Changes with nginx 1.4.7 18 Mar 2014 *) Security: a heap memory buffer overflow might occur in a worker process while handling a specially crafted request by ngx_http_spdy_module, potentially resulting in arbitrary code execution (CVE-2014-0133). Thanks to Lucas Molas, researcher at Programa STIC, Fundación Dr. Manuel Sadosky, Buenos Aires, Argentina. *) Bugfix: in the "fastcgi_next_upstream" directive. Thanks to Lucas Molas. Changes with nginx 1.4.6 04 Mar 2014 *) Bugfix: the "client_max_body_size" directive might not work when reading a request body using chunked transfer encoding; the bug had appeared in 1.3.9. Thanks to Lucas Molas. *) Bugfix: a segmentation fault might occur in a worker process when proxying WebSocket connections. Changes with nginx 1.4.5 11 Feb 2014 *) Bugfix: the $ssl_session_id variable contained full session serialized instead of just a session id. Thanks to Ivan Ristić. *) Bugfix: client connections might be immediately closed if deferred accept was used; the bug had appeared in 1.3.15. *) Bugfix: alerts "zero size buf in output" might appear in logs while proxying; the bug had appeared in 1.3.9. *) Bugfix: a segmentation fault might occur in a worker process if the ngx_http_spdy_module was used. *) Bugfix: proxied WebSocket connections might hang right after handshake if the select, poll, or /dev/poll methods were used. *) Bugfix: a timeout might occur while reading client request body in an SSL connection using chunked transfer encoding. *) Bugfix: memory leak in nginx/Windows. Changes with nginx 1.4.4 19 Nov 2013 *) Security: a character following an unescaped space in a request line was handled incorrectly (CVE-2013-4547); the bug had appeared in 0.8.41. Thanks to Ivan Fratric of the Google Security Team. Changes with nginx 1.4.3 08 Oct 2013 *) Bugfix: a segmentation fault might occur in a worker process if the ngx_http_spdy_module was used with the "client_body_in_file_only" directive. *) Bugfix: a segmentation fault might occur on start or during reconfiguration if the "try_files" directive was used with an empty parameter. *) Bugfix: the $request_time variable did not work in nginx/Windows. *) Bugfix: in the ngx_http_auth_basic_module when using "$apr1$" password encryption method. Thanks to Markus Linnala. *) Bugfix: in the ngx_http_autoindex_module. *) Bugfix: in the mail proxy server. Changes with nginx 1.4.2 17 Jul 2013 *) Bugfix: the $r->header_in() embedded perl method did not return value of the "Cookie" and "X-Forwarded-For" request header lines; the bug had appeared in 1.3.14. *) Bugfix: nginx could not be built with the ngx_mail_ssl_module, but without ngx_http_ssl_module; the bug had appeared in 1.3.14. *) Bugfix: in the "proxy_set_body" directive. Thanks to Lanshun Zhou. *) Bugfix: the "fail_timeout" parameter of the "server" directive in the "upstream" context might not work if "max_fails" parameter was used; the bug had appeared in 1.3.0. *) Bugfix: a segmentation fault might occur in a worker process if the "ssl_stapling" directive was used. Thanks to Piotr Sikora. *) Bugfix: nginx/Windows might stop accepting connections if several worker processes were used. Changes with nginx 1.4.1 07 May 2013 *) Security: a stack-based buffer overflow might occur in a worker process while handling a specially crafted request, potentially resulting in arbitrary code execution (CVE-2013-2028); the bug had appeared in 1.3.9. Thanks to Greg MacManus, iSIGHT Partners Labs. Changes with nginx 1.4.0 24 Apr 2013 *) Bugfix: nginx could not be built with the ngx_http_perl_module if the --with-openssl option was used; the bug had appeared in 1.3.16. *) Bugfix: in a request body handling in the ngx_http_perl_module; the bug had appeared in 1.3.9. Changes with nginx 1.3.16 16 Apr 2013 *) Bugfix: a segmentation fault might occur in a worker process if subrequests were used; the bug had appeared in 1.3.9. *) Bugfix: the "tcp_nodelay" directive caused an error if a WebSocket connection was proxied into a unix domain socket. *) Bugfix: the $upstream_response_length variable has an incorrect value "0" if buffering was not used. Thanks to Piotr Sikora. *) Bugfix: in the eventport and /dev/poll methods. Changes with nginx 1.3.15 26 Mar 2013 *) Change: opening and closing a connection without sending any data in it is no longer logged to access_log with error code 400. *) Feature: the ngx_http_spdy_module. Thanks to Automattic for sponsoring this work. *) Feature: the "limit_req_status" and "limit_conn_status" directives. Thanks to Nick Marden. *) Feature: the "image_filter_interlace" directive. Thanks to Ian Babrou. *) Feature: $connections_waiting variable in the ngx_http_stub_status_module. *) Feature: the mail proxy module now supports IPv6 backends. *) Bugfix: request body might be transmitted incorrectly when retrying a request to the next upstream server; the bug had appeared in 1.3.9. Thanks to Piotr Sikora. *) Bugfix: in the "client_body_in_file_only" directive; the bug had appeared in 1.3.9. *) Bugfix: responses might hang if subrequests were used and a DNS error happened