instead of ftp.NetBSD.org.
* lua-nginx-module 0.9.5 updated to 0.9.16
* echo-nginx-module 0.51 updated to 0.58
* set-misc-nginx-module 0.24 updated to 0.29
* array-var-nginx-module 0.03 updated to 0.04
* encrypted-session-nginx-module 0.03 updated to 0.04
* form-input-nginx-module 0.07 updated to 0.11
* headers-more-nginx-module 0.25 updated to 0.26.1
Only minor revision changes, no features added. Modules don't have Changelog,
git history shows only cosmetic changes and bugfixes.
Changes from 1.9.4
*) Feature: the ngx_http_v2_module (replaces ngx_http_spdy_module).
Thanks to Dropbox and Automattic for sponsoring this work.
*) Change: now the "output_buffers" directive uses two buffers by
default.
*) Change: now nginx limits subrequests recursion, not simultaneous
subrequests.
*) Change: now nginx checks the whole cache key when returning a
response from cache.
Thanks to Gena Makhomed and Sergey Brester.
*) Bugfix: "header already sent" alerts might appear in logs when using
cache; the bug had appeared in 1.7.5.
*) Bugfix: "writev() failed (4: Interrupted system call)" errors might
appear in logs when using CephFS and the "timer_resolution" directive
on Linux.
*) Bugfix: in invalid configurations handling.
Thanks to Markus Linnala.
*) Bugfix: a segmentation fault occurred in a worker process if the
"sub_filter" directive was used at http level; the bug had appeared
in 1.9.4.
Updated naxsi to 0.54
From 0.53-2 "AppleJack":
* increased PCRE output vector from 6 to 30 (from 2 match groups to 10)
* removed negative rule on content-types (naxsi_core.rules) as naxsi supports
json
* Fixed broken EXLOG on |NAME match zones (issues/110)
* Integrated libinjection (xss/sqli)
Changes with nginx 1.9.4 18 Aug 2015
*) Change: the "proxy_downstream_buffer" and "proxy_upstream_buffer"
directives of the stream module are replaced with the
"proxy_buffer_size" directive.
*) Feature: the "tcp_nodelay" directive in the stream module.
*) Feature: multiple "sub_filter" directives can be used simultaneously.
*) Feature: variables support in the search string of the "sub_filter"
directive.
*) Workaround: configuration testing might fail under Linux OpenVZ.
Thanks to Gena Makhomed.
*) Bugfix: old worker processes might hog CPU after reconfiguration with
a large number of worker_connections.
*) Bugfix: a segmentation fault might occur in a worker process if the
"try_files" and "alias" directives were used inside a location given
by a regular expression; the bug had appeared in 1.7.1.
*) Bugfix: the "try_files" directive inside a nested location given by a
regular expression worked incorrectly if the "alias" directive was
used in the outer location.
*) Bugfix: in hash table initialization error handling.
*) Bugfix: nginx could not be built with Visual Studio 2015.
Changes with nginx 1.9.3 14 Jul 2015
*) Change: duplicate "http", "mail", and "stream" blocks are now
disallowed.
*) Feature: connection limiting in the stream module.
*) Feature: data rate limiting in the stream module.
*) Bugfix: the "zone" directive inside the "upstream" block did not work
on Windows.
*) Bugfix: compatibility with LibreSSL in the stream module.
Thanks to Piotr Sikora.
*) Bugfix: in the "--builddir" configure parameter.
Thanks to Piotr Sikora.
*) Bugfix: the "ssl_stapling_file" directive did not work; the bug had
appeared in 1.9.2.
Thanks to Faidon Liambotis and Brandon Black.
*) Bugfix: a segmentation fault might occur in a worker process if the
"ssl_stapling" directive was used; the bug had appeared in 1.9.2.
Thanks to Matthew Baldwin.
Changes with nginx 1.9.2 16 Jun 2015
*) Feature: the "backlog" parameter of the "listen" directives of the
mail proxy and stream modules.
*) Feature: the "allow" and "deny" directives in the stream module.
*) Feature: the "proxy_bind" directive in the stream module.
*) Feature: the "proxy_protocol" directive in the stream module.
