From mdounin at mdounin.ru Mon Jan 16 16:04:46 2012 From: mdounin at mdounin.ru (Maxim Dounin) Date: Mon, 16 Jan 2012 20:04:46 +0400 Subject: [nginx-announce] nginx-1.1.13 Message-ID: <20120116160446.GA67687@mdounin.ru> Changes with nginx 1.1.13 16 Jan 2012 *) Feature: the "TLSv1.1" and "TLSv1.2" parameters of the "ssl_protocols" directive. *) Bugfix: the "limit_req" directive parameters were not inherited correctly; the bug had appeared in 1.1.12. *) Bugfix: the "proxy_redirect" directive incorrectly processed "Refresh" header if regular expression were used. *) Bugfix: the "proxy_cache_use_stale" directive with "error" parameter did not return answer from cache if there were no live upstreams. *) Bugfix: the "worker_cpu_affinity" directive might not work. *) Bugfix: nginx could not be built on Solaris; the bug had appeared in 1.1.12. *) Bugfix: in the ngx_http_mp4_module. Maxim Dounin From mdounin at mdounin.ru Mon Jan 30 14:54:28 2012 From: mdounin at mdounin.ru (Maxim Dounin) Date: Mon, 30 Jan 2012 18:54:28 +0400 Subject: [nginx-announce] nginx-1.1.14 Message-ID: <20120130145427.GC67687@mdounin.ru> Changes with nginx 1.1.14 30 Jan 2012 *) Feature: multiple "limit_req" limits may be used simultaneously. *) Bugfix: in error handling while connecting to a backend. Thanks to Piotr Sikora. *) Bugfix: in AIO error handling on FreeBSD. *) Bugfix: in the OpenSSL library initialization. *) Bugfix: the "proxy_redirect" directives might not be correctly inherited. *) Bugfix: memory leak during reconfiguration if the "pcre_jit" directive was used. Maxim Dounin From mdounin at mdounin.ru Mon Feb 6 14:48:02 2012 From: mdounin at mdounin.ru (Maxim Dounin) Date: Mon, 6 Feb 2012 18:48:02 +0400 Subject: [nginx-announce] nginx-1.0.12 Message-ID: <20120206144802.GG67687@mdounin.ru> Changes with nginx 1.0.12 06 Feb 2012 *) Feature: the "TLSv1.1" and "TLSv1.2" parameters of the "ssl_protocols" directive. *) Feature: the "if" SSI command supports captures in regular expressions. *) Bugfix: the "if" SSI command did not work inside the "block" command. *) Bugfix: in AIO error handling on FreeBSD. *) Bugfix: in the OpenSSL library initialization. *) Bugfix: the "worker_cpu_affinity" directive might not work. *) Bugfix: the "limit_conn_log_level" and "limit_req_log_level" directives might not work. *) Bugfix: the "read_ahead" directive might not work combined with "try_files" and "open_file_cache". *) Bugfix: the "proxy_cache_use_stale" directive with "error" parameter did not return answer from cache if there were no live upstreams. *) Bugfix: a segmentation fault might occur in a worker process if small time was used in the "inactive" parameter of the "proxy_cache_path" directive. *) Bugfix: responses from cache might hang. *) Bugfix: in error handling while connecting to a backend. Thanks to Piotr Sikora. *) Bugfix: in the "epoll" event method. Thanks to Yichun Zhang. *) Bugfix: the $sent_http_cache_control variable might contain a wrong value if the "expires" directive was used. Thanks to Yichun Zhang. *) Bugfix: the "limit_rate" directive did not allow to use full throughput, even if limit value was very high. *) Bugfix: the "sendfile_max_chunk" directive did not work, if the "limit_rate" directive was used. *) Bugfix: nginx could not be built on Solaris; the bug had appeared in 1.0.11. *) Bugfix: in the ngx_http_scgi_module. *) Bugfix: in the ngx_http_mp4_module. Maxim Dounin From mdounin at mdounin.ru Wed Feb 15 14:40:26 2012 From: mdounin at mdounin.ru (Maxim Dounin) Date: Wed, 15 Feb 2012 18:40:26 +0400 Subject: [nginx-announce] nginx-1.1.15 Message-ID: <20120215144026.GN67687@mdounin.ru> Changes with nginx 1.1.15 15 Feb 2012 *) Feature: the "disable_symlinks" directive. *) Feature: the "proxy_cookie_domain" and "proxy_cookie_path" directives. *) Bugfix: nginx might log incorrect error "upstream prematurely closed connection" instead of correct "upstream sent too big header" one. Thanks to Feibo Li. *) Bugfix: nginx could not be built with the ngx_http_perl_module if the --with-openssl option was used. *) Bugfix: internal redirects