From mdounin at mdounin.ru Wed Jan 22 14:02:18 2014 From: mdounin at mdounin.ru (Maxim Dounin) Date: Wed, 22 Jan 2014 18:02:18 +0400 Subject: [nginx-announce] nginx-1.5.9 Message-ID: <20140122140218.GL1835@mdounin.ru> Changes with nginx 1.5.9 22 Jan 2014 *) Change: now nginx expects escaped URIs in "X-Accel-Redirect" headers. *) Feature: the "ssl_buffer_size" directive. *) Feature: the "limit_rate" directive can now be used to rate limit responses sent in SPDY connections. *) Feature: the "spdy_chunk_size" directive. *) Feature: the "ssl_session_tickets" directive. Thanks to Dirkjan Bussink. *) Bugfix: the $ssl_session_id variable contained full session serialized instead of just a session id. Thanks to Ivan Risti?. *) Bugfix: nginx incorrectly handled escaped "?" character in the "include" SSI command. *) Bugfix: the ngx_http_dav_module did not unescape destination URI of the COPY and MOVE methods. *) Bugfix: resolver did not understand domain names with a trailing dot. Thanks to Yichun Zhang. *) Bugfix: alerts "zero size buf in output" might appear in logs while proxying; the bug had appeared in 1.3.9. *) Bugfix: a segmentation fault might occur in a worker process if the ngx_http_spdy_module was used. *) Bugfix: proxied WebSocket connections might hang right after handshake if the select, poll, or /dev/poll methods were used. *) Bugfix: the "xclient" directive of the mail proxy module incorrectly handled IPv6 client addresses. -- Maxim Dounin http://nginx.org/en/donation.html From mdounin at mdounin.ru Tue Feb 4 13:45:49 2014 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 4 Feb 2014 17:45:49 +0400 Subject: [nginx-announce] nginx-1.5.10 Message-ID: <20140204134549.GD1835@mdounin.ru> Changes with nginx 1.5.10 04 Feb 2014 *) Feature: the ngx_http_spdy_module now uses SPDY 3.1 protocol. Thanks to Automattic and MaxCDN for sponsoring this work. *) Feature: the ngx_http_mp4_module now skips tracks too short for a seek requested. *) Bugfix: a segmentation fault might occur in a worker process if the $ssl_session_id variable was used in logs; the bug had appeared in 1.5.9. *) Bugfix: the $date_local and $date_gmt variables used wrong format outside of the ngx_http_ssi_filter_module. *) Bugfix: client connections might be immediately closed if deferred accept was used; the bug had appeared in 1.3.15. *) Bugfix: alerts "getsockopt(TCP_FASTOPEN) ... failed" appeared in logs during binary upgrade on Linux; the bug had appeared in 1.5.8. Thanks to Piotr Sikora. -- Maxim Dounin http://nginx.org/en/donation.html From mdounin at mdounin.ru Tue Feb 11 14:10:56 2014 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 11 Feb 2014 18:10:56 +0400 Subject: [nginx-announce] nginx-1.4.5 Message-ID: <20140211141056.GV1835@mdounin.ru> Changes with nginx 1.4.5 11 Feb 2014 *) Bugfix: the $ssl_session_id variable contained full session serialized instead of just a session id. Thanks to Ivan Risti?. *) Bugfix: client connections might be immediately closed if deferred accept was used; the bug had appeared in 1.3.15. *) Bugfix: alerts "zero size buf in output" might appear in logs while proxying; the bug had appeared in 1.3.9. *) Bugfix: a segmentation fault might occur in a worker process if the ngx_http_spdy_module was used. *) Bugfix: proxied WebSocket connections might hang right after handshake if the select, poll, or /dev/poll methods were used. *) Bugfix: a timeout might occur while reading client request body in an SSL connection using chunked transfer encoding. *) Bugfix: memory leak in nginx/Windows. -- Maxim Dounin http://nginx.org/en/donation.html From mdounin at mdounin.ru Tue Mar 4 15:23:26 2014 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 4 Mar 2014 