nginx Changelog

New in version 1.8.0

April 22nd, 2015
  • Includes many new features from the 1.7.x mainline branch - including hash load balancing method, backend SSL certificate verification, experimental thread pools support, proxy_request_buffering and more.

New in version 1.6.3 (April 8th, 2015)

  • Feature: now the "tcp_nodelay" directive works with SPDY connections.
  • Bugfix: in error handling. Thanks to Yichun Zhang and Daniil Bondarev.
  • Bugfix: alerts "header already sent" appeared in logs if the "post_action" directive was used; the bug had appeared in 1.5.4.
  • Bugfix: alerts "sem_post() failed" might appear in logs.
  • Bugfix: in hash table handling. Thanks to Chris West.
  • Bugfix: in integer overflow handling. Thanks to Régis Leroy.

New in version 1.7.8 (December 2nd, 2014)

  • Change: now the "If-Modified-Since", "If-Range", etc. client request header lines are passed to a backend while caching if nginx knows in advance that the response will not be cached (e.g., when using proxy_cache_min_uses).
  • Change: now after proxy_cache_lock_timeout nginx sends a request to a backend with caching disabled; the new directives "proxy_cache_lock_age", "fastcgi_cache_lock_age", "scgi_cache_lock_age", and "uwsgi_cache_lock_age" specify a time after which the lock will be released and another attempt to cache a response will be made.
  • Change: the "log_format" directive can now be used only at http level.
  • Feature: the "proxy_ssl_certificate", "proxy_ssl_certificate_key", "proxy_ssl_password_file", "uwsgi_ssl_certificate", "uwsgi_ssl_certificate_key", and "uwsgi_ssl_password_file" directives. Thanks to Piotr Sikora.
  • Feature: it is now possible to switch to a named location using "X-Accel-Redirect". Thanks to Toshikuni Fukaya.
  • Feature: now the "tcp_nodelay" directive works with SPDY connections.
  • Feature: new directives in vim syntax highliting scripts. Thanks to Peter Wu.
  • Bugfix: nginx ignored the "s-maxage" value in the "Cache-Control" backend response header line. Thanks to Piotr Sikora.
  • Bugfix: in the ngx_http_spdy_module. Thanks to Piotr Sikora.
  • Bugfix: in the "ssl_password_file" directive when using OpenSSL 0.9.8zc, 1.0.0o, 1.0.1j.
  • Bugfix: alerts "header already sent" appeared in logs if the "post_action" directive was used; the bug had appeared in 1.5.4.
  • Bugfix: alerts "the http output chain is empty" might appear in logs if the "postpone_output 0" directive was used with SSI includes.
  • Bugfix: in the "proxy_cache_lock" directive with SSI subrequests. Thanks to Yichun Zhang.

New in version 1.6.2 (September 16th, 2014)

  • Security: it was possible to reuse SSL sessions in unrelated contexts if a shared SSL session cache or the same TLS session ticket key was used for multiple "server" blocks (CVE-2014-3616). Thanks to Antoine Delignat-Lavaud.
  • Bugfix: requests might hang if resolver was used and a DNS server returned a malformed response; the bug had appeared in 1.5.8.
  • Bugfix: requests might hang if resolver was used and a timeout occurred during a DNS request.

New in version 1.6.1 (August 5th, 2014)

  • Security: pipelined commands were not discarded after STARTTLS command in SMTP proxy (CVE-2014-3556); the bug had appeared in 1.5.6. Thanks to Chris Boulton.
  • Bugfix: the $uri variable might contain garbage when returning errors with code 400. Thanks to Sergey Bobrov.
  • Bugfix: in the "none" parameter in the "smtp_auth" directive; the bug had appeared in 1.5.6. Thanks to Svyatoslav Nikolsky.

New in version 1.6.0 (April 24th, 2014)

  • This stable version incorporates many new features from the 1.5.x mainline branch - including various SSL improvements, SPDY 3.1 support, cache revalidation with conditional requests, auth request module and more.