*) Feature: the -T switch.
*) Feature: the REQUEST_SCHEME parameter added to the fastcgi.conf,
fastcgi_params, scgi_params, and uwsgi_params standard configuration
files.
*) Bugfix: the "reuseport" parameter of the "listen" directive of the
stream module did not work.
*) Bugfix: OCSP stapling might return an expired OCSP response in some
cases.
Changes with nginx 1.9.1 26 May 2015
*) Change: now SSLv3 protocol is disabled by default.
*) Change: some long deprecated directives are not supported anymore.
*) Feature: the "reuseport" parameter of the "listen" directive.
Thanks to Yingqi Lu at Intel and Sepherosa Ziehau.
*) Feature: the $upstream_connect_time variable.
*) Bugfix: in the "hash" directive on big-endian platforms.
*) Bugfix: nginx might fail to start on some old Linux variants; the bug
had appeared in 1.7.11.
*) Bugfix: in IP address parsing.
Thanks to Sergey Polovko.
Changes with nginx 1.9.0 28 Apr 2015
*) Change: obsolete aio and rtsig event methods have been removed.
*) Feature: the "zone" directive inside the "upstream" block.
*) Feature: the stream module.
*) Feature: byte ranges support in the ngx_http_memcached_module.
Thanks to Martin Mlynar.
*) Feature: shared memory can now be used on Windows versions with
address space layout randomization.
Thanks to Sergey Brester.
*) Feature: the "error_log" directive can now be used on mail and server
levels in mail proxy.
*) Bugfix: the "proxy_protocol" parameter of the "listen" directive did
not work if not specified in the first "listen" directive for a
listen socket.
Changes with nginx 1.7.12 07 Apr 2015
*) Feature: now the "tcp_nodelay" directive works with backend SSL
connections.
*) Feature: now thread pools can be used to read cache file headers.
*) Bugfix: in the "proxy_request_buffering" directive.
*) Bugfix: a segmentation fault might occur in a worker process when
using thread pools on Linux.
*) Bugfix: in error handling when using the "ssl_stapling" directive.
Thanks to Filipe da Silva.
*) Bugfix: in the ngx_http_spdy_module.
Changes with nginx 1.7.11 24 Mar 2015
*) Change: the "sendfile" parameter of the "aio" directive is
deprecated; now nginx automatically uses AIO to pre-load data for
sendfile if both "aio" and "sendfile" directives are used.
*) Feature: experimental thread pools support.
*) Feature: the "proxy_request_buffering", "fastcgi_request_buffering",
"scgi_request_buffering", and "uwsgi_request_buffering" directives.
*) Feature: request body filters experimental API.
*) Feature: client SSL certificates support in mail proxy.
Thanks to Sven Peter, Franck Levionnois, and Filipe Da Silva.
*) Feature: startup speedup when using the "hash ... consistent"
directive in the upstream block.
Thanks to Wai Keen Woon.
*) Feature: debug logging into a cyclic memory buffer.
*) Bugfix: in hash table handling.
Thanks to Chris West.
*) Bugfix: in the "proxy_cache_revalidate" directive.
*) Bugfix: SSL connections might hang if deferred accept or the
"proxy_protocol" parameter of the "listen" directive were used.
Thanks to James Hamlin.
*) Bugfix: the $upstream_response_time variable might contain a wrong
value if the "image_filter" directive was used.
*) Bugfix: in integer overflow handling.
Thanks to Régis Leroy.
*) Bugfix: it was not possible to enable SSLv3 with LibreSSL.
*) Bugfix: the "ignoring stale global SSL error ... called a function
you should not call" alerts appeared in logs when using LibreSSL.
*) Bugfix: certificates specified by the "ssl_client_certificate" and
"ssl_trusted_certificate" directives were inadvertently used to
automatically construct certificate chains.
Changes with nginx 1.7.10 10 Feb 2015
*) Feature: the "use_temp_path" parameter of the "proxy_cache_path",
"fastcgi_cache_path", "scgi_cache_path", and "uwsgi_cache_path"
directives.
*) Feature: the $upstream_header_time variable.
*) Workaround: now on disk overflow nginx tries to write error logs once
a second only.