during subrequest processing. Thanks to Lanshun Zhou. *) Bugfix: in backend usage accounting. Changes with nginx 1.3.14 05 Mar 2013 *) Feature: $connections_active, $connections_reading, and $connections_writing variables in the ngx_http_stub_status_module. *) Feature: support of WebSocket connections in the ngx_http_uwsgi_module and ngx_http_scgi_module. *) Bugfix: in virtual servers handling with SNI. *) Bugfix: new sessions were not always stored if the "ssl_session_cache shared" directive was used and there was no free space in shared memory. Thanks to Piotr Sikora. *) Bugfix: multiple X-Forwarded-For headers were handled incorrectly. Thanks to Neal Poole for sponsoring this work. *) Bugfix: in the ngx_http_mp4_module. Thanks to Gernot Vormayr. Changes with nginx 1.3.13 19 Feb 2013 *) Change: a compiler with name "cc" is now used by default. *) Feature: support for proxying of WebSocket connections. Thanks to Apcera and CloudBees for sponsoring this work. *) Feature: the "auth_basic_user_file" directive supports "{SHA}" password encryption method. Thanks to Louis Opter. Changes with nginx 1.3.12 05 Feb 2013 *) Feature: variables support in the "proxy_bind", "fastcgi_bind", "memcached_bind", "scgi_bind", and "uwsgi_bind" directives. *) Feature: the $pipe, $request_length, $time_iso8601, and $time_local variables can now be used not only in the "log_format" directive. Thanks to Kiril Kalchev. *) Feature: IPv6 support in the ngx_http_geoip_module. Thanks to Gregor Kališnik. *) Bugfix: in the "proxy_method" directive. *) Bugfix: a segmentation fault might occur in a worker process if resolver was used with the poll method. *) Bugfix: nginx might hog CPU during SSL handshake with a backend if the select, poll, or /dev/poll methods were used. *) Bugfix: the "[crit] SSL_write() failed (SSL:)" error. *) Bugfix: in the "client_body_in_file_only" directive; the bug had appeared in 1.3.9. *) Bugfix: in the "fastcgi_keep_conn" directive. Changes with nginx 1.3.11 10 Jan 2013 *) Bugfix: a segmentation fault might occur if logging was used; the bug had appeared in 1.3.10. *) Bugfix: the "proxy_pass" directive did not work with IP addresses without port specified; the bug had appeared in 1.3.10. *) Bugfix: a segmentation fault occurred on start or during reconfiguration if the "keepalive" directive was specified more than once in a single upstream block. *) Bugfix: parameter "default" of the "geo" directive did not set default value for IPv6 addresses. Changes with nginx 1.3.10 25 Dec 2012 *) Change: domain names specified in configuration file are now resolved to IPv6 addresses as well as IPv4 ones. *) Change: now if the "include" directive with mask is used on Unix systems, included files are sorted in alphabetical order. *) Change: the "add_header" directive adds headers to 201 responses. *) Feature: the "geo" directive now supports IPv6 addresses in CIDR notation. *) Feature: the "flush" and "gzip" parameters of the "access_log" directive. *) Feature: variables support in the "auth_basic" directive. *) Bugfix: nginx could not be built with the ngx_http_perl_module in some cases. *) Bugfix: a segmentation fault might occur in a worker process if the ngx_http_xslt_module was used. *) Bugfix: nginx could not be built on MacOSX in some cases. Thanks to Piotr Sikora. *) Bugfix: the "limit_rate" directive with high rates might result in truncated responses on 32-bit platforms. Thanks to Alexey Antropov. *) Bugfix: a segmentation fault might occur in a worker process if the "if" directive was used. Thanks to Piotr Sikora. *) Bugfix: a "100 Continue" response was issued with "413 Request Entity Too Large" responses. *) Bugfix: the "image_filter", "image_filter_jpeg_quality" and "image_filter_sharpen" directives might be inherited incorrectly. Thanks to Ian Babrou. *) Bugfix: "crypt_r() failed" errors might appear if the "auth_basic" directive was used on Linux. *) Bugfix: in backup servers handling. Thanks to Thomas Chen. *) Bugfix: proxied HEAD requests might return incorrect response if the "gzip" directive was used. Changes with nginx 1.3.9 27 Nov 2012 *) Feature: support for chunked transfer encoding while reading client request body. *) Feature: the $request_time and $msec variables can now be used not only in the "log_format" directive. *) Bugfix: cache manager and cache loader processes might not be able to start if more than 512 listen sockets were used. *) Bugfix: in the ngx_http_dav_module. Changes with nginx 1.3.8 30 Oct 2012 *) Feature: the "optional_no_ca" parameter of the "ssl_verify_client" directive. Thanks to Mike Kazantsev and Eric O'Connor. *) Feature: the $bytes_sent, $connection, and $connection_requests variables can now be used not only in the "log_format" directive. Thanks to Benjamin Grössing. *) Feature: the "auto" parameter of the "worker_processes" directive. *) Bugfix: "cache file ... has md5 collision" alert. *) Bugfix: in the ngx_http_gunzip_filter_module. *) Bugfix: in the "ssl_stapling" directive. Changes with nginx 1.3.7 02 Oct 2012 *) Feature: OCSP stapling support. Thanks