New in version 1.4.7 (March 19th, 2014)

  • Security: a heap memory buffer overflow might occur in a worker process while handling a specially crafted request by ngx_http_spdy_module, potentially resulting in arbitrary code execution (CVE-2014-0133). Thanks to Lucas Molas, researcher at Programa STIC, Fundación Dr. Manuel Sadosky, Buenos Aires, Argentina.
  • Bugfix: in the "fastcgi_next_upstream" directive. Thanks to Lucas Molas.

New in version 1.4.6 (March 6th, 2014)

  • Bugfix: the "client_max_body_size" directive might not work when reading a request body using chunked transfer encoding; the bug had appeared in 1.3.9. Thanks to Lucas Molas.
  • Bugfix: a segmentation fault might occur in a worker process when proxying WebSocket connections.

New in version 1.4.5 (February 12th, 2014)

  • Bugfix: the $ssl_session_id variable contained full session serialized instead of just a session id. Thanks to Ivan Ristić.
  • Bugfix: client connections might be immediately closed if deferred accept was used; the bug had appeared in 1.3.15.
  • Bugfix: alerts "zero size buf in output" might appear in logs while proxying; the bug had appeared in 1.3.9.
  • Bugfix: a segmentation fault might occur in a worker process if the ngx_http_spdy_module was used.
  • Bugfix: proxied WebSocket connections might hang right after handshake if the select, poll, or /dev/poll methods were used.
  • Bugfix: a timeout might occur while reading client request body in an SSL connection using chunked transfer encoding.
  • Bugfix: memory leak in nginx/Windows.

New in version 1.4.4 (November 20th, 2013)

  • This release introduces a fix for the request line parsing vulnerability in nginx 0.8.41 - 1.5.6 discovered by Ivan Fratric of the Google Security Team (CVE-2013-4547).

New in version 1.5.0 (May 8th, 2013)

  • Security: a stack-based buffer overflow might occur in a worker process while handling a specially crafted request, potentially resulting in arbitrary code execution (CVE-2013-2028); the bug had appeared in 1.3.9. Thanks to Greg MacManus, iSIGHT Partners Labs.

New in version 1.3.15 (April 2nd, 2013)

  • Change: opening and closing a connection without sending any data in it is no longer logged to access_log with 400 error code.
  • Feature: the ngx_http_spdy_module. Thanks to Automattic for sponsoring this work.
  • Feature: the "limit_req_status" and "limit_conn_status" directives. Thanks to Nick Marden.
  • Feature: the "image_filter_interlace" directive. Thanks to Ian Babrou.
  • Feature: $connections_waiting variable in the ngx_http_stub_status_module.
  • Feature: the mail proxy module now supports IPv6 backends.
  • Bugfix: request body might be transmitted incorrectly when retrying a request to a next upstream server; the bug had appeared in 1.3.9. Thanks to Piotr Sikora.
  • Bugfix: in the "client_body_in_file_only" directive; the bug had appeared in 1.3.9.
  • Bugfix: responses might hang if subrequests were used and a DNS error happened during subrequest processing. Thanks to Lanshun Zhou.
  • Bugfix: in backend usage accounting.

New in version 1.2.8 (April 2nd, 2013)

  • Bugfix: new sessions were not always stored if the "ssl_session_cache shared" directive was used and there was no free space in shared memory. Thanks to Piotr Sikora.
  • Bugfix: responses might hang if subrequests were used and a DNS error happened during subrequest processing. Thanks to Lanshun Zhou.
  • Bugfix: in the ngx_http_mp4_module. Thanks to Gernot Vormayr.
  • Bugfix: in backend usage accounting.

New in version 1.2.7 (February 12th, 2013)