*) Bugfix: the "try_files" directive did not ignore normal files while
testing directories.
Thanks to Damien Tournoud.
*) Bugfix: alerts "sendfile() failed" if the "sendfile" directive was
used on OS X; the bug had appeared in 1.7.8.
*) Bugfix: alerts "sem_post() failed" might appear in logs.
*) Bugfix: nginx could not be built with musl libc.
Thanks to James Taylor.
*) Bugfix: nginx could not be built on Tru64 UNIX.
Thanks to Goetz T. Fischer.
Changes with nginx 1.7.9 23 Dec 2014
*) Feature: variables support in the "proxy_cache", "fastcgi_cache",
"scgi_cache", and "uwsgi_cache" directives.
*) Feature: variables support in the "expires" directive.
*) Feature: loading of secret keys from hardware tokens with OpenSSL
engines.
Thanks to Dmitrii Pichulin.
*) Feature: the "autoindex_format" directive.
*) Bugfix: cache revalidation is now only used for responses with 200
and 206 status codes.
Thanks to Piotr Sikora.
*) Bugfix: the "TE" client request header line was passed to backends
while proxying.
*) Bugfix: the "proxy_pass", "fastcgi_pass", "scgi_pass", and
"uwsgi_pass" directives might not work correctly inside the "if" and
"limit_except" blocks.
*) Bugfix: the "proxy_store" directive with the "on" parameter was
ignored if the "proxy_store" directive with an explicitly specified
file path was used on a previous level.
*) Bugfix: nginx could not be built with BoringSSL.
Thanks to Lukas Tribus.
Changes with nginx 1.7.8 02 Dec 2014
*) Change: now the "If-Modified-Since", "If-Range", etc. client request
header lines are passed to a backend while caching if nginx knows in
advance that the response will not be cached (e.g., when using
proxy_cache_min_uses).
*) Change: now after proxy_cache_lock_timeout nginx sends a request to a
backend with caching disabled; the new directives
"proxy_cache_lock_age", "fastcgi_cache_lock_age",
"scgi_cache_lock_age", and "uwsgi_cache_lock_age" specify a time
after which the lock will be released and another attempt to cache a
response will be made.
*) Change: the "log_format" directive can now be used only at http
level.
*) Feature: the "proxy_ssl_certificate", "proxy_ssl_certificate_key",
"proxy_ssl_password_file", "uwsgi_ssl_certificate",
"uwsgi_ssl_certificate_key", and "uwsgi_ssl_password_file"
directives.
Thanks to Piotr Sikora.
*) Feature: it is now possible to switch to a named location using
"X-Accel-Redirect".
Thanks to Toshikuni Fukaya.
*) Feature: now the "tcp_nodelay" directive works with SPDY connections.
*) Feature: new directives in vim syntax highliting scripts.
Thanks to Peter Wu.
*) Bugfix: nginx ignored the "s-maxage" value in the "Cache-Control"
backend response header line.
Thanks to Piotr Sikora.
*) Bugfix: in the ngx_http_spdy_module.
Thanks to Piotr Sikora.
*) Bugfix: in the "ssl_password_file" directive when using OpenSSL
0.9.8zc, 1.0.0o, 1.0.1j.
*) Bugfix: alerts "header already sent" appeared in logs if the
"post_action" directive was used; the bug had appeared in 1.5.4.
*) Bugfix: alerts "the http output chain is empty" might appear in logs
if the "postpone_output 0" directive was used with SSI includes.
*) Bugfix: in the "proxy_cache_lock" directive with SSI subrequests.
Thanks to Yichun Zhang.
Changes with nginx 1.7.7 28 Oct 2014
*) Change: now nginx takes into account the "Vary" header line in a
backend response while caching.
*) Feature: the "proxy_force_ranges", "fastcgi_force_ranges",
"scgi_force_ranges", and "uwsgi_force_ranges" directives.
*) Feature: the "proxy_limit_rate", "fastcgi_limit_rate",
"scgi_limit_rate", and "uwsgi_limit_rate" directives.
*) Feature: the "Vary" parameter of the "proxy_ignore_headers",
"fastcgi_ignore_headers", "scgi_ignore_headers", and
"uwsgi_ignore_headers" directives.