19:23:26 +0400 Subject: [nginx-announce] nginx-1.5.11 Message-ID: <20140304152326.GU34696@mdounin.ru> Changes with nginx 1.5.11 04 Mar 2014 *) Security: memory corruption might occur in a worker process on 32-bit platforms while handling a specially crafted request by ngx_http_spdy_module, potentially resulting in arbitrary code execution (CVE-2014-0088); the bug had appeared in 1.5.10. Thanks to Lucas Molas, researcher at Programa STIC, Fundaci?n Dr. Manuel Sadosky, Buenos Aires, Argentina. *) Feature: the $ssl_session_reused variable. *) Bugfix: the "client_max_body_size" directive might not work when reading a request body using chunked transfer encoding; the bug had appeared in 1.3.9. Thanks to Lucas Molas. *) Bugfix: a segmentation fault might occur in a worker process when proxying WebSocket connections. *) Bugfix: a segmentation fault might occur in a worker process if the ngx_http_spdy_module was used on 32-bit platforms; the bug had appeared in 1.5.10. *) Bugfix: the $upstream_status variable might contain wrong data if the "proxy_cache_use_stale" or "proxy_cache_revalidate" directives were used. Thanks to Piotr Sikora. *) Bugfix: a segmentation fault might occur in a worker process if errors with code 400 were redirected to a named location using the "error_page" directive. *) Bugfix: nginx/Windows could not be built with Visual Studio 2013. -- Maxim Dounin http://nginx.org/en/donation.html From mdounin at mdounin.ru Tue Mar 4 15:23:58 2014 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 4 Mar 2014 19:23:58 +0400 Subject: [nginx-announce] nginx-1.4.6 Message-ID: <20140304152358.GY34696@mdounin.ru> Changes with nginx 1.4.6 04 Mar 2014 *) Bugfix: the "client_max_body_size" directive might not work when reading a request body using chunked transfer encoding; the bug had appeared in 1.3.9. Thanks to Lucas Molas. *) Bugfix: a segmentation fault might occur in a worker process when proxying WebSocket connections. -- Maxim Dounin http://nginx.org/en/donation.html From mdounin at mdounin.ru Tue Mar 4 15:24:24 2014 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 4 Mar 2014 19:24:24 +0400 Subject: [nginx-announce] nginx security advisory (CVE-2014-0088) Message-ID: <20140304152423.GC34696@mdounin.ru> Hello! A bug in the experimental SPDY implementation in nginx 1.5.10 was found, which might allow an attacker to corrupt worker process memory by using a specially crafted request, potentially resulting in arbitrary code execution (CVE-2014-0088). The problem only affects nginx 1.5.10 on 32-bit platforms, compiled with the ngx_http_spdy_module module (which is not compiled by default), if the "spdy" option of the "listen" directive is used in a configuration file. The problem is fixed in nginx 1.5.11. Patch for the problem can be found here: http://nginx.org/download/patch.2014.spdy.txt Thanks to Lucas Molas, researcher at Programa STIC, Fundaci?n Dr. Manuel Sadosky, Buenos Aires, Argentina. -- Maxim Dounin http://nginx.org/en/donation.html From mdounin at mdounin.ru Tue Mar 18 16:44:39 2014 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 18 Mar 2014 20:44:39 +0400 Subject: [nginx-announce] nginx-1.5.12 Message-ID: <20140318164439.GA34696@mdounin.ru> Changes with nginx 1.5.12 18 Mar 2014 *) Security: a heap memory buffer overflow might occur in a worker process while handling a specially crafted request by ngx_http_spdy_module, potentially resulting in arbitrary code execution (CVE-2014-0133). Thanks to Lucas Molas, researcher at Programa STIC, Fundaci?n Dr. Manuel Sadosky, Buenos Aires, Argentina. *) Feature: the "proxy_protocol" parameters of the "listen" and "real_ip_header" directives, the $proxy_protocol_addr variable. *) Bugfix: in