[ANN] OpenResty 1.13.6.2 released

Yichun Zhang (agentzh) agentzh at gmail.com
Wed May 16 22:47:52 UTC 2018


Hi folks!

I am happy to announce the new formal release, 1.13.6.2, of the
OpenResty web platform based on NGINX and LuaJIT:

    https://openresty.org/en/download.html

The (portable) source code distribution, the Win32/Win64 binary
distributions, and the pre-built binary Linux packages for Ubuntu,
Debian, Fedora, CentOS, RHEL, Amazon Linux are provided on this
Download page.

Starting from this release, we provide official 64-bit Windows native
binary package for OpenResty. We also provide new yum package
repositories for Ubuntu 18.04 Bionic.

The next OpenResty release will be based on the nginx core 1.13.12 or
a version in the upcoming nginx 1.15.x series.

Special thanks go to all our developers and contributors! And thanks
OpenResty Inc. (https://openresty.com/ ) for sponsoring a lot of the
OpenResty core development work.

We have the following highlights in this release:

1. We now have full official support for the OpenSSL 1.1.0 series (the
last tested version is OpenSSL 1.1.0h).

2. We now provide official 64-bit Windows native binary packages for OpenResty.

3. We now provide a new table.clone() builtin Lua API function in our
bundled version of LuaJIT, which can also be JIT compiled.

4. We now provide UDP downstream cosocket API in our ngx_stream_lua
module. Now the community can build high performance UDP server
applications with Lua atop OpenResty.

5. New flush_all() method added to our lua-resty-lrucache Lua library.

6. Our resty command-line utility's startup/exit time is significantly
reduced on *NIX systems. Now it takes only ~10ms to run a hello world
program on a mid-2015 Macbook Pro.

7. We now avoid running Lua VM instances in NGINX's helper processes
like "cache loader" and "cache manager" to reduce memory footprint in those
processes.

8. New raw_client_addr() function added to the ngx.ssl Lua module.

9. New ngx.base64 module added to lua-resty-core with new Lua API
functions encode_base64url() and decode_base64url().

10. Various time-related Lua APIs provided by ngx_lua are now
re-implemented via LuaJIT FFI in lua-resty-core so that they can be
JIT compiled and run much faster.

11. New lua_add_variable config directive provided by the
ngx_stream_lua module so that we can define new NGINX variables for
the stream subsystem.

12. New add_header() Lua API has been added to the new ngx.resp Lua
module to mimic NGINX's standard add_header directive on the Lua land.

13. Support for the optional "init_ttl" argument in shdict:incr()
method so that when the key is missing we can add a default TTL value
of our own.

14. Added the "local=on" and "local=/path/to/resolv.conf" options to
the standard "resolver" config directive. This can enable the use of
system-level nameserver configurations of /etc/resolv.conf, for
example, in nginx's own nonblocking DNS resolver.

The complete change log since the last (formal) release, 1.13.6.1:

 *   win64: distributing official 64-bit Windows binary packages for
     OpenResty using the MSYS2/MinGW toolchain.

 *   win32: now we build our official 32-bit Windows binary packages
     for OpenResty using the MSYS2/MinGW toolchain.

 *   win32: upgraded pcre to 8.42 and openssl to 1.1.0h.

 *   optimize: now the openresty build system ("./configure")
     automatically patches the resty command-line utility to use its
     own nginx binary so that it does not have to compute it at
     runtime (which is a bit expensive). this saves about 10ms (from
     for total 20ms to 10ms) for resty's startup time, as measured on
     a mid-2015 MBP. That's 50% reduction in total startup time! Yay!

 *   win32/win64: enabled ngx_stream_ssl_preread_module in our binary
     builds.

 *   bugfix: ./configure: relative paths in --add-dynamic-module=PATH
     option did not work. thanks catatsuy for the patch.

 *   feature: added a patch for the nginx core to add the "local=on"
     and "local=/path/to/resolv.conf" options to the standard
     "resolver" config directive. This can enable the use of
     system-level nameserver configurations of /etc/resolv.conf, for
     example, in nginx's own nonblocking DNS resolver. thanks Datong
     Sun for the patch.

 *   feature: added the "socket_cloexec" patch to ensure most of the
     nginx connections could be closed before child process
     terminates. thanks spacewander for the patch.

 *   feature: added patches to the nginx core to make sure
     ngx_stream_ssl_preread_module will not skip the rest of the
     preread phase when SNI server name parsing was successful.
     thanks Datong Sun for the patch.

 *   feature: ./configure: updated the stream subsystem related
     options from nginx 1.13.6. thanks hy05190134 for the patch.

 *   feature: added the SSL "sess_set_get_cb" yielding support patch
     for OpenSSL 1.1.0d and beyond. thanks spacewander for the patch.

 *   feature: applied the "init_cycle_pool_release" patch to nginx
     1.13.6+ cores to make it valgrind or asan clean.

 *   bugfix: we incorrectly removed the existing Makefile even for
     "./configure --help". thanks spacewander for the patch.

 *   feature: added information about OpenResty's commercial support
     in the default index.html page.

 *   opm: doc index: updated the LuaJIT 2.1's official docs to the
     latest version.

 *   upgraded resty-cli to 0.21.

     *   resty: got rid of prerequisite perl modules to improve
         startup time. Startup time has been significantly reduced on
         *NIX systems. No improvment on Win32 though. On my mid-2015
         MBP, the "resty -e "print(1)"" command's total time can drop
         from ~36ms to ~10ms. *bugfix: when the signal is received
         but the child process is already gone, resty incorrectly
         returned non-zero return code and output "No such process"
         error. thanks Datong Sun for the patch.

 *   upgraded opm to 0.0.5.

     *   bugfix: opm get: curl via HTTP proxies would complain about
         "bad response status line received". The first "Connection
         established" response might not come with any response
         header entries at all.

 *   upgraded ngx_lua to 0.10.13.

     *   feature: ngx.req.get_post_args(), ngx.req.get_uri_args(),
         ngx.req.get_headers(), ngx.resp.get_headers(), and
         ngx.decode_args() now would return an error string,
         "truncated", when the input exceeds the
         "max_args"/"max_headers" limits.

     *   feature: added support for the OpenSSL 1.1.0 serires. thanks
         Alessandro Ghedini for the original patch and the subsequent
         polishment work from Dejiang Zhu and spacewander.

     *   feature: added the "init_ttl" argument to the pure C
         function for the shdict:incr() API. thanks Thibault
         Charbonnier for the patch.

     *   feature: added support for the 308 status code in
         ngx.redirect(). thanks Mikhail Senin for the patch.

     *   feature: ssl: support enabling TLSv1.3 via the
         lua_ssl_protocols config directive. thanks Alessandro
         Ghedini for the patch.

     *   feature: "ngx_http_lua_ffi_set_resp_header()": now add an
         override flag argument to control whether to override
         existing resp headers. this feature is required by the new
         ngx.resp module's "add_header()" Lua API (in
         lua-resty-core). thanks spacewander for the patch.

     *   feature: allowed sending boolean and nil values in
         cosockets. thanks spacewander for the patch.

     *   feature: api.h: exposed the "ngx_http_lua_ffi_str_t" C data
         type for other Nginx C modules.

     *   feature: logged the tcp cosocket's remote end address when
         tcpsock:connect() times out and "lua_socket_log_errors" is
         on. This feature makes debug connect timeout errors easier,
         since domain name may map to different ip address in
         different time. thanks spacewander for the patch.

     *   bugfix: ngx.resp.get_headers(): the "max_headers" limit did
         not cover builtin headers.

     *   bugfix: "ngx_http_lua_ffi_ssl_set_serialized_session()":
         avoided memory leak when calling it repeatly.

     *   bugfix: we now throw a Lua exception when
         ngx.location.capture* Lua API is used inside an HTTP2
         request since it is known to lead to hanging.

     *   bugfix: nginx rewrite directive may initiate internal
         redirects without clearing any module ctx and
         rewrite_by_lua* handlers might think it was re-entered and
         thus it might lead to request hang. thanks twistedfall for
         the report.

