From xeioex at nginx.com Wed Feb 7 23:18:08 2024 From: xeioex at nginx.com (Dmitry Volyntsev) Date: Wed, 7 Feb 2024 15:18:08 -0800 Subject: [nginx-announce] njs-0.8.3 Message-ID: <63f4277a-fe47-490c-9095-78c05bbde9a4@nginx.com> Hello, I'm glad to announce a new release of NGINX JavaScript module (njs). This release focuses on stabilization of recently released features and fixing bugs found by various fuzzers. Learn more about njs: - Overview and introduction:       https://nginx.org/en/docs/njs/ - NGINX JavaScript in Your Web Server Configuration:       https://youtu.be/Jc_L6UffFOs - Extending NGINX with Custom Code:       https://youtu.be/0CVhq4AUU7M - Using node modules with njs:       https://nginx.org/en/docs/njs/node_modules.html - Writing njs code using TypeScript definition files:       https://nginx.org/en/docs/njs/typescript.html Feel free to try it and give us feedback on: - Github:       https://github.com/nginx/njs/issues - Mailing list:       https://mailman.nginx.org/mailman/listinfo/nginx-devel Additional examples and howtos can be found here: - Github:       https://github.com/nginx/njs-examples Changes with njs 0.8.3                                       07 Feb 2024     nginx modules:     *) Bugfix: fixed Headers.set().     *) Bugfix: fixed js_set with Buffer values.     *) Bugfix: fixed clear() method of a shared dictionary when        timeout is not specified.     *) Bugfix: fixed stub_status statistic when js_periodic is        enabled.     Core:     *) Bugfix: fixed building with libxml2 2.12 and later.     *) Bugfix: fixed Date constructor for overflows and with        NaN values.     *) Bugfix: fixed underflow in querystring.parse().     *) Bugfix: fixed potential buffer overread in        String.prototype.match().     *) Bugfix: fixed parsing of for-in loops.     *) Bugfix: fixed parsing of hexadecimal, octal, and binary        literals with no digits. From pluknet at nginx.com Wed Feb 14 16:59:24 2024 From: pluknet at nginx.com (Sergey Kandaurov) Date: Wed, 14 Feb 2024 20:59:24 +0400 Subject: [nginx-announce] nginx-1.25.4 Message-ID: <2E617EAC-A6FD-4E78-B010-3139A768F95F@nginx.com> Changes with nginx 1.25.4 14 Feb 2024 *) Security: when using HTTP/3 a segmentation fault might occur in a worker process while processing a specially crafted QUIC session (CVE-2024-24989, CVE-2024-24990). *) Bugfix: connections with pending AIO operations might be closed prematurely during graceful shutdown of old worker processes. *) Bugfix: socket leak alerts no longer logged when fast shutdown was requested after graceful shutdown of old worker processes. *) Bugfix: a socket descriptor error, a socket leak, or a segmentation fault in a worker process (for SSL proxying) might occur if AIO was used in a subrequest. *) Bugfix: a segmentation fault might occur in a worker process if SSL proxying was used along with the "image_filter" directive and errors with code 415 were redirected with the "error_page" directive. *) Bugfixes and improvements in HTTP/3. -- Sergey Kandaurov From pluknet at nginx.com Wed Feb 14 17:00:05 2024 From: pluknet at nginx.com (Sergey Kandaurov) Date: Wed, 14 Feb 2024 21:00:05 +0400 Subject: [nginx-announce] nginx security advisory (CVE-2024-24989, CVE-2024-24990) Message-ID: <21ED6988-AEC3-4597-AE21-F1453DD8A506@nginx.com> Two security issues were identified in nginx HTTP/3 implementation, which might allow an attacker that uses a specially crafted QUIC session to cause a worker process crash (CVE-2024-24989, CVE-2024-24990) or might have potential other impact (CVE-2024-24990). The issues affect nginx compiled with the ngx_http_v3_module (not compiled by default) if the "quic" option of the "listen" directive is used in a configuration file. The issue affects nginx 1.25.0 - 1.25.3. The issue is fixed in nginx 1.25.4. -- Sergey Kandaurov From arut at nginx.com Tue Apr 16 16:41:03 2024 From: arut at nginx.com (Roman Arutyunyan) Date: Tue, 16 Apr 2024 20:41:03 +0400 Subject: [nginx-announce] nginx-1.25.5 Message-ID: <6C5DA3C3-4A74-46BF-97C1-F6C648E6EEB3@nginx.com> Changes with nginx 1.25.5 16 Apr 2024 *) Feature: virtual servers in the stream module. *) Feature: the ngx_stream_pass_module. *) Feature: the "deferred", "accept_filter", and "setfib" parameters of the "listen" directive in the stream module. *) Feature: cache line size detection for some architectures. Thanks to Piotr Sikora. *) Feature: support for Homebrew on Apple Silicon. Thanks to Piotr Sikora. *) Bugfix: Windows cross-compilation bugfixes and improvements. Thanks to Piotr Sikora. *) Bugfix: unexpected connection closure while using 0-RTT in QUIC. Thanks to Vladimir Khomutov. ---- Roman Arutyunyan arut at nginx.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From xeioex at nginx.com Tue Apr 16 21:22:22 2024 From: xeioex at nginx.com (Dmitry Volyntsev) Date: Tue, 16 Apr 2024 14:22:22 -0700 Subject: [nginx-announce] njs-0.8.4 Message-ID: <13ef4551-a4df-4336-98f5-9dcefca1bf7e@nginx.com> Hello, I'm glad to announce a new release of NGINX JavaScript module (njs). This release introduced the initial QuickJS engine support in CLI as well as regular bugfixes. Notable new features: - QuickJS in njs CLI: : $ ./configure --cc-opt="-I/path/to/quickjs -L/path/to/quickjs" && make njs : $ ./build/njs -n QuickJS : : >> new Map() : [object Map] Learn more about njs: - Overview and introduction:       https://nginx.org/en/docs/njs/ - NGINX JavaScript in Your Web Server Configuration:       https://youtu.be/Jc_L6UffFOs - Extending NGINX with Custom Code:       https://youtu.be/0CVhq4AUU7M - Using node modules with njs:       https://nginx.org/en/docs/njs/node_modules.html - Writing njs code using TypeScript definition files:       https://nginx.org/en/docs/njs/typescript.html Feel free to try it and give us feedback on: - Github:       https://github.com/nginx/njs/issues - Mailing list:       https://mailman.nginx.org/mailman/listinfo/nginx-devel Additional examples and howtos can be found here: - Github:       https://github.com/nginx/njs-examples Changes with njs 0.8.4                                       16 Apr 2024     nginx modules:     *) Feature: allowing to set Server header for outgoing headers.     *) Improvement: validating URI and args arguments in r.subrequest().     *) Improvement: checking for duplicate js_set variables.     *) Bugfix: fixed clear() method of a shared dictionary without        timeout introduced in 0.8.3.     *) Bugfix: fixed r.send() with Buffer argument.     Core:     *) Feature: added QuickJS engine support in CLI.     *) Bugfix: fixed atob() with non-padded base64 strings. From arut at nginx.com Tue Apr 23 17:50:47 2024 From: arut at nginx.com (Roman Arutyunyan) Date: Tue, 23 Apr 2024 21:50:47 +0400 Subject: [nginx-announce] nginx-1.26.0 Message-ID: <4DB3A4BA-AD05-4969-AE34-F70029A9CB7C@nginx.com> Changes with nginx 1.26.0 23 Apr 2024 *) 1.26.x stable branch. ---- Roman Arutyunyan arut at nginx.com