the "fastcgi_next_upstream" directive. Thanks to Lucas Molas. -- Maxim Dounin http://nginx.org/en/donation.html From mdounin at mdounin.ru Tue Mar 18 16:45:02 2014 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 18 Mar 2014 20:45:02 +0400 Subject: [nginx-announce] nginx-1.4.7 Message-ID: <20140318164502.GE34696@mdounin.ru> Changes with nginx 1.4.7 18 Mar 2014 *) Security: a heap memory buffer overflow might occur in a worker process while handling a specially crafted request by ngx_http_spdy_module, potentially resulting in arbitrary code execution (CVE-2014-0133). Thanks to Lucas Molas, researcher at Programa STIC, Fundaci?n Dr. Manuel Sadosky, Buenos Aires, Argentina. *) Bugfix: in the "fastcgi_next_upstream" directive. Thanks to Lucas Molas. -- Maxim Dounin http://nginx.org/en/donation.html From mdounin at mdounin.ru Tue Mar 18 16:45:47 2014 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 18 Mar 2014 20:45:47 +0400 Subject: [nginx-announce] nginx security advisory (CVE-2014-0133) Message-ID: <20140318164546.GI34696@mdounin.ru> Hello! A bug in the experimental SPDY implementation in nginx was found, which might allow an attacker to cause a heap memory buffer overflow in a worker process by using a specially crafted request, potentially resulting in arbitrary code execution (CVE-2014-0133). The problem affects nginx 1.3.15 - 1.5.11, compiled with the ngx_http_spdy_module module (which is not compiled by default) and without --with-debug configure option, if the "spdy" option of the "listen" directive is used in a configuration file. The problem is fixed in nginx 1.5.12, 1.4.7. Patch for the problem can be found here: http://nginx.org/download/patch.2014.spdy2.txt Thanks to Lucas Molas, researcher at Programa STIC, Fundaci?n Dr. Manuel Sadosky, Buenos Aires, Argentina. -- Maxim Dounin http://nginx.org/en/donation.html From mdounin at mdounin.ru Tue Apr 8 14:34:13 2014 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 8 Apr 2014 18:34:13 +0400 Subject: [nginx-announce] nginx-1.5.13 Message-ID: <20140408143412.GD34696@mdounin.ru> Changes with nginx 1.5.13 08 Apr 2014 *) Change: improved hash table handling; the default values of the "variables_hash_max_size" and "types_hash_bucket_size" were changed to 1024 and 64 respectively. *) Feature: the ngx_http_mp4_module now supports the "end" argument. *) Feature: byte ranges support in the ngx_http_mp4_module and while saving responses to cache. *) Bugfix: alerts "ngx_slab_alloc() failed: no memory" no longer logged when using shared memory in the "ssl_session_cache" directive and in the ngx_http_limit_req_module. *) Bugfix: the "underscores_in_headers" directive did not allow underscore as a first character of a header. Thanks to Piotr Sikora. *) Bugfix: cache manager might hog CPU on exit in nginx/Windows. *) Bugfix: nginx/Windows terminated abnormally if the "ssl_session_cache" directive was used with the "shared" parameter. *) Bugfix: in the ngx_http_spdy_module. -- Maxim Dounin http://nginx.org/en/donation.html From mdounin at mdounin.ru Thu Apr 24 13:14:09 2014 From: mdounin at mdounin.ru (Maxim Dounin) Date: Thu, 24 Apr 2014 17:14:09 +0400 Subject: [nginx-announce] nginx-1.6.0 Message-ID: <20140424131409.GW34696@mdounin.ru> Changes with nginx 1.6.0 24 Apr 2014 *) 1.6.x stable branch. -- Maxim Dounin http://nginx.org/en/donation.html From mdounin at mdounin.ru Thu Apr 24 13:15:35 2014 From: mdounin at mdounin.ru (Maxim Dounin) Date: Thu, 24 Apr 2014 17:15:35 +0400 Subject: [nginx-announce] nginx-1.7.0 Message-ID: <20140424131535.GA34696@mdounin.ru> Changes with nginx 1.7.0 24 Apr 2014 *) Feature: backend SSL certificate verification. *) Feature: support for SNI while working with SSL