to Comodo, DigiCert and GlobalSign for sponsoring this work. *) Feature: the "ssl_trusted_certificate" directive. *) Feature: resolver now randomly rotates addresses returned from cache. Thanks to Anton Jouline. *) Bugfix: OpenSSL 0.9.7 compatibility. Changes with nginx 1.3.6 12 Sep 2012 *) Feature: the ngx_http_gunzip_filter_module. *) Feature: the "memcached_gzip_flag" directive. *) Feature: the "always" parameter of the "gzip_static" directive. *) Bugfix: in the "limit_req" directive; the bug had appeared in 1.1.14. Thanks to Charles Chen. *) Bugfix: nginx could not be built by gcc 4.7 with -O2 optimization if the --with-ipv6 option was used. Changes with nginx 1.3.5 21 Aug 2012 *) Change: the ngx_http_mp4_module module no longer skips tracks in formats other than H.264 and AAC. *) Bugfix: a segmentation fault might occur in a worker process if the "map" directive was used with variables as values. *) Bugfix: a segmentation fault might occur in a worker process if the "geo" directive was used with the "ranges" parameter but without the "default" parameter; the bug had appeared in 0.8.43. Thanks to Zhen Chen and Weibin Yao. *) Bugfix: in the -p command-line parameter handling. *) Bugfix: in the mail proxy server. *) Bugfix: of minor potential bugs. Thanks to Coverity. *) Bugfix: nginx/Windows could not be built with Visual Studio 2005 Express. Thanks to HAYASHI Kentaro. Changes with nginx 1.3.4 31 Jul 2012 *) Change: the "ipv6only" parameter is now turned on by default for listening IPv6 sockets. *) Feature: the Clang compiler support. *) Bugfix: extra listening sockets might be created. Thanks to Roman Odaisky. *) Bugfix: nginx/Windows might hog CPU if a worker process failed to start. Thanks to Ricardo Villalobos Guevara. *) Bugfix: the "proxy_pass_header", "fastcgi_pass_header", "scgi_pass_header", "uwsgi_pass_header", "proxy_hide_header", "fastcgi_hide_header", "scgi_hide_header", and "uwsgi_hide_header" directives might be inherited incorrectly. Changes with nginx 1.3.3 10 Jul 2012 *) Feature: entity tags support and the "etag" directive. *) Bugfix: trailing dot in a source value was not ignored if the "map" directive was used with the "hostnames" parameter. *) Bugfix: incorrect location might be used to process a request if a URI was changed via a "rewrite" directive before an internal redirect to a named location. Changes with nginx 1.3.2 26 Jun 2012 *) Change: the "single" parameter of the "keepalive" directive is now ignored. *) Change: SSL compression is now disabled when using all versions of OpenSSL, including ones prior to 1.0.0. *) Feature: it is now possible to use the "ip_hash" directive to balance IPv6 clients. *) Feature: the $status variable can now be used not only in the "log_format" directive. *) Bugfix: a segmentation fault might occur in a worker process on shutdown if the "resolver" directive was used. *) Bugfix: a segmentation fault might occur in a worker process if the ngx_http_mp4_module was used. *) Bugfix: in the ngx_http_mp4_module. *) Bugfix: a segmentation fault might occur in a worker process if conflicting wildcard server names were used. *) Bugfix: nginx might be terminated abnormally on a SIGBUS signal on ARM platform. *) Bugfix: an alert "sendmsg() failed (9: Bad file number)" on HP-UX while reconfiguration. Changes with nginx 1.3.1 05 Jun 2012 *) Security: now nginx/Windows ignores trailing dot in URI path component, and does not allow URIs with ":$" in it. Thanks to Vladimir Kochetkov, Positive Research Center. *) Feature: the "proxy_pass", "fastcgi_pass", "scgi_pass", "uwsgi_pass" directives, and the "server" directive inside the "upstream" block, now support IPv6 addresses. *) Feature: the "resolver" directive now supports IPv6 addresses and an optional port specification. *) Feature: the "least_conn" directive inside the "upstream" block. *) Feature: it is now possible to specify a weight for servers while using the "ip_hash" directive. *) Bugfix: a segmentation fault might occur in a worker process if the "image_filter" directive was used; the bug had appeared in 1.3.0. *) Bugfix: nginx could not be built with ngx_cpp_test_module; the bug had appeared in 1.1.12. *) Bugfix: access to variables from SSI and embedded perl module might not work after reconfiguration. Thanks to Yichun Zhang. *) Bugfix: in the ngx_http_xslt_filter_module. Thanks to Kuramoto Eiji. *) Bugfix: memory leak if $geoip_org variable was used. Thanks to Denis F. Latypoff. *) Bugfix: in the "proxy_cookie_domain" and "proxy_cookie_path" directives. Changes with nginx 1.3.0 15 May 2012 *) Feature: the "debug_connection" directive now supports IPv6 addresses and the "unix:" parameter. *) Feature: the "set_real_ip_from" directive and the "proxy" parameter of the "geo" directive now support IPv6 addresses. *) Feature: the "real_ip_recursive", "geoip_proxy", and "geoip_proxy_recursive" directives. *) Feature: the "proxy_recursive" parameter of the "geo" directive. *) Bugfix: a segmentation fault might occur in a worker process if the "resolver" directive was used. *) Bugfix: a