From ac at sigsegv.uk Thu Sep 11 22:05:18 2025 From: ac at sigsegv.uk (Andrew Clayton) Date: Thu, 11 Sep 2025 23:05:18 +0100 Subject: Unit 1.35.0 released Message-ID: <20250911230518.1f50eebd@kappa.digital-domain.net> Hi, NGINX Unit community, We are pleased to announce the release of NGINX Unit 1.35.0 Now for sad news. This will be the last release of NGINX Unit for the foreseeable future. There will be *no* packaging done for this release. The project has officially entered "Unsupported" status. So, with that out of the way here's what 1.35.0 brings... This release is comprised of 85 non-merge commits from 12 people of which 7 are external contributors. A shout out to our external contributors ) Andy Postnikov ) Kirill A. Korinsky ) Mark Thomas ) Remi Collet ) Tal Kedar ) Tobias Genannt ) skokalin With a special thanks to Alejandro Colomar for his initial work on HTTP compression support. This release can be found at Unit 1.35.0 includes numerous bug fixes, improved compatibility with languages and language frameworks, GCC 15 support, all the fixes from 1.34.1 and 1.34.2, and last but not least, HTTP compression support. HTTP compression support ======================== We are pleased to release the initial implementation of HTTP compression support, an oft-asked for feature. It supports any or all of zlib (deflate, gzip), zstd and brotli. It will compress both static and application (with some restrictions) responses. If building from source, support can be enabled by specifying any or all of --zlib --zstd --brotli to ./configure This requires the development libraries for zlib, zstd and brotli, it also requires pkgconf(1). zlib can use either the traditional zlib library or the new zlib-ng-compat library. This can then be configured via the standard Unit configuration. There is a new '/settings/http/compression' object that is used to describe the compression configuration. E.g. "compression": { "types": [ "text/*" ], "compressors": [ { "encoding": "gzip", "level": 3, "min_length": 4096 }, { "encoding": "deflate", "min_length": 0 }, { "encoding": "zstd", }, { "encoding": "br", "min_length": 1024 } ] } The first item 'types' is an array of MIME types that are considered for compression. These are MIME types as recognised by Unit, you may need to add your own via the '/settings/http/static/mime_types' object. Then we have 'compressors' this is an array of objects describing the compression methods to enable, if you specify a compression method here that hasn't been built into Unit, you will get a configuration error. Each compression object has a *required* 'encoding' member that defines the compression method to enable. An optional 'level' member with defines the compression level to use, this value is specific to each compressor, if it's not specified then the default for that compression method will be used. An optional 'min_length' member that specifies the minimum amount of data to be considered for compression. If set to 0 or not specified then there is no minimum amount before compression may happen. Compression will happen for both static and application responses. For application responses, compressed responses will be sent chunked. Also with application responses we will only consider compressing output where we know the content length. Improved compatibility ====================== Unit 1.35.0 introduces support for PHP 8.5, Ruby 3.4 and Django 5.x Websockets with the Python Litestar framework has been fixed. Also a long standing issue related to Firefox and websockets has also been fixed. njs === This version of Unit requires njs >= 0.9.0 Changes ======= We now flow the correct server listen socket port number through to applications via SERVER_PORT rather than hard coding it to 80. Thus the SERVER_PORT variable will now contain the port number that the connection was accept(2)ed on. Developers ========== GCC 15 introduced a new warning, Wunterminated-string-initialization to catch things like static const char str[11] = "Hello World"; which will now produce a warning with -Wunterminated-string-initialization or -Wextra However there are often times when you want non-NUL terminated string literals. E.g. static