  • Change: now if the "include" directive with mask is used on Unix systems, included files are sorted in alphabetical order.
  • Change: the "add_header" directive adds headers to 201 responses.
  • Feature: the "geo" directive now supports IPv6 addresses in CIDR notation.
  • Feature: the "flush" and "gzip" parameters of the "access_log" directive.
  • Feature: variables support in the "auth_basic" directive.
  • Feature: the $pipe, $request_length, $time_iso8601, and $time_local variables can now be used not only in the "log_format" directive. Thanks to Kiril Kalchev.
  • Feature: IPv6 support in the ngx_http_geoip_module. Thanks to Gregor Kališnik.
  • Bugfix: nginx could not be built with the ngx_http_perl_module in some cases.
  • Bugfix: a segmentation fault might occur in a worker process if the ngx_http_xslt_module was used.
  • Bugfix: nginx could not be built on MacOSX in some cases. Thanks to Piotr Sikora.
  • Bugfix: the "limit_rate" directive with high rates might result in truncated responses on 32-bit platforms. Thanks to Alexey Antropov.
  • Bugfix: a segmentation fault might occur in a worker process if the "if" directive was used. Thanks to Piotr Sikora.
  • Bugfix: a "100 Continue" response was issued with "413 Request Entity Too Large" responses.
  • Bugfix: the "image_filter", "image_filter_jpeg_quality" and "image_filter_sharpen" directives might be inherited incorrectly. Thanks to Ian Babrou.
  • Bugfix: "crypt_r() failed" errors might appear if the "auth_basic" directive was used on Linux.
  • Bugfix: in backup servers handling. Thanks to Thomas Chen.
  • Bugfix: proxied HEAD requests might return incorrect response if the "gzip" directive was used.
  • Bugfix: a segmentation fault occurred on start or during reconfiguration if the "keepalive" directive was specified more than once in a single upstream block.
  • Bugfix: in the "proxy_method" directive.
  • Bugfix: a segmentation fault might occur in a worker process if resolver was used with the poll method.
  • Bugfix: nginx might hog CPU during SSL handshake with a backend if the select, poll, or /dev/poll methods were used.
  • Bugfix: the "[crit] SSL_write() failed (SSL:)" error.
  • Bugfix: in the "fastcgi_keep_conn" directive.

New in version 1.3.7 (October 8th, 2012)

  • Feature: OCSP stapling support. Thanks to Comodo, DigiCert and GlobalSign for sponsoring this work.
  • Feature: the "ssl_trusted_certificate" directive.
  • Feature: resolver now randomly rotates addresses returned from cache. Thanks to Anton Jouline.
  • Bugfix: OpenSSL 0.9.7 compatibility.

New in version 1.0.12 (February 11th, 2012)

  • Feature: the "TLSv1.1" and "TLSv1.2" parameters of the"ssl_protocols" directive.
  • Feature: the "if" SSI command supports captures in regularexpressions.
  • Bugfix: the "if" SSI command did not work inside the
  • "block" command.
  • Bugfix: in AIO error handling on FreeBSD.
  • Bugfix: in the OpenSSL library initialization.
  • Bugfix: the "worker_cpu_affinity" directive might not work.
  • Bugfix: the "limit_conn_log_level" and
  • "limit_req_log_level"directives might not work.
  • Bugfix: the "read_ahead" directive might not work combined with"try_files" and "open_file_cache".
  • Bugfix: the "proxy_cache_use_stale" directive with "error"
  • parameterdid not return answer from cache if there were no live upstreams.
  • Bugfix: a segmentation fault might occur in a worker process if smalltime was used in the "inactive" parameter of the
  • "proxy_cache_path"directive.
  • Bugfix: responses from cache might hang.
  • Bugfix: in error handling while connecting to a backend.Thanks to Piotr Sikora.
  • Bugfix: in the "epoll" event method.Thanks to Yichun Zhang.
  • Bugfix: the $sent_http_cache_control variable might contain a wrongvalue if the "expires" directive was used.Thanks to Yichun Zhang.
  • Bugfix: the "limit_rate" directive did not allow to use fullthroughput, even if limit value was very high.
  • Bugfix: the "sendfile_max_chunk" directive did not work, if the"limit_rate" directive was used.
  • Bugfix: nginx could not be built on Solaris; the bug had appeared in1.0.11.
  • Bugfix: in the ngx_http_scgi_module.
  • Bugfix: in the ngx_http_mp4_module.

New in version 1.0.0 (April 15th, 2011)

  • Bugfix: a cache manager might hog CPU after reload. Thanks to Maxim Dounin.
  • Bugfix: an "image_filter crop" directive worked incorrectly coupled with an "image_filter rotate 180" directive.
  • Bugfix: a "satisfy any" directive disabled custom 401 error page.