to named locations were not limited. *) Bugfix: calling $r->flush() multiple times might cause errors in the ngx_http_gzip_filter_module. *) Bugfix: temporary files might be not removed if the "proxy_store" directive were used with SSI includes. *) Bugfix: in some cases non-cacheable variables (such as the $args variable) returned old empty cached value. *) Bugfix: a segmentation fault might occur in a worker process if too many SSI subrequests were issued simultaneously; the bug had appeared in 0.7.25. Maxim Dounin From mdounin at mdounin.ru Wed Feb 29 14:55:05 2012 From: mdounin at mdounin.ru (Maxim Dounin) Date: Wed, 29 Feb 2012 18:55:05 +0400 Subject: [nginx-announce] nginx-1.1.16 Message-ID: <20120229145505.GI67687@mdounin.ru> Changes with nginx 1.1.16 29 Feb 2012 *) Change: the simultaneous subrequest limit has been raised to 200. *) Feature: the "from" parameter of the "disable_symlinks" directive. *) Feature: the "return" and "error_page" directives can be used to return 307 redirections. *) Bugfix: a segmentation fault might occur in a worker process if the "resolver" directive was used and there was no "error_log" directive specified at global level. Thanks to Roman Arutyunyan. *) Bugfix: a segmentation fault might occur in a worker process if the "proxy_http_version 1.1" or "fastcgi_keep_conn on" directives were used. *) Bugfix: memory leaks. Thanks to Lanshun Zhou. *) Bugfix: in the "disable_symlinks" directive. *) Bugfix: on ZFS filesystem disk cache size might be calculated incorrectly; the bug had appeared in 1.0.1. *) Bugfix: nginx could not be built by the icc 12.1 compiler. *) Bugfix: nginx could not be built by gcc on Solaris; the bug had appeared in 1.1.15. Maxim Dounin From mdounin at mdounin.ru Mon Mar 5 16:10:45 2012 From: mdounin at mdounin.ru (Maxim Dounin) Date: Mon, 5 Mar 2012 20:10:45 +0400 Subject: [nginx-announce] nginx-1.0.13 Message-ID: <20120305161045.GH67687@mdounin.ru> Changes with nginx 1.0.13 05 Mar 2012 *) Feature: the "return" and "error_page" directives can now be used to return 307 redirections. *) Bugfix: a segmentation fault might occur in a worker process if the "resolver" directive was used and there was no "error_log" directive specified at global level. Thanks to Roman Arutyunyan. *) Bugfix: memory leaks. Thanks to Lanshun Zhou. *) Bugfix: nginx might log incorrect error "upstream prematurely closed connection" instead of correct "upstream sent too big header" one. Thanks to Feibo Li. *) Bugfix: on ZFS filesystem disk cache size might be calculated incorrectly; the bug had appeared in 1.0.1. *) Bugfix: the number of internal redirects to named locations was not limited. *) Bugfix: temporary files might be not removed if the "proxy_store" directive was used with SSI includes. *) Bugfix: in some cases non-cacheable variables (such as the $args variable) returned old empty cached value. *) Bugfix: the "proxy_redirect" directives might be inherited incorrectly. *) Bugfix: nginx could not be built with the ngx_http_perl_module if the --with-openssl option was used. *) Bugfix: nginx could not be built by the icc 12.1 compiler. Maxim Dounin From mdounin at mdounin.ru Thu Mar 15 12:23:47 2012 From: mdounin at mdounin.ru (Maxim Dounin) Date: Thu, 15 Mar 2012 16:23:47 +0400 Subject: [nginx-announce] nginx-1.1.17 Message-ID: <20120315122346.GJ67687@mdounin.ru> Changes with nginx 1.1.17 15 Mar 2012 *) Security: content of previously freed memory might be sent to a client if backend returned specially crafted response. Thanks to Matthew Daley. *) Bugfix: in the embedded perl module if used from SSI. Thanks to Matthew Daley. *) Bugfix: in the ngx_http_uwsgi_module. Maxim Dounin From mdounin at mdounin.ru Thu Mar 15 12:24:31 2012 From: mdounin at mdounin.ru (Maxim Dounin) Date: Thu, 15 Mar 2012 16:24:31 +0400 Subject: [nginx-announce] nginx-1.0.14 Message-ID: <20120315122431.GN67687@mdounin.ru> Changes with nginx 1.0.14 15 Mar 2012 *) Security: content of previously freed memory might be sent to a client if backend returned specially crafted response. Thanks to Matthew Daley. Maxim