const char hex[16] = "0123456789ABCDEF"; which is used as a lookup table and will only ever be accessed via individual indices 0-15. To accommodate such things we introduce a new macro NXT_NONSTRING which is an alias for __attribute__((__nonstring__)) which will quell the warning, e.g. static const char hex[16] NXT_NONSTRING = "0123456789ABCDEF"; ======================================================================== Changes with Unit 1.35.0 03 Sep 2025 *) Security: fix missing websocket payload length validation in the Java language module which could lead to Java language module processes consuming excess CPU. (CVE-2025-1695). *) Change: if building with njs, version 0.9.0 or later is now required. *) Feature: HTTP compression. *) Feature: PHP 8.5 compatibility. *) Feature: Ruby 3.4 compatibility. *) Feature: Django 5.x compatibility. *) Feature: Python Litestar WebSockets compatibility. *) Feature: GCC 15 compatibility. *) Bugfix: set SERVER_PORT to the actual value. *) Bugfix: fix issue in node.js with duplicate headers in response. *) Bugfix: fix WebSockets with Firefox. *) Bugfix: fix incorrect websocket payload length calculation in the Java language module. *) Bugfix: fix instability issues due to OpenTelemetry (OTEL) support. *) Bugfix: fix issues with building OpenTelemetry (OTEL) support on various platforms, including macOS. ------------------------------------------------------------------------ Changes since 1.34.0 are as follows: Andrew Clayton (60): Version bump auto/otel: Make use of nxt_feature_name auto/make: s/NXT_OTEL_LIB_LOC/NXT_OTEL_LIB_STATIC/ auto/make: Fix various issues with building OTEL Update copyright notice ruby: Fix build failures with Ruby 3.4 Fix build with GCC 15 python: Fix Litestar WebSockets compatibility http: Fix WebSockets with Firefox ci: Update to actions/upload-artifact at v4 in cifuzz.yml python: Add Django 5.x compatibility auto/clang: Add a NXT_NONSTRING macro Tag various character arrays with NXT_NONSTRING auto/cc: gcc: Don't disable -Wunterminated-string-initialization tests: Fix TLS tests with Python 3.13 rust: Update rust crates pkg/contrib: Bump wasmtime to 31.0.0 Fully initialise nxt_port_msg_t msg structures Fully initialise the oob struct in nxt_socket_msg_oob_init() http: Add a mime_type member to nxt_http_response_t http: Add NXT_HTTP_NOT_ACCEPTABLE enum value http: Add core http compression code http: Add zlib compression support http: Add support for zstd compression http: Add support for brotli compression http: Wire up HTTP compression to the build system http: Wire up HTTP compression support to the config system http: compress: Add a couple of helper functions http: Compress static responses http: Compress application responses Add SUPPORT.md auto/modules/wasm: Remove an unneeded compiler option auto/compression: Error out if requested library not found ci: Build Unit with --zlib --zstd --brotli njs: Update for version 0.9.0 API changes ci: clang-ast: Update to openjdk-21-jdk Use NULL instead of 0 as null pointer constant Set SERVER_PORT appropriately otel: Update crates tools/unitctl: Update crates wasm-wc: Update crates wasm-wc: Update to wasmtime 35.0.0 docs: Update unit-openapi.yaml for HTTP compression http: compression: Set the temporary file name in n_h_c_c_s_r() http: compression: Add a missed nxt_http_comp_compress() return check Don't leak file descriptor in nxt_main_port_access_log_handler() java: Update classgraph to the latest version http: compression: Don't set buf->parent http: compression: brotli: Don't leak memory on error Fix formatting of README.md and SUPPORT.md .mailmap: Add entry for Dave McAllister pkg/contrib: Update to njs 0.9.1 pkg/contrib: Bump wasmtime to 35.0.0 tools/unitctl: Update for version 1.35.0 docs/unit-openapi.yaml: Update version for 1.35.0 pkg/docker: Update rust to 1.89.0 pkg/docker: Enable zlib. zstd and brotli compression pkg/docker: Update dockerfiles for 1.35.0 docs/changes.xml: Add 1.35.0 changelog entries Add 1.35.0 CHANGES Andy Postnikov (2): Treat a “broken pipe” on SSL_shutdown() as a normal close php: Fix building with 8.5 Ava Hahn (2): otel: fix segfaults when otel not configured otel: remove