segmentation fault might occur in a worker process if the "fastcgi_pass", "scgi_pass", or "uwsgi_pass" directives were used and backend returned incorrect response. *) Bugfix: a segmentation fault might occur in a worker process if the "rewrite" directive was used and new request arguments in a replacement used variables. *) Bugfix: nginx might hog CPU if the open file resource limit was reached. *) Bugfix: nginx might loop infinitely over backends if the "proxy_next_upstream" directive with the "http_404" parameter was used and there were backup servers specified in an upstream block. *) Bugfix: adding the "down" parameter of the "server" directive might cause unneeded client redistribution among backend servers if the "ip_hash" directive was used. *) Bugfix: socket leak. Thanks to Yichun Zhang. *) Bugfix: in the ngx_http_fastcgi_module. Changes with nginx 1.2.0 23 Apr 2012 *) Bugfix: a segmentation fault might occur in a worker process if the "try_files" directive was used; the bug had appeared in 1.1.19. *) Bugfix: response might be truncated if there were more than IOV_MAX buffers used. *) Bugfix: in the "crop" parameter of the "image_filter" directive. Thanks to Maxim Bublis. Changes with nginx 1.1.19 12 Apr 2012 *) Security: specially crafted mp4 file might allow to overwrite memory locations in a worker process if the ngx_http_mp4_module was used, potentially resulting in arbitrary code execution (CVE-2012-2089). Thanks to Matthew Daley. *) Bugfix: nginx/Windows might be terminated abnormally. Thanks to Vincent Lee. *) Bugfix: nginx hogged CPU if all servers in an upstream were marked as "backup". *) Bugfix: the "allow" and "deny" directives might be inherited incorrectly if they were used with IPv6 addresses. *) Bugfix: the "modern_browser" and "ancient_browser" directives might be inherited incorrectly. *) Bugfix: timeouts might be handled incorrectly on Solaris/SPARC. *) Bugfix: in the ngx_http_mp4_module. Changes with nginx 1.1.18 28 Mar 2012 *) Change: keepalive connections are no longer disabled for Safari by default. *) Feature: the $connection_requests variable. *) Feature: $tcpinfo_rtt, $tcpinfo_rttvar, $tcpinfo_snd_cwnd and $tcpinfo_rcv_space variables. *) Feature: the "worker_cpu_affinity" directive now works on FreeBSD. *) Feature: the "xslt_param" and "xslt_string_param" directives. Thanks to Samuel Behan. *) Bugfix: in configure tests. Thanks to Piotr Sikora. *) Bugfix: in the ngx_http_xslt_filter_module. *) Bugfix: nginx could not be built on Debian GNU/Hurd. Changes with nginx 1.1.17 15 Mar 2012 *) Security: content of previously freed memory might be sent to a client if backend returned specially crafted response. Thanks to Matthew Daley. *) Bugfix: in the embedded perl module if used from SSI. Thanks to Matthew Daley. *) Bugfix: in the ngx_http_uwsgi_module. Changes with nginx 1.1.16 29 Feb 2012 *) Change: the simultaneous subrequest limit has been raised to 200. *) Feature: the "from" parameter of the "disable_symlinks" directive. *) Feature: the "return" and "error_page" directives can now be used to return 307 redirections. *) Bugfix: a segmentation fault might occur in a worker process if the "resolver" directive was used and there was no "error_log" directive specified at global level. Thanks to Roman Arutyunyan. *) Bugfix: a segmentation fault might occur in a worker process if the "proxy_http_version 1.1" or "fastcgi_keep_conn on" directives were used. *) Bugfix: memory leaks. Thanks to Lanshun Zhou. *) Bugfix: in the "disable_symlinks" directive. *) Bugfix: on ZFS filesystem disk cache size might be calculated incorrectly; the bug had appeared in 1.0.1. *) Bugfix: nginx could not be built by the icc 12.1 compiler. *) Bugfix: nginx could not be built by gcc on Solaris; the bug had appeared in 1.1.15. Changes with nginx 1.1.15 15 Feb 2012 *) Feature: the "disable_symlinks" directive. *) Feature: the "proxy_cookie_domain" and "proxy_cookie_path" directives. *) Bugfix: nginx might log incorrect error "upstream prematurely closed connection" instead of correct "upstream sent too big header" one. Thanks to Feibo Li. *) Bugfix: nginx could not be built with the ngx_http_perl_module if the --with-openssl option was used. *) Bugfix: the number of internal redirects to named locations was not limited. *) Bugfix: calling $r->flush() multiple times might cause errors in the ngx_http_gzip_filter_module. *) Bugfix: temporary files might be not removed if the "proxy_store" directive was used with SSI includes. *) Bugfix: in some cases non-cacheable variables (such as the $args variable) returned old empty cached value. *) Bugfix: a segmentation fault might occur in a worker process if too many SSI subrequests were issued simultaneously; the bug had appeared in 0.7.25. Changes with nginx 1.1.14 30 Jan 2012 *) Feature: multiple "limit_req" limits may be used simultaneously. *) Bugfix: in error handling while connecting to a backend. Thanks to Piotr Sikora. *) Bugfix: in AIO error handling on FreeBSD. *) Bugfix: in the OpenSSL library initialization. *) Bugfix: the "proxy_redirect" directives