Dounin From mdounin at mdounin.ru Thu Mar 15 12:26:22 2012 From: mdounin at mdounin.ru (Maxim Dounin) Date: Thu, 15 Mar 2012 16:26:22 +0400 Subject: [nginx-announce] security advisory Message-ID: <20120315122622.GR67687@mdounin.ru> Hello! Matthew Daley recently discovered a security problem which may lead to a disclosure of previously freed memory on specially crafted response from an upstream server, potentially resulting in sensitive information leak. Patch for the problem can be found here: http://nginx.org/download/patch.2012.memory.txt The patch is not required for 1.1.17, 1.0.14. Maxim Dounin From mdounin at mdounin.ru Wed Mar 28 14:00:49 2012 From: mdounin at mdounin.ru (Maxim Dounin) Date: Wed, 28 Mar 2012 18:00:49 +0400 Subject: [nginx-announce] nginx-1.1.18 Message-ID: <20120328140049.GJ13466@mdounin.ru> Changes with nginx 1.1.18 28 Mar 2012 *) Change: keepalive connections are no longer disabled for Safari by default. *) Feature: the $connection_requests variable. *) Feature: $tcpinfo_rtt, $tcpinfo_rttvar, $tcpinfo_snd_cwnd and $tcpinfo_rcv_space variables. *) Feature: the "worker_cpu_affinity" directive now works on FreeBSD. *) Feature: the "xslt_param" and "xslt_string_param" directives. Thanks to Samuel Behan. *) Bugfix: in configure tests. Thanks to Piotr Sikora. *) Bugfix: in the ngx_http_xslt_filter_module. *) Bugfix: nginx could not be built on Debian GNU/Hurd. Maxim Dounin From mdounin at mdounin.ru Thu Apr 12 13:26:35 2012 From: mdounin at mdounin.ru (Maxim Dounin) Date: Thu, 12 Apr 2012 17:26:35 +0400 Subject: [nginx-announce] nginx-1.1.19 Message-ID: <20120412132635.GA13466@mdounin.ru> Changes with nginx 1.1.19 12 Apr 2012 *) Security: specially crafted mp4 file might allow to overwrite memory locations in a worker process if the ngx_http_mp4_module was used, potentially resulting in arbitrary code execution (CVE-2012-2089). Thanks to Matthew Daley. *) Bugfix: nginx/Windows might be terminated abnormally. Thanks to Vincent Lee. *) Bugfix: nginx hogged CPU if all servers in an upstream were marked as "backup". *) Bugfix: the "allow" and "deny" directives might be inherited incorrectly if they were used with IPv6 addresses. *) Bugfix: the "modern_browser" and "ancient_browser" directives might be inherited incorrectly. *) Bugfix: timeouts might be handled incorrectly on Solaris/SPARC. *) Bugfix: in the ngx_http_mp4_module. Maxim Dounin From mdounin at mdounin.ru Thu Apr 12 13:27:08 2012 From: mdounin at mdounin.ru (Maxim Dounin) Date: Thu, 12 Apr 2012 17:27:08 +0400 Subject: [nginx-announce] nginx-1.0.15 Message-ID: <20120412132708.GE13466@mdounin.ru> Changes with nginx 1.0.15 12 Apr 2012 *) Security: specially crafted mp4 file might allow to overwrite memory locations in a worker process if the ngx_http_mp4_module was used, potentially resulting in arbitrary code execution (CVE-2012-2089). Thanks to Matthew Daley. *) Bugfix: in the ngx_http_mp4_module. Maxim Dounin From mdounin at mdounin.ru Thu Apr 12 13:28:08 2012 From: mdounin at mdounin.ru (Maxim Dounin) Date: Thu, 12 Apr 2012 17:28:08 +0400 Subject: [nginx-announce] security advisory Message-ID: <20120412132808.GI13466@mdounin.ru> Hello! Matthew Daley discovered a security problem in the ngx_http_mp4_module, CVE-2012-2089. A specially crafted mp4 file might allow to overwrite memory locations in a worker process if the ngx_http_mp4_module is used, potentially resulting in arbitrary code execution. The problem affects nginx 1.1.3+, 1.0.7+ built with the ngx_http_mp4_module (the module is not built by default) and the "mp4" directive is used in a configuration file. The problem is fixed in 1.1.19, 1.0.15. Patch for the problem can be found here: http://nginx.org/download/patch.2012.mp4.txt Maxim Dounin From mdounin at mdounin.ru Mon Apr 23 13:46:09 2012 From: mdounin at mdounin.ru (Maxim Dounin) Date: Mon, 23 Apr 2012 17:46:09 +0400 Subject: [nginx-announce] nginx-1.2.0 Message-ID: <20120423134609.GC31671@mdounin.ru> Changes with nginx 1.2.0 23 Apr 2012 *) Bugfix: a segmentation fault might occur in a worker process if the "try_files" directive