deadcode Dave McAllister (2): Chnages to README and SUPPORT to reflect project change Merge branch 'master' of https://github.com/nginx/unit Kirill A. Korinsky (1): tests: Fixed alt_names in test_tls_sni_same_alt Konstantin Pavlov (3): auto/make, otel: fix linking on macOS and Ubuntu auto/otel: don't look for OpenSSL on Darwin Docker: specify real names and handles of Maintainers Mark Thomas (2): java: websocket: Fix calculation of payload length for > 32bit values java: websocket: Additional payload length validation Remi Collet (2): auto/make: Add missing NXT_OTEL_LIB_STATIC to some C tests Packaging: Ensure sbindir is properly set on newer Fedora (42+) Sergey A. Osokin (1): java: update third-party components to their recent versions Tal Kedar (1): http: add `.mjs` extension to default mime types Tobias Genannt (1): tools/unitctl: Fixed waiting for control socket dependabot[bot] (7): otel, tools/unitctl: bump the openssl crate from 0.10.68 to 0.10.70 ci: unitctl: Bump actions/download-artifact from 4 to 5 ci: Bump actions/checkout from 4 to 5 tools/unitctl: Bump the slab crate from 0.4.10 to 0.4.11 rust, wasm-wc, otel: Bump the slab crate from 0.4.10 to 0.4.11 ci: Bump actions/setup-java from 4 to 5 otel: Bump the tracing-subscriber crate from 0.3.19 to 0.3.20 skokalin (2): node.js: Fixed issue with duplicate headers in response tests: nodejs: Added test for responses with duplicate headers From l.crilly at f5.com Thu Sep 11 22:08:56 2025 From: l.crilly at f5.com (Liam Crilly) Date: Thu, 11 Sep 2025 22:08:56 +0000 Subject: Unit 1.35.0 released In-Reply-To: <20250911230518.1f50eebd@kappa.digital-domain.net> References: <20250911230518.1f50eebd@kappa.digital-domain.net> Message-ID: [heart] Liam Crilly reacted to your message: ________________________________ From: unit on behalf of Andrew Clayton Sent: Thursday, September 11, 2025 10:05:18 PM To: NGINX Unit Mailing List Cc: Andrew Clayton Subject: Unit 1.35.0 released CAUTION: This email has been sent from an external source. Do not click links, open attachments, or provide sensitive business information unless you can verify the sender’s legitimacy. Hi, NGINX Unit community, We are pleased to announce the release of NGINX Unit 1.35.0 Now for sad news. This will be the last release of NGINX Unit for the foreseeable future. There will be *no* packaging done for this release. The project has officially entered "Unsupported" status. )> So, with that out of the way here's what 1.35.0 brings... This release is comprised of 85 non-merge commits from 12 people of which 7 are external contributors. A shout out to our external contributors ) Andy Postnikov ) Kirill A. Korinsky ) Mark Thomas ) Remi Collet ) Tal Kedar ) Tobias Genannt ) skokalin With a special thanks to Alejandro Colomar for his initial work on HTTP compression support. This release can be found at > Unit 1.35.0 includes numerous bug fixes, improved compatibility with languages and language frameworks, GCC 15 support, all the fixes from 1.34.1 and 1.34.2, and last but not least, HTTP compression support. HTTP compression support ======================== We are pleased to release the initial implementation of HTTP compression support, an oft-asked for feature. It supports any or all of zlib (deflate, gzip), zstd and brotli. It will compress both static and application (with some restrictions) responses. If building from source, support can be enabled by specifying any or all of --zlib --zstd --brotli to ./configure This requires the development libraries for zlib, zstd and brotli, it also requires pkgconf(1). zlib can use either the traditional zlib library or the new zlib-ng-compat library. This can then be configured via the standard Unit configuration. There is a new '/settings/http/compression' object that is used to describe the compression configuration. E.g. "compression": { "types": [ "text/*" ], "compressors": [ { "encoding": "gzip", "level": 3, "min_length": 4096 }, { "encoding": "deflate", "min_length": 0 }, { "encoding": "zstd", }, { "encoding": "br", "min_length": 1024 } ] } The first item 'types' is an array of MIME types that are considered for compression. These are MIME types as recognised