might be inherited incorrectly. *) Bugfix: memory leak during reconfiguration if the "pcre_jit" directive was used. Changes with nginx 1.1.13 16 Jan 2012 *) Feature: the "TLSv1.1" and "TLSv1.2" parameters of the "ssl_protocols" directive. *) Bugfix: the "limit_req" directive parameters were not inherited correctly; the bug had appeared in 1.1.12. *) Bugfix: the "proxy_redirect" directive incorrectly processed "Refresh" header if regular expression were used. *) Bugfix: the "proxy_cache_use_stale" directive with "error" parameter did not return answer from cache if there were no live upstreams. *) Bugfix: the "worker_cpu_affinity" directive might not work. *) Bugfix: nginx could not be built on Solaris; the bug had appeared in 1.1.12. *) Bugfix: in the ngx_http_mp4_module. Changes with nginx 1.1.12 26 Dec 2011 *) Change: a "proxy_pass" directive without URI part now uses changed URI after redirection with the "error_page" directive. Thanks to Lanshun Zhou. *) Feature: the "proxy/fastcgi/scgi/uwsgi_cache_lock", "proxy/fastcgi/scgi/uwsgi_cache_lock_timeout" directives. *) Feature: the "pcre_jit" directive. *) Feature: the "if" SSI command supports captures in regular expressions. *) Bugfix: the "if" SSI command did not work inside the "block" command. *) Bugfix: the "limit_conn_log_level" and "limit_req_log_level" directives might not work. *) Bugfix: the "limit_rate" directive did not allow to use full throughput, even if limit value was very high. *) Bugfix: the "sendfile_max_chunk" directive did not work, if the "limit_rate" directive was used. *) Bugfix: a "proxy_pass" directive without URI part always used original request URI if variables were used. *) Bugfix: a "proxy_pass" directive without URI part might use original request after redirection with the "try_files" directive. Thanks to Lanshun Zhou. *) Bugfix: in the ngx_http_scgi_module. *) Bugfix: in the ngx_http_mp4_module. *) Bugfix: nginx could not be built on Solaris; the bug had appeared in 1.1.9. Changes with nginx 1.1.11 12 Dec 2011 *) Feature: the "so_keepalive" parameter of the "listen" directive. Thanks to Vsevolod Stakhov. *) Feature: the "if_not_empty" parameter of the "fastcgi/scgi/uwsgi_param" directives. *) Feature: the $https variable. *) Feature: the "proxy_redirect" directive supports variables in the first parameter. *) Feature: the "proxy_redirect" directive supports regular expressions. *) Bugfix: the $sent_http_cache_control variable might contain a wrong value if the "expires" directive was used. Thanks to Yichun Zhang. *) Bugfix: the "read_ahead" directive might not work combined with "try_files" and "open_file_cache". *) Bugfix: a segmentation fault might occur in a worker process if small time was used in the "inactive" parameter of the "proxy_cache_path" directive. *) Bugfix: responses from cache might hang. Changes with nginx 1.1.10 30 Nov 2011 *) Bugfix: a segmentation fault occured in a worker process if AIO was used on Linux; the bug had appeared in 1.1.9. Changes with nginx 1.1.9 28 Nov 2011 *) Change: now double quotes are encoded in an "echo" SSI-command output. Thanks to Zaur Abasmirzoev. *) Feature: the "valid" parameter of the "resolver" directive. By default TTL returned by a DNS server is used. Thanks to Kirill A. Korinskiy. *) Bugfix: nginx might hang after a worker process abnormal termination. *) Bugfix: a segmentation fault might occur in a worker process if SNI was used; the bug had appeared in 1.1.2. *) Bugfix: in the "keepalive_disable" directive; the bug had appeared in 1.1.8. Thanks to Alexander Usov. *) Bugfix: SIGWINCH signal did not work after first binary upgrade; the bug had appeared in 1.1.1. *) Bugfix: backend responses with length not matching "Content-Length" header line are no longer cached. *) Bugfix: in the "scgi_param" directive, if complex parameters were used. *) Bugfix: in the "epoll" event method. Thanks to Yichun Zhang. *) Bugfix: in the ngx_http_flv_module. Thanks to Piotr Sikora. *) Bugfix: in the ngx_http_mp4_module. *) Bugfix: IPv6 addresses are now handled properly in a request line and in a "Host" request header line. *) Bugfix: "add_header" and "expires" directives did not work if a request was proxied and response status code was 206. *) Bugfix: nginx could not be built on FreeBSD 10. *) Bugfix: nginx could not be built on AIX. Changes with nginx 1.1.8 14 Nov 2011 *) Change: the ngx_http_limit_zone_module was renamed to the ngx_http_limit_conn_module. *) Change: the "limit_zone" directive was superseded by the "limit_conn_zone" directive with a new syntax. *) Feature: support for multiple "limit_conn" limits on the same level. *) Feature: the "image_filter_sharpen" directive. *) Bugfix: a segmentation fault might occur in a worker process if resolver got a big DNS response. Thanks to Ben Hawkes. *) Bugfix: in cache key calculation if internal MD5 implementation was used; the bug had appeared in 1.0.4. *) Bugfix: the "If-Modified-Since", "If-Range", etc. client request header lines might be passed to backend while caching; or not passed without caching