was used; the bug had appeared in 1.1.19. *) Bugfix: response might be truncated if there were more than IOV_MAX buffers used. *) Bugfix: in the "crop" parameter of the "image_filter" directive. Thanks to Maxim Bublis. Maxim Dounin From mdounin at mdounin.ru Mon Apr 23 15:24:08 2012 From: mdounin at mdounin.ru (Maxim Dounin) Date: Mon, 23 Apr 2012 19:24:08 +0400 Subject: [nginx-announce] stable branch 1.2.x Message-ID: <20120423152408.GK31671@mdounin.ru> Hello! First version of the 1.2.x stable branch has been released. The 1.2.0 version incorporates many new features developed in the 1.1.x branch, including the following: - support for keepalive connections to upstream servers, - consolidation of multiple simultaneous requests to upstream servers if caching is used, - support for multiple request and connection limits used simultaneously, - reduced memory consumption in various edge cases like handling of long-lived requests. Maxim Dounin From mdounin at mdounin.ru Tue May 15 14:40:27 2012 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 15 May 2012 18:40:27 +0400 Subject: [nginx-announce] nginx-1.3.0 Message-ID: <20120515144027.GO31671@mdounin.ru> Changes with nginx 1.3.0 15 May 2012 *) Feature: the "debug_connection" directive now supports IPv6 addresses and the "unix:" parameter. *) Feature: the "set_real_ip_from" directive and the "proxy" parameter of the "geo" directive now support IPv6 addresses. *) Feature: the "real_ip_recursive", "geoip_proxy", and "geoip_proxy_recursive" directives. *) Feature: the "proxy_recursive" parameter of the "geo" directive. *) Bugfix: a segmentation fault might occur in a worker process if the "resolver" directive was used. *) Bugfix: a segmentation fault might occur in a worker process if the "fastcgi_pass", "scgi_pass", or "uwsgi_pass" directives were used and backend returned incorrect response. *) Bugfix: a segmentation fault might occur in a worker process if the "rewrite" directive was used and new request arguments in a replacement used variables. *) Bugfix: nginx might hog CPU if the open file resource limit was reached. *) Bugfix: nginx might loop infinitely over backends if the "proxy_next_upstream" directive with the "http_404" parameter was used and there were backup servers specified in an upstream block. *) Bugfix: adding the "down" parameter of the "server" directive might cause unneeded client redistribution among backend servers if the "ip_hash" directive was used. *) Bugfix: socket leak. Thanks to Yichun Zhang. *) Bugfix: in the ngx_http_fastcgi_module. Maxim Dounin From mdounin at mdounin.ru Tue Jun 5 14:31:01 2012 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 5 Jun 2012 18:31:01 +0400 Subject: [nginx-announce] nginx-1.3.1 Message-ID: <20120605143101.GX31671@mdounin.ru> Changes with nginx 1.3.1 05 Jun 2012 *) Security: now nginx/Windows ignores trailing dot in URI path component, and does not allow URIs with ":$" in it. Thanks to Vladimir Kochetkov, Positive Research Center. *) Feature: the "proxy_pass", "fastcgi_pass", "scgi_pass", "uwsgi_pass" directives, and the "server" directive inside the "upstream" block, now support IPv6 addresses. *) Feature: the "resolver" directive now support IPv6 addresses and an optional port specification. *) Feature: the "least_conn" directive inside the "upstream" block. *) Feature: it is now possible to specify a weight for servers while using the "ip_hash" directive. *) Bugfix: a segmentation fault might occur in a worker process if the "image_filter" directive was used; the bug had appeared in 1.3.0. *) Bugfix: nginx could not be built with ngx_cpp_test_module; the bug had appeared in 1.1.12. *) Bugfix: access to variables from SSI and embedded perl module might not work after reconfiguration. Thanks to Yichun Zhang. *) Bugfix: in the ngx_http_xslt_filter_module. Thanks to Kuramoto Eiji. *) Bugfix: memory leak if $geoip_org variable was used. Thanks to Denis F. Latypoff. *) Bugfix: in the "proxy_cookie_domain" and "proxy_cookie_path" directives. Maxim Dounin From mdounin at mdounin.ru Tue Jun 5 14:31:25 2012 