     *   bugfix: avoided sharing the same code object for identical
         Lua inlined code chunks in different phases due to chunk
         name conflicts. thanks yandongxiao for the report and
         spacewander for the patch.

     *   bugfix: ngx.req.raw_header(): the first part of the header
         would be discarded when using single LF as delimiter and the
         number of headers is large enough. thanks tokers for the
         patch.

     *   bugfix: pure C API for ngx.var assignment: we failed to
         output the error message length. this might lead to error
         buffer overreads. thanks Ka-Hing Cheung for the patch.

     *   bugfix: the upper bound of port ranges should be 65535
         instead of 65536. thanks spacewander for the patch.

     *   bugfix: we did not always free up all connections when
         cleaning up socket pools. thanks spacewander for the patch.

     *   bugfix: use of lua-resty-core's ngx.re API in init_by_lua*
         might lead to memory issues during nginx HUP reload when no
         lua_shared_dict directives are used and the regex cache is
         enabled.

     *   change: switched to "SSL_version()" calls from
         "TLS1_get_version()". "TLS1_get_version" is a simple wrapper
         for "SSL_version" that returns 0 when used with DTLS.
         However, it was removed from BoringSSL in 2015 so instead
         use "SSL_version" directly. Note: BoringSSL is never an
         officially supported target for this module.
         "ngx_http_lua_ffi_ssl_get_tls1_version" can never be reached
         with DTLS so the behaviour is the same. thanks Tom Thorogood
         for the patch.

     *   optimize: switched exptime argument type to 'long' in the
         shdict FFI API to mitigate potential overflows. thanks
         Thibault Charbonnier for the patch.

     *   optimize: avoided the string copy in
         "ngx_http_lua_ffi_req_get_method_name()".

     *   optimize: corrected the initial table size of req socket
         objects. thanks spacewander for the patch.

     *   optimize: destroy the Lua VM and avoid running any
         init_worker_by_lua* code inside cache helper processes.
         thanks spacewander for the patch.

     *   doc: fixed an error message typo in "set_der_priv_key()".
         thanks Tom Thorogood for the patch.

     *   doc: mentioned that OpenResty includes its own version of
         LuaJIT which is specifically optmized and enhanced for
         OpenResty.

     *   doc: some typo fixes from hongliang.

     *   doc: setting ngx.header.HEADER no longer throws out an
         exception when the header is already sent out; it now just
         logs an error message. thanks yandongxiao for the patch.

     *   doc: typo fixes from yandongxiao.

     *   doc: typo fixes from tan jinhua.

     *   doc: fixed a typo in a code comment. thanks Alex Zhang for
         the patch.

 *   upgraded lua-resty-core to 0.1.15.

     *   feature: implemented ngx.resp module and its function
         add_header(). The ngx.resp module's "add_header" works like
         the "add_header" Nginx directive. Unlike the
         "ngx.header.HEADER=" API, this method appends new header to
         the old one instead of overriding any existing ones. Unlike
         the "add_header" directive, this method overrides the
         builtin header instead of appending to it. thanks
         spacewander for the patch.

     *   feature: the FFI version of the ngx.req.get_uri_args() and
         ngx.req.get_headers() API functions now would return an
         error string, "truncated", when the input exceeds the
         "max_args"/"max_headers" limits.

     *   bugfix: ngx.re: fixed a "split()" corner case when
         successtive separator characters are at the end of the
         subject string.

     *   bugfix: shdict: switched exptime argument type to 'long' to
         mitigate potential overflows.

     *   bugfix: ngx.ssl.session: avoided memory leaks when calling
         set_serialized_session repeatly. thanks spacewander for the
         patch.

     *   optimize: avoided an extra string copy in
         ngx.req.get_method(). thanks spacewander for the patch.

     *   change: replaced "return error()" with "error()" to avoid
         stack unwinding upon Lua exceptions. this should give much
         better Lua backtrace for the errors. thanks spacewander for
         the patch.

     *   bugfix: ngx.re: fixed a split() edge-case when using control
         characters in the regex. thanks Thibault Charbonnier for the
         patch.