if caching was enabled in another part of the configuration. *) Bugfix: the module ngx_http_mp4_module sent incorrect "Content-Length" response header line if the "start" argument was used. Thanks to Piotr Sikora. Changes with nginx 1.1.7 31 Oct 2011 *) Feature: support of several DNS servers in the "resolver" directive. Thanks to Kirill A. Korinskiy. *) Bugfix: a segmentation fault occurred on start or during reconfiguration if the "ssl" directive was used at http level and there was no "ssl_certificate" defined. *) Bugfix: reduced memory consumption while proxying big files if they were buffered to disk. *) Bugfix: a segmentation fault might occur in a worker process if "proxy_http_version 1.1" directive was used. *) Bugfix: in the "expires @time" directive. Changes with nginx 1.1.6 17 Oct 2011 *) Change in internal API: now module context data are cleared while internal redirect to named location. Requested by Yichun Zhang. *) Change: if a server in an upstream failed, only one request will be sent to it after fail_timeout; the server will be considered alive if it will successfully respond to the request. *) Change: now the 0x7F-0x1F characters are escaped as \xXX in an access_log. *) Feature: "proxy/fastcgi/scgi/uwsgi_ignore_headers" directives support the following additional values: X-Accel-Limit-Rate, X-Accel-Buffering, X-Accel-Charset. *) Feature: decrease of memory consumption if SSL is used. *) Bugfix: some UTF-8 characters were processed incorrectly. Thanks to Alexey Kuts. *) Bugfix: the ngx_http_rewrite_module directives specified at "server" level were executed twice if no matching locations were defined. *) Bugfix: a socket leak might occurred if "aio sendfile" was used. *) Bugfix: connections with fast clients might be closed after send_timeout if file AIO was used. *) Bugfix: in the ngx_http_autoindex_module. *) Bugfix: the module ngx_http_mp4_module did not support seeking on 32-bit platforms. Changes with nginx 1.1.5 05 Oct 2011 *) Feature: the "uwsgi_buffering" and "scgi_buffering" directives. Thanks to Peter Smit. *) Bugfix: non-cacheable responses might be cached if "proxy_cache_bypass" directive was used. Thanks to John Ferlito. *) Bugfix: in HTTP/1.1 support in the ngx_http_proxy_module. *) Bugfix: cached responses with an empty body were returned incorrectly; the bug had appeared in 0.8.31. *) Bugfix: 201 responses of the ngx_http_dav_module were incorrect; the bug had appeared in 0.8.32. *) Bugfix: in the "return" directive. *) Bugfix: the "ssl_session_cache builtin" directive caused segmentation fault; the bug had appeared in 1.1.1. Changes with nginx 1.1.4 20 Sep 2011 *) Feature: the ngx_http_upstream_keepalive module. *) Feature: the "proxy_http_version" directive. *) Feature: the "fastcgi_keep_conn" directive. *) Feature: the "worker_aio_requests" directive. *) Bugfix: if nginx was built --with-file-aio it could not be run on Linux kernel which did not support AIO. *) Bugfix: in Linux AIO error processing. Thanks to Hagai Avrahami. *) Bugfix: reduced memory consumption for long-lived requests. *) Bugfix: the module ngx_http_mp4_module did not support 64-bit MP4 "co64" atom. Changes with nginx 1.1.3 14 Sep 2011 *) Feature: the module ngx_http_mp4_module. *) Bugfix: in Linux AIO combined with open_file_cache. *) Bugfix: open_file_cache did not update file info on retest if file was not atomically changed. *) Bugfix: nginx could not be built on MacOSX 10.7. Changes with nginx 1.1.2 05 Sep 2011 *) Change: now if total size of all ranges is greater than source response size, then nginx disables ranges and returns just the source response. *) Feature: the "max_ranges" directive. *) Bugfix: the "ssl_verify_client", "ssl_verify_depth", and "ssl_prefer_server_ciphers" directives might work incorrectly if SNI was used. *) Bugfix: in the "proxy/fastcgi/scgi/uwsgi_ignore_client_abort" directives. Changes with nginx 1.1.1 22 Aug 2011 *) Change: now cache loader processes either as many files as specified by "loader_files" parameter or works no longer than time specified by the "loader_threshold" parameter during each iteration. *) Change: now SIGWINCH signal works only in daemon mode. *) Feature: now shared zones and caches use POSIX semaphores on Solaris. Thanks to Den Ivanov. *) Feature: accept filters are now supported on NetBSD. *) Bugfix: nginx could not be built on Linux 3.0. *) Bugfix: nginx did not use gzipping in some cases; the bug had appeared in 1.1.0. *) Bugfix: request body might be processed incorrectly if client used pipelining. *) Bugfix: in the "request_body_in_single_buf" directive. *) Bugfix: in "proxy_set_body" and "proxy_pass_request_body" directives if SSL connection to backend was used. *) Bugfix: nginx hogged CPU if all servers in an upstream were marked as "down". *) Bugfix: a segmentation fault might occur during reconfiguration if ssl_session_cache was defined but not used in previous configuration. *) Bugfix: a segmentation fault might occur in a worker process if many backup servers were used in an upstream. *) Bugfix: a segmentation fault might