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 5 Jun 2012 18:31:25 +0400 Subject: [nginx-announce] nginx-1.2.1 Message-ID: <20120605143125.GB31671@mdounin.ru> Changes with nginx 1.2.1 05 Jun 2012 *) Security: now nginx/Windows ignores trailing dot in URI path component, and does not allow URIs with ":$" in it. Thanks to Vladimir Kochetkov, Positive Research Center. *) Feature: the "debug_connection" directive now supports IPv6 addresses and the "unix:" parameter. *) Feature: the "set_real_ip_from" directive and the "proxy" parameter of the "geo" directive now support IPv6 addresses. *) Feature: the "real_ip_recursive", "geoip_proxy", and "geoip_proxy_recursive" directives. *) Feature: the "proxy_recursive" parameter of the "geo" directive. *) Bugfix: a segmentation fault might occur in a worker process if the "resolver" directive was used. *) Bugfix: a segmentation fault might occur in a worker process if the "fastcgi_pass", "scgi_pass", or "uwsgi_pass" directives were used and backend returned incorrect response. *) Bugfix: a segmentation fault might occur in a worker process if the "rewrite" directive was used and new request arguments in a replacement used variables. *) Bugfix: nginx might hog CPU if the open file resource limit was reached. *) Bugfix: nginx might loop infinitely over backends if the "proxy_next_upstream" directive with the "http_404" parameter was used and there were backup servers specified in an upstream block. *) Bugfix: adding the "down" parameter of the "server" directive might cause unneeded client redistribution among backend servers if the "ip_hash" directive was used. *) Bugfix: socket leak. Thanks to Yichun Zhang. *) Bugfix: in the ngx_http_fastcgi_module. Maxim Dounin From mdounin at mdounin.ru Tue Jun 5 14:32:07 2012 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 5 Jun 2012 18:32:07 +0400 Subject: [nginx-announce] security advisory Message-ID: <20120605143206.GF31671@mdounin.ru> Hello! Vladimir Kochetkov, Positive Research Center, discovered a security problem in nginx/Windows, which might allow security restrictions bypass (CVE-2011-4963). There are many ways to access the same file when working under Windows, and nginx failed to account for all of them. As a result, it was possible to bypass security restrictions like location /directory/ { deny all; } by requesting a file as "/directory::$index_allocation/file", or "/directory:$i30:$index_allocation/file", or "/directory./file". The problem is fixed in nginx/Windows 1.3.1, 1.2.1. For older versions the following configuration can be used as a workaround: location ~ "(\./|:\$)" { deny all; } Maxim Dounin From mdounin at mdounin.ru Tue Jun 26 14:00:47 2012 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 26 Jun 2012 18:00:47 +0400 Subject: [nginx-announce] nginx-1.3.2 Message-ID: <20120626140047.GK31671@mdounin.ru> Changes with nginx 1.3.2 26 Jun 2012 *) Change: the "single" parameter of the "keepalive" directive is now ignored. *) Change: SSL compression is now disabled when using all versions of OpenSSL, including ones prior to 1.0.0. *) Feature: it is now possible to use the "ip_hash" directive to balance IPv6 clients. *) Feature: the $status variable can now be used not only in the "log_format" directive. *) Bugfix: a segmentation fault might occur in a worker process on shutdown if the "resolver" directive was used. *) Bugfix: a segmentation fault might occur in a worker process if the ngx_http_mp4_module was used. *) Bugfix: in the ngx_http_mp4_module. *) Bugfix: a segmentation fault might occur in a worker process if conflicting wildcard server names were used. *) Bugfix: nginx might be terminated abnormally on a SIGBUS signal on ARM platform. *) Bugfix: an alert "sendmsg() failed (9: Bad file number)" on HP-UX while reconfiguration. Maxim Dounin From mdounin at mdounin.ru Tue Jul 3 11:18:51 2012 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 3 Jul 2012 15:18:51 +0400 Subject: [nginx-announce] nginx-1.2.2 Message-ID: <20120703111851.GD31671@mdounin.ru> Changes with nginx 1.2.2 03 Jul 2012 *) Change: the "single" parameter of the "keepalive" directive is now ignored. *) Change: SSL compression is now disabled when using all versions of OpenSSL, including ones prior to 1.0.0. *) Feature: the "proxy_pass", "fastcgi_pass", "scgi_pass", "uwsgi_pass" directives, and the "server" directive inside the "upstream" block, now support IPv6 addresses. *) Feature: the "resolver" directive now supports IPv6 addresses and an optional port specification. *) Feature: the "least_conn" directive inside the "upstream" block. *) Feature: it is now possible to specify a weight for servers while using the "ip_hash" directive. *) Feature: it is now possible to use the "ip_hash" directive to balance IPv6 clients. *) Feature: the $status variable can now be used not only in the "log_format" directive. *) Bugfix: nginx could not be built with ngx_cpp_test_module; the bug had appeared in 1.1.12. *) Bugfix: access to variables from SSI and embedded perl module might not work after reconfiguration. Thanks to Yichun Zhang. *) Bugfix: in the ngx_http_xslt_filter_module. Thanks to Kuramoto Eiji. *) Bugfix: memory leak if $geoip_org variable was used. Thanks to Denis F. Latypoff. *) Bugfix: in the "proxy_cookie_domain" and "proxy_cookie_path" directives. *) Bugfix: a segmentation fault might occur in a worker process on shutdown if the "resolver" directive was used. *) Bugfix: a segmentation fault might occur in a worker process if the ngx_http_mp4_module was used. *) Bugfix: in the ngx_http_mp4_module. *) Bugfix: a segmentation fault might occur in a worker process if conflicting wildcard server names were used. *) Bugfix: nginx might be terminated abnormally on a SIGBUS signal on ARM platform. *) Bugfix: an alert "sendmsg() failed (9: Bad file number)" on HP-UX while reconfiguration. Maxim Dounin From mdounin at mdounin.ru Tue Jul 10 12:37:00 2012 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 10 Jul 2012 16:37:00 +0400 Subject: [nginx-announce] nginx-1.3.3 Message-ID: <20120710123700.GV31671@mdounin.ru> Changes with nginx 1.3.3 10 Jul 2012 *) Feature: entity tags support and the "etag" directive. *) Bugfix: trailing dot in a source value was not ignored if the "map" directive was used with the "hostnames" parameter. *) Bugfix: incorrect location might be used to process a request if a URI was changed via a "rewrite" directive before an internal redirect to a named location. Maxim Dounin From ru at nginx.com Tue Jul 31 13:07:28 2012 From: ru at nginx.com (Ruslan Ermilov) Date: Tue, 31 Jul 2012 17:07:28 +0400 Subject: [nginx-announce] nginx-1.3.4 Message-ID: <20120731130728.GB22049@lo0.su> Changes with nginx 1.3.4 31 Jul 2012 *) Change: the "ipv6only" parameter is now turned on by default for listening IPv6 sockets. *) Feature: the Clang compiler support. *) Bugfix: extra listening sockets might be created. Thanks to Roman Odaisky. *) Bugfix: nginx/Windows might hog CPU if a worker process failed to start. Thanks to Ricardo Villalobos Guevara. *) Bugfix: the "proxy_pass_header", "fastcgi_pass_header", "scgi_pass_header", "uwsgi_pass_header", "proxy_hide_header", "fastcgi_hide_header", "scgi_hide_header", and "uwsgi_hide_header" directives might be inherited incorrectly. From mdounin at mdounin.ru Tue Aug 7 12:53:46 2012 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 7 Aug 2012 16:53:46 +0400 Subject: [nginx-announce] nginx-1.2.3 Message-ID: <20120807125345.GZ40452@mdounin.ru> Changes with nginx 1.2.3 07 Aug 2012 *) Feature: the Clang compiler support. *) Bugfix: extra listening sockets might be created. Thanks to Roman Odaisky. *) Bugfix: nginx/Windows might hog CPU if a worker process failed to start. Thanks to Ricardo Villalobos Guevara. *) Bugfix: the "proxy_pass_header", "fastcgi_pass_header", "scgi_pass_header", "uwsgi_pass_header", "proxy_hide_header", "fastcgi_hide_header", "scgi_hide_header", and "uwsgi_hide_header" directives might be inherited incorrectly. *) Bugfix: trailing dot in a source value was not ignored if the "map" directive was used with the "hostnames" parameter. *) Bugfix: incorrect location might be used to