by Unit, you may need to add your own via the '/settings/http/static/mime_types' object. Then we have 'compressors' this is an array of objects describing the compression methods to enable, if you specify a compression method here that hasn't been built into Unit, you will get a configuration error. Each compression object has a *required* 'encoding' member that defines the compression method to enable. An optional 'level' member with defines the compression level to use, this value is specific to each compressor, if it's not specified then the default for that compression method will be used. An optional 'min_length' member that specifies the minimum amount of data to be considered for compression. If set to 0 or not specified then there is no minimum amount before compression may happen. Compression will happen for both static and application responses. For application responses, compressed responses will be sent chunked. Also with application responses we will only consider compressing output where we know the content length. Improved compatibility ====================== Unit 1.35.0 introduces support for PHP 8.5, Ruby 3.4 and Django 5.x Websockets with the Python Litestar framework has been fixed. Also a long standing issue related to Firefox and websockets has also been fixed. njs === This version of Unit requires njs >= 0.9.0 Changes ======= We now flow the correct server listen socket port number through to applications via SERVER_PORT rather than hard coding it to 80. Thus the SERVER_PORT variable will now contain the port number that the connection was accept(2)ed on. Developers ========== GCC 15 introduced a new warning, Wunterminated-string-initialization to catch things like static const char str[11] = "Hello World"; which will now produce a warning with -Wunterminated-string-initialization or -Wextra However there are often times when you want non-NUL terminated string literals. E.g. static const char hex[16] = "0123456789ABCDEF"; which is used as a lookup table and will only ever be accessed via individual indices 0-15. To accommodate such things we introduce a new macro NXT_NONSTRING which is an alias for __attribute__((__nonstring__)) which will quell the warning, e.g. static const char hex[16] NXT_NONSTRING = "0123456789ABCDEF"; ======================================================================== Changes with Unit 1.35.0 03 Sep 2025 *) Security: fix missing websocket payload length validation in the Java language module which could lead to Java language module processes consuming excess CPU. (CVE-2025-1695). *) Change: if building with njs, version 0.9.0 or later is now required. *) Feature: HTTP compression. *) Feature: PHP 8.5 compatibility. *) Feature: Ruby 3.4 compatibility. *) Feature: Django 5.x compatibility. *) Feature: Python Litestar WebSockets compatibility. *) Feature: GCC 15 compatibility. *) Bugfix: set SERVER_PORT to the actual value. *) Bugfix: fix issue in node.js with duplicate headers in response. *) Bugfix: fix WebSockets with Firefox. *) Bugfix: fix incorrect websocket payload length calculation in the Java language module. *) Bugfix: fix instability issues due to OpenTelemetry (OTEL) support. *) Bugfix: fix issues with building OpenTelemetry (OTEL) support on various platforms, including macOS. ------------------------------------------------------------------------ Changes since 1.34.0 are as follows: Andrew Clayton (60): Version bump auto/otel: Make use of nxt_feature_name auto/make: s/NXT_OTEL_LIB_LOC/NXT_OTEL_LIB_STATIC/ auto/make: Fix various issues with building OTEL Update copyright notice ruby: Fix build failures with Ruby 3.4 Fix build with GCC 15 python: Fix Litestar WebSockets compatibility http: Fix WebSockets with Firefox ci: Update to actions/upload-artifact at v4 in cifuzz.yml python: Add Django 5.x compatibility auto/clang: Add a NXT_NONSTRING macro Tag various character arrays with NXT_NONSTRING auto/cc: gcc: Don't disable -Wunterminated-string-initialization tests: Fix TLS tests with Python 3.13 rust: Update rust crates pkg/contrib: Bump wasmtime to 31.0.0 Fully initialise nxt_port_msg_t msg structures Fully initialise the oob struct in nxt_socket_msg_oob_init() http: Add a mime_type member to nxt_http_response_t http: Add NXT_HTTP_NOT_ACCEPTABLE enum value http: Add core http compression code http: Add zlib compression support http: Add support for zstd compression http: Add support for brotli compression http: Wire up HTTP compression to the build system http: Wire up HTTP compression support to the config system http: compress: Add a couple of helper functions http: Compress static responses http: Compress application responses Add SUPPORT.md auto/modules/wasm: Remove an unneeded compiler option auto/compression: Error out if requested library not found ci: Build Unit with --zlib --zstd --brotli njs: Update for version 0.9.0 API changes ci: clang-ast: Update to openjdk-21-jdk Use NULL instead of 0 as null pointer constant Set SERVER_PORT appropriately otel: Update crates tools/unitctl: Update crates wasm-wc: Update crates wasm-wc: Update to wasmtime 35.0.0 docs: Update unit-openapi.yaml for HTTP compression http: compression: Set the temporary file name in n_h_c_c_s_r() http: compression: Add a missed nxt_http_comp_compress() return check Don't leak file descriptor in nxt_main_port_access_log_handler() java: Update classgraph to the latest version http: compression: Don't set buf->parent http: compression: brotli: Don't leak memory on error Fix formatting of README.md and SUPPORT.md .mailmap: Add entry for Dave McAllister pkg/contrib: Update to njs 0.9.1 pkg/contrib: Bump wasmtime to 35.0.0 tools/unitctl: Update for version 1.35.0 docs/unit-openapi.yaml: Update version for 1.35.0 pkg/docker: Update rust to 1.89.0 pkg/docker: Enable zlib. zstd and brotli compression pkg/docker: Update dockerfiles for 1.35.0 docs/changes.xml: Add 1.35.0 changelog entries Add 1.35.0 CHANGES Andy Postnikov (2): Treat a “broken pipe” on SSL_shutdown() as a normal close php: Fix building with 8.5 Ava Hahn (2): otel: fix segfaults when otel not configured otel: remove deadcode Dave McAllister (2): Chnages to README and SUPPORT to reflect project change Merge branch 'master' of https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnginx%2Funit&data=05%7C02%7Cl.crilly%40f5.com%7Ca0c756c936c646b10ab808ddf17f5757%7Cdd3dfd2f6a3b40d19be0bf8327d81c50%7C0%7C0%7C638932252681123027%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C40000%7C%7C%7C&sdata=j3zQ5bFbDsK9Tnr%2BBAdwY2NlKCWIUWkSJwOlEVNjWjI%3D&reserved=0 Kirill A. Korinsky (1): tests: Fixed alt_names in test_tls_sni_same_alt Konstantin Pavlov (3): auto/make, otel: fix linking on macOS and Ubuntu auto/otel: don't look for OpenSSL on Darwin Docker: specify real names and handles of Maintainers Mark Thomas (2): java: websocket: Fix calculation of payload length for > 32bit values java: websocket: Additional payload length validation Remi Collet (2): auto/make: Add missing NXT_OTEL_LIB_STATIC to some C tests Packaging: Ensure sbindir is properly set on newer Fedora (42+) Sergey A. Osokin (1): java: update third-party components to their recent versions Tal Kedar (1): http: add `.mjs` extension to default mime types Tobias Genannt (1): tools/unitctl: Fixed waiting for control socket dependabot[bot] (7): otel, tools/unitctl: bump the openssl crate from 0.10.68 to 0.10.70 ci: unitctl: Bump actions/download-artifact from 4 to 5 ci: Bump actions/checkout from 4 to 5 tools/unitctl: Bump the slab crate from 0.4.10 to 0.4.11 rust, wasm-wc, otel: Bump the slab crate from 0.4.10 to 0.4.11 ci: Bump actions/setup-java from 4 to 5 otel: Bump the tracing-subscriber crate from 0.3.19 to 0.3.20 skokalin (2): node.js: Fixed issue with duplicate headers in response tests: nodejs: Added test for responses with duplicate headers _______________________________________________ unit mailing list unit at nginx.org https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmailman.nginx.org%2Fmailman%2Flistinfo%2Funit&data=05%7C02%7Cl.crilly%40f5.com%7Ca0c756c936c646b10ab808ddf17f5757%7Cdd3dfd2f6a3b40d19be0bf8327d81c50%7C0%7C0%7C638932252681144155%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C40000%7C%7C%7C&sdata=VoKDOY8vbMJA36UAdWOjcryS%2B3CAV%2BBan4OVQxcqRW4%3D&reserved=0 -------------- next part -------------- An HTML attachment was scrubbed... URL: