Hello,
I'm glad to announce a new release of NGINX JavaScript module (njs).
This release proceeds to extend the coverage of ECMAScript
specifications and modules functionality.
- Added support for setting nginx variables.
- Added support for delete operation in r.headersOut.
- Properties of HTTP request deprecated in 0.2.2 were removed.
- Added labels support.
- Added support for shorthand property names for Object literals.
: > var a = 1, b = 2
: undefined
: > ({a, b})
: {
: a: 1,
: b: 2
: }
You can learn more about njs:
- Overview and introduction: http://nginx.org/en/docs/njs/
- Presentation: https://youtu.be/Jc_L6UffFOs
Feel free to try it and give us feedback on:
- Github: https://github.com/nginx/njs/issues
- Mailing list: http://mailman.nginx.org/mailman/listinfo/nginx-devel
Changes with njs 0.2.8 26 Feb 2019
nginx modules:
*) Change: properties of HTTP request deprecated in 0.2.2 are
removed.
*) Feature: added support for delete operation in r.headersOut.
*) Feature: added support for setting nginx variables.
*) Bugfix: fixed r.subrequest() for empty body value.
*) Improvement: setting special response headers in r.headersOut.
Core:
*) Feature: added labels support.
*) Feature: added setImmediate() method.
*) Feature: added support for shorthand property names for Object
literals.
*) Bugfix: fixed Function.prototype.bind().
*) Bugfix: fixed parsing of string literals containing newline
characters.
*) Bugfix: fixed line number in reporting variable reference errors.
*) Bugfix: fixed creation of long UTF8 strings.
*) Bugfix: fixed String.prototype.split() for unicode strings.
*) Bugfix: fixed heap-buffer-overflow in String.prototype.split().
*) Bugfix: fixed Array.prototype.fill().
Thanks to Artem S. Povalyukhin.
*) Improvement: code related to function invocation is refactored.
Thanks to 洪志道 (Hong Zhi Dao).
*) Improvement: code related to variables is refactored.
Thanks to 洪志道 (Hong Zhi Dao).
*) Improvement: parser is refactored.
Thanks to 洪志道 (Hong Zhi Dao).
*) Improvement: reporting filenames in exceptions.
Changes with nginx 1.15.9 26 Feb 2019
*) Feature: variables support in the "ssl_certificate" and
"ssl_certificate_key" directives.
*) Feature: the "poll" method is now available on Windows when using
Windows Vista or newer.
*) Bugfix: if the "select" method was used on Windows and an error
occurred while establishing a backend connection, nginx waited for
the connection establishment timeout to expire.
*) Bugfix: the "proxy_upload_rate" and "proxy_download_rate" directives
in the stream module worked incorrectly when proxying UDP datagrams.
--
Maxim Dounin
http://nginx.org/
Hi,
A security issue was identified in NGINX Unit, which might allow an
attacker to cause a heap memory buffer overflow in the router process
with a specially crafted request. This may result in a denial of
service (router process crash) or other unspecified behavior
(CVE-2019-7401).
The issue affects Unit 0.3 - 1.7.
The issue is fixed in Unit 1.7.1.
wbr, Valentin V. Bartenev
Hi,
This is a bugfix release of NGINX Unit that eliminates a security flaw.
All versions of Unit from 0.3 to 1.7 are affected.
Everybody is strongly advised to update to a new version.
Changes with Unit 1.7.1 07 Feb 2019
*) Security: a heap memory buffer overflow might have been caused in the
router process by a specially crafted request, potentially resulting
in a segmentation fault or other unspecified behavior
(CVE-2019-7401).
*) Bugfix: install of Go module failed without prior building of Unit
daemon; the bug had appeared in 1.7.
Release of Unit 1.8 with support for internal request routing and an
experimental Java module is planned for end of February.
wbr, Valentin V. Bartenev