backends. *) Feature: the $ssl_server_name variable. *) Feature: the "if" parameter of the "access_log" directive. -- Maxim Dounin http://nginx.org/en/donation.html From mdounin at mdounin.ru Tue May 27 14:09:54 2014 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 27 May 2014 18:09:54 +0400 Subject: [nginx-announce] nginx-1.7.1 Message-ID: <20140527140954.GN1849@mdounin.ru> Changes with nginx 1.7.1 27 May 2014 *) Feature: the "$upstream_cookie_..." variables. *) Feature: the $ssl_client_fingerprint variable. *) Feature: the "error_log" and "access_log" directives now support logging to syslog. *) Feature: the mail proxy now logs client port on connect. *) Bugfix: memory leak if the "ssl_stapling" directive was used. Thanks to Filipe da Silva. *) Bugfix: the "alias" directive used inside a location given by a regular expression worked incorrectly if the "if" or "limit_except" directives were used. *) Bugfix: the "charset" directive did not set a charset to encoded backend responses. *) Bugfix: a "proxy_pass" directive without URI part might use original request after the $args variable was set. Thanks to Yichun Zhang. *) Bugfix: in the "none" parameter in the "smtp_auth" directive; the bug had appeared in 1.5.6. Thanks to Svyatoslav Nikolsky. *) Bugfix: if sub_filter and SSI were used together, then responses might be transferred incorrectly. *) Bugfix: nginx could not be built with the --with-file-aio option on Linux/aarch64. -- Maxim Dounin http://nginx.org/en/donation.html From mdounin at mdounin.ru Tue Jun 17 13:35:35 2014 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 17 Jun 2014 17:35:35 +0400 Subject: [nginx-announce] nginx-1.7.2 Message-ID: <20140617133535.GN1849@mdounin.ru> Changes with nginx 1.7.2 17 Jun 2014 *) Feature: the "hash" directive inside the "upstream" block. *) Feature: defragmentation of free shared memory blocks. Thanks to Wandenberg Peixoto and Yichun Zhang. *) Bugfix: a segmentation fault might occur in a worker process if the default value of the "access_log" directive was used; the bug had appeared in 1.7.0. Thanks to Piotr Sikora. *) Bugfix: trailing slash was mistakenly removed from the last parameter of the "try_files" directive. *) Bugfix: nginx could not be built on OS X in some cases. *) Bugfix: in the ngx_http_spdy_module. -- Maxim Dounin http://nginx.org/en/donation.html From mdounin at mdounin.ru Tue Jul 8 13:45:34 2014 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 8 Jul 2014 17:45:34 +0400 Subject: [nginx-announce] nginx-1.7.3 Message-ID: <20140708134534.GU1849@mdounin.ru> Changes with nginx 1.7.3 08 Jul 2014 *) Feature: weak entity tags are now preserved on response modifications, and strong ones are changed to weak. *) Feature: cache revalidation now uses If-None-Match header if possible. *) Feature: the "ssl_password_file" directive. *) Bugfix: the If-None-Match request header line was ignored if there was no Last-Modified header in a response returned from cache. *) Bugfix: "peer closed connection in SSL handshake" messages were logged at "info" level instead of "error" while connecting to backends. *) Bugfix: in the ngx_http_dav_module module in nginx/Windows. *) Bugfix: SPDY connections might be closed prematurely if caching was used. -- Maxim Dounin http://nginx.org/en/donation.html From mdounin at mdounin.ru Tue Aug 5 13:56:09 2014 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 5 Aug 2014 17:56:09 +0400 Subject: [nginx-announce] nginx-1.7.4 Message-ID: <20140805135609.GH1849@mdounin.ru> Changes with nginx 1.7.4 05 Aug 2014 *) Security: pipelined commands were not discarded after STARTTLS command in SMTP proxy (CVE-2014-3556); the bug had appeared in 1.5.6. Thanks to Chris Boulton. *) Change: URI escaping now uses uppercase hexadecimal digits. Thanks to Piotr Sikora. *) Feature: now nginx can be build with BoringSSL and LibreSSL. Thanks to Piotr Sikora. *) Bugfix: requests might hang if resolver was used and a DNS server returned a malformed response; the bug had appeared in 1.5.8. *) Bugfix: in the ngx_http_spdy_module. Thanks to Piotr Sikora. *) Bugfix: the $uri variable might contain garbage when returning errors with code 400. Thanks to Sergey Bobrov. *) Bugfix: in error handling in the "proxy_store" directive and the ngx_http_dav_module. Thanks to Feng Gu. *) Bugfix: a segmentation fault might occur if logging of errors to syslog was used; the bug had appeared in 1.7.1. *) Bugfix: the $geoip_latitude, $geoip_longitude, $geoip_dma_code, and $geoip_area_code variables might not work. Thanks to Yichun Zhang. *) Bugfix: in memory allocation error handling. Thanks to Tatsuhiko Kubo and Piotr Sikora. -- Maxim Dounin http://nginx.org/en/donation.html From mdounin at mdounin.ru Tue Aug 5 13:56:43 2014 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 5 Aug 2014 17:56:43 +0400 Subject: [nginx-announce] nginx-1.6.1 Message-ID: <20140805135643.GL1849@mdounin.ru> Changes with nginx 1.6.1 05 Aug 2014 *) Security: pipelined commands were not discarded after STARTTLS command in SMTP proxy (CVE-2014-3556); the bug had appeared in 1.5.6. Thanks to Chris Boulton. *) Bugfix: the $uri variable might contain garbage when returning errors with code 400. Thanks to Sergey Bobrov. *) Bugfix: in the "none" parameter in the "smtp_auth" directive; the bug had appeared in 1.5.6. Thanks to Svyatoslav Nikolsky. -- Maxim Dounin http://nginx.org/en/donation.html From mdounin at mdounin.ru Tue Aug 5 13:57:11 2014 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 5 Aug 2014 17:57:11 +0400 Subject: [nginx-announce] nginx security advisory (CVE-2014-3556) Message-ID: <20140805135710.GP1849@mdounin.ru> Hello! A bug in nginx SMTP proxy was found, which allows an attacker in a privileged network position to inject commands into SSL sessions started with the STARTTLS command, potentially making it possible to steal sensitive information sent by clients (CVE-2014-3556). The problem affects nginx 1.5.6 - 1.7.3. The problem is fixed in nginx 1.7.4, 1.6.1. Patch for the problem can be found here: http://nginx.org/download/patch.2014.starttls.txt Thanks to Chris Boulton for discovering this. -- Maxim Dounin http://nginx.org/en/donation.html From mdounin at mdounin.ru Tue Sep 16 14:46:25 2014 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 16 Sep 2014 18:46:25 +0400 Subject: [nginx-announce] nginx-1.7.5 Message-ID: <20140916144625.GI59236@mdounin.ru> Changes with nginx 1.7.5 16 Sep 2014 *) Security: it was possible to reuse SSL sessions in unrelated contexts if a shared SSL session cache or the same TLS session ticket key was used for multiple "server" blocks (CVE-2014-3616). Thanks to Antoine Delignat-Lavaud. *) Change: now the "stub_status" directive does not require a parameter. *) Feature: the "always" parameter of the "add_header" directive. *) Feature: the "proxy_next_upstream_tries", "proxy_next_upstream_timeout", "fastcgi_next_upstream_tries", "fastcgi_next_upstream_timeout", "memcached_next_upstream_tries", "memcached_next_upstream_timeout", "scgi_next_upstream_tries", "scgi_next_upstream_timeout", "uwsgi_next_upstream_tries", and "uwsgi_next_upstream_timeout" directives. *) Bugfix: in the "if" parameter of the "access_log" directive. *) Bugfix: in the ngx_http_perl_module. Thanks to Piotr Sikora. *) Bugfix: the "listen" directive of the mail proxy module did not allow to specify more than two parameters. *) Bugfix: the "sub_filter" directive did not work