Changes with nginx 1.11.9 24 Jan 2017
*) Bugfix: nginx might hog CPU when using the stream module; the bug had
appeared in 1.11.5.
*) Bugfix: EXTERNAL authentication mechanism in mail proxy was accepted
even if it was not enabled in the configuration.
*) Bugfix: a segmentation fault might occur in a worker process if the
"ssl_verify_client" directive of the stream module was used.
*) Bugfix: the "ssl_verify_client" directive of the stream module might
not work.
*) Bugfix: closing keepalive connections due to no free worker
connections might be too aggressive.
Thanks to Joel Cunningham.
*) Bugfix: an incorrect response might be returned when using the
"sendfile" directive on FreeBSD and macOS; the bug had appeared in
1.7.8.
*) Bugfix: a truncated response might be stored in cache when using the
"aio_write" directive.
*) Bugfix: a socket leak might occur when using the "aio_write"
directive.
Changes with nginx 1.11.8 27 Dec 2016
*) Feature: the "absolute_redirect" directive.
*) Feature: the "escape" parameter of the "log_format" directive.
*) Feature: client SSL certificates verification in the stream module.
*) Feature: the "ssl_session_ticket_key" directive supports AES256
encryption of TLS session tickets when used with 80-byte keys.
*) Feature: vim-commentary support in vim scripts.
Thanks to Armin Grodon.
*) Bugfix: recursion when evaluating variables was not limited.
*) Bugfix: in the ngx_stream_ssl_preread_module.
*) Bugfix: if a server in an upstream in the stream module failed, it
was considered alive only when a test connection sent to it after
fail_timeout was closed; now a successfully established connection is
enough.
*) Bugfix: nginx/Windows could not be built with 64-bit Visual Studio.
*) Bugfix: nginx/Windows could not be built with OpenSSL 1.1.0.
Changes with nginx 1.11.7 13 Dec 2016
*) Change: now in case of a client certificate verification error the
$ssl_client_verify variable contains a string with the failure
reason, for example, "FAILED:certificate has expired".
*) Feature: the $ssl_ciphers, $ssl_curves, $ssl_client_v_start,
$ssl_client_v_end, and $ssl_client_v_remain variables.
*) Feature: the "volatile" parameter of the "map" directive.
*) Bugfix: dependencies specified for a module were ignored while
building dynamic modules.
*) Bugfix: when using HTTP/2 and the "limit_req" or "auth_request"
directives client request body might be corrupted; the bug had
appeared in 1.11.0.
*) Bugfix: a segmentation fault might occur in a worker process when
using HTTP/2; the bug had appeared in 1.11.3.
*) Bugfix: in the ngx_http_mp4_module.
Thanks to Congcong Hu.
*) Bugfix: in the ngx_http_perl_module.
Changes with nginx 1.11.6 15 Nov 2016
*) Change: format of the $ssl_client_s_dn and $ssl_client_i_dn variables
has been changed to follow RFC 2253 (RFC 4514); values in the old
format are available in the $ssl_client_s_dn_legacy and
$ssl_client_i_dn_legacy variables.
*) Change: when storing temporary files in a cache directory they will
be stored in the same subdirectories as corresponding cache files
instead of a separate subdirectory for temporary files.
*) Feature: EXTERNAL authentication mechanism support in mail proxy.
Thanks to Robert Norris.
*) Feature: WebP support in the ngx_http_image_filter_module.
*) Feature: variables support in the "proxy_method" directive.
Thanks to Dmitry Lazurkin.
*) Feature: the "http2_max_requests" directive in the
ngx_http_v2_module.
*) Feature: the "proxy_cache_max_range_offset",
"fastcgi_cache_max_range_offset", "scgi_cache_max_range_offset", and
"uwsgi_cache_max_range_offset" directives.
*) Bugfix: graceful shutdown of old worker processes might require
infinite time when using HTTP/2.
*) Bugfix: in the ngx_http_mp4_module.
*) Bugfix: "ignore long locked inactive cache entry" alerts might appear
in logs when proxying WebSocket connections with caching enabled.
*) Bugfix: nginx did not write anything to log and returned a response
with code 502 instead of 504 when a timeout occurred during an SSL
handshake to a backend.
Changes with nginx 1.11.5 11 Oct 2016
*) Change: the --with-ipv6 configure option was removed, now IPv6
support is configured automatically.
*) Change: now if there are no available servers in an upstream, nginx
will not reset number of failures of all servers as it previously
did, but will wait for fail_timeout to expire.
*) Feature: the ngx_stream_ssl_preread_module.
*) Feature: the "server" directive in the "upstream" context supports
the "max_conns" parameter.
*) Feature: the --with-compat configure option.
*) Feature: "manager_files", "manager_threshold", and "manager_sleep"
parameters of the "proxy_cache_path", "fastcgi_cache_path",
"scgi_cache_path", and "uwsgi_cache_path" directives.
*) Bugfix: flags passed by the --with-ld-opt configure option were not
used while building perl module.
*) Bugfix: in the "add_after_body" directive when used with the
"sub_filter" directive.
*) Bugfix: in the $realip_remote_addr variable.
*) Bugfix: the "dav_access", "proxy_store_access",
"fastcgi_store_access", "scgi_store_access", and "uwsgi_store_access"
directives ignored permissions specified for user.
*) Bugfix: unix domain listen sockets might not be inherited during
binary upgrade on Linux.
*) Bugfix: nginx returned the 400 response on requests with the "-"
character in the HTTP method.
a750531dbc