     *   feature: shdict:incr(): added the "init_ttl" argument to set
         the ttl of values when they are first created via the "init"
         argument. thanks Thibault Charbonnier for the patch.

     *   feature: re-implemented the remaining time related Lua APIs
         with FFI (like ngx.update_time, ngx.http_time,
         ngx.parse_http_time, and etc.). thanks spacewander for the
         patch.

     *   feature: ngx.errlog: added the raw_log() API function to
         allow the building of custom logging facilities. thanks
         Thibault Charbonnier for the patch.

     *   feature: added new API function "get_master_pid()" to the
         ngx.process module. thanks chronolaw for the patch.

     *   doc: typo fixes from chronolaw.

     *   feature: added new resty.core.phase module to include the
         pure FFI version of the ngx.get_phase() API. thanks Robert
         Paprocki for the patch.

     *   feature: added new ngx.base64 Lua module with the functions
         encode_base64url() and decode_base64url(). thanks Datong Sn
         for the patch.

     *   bugfix: resty.core.var: ngx.var.VAR assignment might
         over-read the error msg buffer. thanks Ka-Hing Cheung for
         the patch.

     *   optimize: use plain text string.find calls when we mean it.

     *   feature: ngx.ssl: added new raw_client_addr() Lua API
         function. thanks 王军伟 for the patch.

 *   upgraded lua-cjson to 2.1.0.6.

     *   optimize: improved forward-compatibility with older versions
         of Lua/LuaJIT. thanks Thibault Charbonnier for the patch.

     *   bugfix: fixed the C compiler warning "SO C90 forbids mixed
         declarations and code" on older operating systems.

     *   feature: set "cjson.array_mt" on decoded JSON arrays. this
         can be turned on via
         "cjson.decode_array_with_array_mt(true)". off by default for
         backward compatibility. thanks Thibault Charbonnier for the
         patch.

     *   feature: added new cjson.array_mt metatable to allow
         enforcing JSON array encoding. thanks Thibault Charbonnier
         for the patch.

     *   bugfix: fixed a -Wsign-compare compiler warning. thanks
         gnought for the patch.

 *   upgraded lua-resty-lrucache to 0.08.

     *   feature: added new method flush_all() to flush all the data
         in an existing cache object. thanks yang.yang for the patch.

 *   upgraded lua-resty-dns to 0.21.

     *   refactor: cleaned up some variable names and locals. thanks
         Thijs Schreijer for the patch.

     *   bugfix: fixed issues with retrans not being honoured upon
         connection failures. thanks Thijs Schreijer for the patch.

     *   feature: improved error reporting, making it more precise,
         and returning errors of previous tries. thanks Thijs
         Schreijer for the patch.

     *   bugfix: fix parsing state after SOA record. Correct parsing
         of Additional Records failed due to a bad parsing state
         after processing a SOA record in the Authorative nameservers
         section. DNS response based on "dig @ns1.google.com SOA
         google.com". thanks Peter Wu for the patch.

     *   bugfix: fix typo in SOA record field "minimum". Rename
         "mininum" to "minimum", fixes issue in original feature
         added with lua-resty-dns v0.19rc1.

 *   upgraded lua-resty-string to 0.11.

     *   feature: resty.aes: added compaibility with OpenSSL 1.1.0+.
         thanks spacewander for the patch.

 *   upgraded ngx_stream_lua to 0.0.5.

     *   feature: we now have raw request downstream cosocket support
         for scripting UDP servers. thanks Datong Sun for the patch.

     *   feature: added the preread handler postponing feature.
         thanks Datong Sun for the patch.

     *   feature: added new config directive lua_add_variable to
         allow adding changeable. thanks Datong Sun for the patch.

 *   upgraded ngx_set_misc to 0.32.

     *   bugfix: set_quote_pgsql_str: we did not escape the "$"
         character. thanks Yuansheng Wang for the patch.

     *   refactor: made "ngx_http_pg_utf_islegal()" much better.