occur in a worker process if "fastcgi/scgi/uwsgi_param" directives were used with values starting with "HTTP_"; the bug had appeared in 0.8.40. Changes with nginx 1.1.0 01 Aug 2011 *) Feature: cache loader run time decrease. *) Feature: "loader_files", "loader_sleep", and "loader_threshold" options of the "proxy/fastcgi/scgi/uwsgi_cache_path" directives. *) Feature: loading time decrease of configuration with large number of HTTPS sites. *) Feature: now nginx supports ECDHE key exchange ciphers. Thanks to Adrian Kotelba. *) Feature: the "lingering_close" directive. Thanks to Maxim Dounin. *) Bugfix: in closing connection for pipelined requests. Thanks to Maxim Dounin. *) Bugfix: nginx did not disable gzipping if client sent "gzip;q=0" in "Accept-Encoding" request header line. *) Bugfix: in timeout in unbuffered proxied mode. Thanks to Maxim Dounin. *) Bugfix: memory leaks when a "proxy_pass" directive contains variables and proxies to an HTTPS backend. Thanks to Maxim Dounin. *) Bugfix: in parameter validaiton of a "proxy_pass" directive with variables. Thanks to Lanshun Zhou. *) Bugfix: SSL did not work on QNX. Thanks to Maxim Dounin. *) Bugfix: SSL modules could not be built by gcc 4.6 without --with-debug option. Changes with nginx 1.0.5 19 Jul 2011 *) Change: now default SSL ciphers are "HIGH:!aNULL:!MD5". Thanks to Rob Stradling. *) Feature: the "referer_hash_max_size" and "referer_hash_bucket_size" directives. Thanks to Witold Filipczyk. *) Feature: $uid_reset variable. *) Bugfix: a segmentation fault might occur in a worker process, if a caching was used. Thanks to Lanshun Zhou. *) Bugfix: worker processes may got caught in an endless loop during reconfiguration, if a caching was used; the bug had appeared in 0.8.48. Thanks to Maxim Dounin. *) Bugfix: "stalled cache updating" alert. Thanks to Maxim Dounin. Changes with nginx 1.0.4 01 Jun 2011 *) Change: now regular expressions case sensitivity in the "map" directive is given by prefixes "~" or "~*". *) Feature: now shared zones and caches use POSIX semaphores on Linux. Thanks to Denis F. Latypoff. *) Bugfix: "stalled cache updating" alert. *) Bugfix: nginx could not be built --without-http_auth_basic_module; the bug had appeared in 1.0.3. Changes with nginx 1.0.3 25 May 2011 *) Feature: the "auth_basic_user_file" directive supports "$apr1", "{PLAIN}", and "{SSHA}" password encryption methods. Thanks to Maxim Dounin. *) Feature: the "geoip_org" directive and $geoip_org variable. Thanks to Alexander Uskov, Arnaud Granal, and Denis F. Latypoff. *) Feature: ngx_http_geo_module and ngx_http_geoip_module support IPv4 addresses mapped to IPv6 addresses. *) Bugfix: a segmentation fault occurred in a worker process during testing IPv4 address mapped to IPv6 address, if access or deny rules were defined only for IPv6; the bug had appeared in 0.8.22. *) Bugfix: a cached response may be broken if "proxy/fastcgi/scgi/ uwsgi_cache_bypass" and "proxy/fastcgi/scgi/uwsgi_no_cache" directive values were different; the bug had appeared in 0.8.46. Changes with nginx 1.0.2 10 May 2011 *) Feature: now shared zones and caches use POSIX semaphores. *) Bugfix: in the "rotate" parameter of the "image_filter" directive. Thanks to Adam Bocim. *) Bugfix: nginx could not be built on Solaris; the bug had appeared in 1.0.1. Changes with nginx 1.0.1 03 May 2011 *) Change: now the "split_clients" directive uses MurmurHash2 algorithm because of better distribution. Thanks to Oleg Mamontov. *) Change: now long strings starting with zero are not considered as false values. Thanks to Maxim Dounin. *) Change: now nginx uses a default listen backlog value 511 on Linux. *) Feature: the $upstream_... variables may be used in the SSI and perl modules. *) Bugfix: now nginx limits better disk cache size. Thanks to Oleg Mamontov. *) Bugfix: a segmentation fault might occur while parsing incorrect IPv4 address; the bug had appeared in 0.9.3. Thanks to Maxim Dounin. *) Bugfix: nginx could not be built by gcc 4.6 without --with-debug option. *) Bugfix: nginx could not be built on Solaris 9 and earlier; the bug had appeared in 0.9.3. Thanks to Dagobert Michelsen. *) Bugfix: $request_time variable had invalid values if subrequests were used; the bug had appeared in 0.8.47. Thanks to Igor A. Valcov. Changes with nginx 1.0.0 12 Apr 2011 *) Bugfix: a cache manager might hog CPU after reload. Thanks to Maxim Dounin. *) Bugfix: an "image_filter crop" directive worked incorrectly coupled with an "image_filter rotate 180" directive. *) Bugfix: a "satisfy any" directive disabled custom 401 error page. Changes with nginx 0.9.7 04 Apr 2011 *) Feature: now keepalive connections may be closed premature, if there are no free worker connections. Thanks to Maxim Dounin. *) Feature: the "rotate" parameter of the "image_filter" directive. Thanks to Adam Bocim. *) Bugfix: a case when a backend in "fastcgi_pass", "scgi_pass", or "uwsgi_pass" directives is given by expression and refers to a defined upstream. Changes with nginx 0.9.6 21 Mar 2011 *) Feature: the "map" directive supports regular expressions