*) Bugfix: the last part of a response received from a backend with
unbufferred proxy might not be sent to a client if "gzip" or "gunzip"
directives were used.
*) Bugfix: in the "proxy_cache_revalidate" directive.
Thanks to Piotr Sikora.
*) Bugfix: in error handling.
Thanks to Yichun Zhang and Daniil Bondarev.
*) Bugfix: in the "proxy_next_upstream_tries" and
"proxy_next_upstream_timeout" directives.
Thanks to Feng Gu.
*) Bugfix: nginx/Windows could not be built with MinGW-w64 gcc.
Thanks to Kouhei Sutou.
Changes with nginx 1.7.6 30 Sep 2014
*) Change: the deprecated "limit_zone" directive is not supported
anymore.
*) Feature: the "limit_conn_zone" and "limit_req_zone" directives now
can be used with combinations of multiple variables.
*) Bugfix: request body might be transmitted incorrectly when retrying a
FastCGI request to the next upstream server.
*) Bugfix: in logging to syslog.
Changes with nginx 1.7.5 16 Sep 2014
*) Security: it was possible to reuse SSL sessions in unrelated contexts
if a shared SSL session cache or the same TLS session ticket key was
used for multiple "server" blocks (CVE-2014-3616).
Thanks to Antoine Delignat-Lavaud.
*) Change: now the "stub_status" directive does not require a parameter.
*) Feature: the "always" parameter of the "add_header" directive.
*) Feature: the "proxy_next_upstream_tries",
"proxy_next_upstream_timeout", "fastcgi_next_upstream_tries",
"fastcgi_next_upstream_timeout", "memcached_next_upstream_tries",
"memcached_next_upstream_timeout", "scgi_next_upstream_tries",
"scgi_next_upstream_timeout", "uwsgi_next_upstream_tries", and
"uwsgi_next_upstream_timeout" directives.
*) Bugfix: in the "if" parameter of the "access_log" directive.
*) Bugfix: in the ngx_http_perl_module.
Thanks to Piotr Sikora.
*) Bugfix: the "listen" directive of the mail proxy module did not allow
to specify more than two parameters.
*) Bugfix: the "sub_filter" directive did not work with a string to
replace consisting of a single character.
*) Bugfix: requests might hang if resolver was used and a timeout
occurred during a DNS request.
*) Bugfix: in the ngx_http_spdy_module when using with AIO.
*) Bugfix: a segmentation fault might occur in a worker process if the
"set" directive was used to change the "$http_...", "$sent_http_...",
or "$upstream_http_..." variables.
*) Bugfix: in memory allocation error handling.
Thanks to Markus Linnala and Feng Gu.
Changes with nginx 1.7.4 05 Aug 2014
*) Security: pipelined commands were not discarded after STARTTLS
command in SMTP proxy (CVE-2014-3556); the bug had appeared in 1.5.6.
Thanks to Chris Boulton.
*) Change: URI escaping now uses uppercase hexadecimal digits.
Thanks to Piotr Sikora.
*) Feature: now nginx can be build with BoringSSL and LibreSSL.
Thanks to Piotr Sikora.
*) Bugfix: requests might hang if resolver was used and a DNS server
returned a malformed response; the bug had appeared in 1.5.8.
*) Bugfix: in the ngx_http_spdy_module.
Thanks to Piotr Sikora.
*) Bugfix: the $uri variable might contain garbage when returning errors
with code 400.
Thanks to Sergey Bobrov.
*) Bugfix: in error handling in the "proxy_store" directive and the
ngx_http_dav_module.
Thanks to Feng Gu.
*) Bugfix: a segmentation fault might occur if logging of errors to
syslog was used; the bug had appeared in 1.7.1.
*) Bugfix: the $geoip_latitude, $geoip_longitude, $geoip_dma_code, and
$geoip_area_code variables might not work.
Thanks to Yichun Zhang.
*) Bugfix: in memory allocation error handling.
Thanks to Tatsuhiko Kubo and Piotr Sikora.