process a request if a URI was changed via a "rewrite" directive before an internal redirect to a named location. Maxim Dounin From mdounin at mdounin.ru Tue Aug 21 13:28:12 2012 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 21 Aug 2012 17:28:12 +0400 Subject: [nginx-announce] nginx-1.3.5 Message-ID: <20120821132812.GN40452@mdounin.ru> Changes with nginx 1.3.5 21 Aug 2012 *) Change: the ngx_http_mp4_module module no longer skips tracks in formats other than H.264 and AAC. *) Bugfix: a segmentation fault might occur in a worker process if the "map" directive was used with variables as values. *) Bugfix: a segmentation fault might occur in a worker process if the "geo" directive was used with the "ranges" parameter but without the "default" parameter; the bug had appeared in 0.8.43. Thanks to Zhen Chen and Weibin Yao. *) Bugfix: in the -p command-line parameter handling. *) Bugfix: in the mail proxy server. *) Bugfix: of minor potential bugs. Thanks to Coverity. *) Bugfix: nginx/Windows could not be built with Visual Studio 2005 Express. Thanks to HAYASHI Kentaro. Maxim Dounin From mdounin at mdounin.ru Wed Sep 12 11:06:32 2012 From: mdounin at mdounin.ru (Maxim Dounin) Date: Wed, 12 Sep 2012 15:06:32 +0400 Subject: [nginx-announce] nginx-1.3.6 Message-ID: <20120912110632.GF40452@mdounin.ru> Changes with nginx 1.3.6 12 Sep 2012 *) Feature: the ngx_http_gunzip_filter_module. *) Feature: the "memcached_gzip_flag" directive. *) Feature: the "always" parameter of the "gzip_static" directive. *) Bugfix: in the "limit_req" directive; the bug had appeared in 1.1.14. Thanks to Charles Chen. *) Bugfix: nginx could not be built by gcc 4.7 with -O2 optimization if the --with-ipv6 option was used. Maxim Dounin From mdounin at mdounin.ru Tue Sep 25 14:04:32 2012 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 25 Sep 2012 18:04:32 +0400 Subject: [nginx-announce] nginx-1.2.4 Message-ID: <20120925140432.GQ40452@mdounin.ru> Changes with nginx 1.2.4 25 Sep 2012 *) Bugfix: in the "limit_req" directive; the bug had appeared in 1.1.14. Thanks to Charles Chen. *) Bugfix: nginx could not be built by gcc 4.7 with -O2 optimization if the --with-ipv6 option was used. *) Bugfix: a segmentation fault might occur in a worker process if the "map" directive was used with variables as values. *) Bugfix: a segmentation fault might occur in a worker process if the "geo" directive was used with the "ranges" parameter but without the "default" parameter; the bug had appeared in 0.8.43. Thanks to Zhen Chen and Weibin Yao. *) Bugfix: in the -p command-line parameter handling. *) Bugfix: in the mail proxy server. *) Bugfix: of minor potential bugs. Thanks to Coverity. *) Bugfix: nginx/Windows could not be built with Visual Studio 2005 Express. Thanks to HAYASHI Kentaro. -- Maxim Dounin http://nginx.com/support.html From mdounin at mdounin.ru Tue Oct 2 13:58:47 2012 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 2 Oct 2012 17:58:47 +0400 Subject: [nginx-announce] nginx-1.3.7 Message-ID: <20121002135847.GF40452@mdounin.ru> Changes with nginx 1.3.7 02 Oct 2012 *) Feature: OCSP stapling support. Thanks to Comodo, DigiCert and GlobalSign for sponsoring this work. *) Feature: the "ssl_trusted_certificate" directive. *) Feature: resolver now randomly rotates addresses returned from cache. Thanks to Anton Jouline. *) Bugfix: OpenSSL 0.9.7 compatibility. -- Maxim Dounin http://nginx.com/support.html From mdounin at mdounin.ru Tue Oct 30 14:08:54 2012 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 30 Oct 2012 18:08:54 +0400 Subject: [nginx-announce] nginx-1.3.8 Message-ID: <20121030140854.GK40452@mdounin.ru> Changes with nginx 1.3.8 30 Oct 2012 *) Feature: the "optional_no_ca" parameter of the "ssl_verify_client" directive. Thanks to Mike Kazantsev and Eric O'Connor. *) Feature: the $bytes_sent, $connection, and $connection_requests variables can now be used not only in the "log_format" directive. Thanks to Benjamin Gr?ssing. *) Feature: the "auto" parameter of the "worker_processes" directive. *) Bugfix: "cache file ... has md5 