     *   bugfix: fixed the "-Wimplicit-fallthrough" warinings from
         GCC 7. thanks Andrei Belov for the patch.

 *   upgraded ngx_redis2 to 0.15.

     *   bugfix: "ragel -G2" genreates C code which results in
         "-Werror=implicit-fallthrough" compilation errors at least
         with gcc 7.2. switched to "ragel -T1" instaed.

 *   upgraded ngx_memc to 0.19

     *   bugfix: "ragel -G2" genreates C code which results in
         "-Werror=implicit-fallthrough" compilation errors at least
         with gcc 7.2. switched to "ragel -T1" instaed.

 *   upgraded ngx_encrypted_session to 0.08.

     *   feature: added support for OpenSSL 1.1.0. thanks spacewander
         for the patch.

 *   upgraded ngx_rds_csv to 0.09.

     *   bugfix: fixed the "-Werror=implicit-fallthrough" compilation
         errors at least with gcc 7.2.

 *   upgraded ngx_drizzle to 0.1.11.

     *   bugfix: fixed the "-Werror=implicit-fallthrough" compilation
         errors at least with gcc 7.2.

 *   upgraded ngx_xss to 0.06.

     *   bugfix: "ragel -G2" genreates C code which results in
         "-Werror=implicit-fallthrough" compilation errors at least
         with gcc 7.2. switched to "ragel -T1" instaed.

     *   bugfix: fixed errors and warnings with C compilers without
         variadic macro support.

 *   upgraded LuaJIT to 2.1-20180419:
     https://github.com/openresty/luajit2/tags

     *   feature: implemented new API function "jit.prngstate()" for
         reading or setting the current PRNG state number used in the
         JIT compiler.

     *   feature: implemented the table.clone() builtin Lua API. This
         change only support shallow clone. e.g

         local tab_clone = require "table.clone" local x = {x=12,
         y={5, 6, 7}} local y = tab_clone(x) -- ... use y here ...

         We observed 7% over-all speedup in the edgelang-fan
         compiler's compiling speed whose Lua is generated by the
         fanlang compiler. thanks Shuxin Yang for the patch and
         OpenResty Inc. for sponsoring this work.

     *   imported Mike Pall's latest changes:

         *   DynASM/x86: Add BMI1 and BMI2 instructions.

         *   Fix rechaining of pseudo-resurrected string keys.

         *   Clear stack after "print_jit_status()" in CLI.

         *   Fix GCC 7 "-Wimplicit-fallthrough" warnings.

         *   FFI: Don't assert on "#1LL" (Lua 5.2 compatibility mode
             only).

         *   MIPS64: Fix soft-float +-0.0 vs. +-0.0 comparison.

         *   Fix LuaJIT API docs for "LUAJIT_MODE_*".

         *   Fix ARMv8 (32 bit subset) detection.

         *   Fix "string.format("%c", 0)".

         *   Fix "IR_BUFPUT" assembly.

         *   MIPS64: Fix "xpcall()" error case.

         *   ARM64: Fix "xpcall()" error case.

         *   Fix saved bytecode encapsulated in ELF objects.

         *   MIPS64: Fix register allocation in assembly of HREF.

         *   ARM64: Fix assembly of HREFK.

         *   Fix FOLD rule for strength reduction of widening.

The HTML version of the change log with lots of helpful hyper-links
can be browsed here:

    https://openresty.org/en/changelog-1013006.html

OpenResty is a full-fledged web platform
by bundling the standard Nginx core, LuaJIT, lots of
3rd-party Nginx modules and Lua libraries, as well as most of their external
dependencies. See OpenResty's homepage for details:

    https://openresty.org/

We have run extensive testing on our Amazon EC2 test cluster and
ensured that all the components (including the Nginx core) play well
together. The latest test report can always be found here:

    https://qa.openresty.org/

We also always run our OpenResty Edge commercial software based on the
latest open source version of OpenResty in our own global CDN network
(dubbed "mini CDN") powering our openresty.org and openresty.com
websites. See https://openresty.com/ for more details.

Enjoy!

Best regards,
Yichun


More information about the nginx mailing list