Changes with nginx 1.7.3 08 Jul 2014
*) Feature: weak entity tags are now preserved on response
modifications, and strong ones are changed to weak.
*) Feature: cache revalidation now uses If-None-Match header if
possible.
*) Feature: the "ssl_password_file" directive.
*) Bugfix: the If-None-Match request header line was ignored if there
was no Last-Modified header in a response returned from cache.
*) Bugfix: "peer closed connection in SSL handshake" messages were
logged at "info" level instead of "error" while connecting to
backends.
*) Bugfix: in the ngx_http_dav_module module in nginx/Windows.
*) Bugfix: SPDY connections might be closed prematurely if caching was
used.
Changes with nginx 1.7.2 17 Jun 2014
*) Feature: the "hash" directive inside the "upstream" block.
*) Feature: defragmentation of free shared memory blocks.
Thanks to Wandenberg Peixoto and Yichun Zhang.
*) Bugfix: a segmentation fault might occur in a worker process if the
default value of the "access_log" directive was used; the bug had
appeared in 1.7.0.
Thanks to Piotr Sikora.
*) Bugfix: trailing slash was mistakenly removed from the last parameter
of the "try_files" directive.
*) Bugfix: nginx could not be built on OS X in some cases.
*) Bugfix: in the ngx_http_spdy_module.
Changes with nginx 1.7.1 27 May 2014
*) Feature: the "$upstream_cookie_..." variables.
*) Feature: the $ssl_client_fingerprint variable.
*) Feature: the "error_log" and "access_log" directives now support
logging to syslog.
*) Feature: the mail proxy now logs client port on connect.
*) Bugfix: memory leak if the "ssl_stapling" directive was used.
Thanks to Filipe da Silva.
*) Bugfix: the "alias" directive used inside a location given by a
regular expression worked incorrectly if the "if" or "limit_except"
directives were used.
*) Bugfix: the "charset" directive did not set a charset to encoded
backend responses.
*) Bugfix: a "proxy_pass" directive without URI part might use original
request after the $args variable was set.
Thanks to Yichun Zhang.
*) Bugfix: in the "none" parameter in the "smtp_auth" directive; the bug
had appeared in 1.5.6.
Thanks to Svyatoslav Nikolsky.
*) Bugfix: if sub_filter and SSI were used together, then responses
might be transferred incorrectly.
*) Bugfix: nginx could not be built with the --with-file-aio option on
Linux/aarch64.
Changes with nginx 1.7.0 24 Apr 2014
*) Feature: backend SSL certificate verification.
*) Feature: support for SNI while working with SSL backends.
*) Feature: the $ssl_server_name variable.
*) Feature: the "if" parameter of the "access_log" directive.
Changes with nginx 1.5.13 08 Apr 2014
*) Change: improved hash table handling; the default values of the
"variables_hash_max_size" and "types_hash_bucket_size" were changed
to 1024 and 64 respectively.
*) Feature: the ngx_http_mp4_module now supports the "end" argument.
*) Feature: byte ranges support in the ngx_http_mp4_module and while
saving responses to cache.
*) Bugfix: alerts "ngx_slab_alloc() failed: no memory" no longer logged
when using shared memory in the "ssl_session_cache" directive and in
the ngx_http_limit_req_module.
*) Bugfix: the "underscores_in_headers" directive did not allow
underscore as a first character of a header.
Thanks to Piotr Sikora.
*) Bugfix: cache manager might hog CPU on exit in nginx/Windows.
*) Bugfix: nginx/Windows terminated abnormally if the
"ssl_session_cache" directive was used with the "shared" parameter.
*) Bugfix: in the ngx_http_spdy_module.
*) Security: a heap memory buffer overflow might occur in a worker
process while handling a specially crafted request by
ngx_http_spdy_module, potentially resulting in arbitrary code
execution (CVE-2014-0133).
Thanks to Lucas Molas, researcher at Programa STIC, Fundación Dr.
Manuel Sadosky, Buenos Aires, Argentina.
*) Feature: the "proxy_protocol" parameters of the "listen" and
"real_ip_header" directives, the $proxy_protocol_addr variable.
*) Bugfix: in the "fastcgi_next_upstream" directive.
Thanks to Lucas Molas.