with a string to replace consisting of a single character. *) Bugfix: requests might hang if resolver was used and a timeout occurred during a DNS request. *) Bugfix: in the ngx_http_spdy_module when using with AIO. *) Bugfix: a segmentation fault might occur in a worker process if the "set" directive was used to change the "$http_...", "$sent_http_...", or "$upstream_http_..." variables. *) Bugfix: in memory allocation error handling. Thanks to Markus Linnala and Feng Gu. -- Maxim Dounin http://nginx.org/en/donation.html From mdounin at mdounin.ru Tue Sep 16 14:46:57 2014 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 16 Sep 2014 18:46:57 +0400 Subject: [nginx-announce] nginx-1.6.2 Message-ID: <20140916144657.GM59236@mdounin.ru> Changes with nginx 1.6.2 16 Sep 2014 *) Security: it was possible to reuse SSL sessions in unrelated contexts if a shared SSL session cache or the same TLS session ticket key was used for multiple "server" blocks (CVE-2014-3616). Thanks to Antoine Delignat-Lavaud. *) Bugfix: requests might hang if resolver was used and a DNS server returned a malformed response; the bug had appeared in 1.5.8. *) Bugfix: requests might hang if resolver was used and a timeout occurred during a DNS request. -- Maxim Dounin http://nginx.org/en/donation.html From mdounin at mdounin.ru Tue Sep 16 14:47:20 2014 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 16 Sep 2014 18:47:20 +0400 Subject: [nginx-announce] nginx security advisory (CVE-2014-3616) Message-ID: <20140916144720.GQ59236@mdounin.ru> Hello! A problem with SSL session cache in nginx was identified by Antoine Delignat-Lavaud. It was possible to reuse cached SSL sessions in unrelated contexts, allowing virtual host confusion attacks in some configurations by an attacker in a privileged network position (CVE-2014-3616). The problem affects nginx 0.5.6 - 1.7.4 if the same shared ssl_session_cache and/or ssl_session_ticket_key are used for multiple server{} blocks. The problem is fixed in nginx 1.7.5, 1.6.2. Further details can be found in the paper by Antoine Delignat-Lavaud et al., available at http://bh.ht.vc/vhost_confusion.pdf. -- Maxim Dounin http://nginx.org/en/donation.html From mdounin at mdounin.ru Tue Sep 30 14:01:20 2014 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 30 Sep 2014 18:01:20 +0400 Subject: [nginx-announce] nginx-1.7.6 Message-ID: <20140930140120.GH69200@mdounin.ru> Changes with nginx 1.7.6 30 Sep 2014 *) Change: the deprecated "limit_zone" directive is not supported anymore. *) Feature: the "limit_conn_zone" and "limit_req_zone" directives now can be used with combinations of multiple variables. *) Bugfix: request body might be transmitted incorrectly when retrying a FastCGI request to the next upstream server. *) Bugfix: in logging to syslog. -- Maxim Dounin http://nginx.org/en/donation.html From mdounin at mdounin.ru Tue Oct 28 15:32:03 2014 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 28 Oct 2014 18:32:03 +0300 Subject: [nginx-announce] nginx-1.7.7 Message-ID: <20141028153203.GS45418@mdounin.ru> Changes with nginx 1.7.7 28 Oct 2014 *) Change: now nginx takes into account the "Vary" header line in a backend response while caching. *) Feature: the "proxy_force_ranges", "fastcgi_force_ranges", "scgi_force_ranges", and "uwsgi_force_ranges" directives. *) Feature: the "proxy_limit_rate", "fastcgi_limit_rate", "scgi_limit_rate", and "uwsgi_limit_rate" directives. *) Feature: the "Vary" parameter of the "proxy_ignore_headers", "fastcgi_ignore_headers", "scgi_ignore_headers", and "uwsgi_ignore_headers" directives. *) Bugfix: the last part of a response received from a backend with unbufferred proxy might not be sent to a client if "gzip" or "gunzip" directives were used. *) Bugfix: in the "proxy_cache_revalidate" directive. Thanks to Piotr Sikora. *) Bugfix: in error handling. Thanks to Yichun Zhang and Daniil Bondarev. *) Bugfix: in the "proxy_next_upstream_tries" and "proxy_next_upstream_timeout" directives. Thanks to Feng Gu. *) Bugfix: nginx/Windows could not be built with MinGW-w64 gcc. Thanks to Kouhei Sutou. -- Maxim Dounin http://nginx.org/en/donation.html From mdounin at mdounin.ru Tue Dec 2 13:49:37 2014 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 2 Dec 2014 16:49:37 +0300 Subject: [nginx-announce] nginx-1.7.8 Message-ID: <20141202134937.GU24053@mdounin.ru> Changes with nginx 1.7.8 02 Dec 2014 *) Change: now the "If-Modified-Since", "If-Range", etc. client request header lines are passed to a backend while caching if nginx knows in advance that the response will not be cached (e.g., when using proxy_cache_min_uses). *) Change: now after proxy_cache_lock_timeout nginx sends a request to a backend with caching disabled; the new directives "proxy_cache_lock_age", "fastcgi_cache_lock_age", "scgi_cache_lock_age", and "uwsgi_cache_lock_age" specify a time after which the lock will be released and another attempt to cache a response will be made. *) Change: the "log_format" directive can now be used only at http level. *) Feature: the "proxy_ssl_certificate", "proxy_ssl_certificate_key", "proxy_ssl_password_file", "uwsgi_ssl_certificate", "uwsgi_ssl_certificate_key", and "uwsgi_ssl_password_file" directives. Thanks to Piotr Sikora. *) Feature: it is now possible to switch to a named location using "X-Accel-Redirect". Thanks to Toshikuni Fukaya. *) Feature: now the "tcp_nodelay" directive works with SPDY connections. *) Feature: new directives in vim syntax highliting scripts. Thanks to Peter Wu. *) Bugfix: nginx ignored the "s-maxage" value in the "Cache-Control" backend response header line. Thanks to Piotr Sikora. *) Bugfix: in the ngx_http_spdy_module. Thanks to Piotr Sikora. *) Bugfix: in the "ssl_password_file" directive when using OpenSSL 0.9.8zc, 1.0.0o, 1.0.1j. *) Bugfix: alerts "header already sent" appeared in logs if the "post_action" directive was used; the bug had appeared in 1.5.4. *) Bugfix: alerts "the http output chain is empty" might appear in logs if the "postpone_output 0" directive was used with SSI includes. *) Bugfix: in the "proxy_cache_lock" directive with SSI subrequests. Thanks to Yichun Zhang. -- Maxim Dounin http://nginx.org/en/donation.html From mdounin at mdounin.ru Tue Dec 23 15:39:25 2014 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 23 Dec 2014 18:39:25 +0300 Subject: [nginx-announce] nginx-1.7.9 Message-ID: <20141223153925.GZ79300@mdounin.ru> Changes with nginx 1.7.9 23 Dec 2014 *) Feature: variables support in the "proxy_cache", "fastcgi_cache", "scgi_cache", and "uwsgi_cache" directives. *) Feature: variables support in the "expires" directive. *) Feature: loading of secret keys from hardware tokens with OpenSSL engines. Thanks to Dmitrii Pichulin. *) Feature: the "autoindex_format" directive. *) Bugfix: cache revalidation is now only used for responses with 200 and 206 status codes. Thanks to Piotr Sikora. *) Bugfix: the "TE" client request header line was passed to backends while proxying. *) Bugfix: the "proxy_pass", "fastcgi_pass", "scgi_pass", and "uwsgi_pass" directives might not work correctly inside the "if" and "limit_except" blocks. *) Bugfix: the "proxy_store" directive with the "on" parameter was ignored if the "proxy_store" directive with an explicitly specified file path was used on a previous level. *) Bugfix: nginx could not be built with BoringSSL. Thanks to Lukas Tribus. -- Maxim Dounin http://nginx.org/en/donation.html