collision" alert. *) Bugfix: in the ngx_http_gunzip_filter_module. *) Bugfix: in the "ssl_stapling" directive. -- Maxim Dounin http://nginx.com/support.html From mdounin at mdounin.ru Tue Nov 13 13:57:51 2012 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 13 Nov 2012 17:57:51 +0400 Subject: [nginx-announce] nginx-1.2.5 Message-ID: <20121113135751.GI40452@mdounin.ru> Changes with nginx 1.2.5 13 Nov 2012 *) Feature: the "optional_no_ca" parameter of the "ssl_verify_client" directive. Thanks to Mike Kazantsev and Eric O'Connor. *) Feature: the $bytes_sent, $connection, and $connection_requests variables can now be used not only in the "log_format" directive. Thanks to Benjamin Gr?ssing. *) Feature: resolver now randomly rotates addresses returned from cache. Thanks to Anton Jouline. *) Feature: the "auto" parameter of the "worker_processes" directive. *) Bugfix: "cache file ... has md5 collision" alert. *) Bugfix: OpenSSL 0.9.7 compatibility. -- Maxim Dounin http://nginx.com/support.html From mdounin at mdounin.ru Tue Nov 27 14:26:56 2012 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 27 Nov 2012 18:26:56 +0400 Subject: [nginx-announce] nginx-1.3.9 Message-ID: <20121127142655.GT40452@mdounin.ru> Changes with nginx 1.3.9 27 Nov 2012 *) Feature: support for chunked transfer encoding while reading client request body. *) Feature: the $request_time and $msec variables can now be used not only in the "log_format" directive. *) Bugfix: cache manager and cache loader processes might not be able to start if more than 512 listen sockets were used. *) Bugfix: in the ngx_http_dav_module. -- Maxim Dounin http://nginx.com/support.html From mdounin at mdounin.ru Tue Dec 11 15:01:56 2012 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 11 Dec 2012 19:01:56 +0400 Subject: [nginx-announce] nginx-1.2.6 Message-ID: <20121211150156.GB40452@mdounin.ru> Changes with nginx 1.2.6 11 Dec 2012 *) Feature: the $request_time and $msec variables can now be used not only in the "log_format" directive. *) Bugfix: cache manager and cache loader processes might not be able to start if more than 512 listen sockets were used. *) Bugfix: in the ngx_http_dav_module. -- Maxim Dounin http://nginx.com/support.html From mdounin at mdounin.ru Tue Dec 25 14:47:37 2012 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 25 Dec 2012 18:47:37 +0400 Subject: [nginx-announce] nginx-1.3.10 Message-ID: <20121225144737.GY40452@mdounin.ru> Changes with nginx 1.3.10 25 Dec 2012 *) Change: domain names specified in configuration file are now resolved to IPv6 addresses as well as IPv4 ones. *) Change: now if the "include" directive with mask is used on Unix systems, included files are sorted in alphabetical order. *) Change: the "add_header" directive adds headers to 201 responses. *) Feature: the "geo" directive now supports IPv6 addresses in CIDR notation. *) Feature: the "flush" and "gzip" parameters of the "access_log" directive. *) Feature: variables support in the "auth_basic" directive. *) Bugfix: nginx could not be built with the ngx_http_perl_module in some cases. *) Bugfix: a segmentation fault might occur in a worker process if the ngx_http_xslt_module was used. *) Bugfix: nginx could not be built on MacOSX in some cases. Thanks to Piotr Sikora. *) Bugfix: the "limit_rate" directive with high rates might result in truncated responses on 32-bit platforms. Thanks to Alexey Antropov. *) Bugfix: a segmentation fault might occur in a worker process if the "if" directive was used. Thanks to Piotr Sikora. *) Bugfix: a "100 Continue" response was issued with "413 Request Entity Too Large" responses. *) Bugfix: the "image_filter", "image_filter_jpeg_quality" and "image_filter_sharpen" directives might be inherited incorrectly. Thanks to Ian Babrou. *) Bugfix: "crypt_r() failed" errors might appear if the "auth_basic" directive was used on Linux. *) Bugfix: in backup servers handling. Thanks to Thomas Chen. *) Bugfix: proxied HEAD requests might return incorrect response if the "gzip" directive was used. Merry Christmas! -- Maxim Dounin http://nginx.com/support.html