*) Security: memory corruption might occur in a worker process on 32-bit
platforms while handling a specially crafted request by
ngx_http_spdy_module, potentially resulting in arbitrary code
execution (CVE-2014-0088); the bug had appeared in 1.5.10.
Thanks to Lucas Molas, researcher at Programa STIC, Fundación Dr.
Manuel Sadosky, Buenos Aires, Argentina.
*) Feature: the $ssl_session_reused variable.
*) Bugfix: the "client_max_body_size" directive might not work when
reading a request body using chunked transfer encoding; the bug had
appeared in 1.3.9.
Thanks to Lucas Molas.
*) Bugfix: a segmentation fault might occur in a worker process when
proxying WebSocket connections.
*) Bugfix: a segmentation fault might occur in a worker process if the
ngx_http_spdy_module was used on 32-bit platforms; the bug had
appeared in 1.5.10.
*) Bugfix: the $upstream_status variable might contain wrong data if the
"proxy_cache_use_stale" or "proxy_cache_revalidate" directives were
used.
Thanks to Piotr Sikora.
*) Bugfix: a segmentation fault might occur in a worker process if
errors with code 400 were redirected to a named location using the
"error_page" directive.
*) Bugfix: nginx/Windows could not be built with Visual Studio 2013.
Changes with nginx 1.5.10 04 Feb 2014
*) Feature: the ngx_http_spdy_module now uses SPDY 3.1 protocol.
Thanks to Automattic and MaxCDN for sponsoring this work.
*) Feature: the ngx_http_mp4_module now skips tracks too short for a
seek requested.
*) Bugfix: a segmentation fault might occur in a worker process if the
$ssl_session_id variable was used in logs; the bug had appeared in
1.5.9.
*) Bugfix: the $date_local and $date_gmt variables used wrong format
outside of the ngx_http_ssi_filter_module.
*) Bugfix: client connections might be immediately closed if deferred
accept was used; the bug had appeared in 1.3.15.
*) Bugfix: alerts "getsockopt(TCP_FASTOPEN) ... failed" appeared in logs
during binary upgrade on Linux; the bug had appeared in 1.5.8.
Thanks to Piotr Sikora.
Changes with nginx 1.5.9 22 Jan 2014
*) Change: now nginx expects escaped URIs in "X-Accel-Redirect" headers.
*) Feature: the "ssl_buffer_size" directive.
*) Feature: the "limit_rate" directive can now be used to rate limit
responses sent in SPDY connections.
*) Feature: the "spdy_chunk_size" directive.
*) Feature: the "ssl_session_tickets" directive.
Thanks to Dirkjan Bussink.
*) Bugfix: the $ssl_session_id variable contained full session
serialized instead of just a session id.
Thanks to Ivan Risti?.
*) Bugfix: nginx incorrectly handled escaped "?" character in the
"include" SSI command.
*) Bugfix: the ngx_http_dav_module did not unescape destination URI of
the COPY and MOVE methods.
*) Bugfix: resolver did not understand domain names with a trailing dot.
Thanks to Yichun Zhang.
*) Bugfix: alerts "zero size buf in output" might appear in logs while
proxying; the bug had appeared in 1.3.9.
*) Bugfix: a segmentation fault might occur in a worker process if the
ngx_http_spdy_module was used.
*) Bugfix: proxied WebSocket connections might hang right after
handshake if the select, poll, or /dev/poll methods were used.
*) Bugfix: the "xclient" directive of the mail proxy module incorrectly
handled IPv6 client addresses.
Changes with nginx 1.5.8 17 Dec 2013
*) Feature: IPv6 support in resolver.
*) Feature: the "listen" directive supports the "fastopen" parameter.
Thanks to Mathew Rodley.
*) Feature: SSL support in the ngx_http_uwsgi_module.
Thanks to Roberto De Ioris.
*) Feature: vim syntax highlighting scripts were added to contrib.
Thanks to Evan Miller.
*) Bugfix: a timeout might occur while reading client request body in an
SSL connection using chunked transfer encoding.
*) Bugfix: the "master_process" directive did not work correctly in
nginx/Windows.
