
"scgi_force_ranges", and "uwsgi_force_ranges" directives.
*) Feature: the "proxy_limit_rate", "fastcgi_limit_rate",
"scgi_limit_rate", and "uwsgi_limit_rate" directives.
*) Feature: the "Vary" parameter of the "proxy_ignore_headers",
"fastcgi_ignore_headers", "scgi_ignore_headers", and
"uwsgi_ignore_headers" directives.
*) Bugfix: the last part of a response received from a backend with
unbufferred proxy might not be sent to a client if "gzip" or "gunzip"
directives were used.
*) Bugfix: in the "proxy_cache_revalidate" directive.
Thanks to Piotr Sikora.
*) Bugfix: in error handling.
Thanks to Yichun Zhang and Daniil Bondarev.
*) Bugfix: in the "proxy_next_upstream_tries" and