as value of the first parameter. *) Feature: $time_iso8601 access_log variable. Thanks to Michael Lustfield. Changes with nginx 0.9.5 21 Feb 2011 *) Change: now nginx uses a default listen backlog value -1 on Linux. Thanks to Andrei Nigmatulin. *) Feature: the "utf8" parameter of "geoip_country" and "geoip_city" directives. Thanks to Denis F. Latypoff. *) Bugfix: in a default "proxy_redirect" directive if "proxy_pass" directive has no URI part. Thanks to Maxim Dounin. *) Bugfix: an "error_page" directive did not work with nonstandard error codes; the bug had appeared in 0.8.53. Thanks to Maxim Dounin. Changes with nginx 0.9.4 21 Jan 2011 *) Feature: the "server_name" directive supports the $hostname variable. *) Feature: 494 code for "Request Header Too Large" error. Changes with nginx 0.9.3 13 Dec 2010 *) Bugfix: if there was a single server for given IPv6 address:port pair, then captures in regular expressions in a "server_name" directive did not work. *) Bugfix: nginx could not be built on Solaris; the bug had appeared in 0.9.0. Changes with nginx 0.9.2 06 Dec 2010 *) Feature: the "If-Unmodified-Since" client request header line support. *) Workaround: fallback to accept() syscall if accept4() was not implemented; the issue had appeared in 0.9.0. *) Bugfix: nginx could not be built on Cygwin; the bug had appeared in 0.9.0. *) Bugfix: for OpenSSL vulnerability CVE-2010-4180. Thanks to Maxim Dounin. Changes with nginx 0.9.1 30 Nov 2010 *) Bugfix: "return CODE message" directives did not work; the bug had appeared in 0.9.0. Changes with nginx 0.9.0 29 Nov 2010 *) Feature: the "keepalive_disable" directive. *) Feature: the "map" directive supports variables as value of a defined variable. *) Feature: the "map" directive supports empty strings as value of the first parameter. *) Feature: the "map" directive supports expressions as the first parameter. *) Feature: nginx(8) manual page. Thanks to Sergey Osokin. *) Feature: Linux accept4() support. Thanks to Simon Liu. *) Workaround: elimination of Linux linker warning about "sys_errlist" and "sys_nerr"; the warning had appeared in 0.8.35. *) Bugfix: a segmentation fault might occur in a worker process, if the "auth_basic" directive was used. Thanks to Michail Laletin. *) Bugfix: compatibility with ngx_http_eval_module; the bug had appeared in 0.8.42. Changes with nginx 0.8.53 18 Oct 2010 *) Feature: now the "error_page" directive allows to change a status code in a redirect. *) Feature: the "gzip_disable" directive supports special "degradation" mask. *) Bugfix: a socket leak might occurred if file AIO was used. Thanks to Maxim Dounin. *) Bugfix: if the first server had no "listen" directive and there was no explicit default server, then a next server with a "listen" directive became the default server; the bug had appeared in 0.8.21. Changes with nginx 0.8.52 28 Sep 2010 *) Bugfix: nginx used SSL mode for a listen socket if any listen option was set; the bug had appeared in 0.8.51. Changes with nginx 0.8.51 27 Sep 2010 *) Change: the "secure_link_expires" directive has been canceled. *) Change: a logging level of resolver errors has been lowered from "alert" to "error". *) Feature: now a listen socket "ssl" parameter may be set several times. Changes with nginx 0.8.50 02 Sep 2010 *) Feature: the "secure_link", "secure_link_md5", and "secure_link_expires" directives of the ngx_http_secure_link_module. *) Feature: the -q switch. Thanks to Gena Makhomed. *) Bugfix: worker processes may got caught in an endless loop during reconfiguration, if a caching was used; the bug had appeared in 0.8.48. *) Bugfix: in the "gzip_disable" directive. Thanks to Derrick Petzold. *) Bugfix: nginx/Windows could not send stop, quit, reopen, and reload signals to a process run in other session. Changes with nginx 0.8.49 09 Aug 2010 *) Feature: the "image_filter_jpeg_quality" directive supports variables. *) Bugfix: a segmentation fault might occur in a worker process, if the $geoip_region_name variables was used; the bug had appeared in 0.8.48. *) Bugfix: errors intercepted by error_page were cached only for next request; the bug had appeared in 0.8.48. Changes with nginx 0.8.48 03 Aug 2010 *) Change: now the "server_name" directive default value is an empty name "". Thanks to Gena Makhomed. *) Change: now the "server_name_in_redirect" directive default value is "off". *) Feature: the $geoip_dma_code, $geoip_area_code, and $geoip_region_name variables. Thanks to Christine McGonagle. *) Bugfix: the "proxy_pass", "fastcgi_pass", "uwsgi_pass", and "scgi_pass" directives were not inherited inside "limit_except" blocks. *) Bugfix: the "proxy_cache_min_uses", "fastcgi_cache_min_uses" "uwsgi_cache_min_uses", and "scgi_cache_min_uses" directives did not work; the bug had appeared in 0.8.46. *) Bugfix: the "fastcgi_split_path_info" directive used incorrectly captures, if only parts of an URI were captured. Thanks to Yuriy Taraday and Frank Enderle. *) Bugfix: the "rewrite" directive did not escape a ";" character during copying from URI to query string. Thanks to Daisuke Murase.