*) Bugfix: the "setfib" parameter of the "listen" directive might not
work.
*) Bugfix: in the ngx_http_spdy_module.
Changes with nginx 1.5.7 19 Nov 2013
*) Security: a character following an unescaped space in a request line
was handled incorrectly (CVE-2013-4547); the bug had appeared in
0.8.41.
Thanks to Ivan Fratric of the Google Security Team.
*) Change: a logging level of auth_basic errors about no user/password
provided has been lowered from "error" to "info".
*) Feature: the "proxy_cache_revalidate", "fastcgi_cache_revalidate",
"scgi_cache_revalidate", and "uwsgi_cache_revalidate" directives.
*) Feature: the "ssl_session_ticket_key" directive.
Thanks to Piotr Sikora.
*) Bugfix: the directive "add_header Cache-Control ''" added a
"Cache-Control" response header line with an empty value.
*) Bugfix: the "satisfy any" directive might return 403 error instead of
401 if auth_request and auth_basic directives were used.
Thanks to Jan Marc Hoffmann.
*) Bugfix: the "accept_filter" and "deferred" parameters of the "listen"
directive were ignored for listen sockets created during binary
upgrade.
Thanks to Piotr Sikora.
*) Bugfix: some data received from a backend with unbufferred proxy
might not be sent to a client immediately if "gzip" or "gunzip"
directives were used.
Thanks to Yichun Zhang.
*) Bugfix: in error handling in ngx_http_gunzip_filter_module.
*) Bugfix: responses might hang if the ngx_http_spdy_module was used
with the "auth_request" directive.
*) Bugfix: memory leak in nginx/Windows.
Changes with nginx 1.5.6 01 Oct 2013
*) Feature: the "fastcgi_buffering" directive.
*) Feature: the "proxy_ssl_protocols" and "proxy_ssl_ciphers"
directives.
Thanks to Piotr Sikora.
*) Feature: optimization of SSL handshakes when using long certificate
chains.
*) Feature: the mail proxy supports SMTP pipelining.
*) Bugfix: in the ngx_http_auth_basic_module when using "$apr1$"
password encryption method.
Thanks to Markus Linnala.
*) Bugfix: in MacOSX, Cygwin, and nginx/Windows incorrect location might
be used to process a request if locations were given using characters
in different cases.
*) Bugfix: automatic redirect with appended trailing slash for proxied
locations might not work.
*) Bugfix: in the mail proxy server.
*) Bugfix: in the ngx_http_spdy_module.
Changes with nginx 1.5.5 17 Sep 2013
*) Change: now nginx assumes HTTP/1.0 by default if it is not able to
detect protocol reliably.
*) Feature: the "disable_symlinks" directive now uses O_PATH on Linux.
*) Feature: now nginx uses EPOLLRDHUP events to detect premature
connection close by clients if the "epoll" method is used.
*) Bugfix: in the "valid_referers" directive if the "server_names"
parameter was used.
*) Bugfix: the $request_time variable did not work in nginx/Windows.
*) Bugfix: in the "image_filter" directive.
Thanks to Lanshun Zhou.
*) Bugfix: OpenSSL 1.0.1f compatibility.
Thanks to Piotr Sikora.
Changes with nginx 1.5.4 27 Aug 2013
*) Change: the "js" extension MIME type has been changed to
"application/javascript"; default value of the "charset_types"
directive was changed accordingly.
*) Change: now the "image_filter" directive with the "size" parameter
returns responses with the "application/json" MIME type.
*) Feature: the ngx_http_auth_request_module.
*) Bugfix: a segmentation fault might occur on start or during
reconfiguration if the "try_files" directive was used with an empty
parameter.
*) Bugfix: memory leak if relative paths were specified using variables
in the "root" or "auth_basic_user_file" directives.
*) Bugfix: the "valid_referers" directive incorrectly executed regular
expressions if a "Referer" header started with "https://".
Thanks to Liangbin Li.
*) Bugfix: responses might hang if subrequests were used and an SSL
handshake error happened during subrequest processing.
Thanks to Aviram Cohen.
*) Bugfix: in the ngx_http_autoindex_module.
*) Bugfix: in the ngx_http_spdy_module.
Changes with nginx 1.5.3
*) Change in internal API: now u->length defaults to -1 if working with
backends in unbuffered mode.
*) Change: now after receiving an incomplete response from a backend
server nginx tries to send an available part of the response to a
client, and then closes client connection.
*) Bugfix: a segmentation fault might occur in a worker process if the
ngx_http_spdy_module was used with the "client_body_in_file_only"
directive.
*) Bugfix: the "so_keepalive" parameter of the "listen" directive might
be handled incorrectly on DragonFlyBSD.
Thanks to Sepherosa Ziehau.
*) Bugfix: in the ngx_http_xslt_filter_module.
*) Bugfix: in the ngx_http_sub_filter_module.
Changes with nginx 1.5.2
*) Feature: now several "error_log" directives can be used.
*) Bugfix: the $r->header_in() embedded perl method did not return value
of the "Cookie" and "X-Forwarded-For" request header lines; the bug
had appeared in 1.3.14.
*) Bugfix: in the ngx_http_spdy_module.
Thanks to Jim Radford.
*) Bugfix: nginx could not be built on Linux with x32 ABI.
Thanks to Serguei Ivantsov.
Changes with nginx 1.5.1
*) Feature: the "ssi_last_modified", "sub_filter_last_modified", and
"xslt_last_modified" directives.
Thanks to Alexey Kolpakov.
*) Feature: the "http_403" parameter of the "proxy_next_upstream",
"fastcgi_next_upstream", "scgi_next_upstream", and
"uwsgi_next_upstream" directives.
*) Feature: the "allow" and "deny" directives now support unix domain
sockets.
*) Bugfix: nginx could not be built with the ngx_mail_ssl_module, but
without ngx_http_ssl_module; the bug had appeared in 1.3.14.
*) Bugfix: in the "proxy_set_body" directive.
Thanks to Lanshun Zhou.
*) Bugfix: in the "lingering_time" directive.
Thanks to Lanshun Zhou.
*) Bugfix: the "fail_timeout" parameter of the "server" directive in the
"upstream" context might not work if "max_fails" parameter was used;
the bug had appeared in 1.3.0.
*) Bugfix: a segmentation fault might occur in a worker process if the
"ssl_stapling" directive was used.
Thanks to Piotr Sikora.
*) Bugfix: in the mail proxy server.
Thanks to Filipe Da Silva.
*) Bugfix: nginx/Windows might stop accepting connections if several
worker processes were used.
*) Bugfix: a segmentation fault might occur in a worker process if
subrequests were used; the bug had appeared in 1.3.9.
*) Bugfix: the "tcp_nodelay" directive caused an error if a WebSocket
connection was proxied into a unix domain socket.
*) Bugfix: the $upstream_response_length variable has an incorrect value
"0" if buffering was not used.
Thanks to Piotr Sikora.
*) Bugfix: in the eventport and /dev/poll methods.
*) Feature: $connections_active, $connections_reading, and
$connections_writing variables in the ngx_http_stub_status_module.
*) Feature: support of WebSocket connections in the
ngx_http_uwsgi_module and ngx_http_scgi_module.
*) Bugfix: in virtual servers handling with SNI.
*) Bugfix: new sessions were not always stored if the "ssl_session_cache
shared" directive was used and there was no free space in shared
memory.
Thanks to Piotr Sikora.
*) Bugfix: multiple X-Forwarded-For headers were handled incorrectly.
Thanks to Neal Poole for sponsoring this work.
*) Bugfix: in the ngx_http_mp4_module.
Thanks to Gernot Vormayr.
Collection.
nginx (pronounced "engine X") is a lightweight web (HTTP) server/reverse proxy
and mail (IMAP/POP3) proxy written by Igor Sysoev.
nginx has been running for more than three years on many heavily loaded Russian
sites including Rambler (RamblerMedia.com). In March 2007 about 20% of all
Russian virtual hosts were served or proxied by nginx. According to Google
Online Security Blog nginx serves or proxies about 4% of all Internet virtual
hosts, although Netcraft shows much less percent.
The sources are licensed under a BSD-like license.
joerg
imil
fhajny
jperkin