Skip to content

Releases: macbre/docker-nginx-http3

nginx 1.27.2

16 Oct 19:38
3475299
Compare
Choose a tag to compare
Changes with nginx 1.27.2                                        02 Oct 2024

    *) Feature: SSL certificates, secret keys, and CRLs are now cached on
       start or during reconfiguration.

    *) Feature: client certificate validation with OCSP in the stream
       module.

    *) Feature: OCSP stapling support in the stream module.

    *) Feature: the "proxy_pass_trailers" directive in the
       ngx_http_proxy_module.

    *) Feature: the "ssl_client_certificate" directive now supports
       certificates with auxiliary information.

    *) Change: now the "ssl_client_certificate" directive is not required
       for client SSL certificates verification.

nginx 1.27.1

14 Aug 20:12
f7fe675
Compare
Choose a tag to compare
Changes with nginx 1.27.1                                        14 Aug 2024

    *) Security: processing of a specially crafted mp4 file by the
       ngx_http_mp4_module might cause a worker process crash
       (CVE-2024-7347).
       Thanks to Nils Bars.

    *) Change: now the stream module handler is not mandatory.

    *) Bugfix: new HTTP/2 connections might ignore graceful shutdown of old
       worker processes.
       Thanks to Kasei Wang.

    *) Bugfixes in HTTP/3.

nginx 1.27.0

13 Jun 17:04
ec86d72
Compare
Choose a tag to compare
Changes with nginx 1.27.0                                        29 May 2024

    *) Security: when using HTTP/3, processing of a specially crafted QUIC
       session might cause a worker process crash, worker process memory
       disclosure on systems with MTU larger than 4096 bytes, or might have
       potential other impact (CVE-2024-32760, CVE-2024-31079,
       CVE-2024-35200, CVE-2024-34161).
       Thanks to Nils Bars of CISPA.

    *) Feature: variables support in the "proxy_limit_rate",
       "fastcgi_limit_rate", "scgi_limit_rate", and "uwsgi_limit_rate"
       directives.

    *) Bugfix: reduced memory consumption for long-lived requests if "gzip",
       "gunzip", "ssi", "sub_filter", or "grpc_pass" directives are used.

    *) Bugfix: nginx could not be built by gcc 14 if the --with-atomic
       option was used.
       Thanks to Edgar Bonet.

    *) Bugfixes in HTTP/3.

nginx 1.25.4 + njs 0.8.3 + headers-more-nginx-module 0.37

13 Mar 23:36
f2f4b52
Compare
Choose a tag to compare
Changes with nginx 1.25.4                                        14 Feb 2024

    *) Security: when using HTTP/3 a segmentation fault might occur in a
       worker process while processing a specially crafted QUIC session
       (CVE-2024-24989, CVE-2024-24990).

    *) Bugfix: connections with pending AIO operations might be closed
       prematurely during graceful shutdown of old worker processes.

    *) Bugfix: socket leak alerts no longer logged when fast shutdown was
       requested after graceful shutdown of old worker processes.

    *) Bugfix: a socket descriptor error, a socket leak, or a segmentation
       fault in a worker process (for SSL proxying) might occur if AIO was
       used in a subrequest.

    *) Bugfix: a segmentation fault might occur in a worker process if SSL
       proxying was used along with the "image_filter" directive and errors
       with code 415 were redirected with the "error_page" directive.

    *) Bugfixes and improvements in HTTP/3.

What's Changed

  • nginx 1.25.4 + njs 0.8.3 + headers-more-nginx-module 0.37 by @macbre in #135

Full Changelog: v1.25.3...v1.25.4

nginx 1.25.3 + uid and gid ARG for nginx user + fix nginx.pid file permissions

13 Mar 21:56
ed7d4d5
Compare
Choose a tag to compare
Changes with nginx 1.25.3                                        24 Oct 2023

    *) Change: improved detection of misbehaving clients when using HTTP/2.

    *) Feature: startup speedup when using a large number of locations.
       Thanks to Yusuke Nojima.

    *) Bugfix: a segmentation fault might occur in a worker process when
       using HTTP/2 without SSL; the bug had appeared in 1.25.1.

    *) Bugfix: the "Status" backend response header line with an empty
       reason phrase was handled incorrectly.

    *) Bugfix: memory leak during reconfiguration when using the PCRE2
       library.
       Thanks to ZhenZhong Wu.

    *) Bugfixes and improvements in HTTP/3.

What's Changed

New Contributors

Full Changelog: v1.25.2...v1.25.3

nginx 1.25.2 + njs 0.8.1

17 Sep 11:48
4b68655
Compare
Choose a tag to compare
Changes with nginx 1.25.2                                        15 Aug 2023

    *) Feature: path MTU discovery when using HTTP/3.

    *) Feature: TLS_AES_128_CCM_SHA256 cipher suite support when using
       HTTP/3.

    *) Change: now nginx uses appname "nginx" when loading OpenSSL
       configuration.

    *) Change: now nginx does not try to load OpenSSL configuration if the
       --with-openssl option was used to built OpenSSL and the OPENSSL_CONF
       environment variable is not set.

    *) Bugfix: in the $body_bytes_sent variable when using HTTP/3.

    *) Bugfix: in HTTP/3.

What's Changed

Full Changelog: v1.25.1...v1.25.2

nginx 1.25.1

27 Jun 09:49
7f52155
Compare
Choose a tag to compare

The main code branch of nginx now features the still experimental HTTP/3 support.

Changes with nginx 1.25.1                                        13 Jun 2023

    *) Feature: the "http2" directive, which enables HTTP/2 on a per-server
       basis; the "http2" parameter of the "listen" directive is now
       deprecated.

    *) Change: HTTP/2 server push support has been removed.

    *) Change: the deprecated "ssl" directive is not supported anymore.

    *) Bugfix: in HTTP/3 when using OpenSSL.


Changes with nginx 1.25.0                                        23 May 2023

    *) Feature: experimental HTTP/3 support.

What's Changed

  • fix: Update BoringSSL commit by @yo-han in #112
  • nginx to 1.25.1, other updates, and update docs and configs. by @justdan6 in #113

New Contributors

Full Changelog: v1.23.4...v1.25.1

nginx 1.23.4

12 Apr 08:40
0b88673
Compare
Choose a tag to compare
Changes with nginx 1.23.4                                        28 Mar 2023

    *) Change: now TLSv1.3 protocol is enabled by default.

    *) Change: now nginx issues a warning if protocol parameters of a
       listening socket are redefined.

    *) Change: now nginx closes connections with lingering if pipelining was
       used by the client.

    *) Feature: byte ranges support in the ngx_http_gzip_static_module.

    *) Bugfix: port ranges in the "listen" directive did not work; the bug
       had appeared in 1.23.3.
       Thanks to Valentin Bartenev.

    *) Bugfix: incorrect location might be chosen to process a request if a
       prefix location longer than 255 characters was used in the
       configuration.

    *) Bugfix: non-ASCII characters in file names on Windows were not
       supported by the ngx_http_autoindex_module, the ngx_http_dav_module,
       and the "include" directive.

    *) Change: the logging level of the "data length too long", "length too
       short", "bad legacy version", "no shared signature algorithms", "bad
       digest length", "missing sigalgs extension", "encrypted length too
       long", "bad length", "bad key update", "mixed handshake and non
       handshake data", "ccs received early", "data between ccs and
       finished", "packet length too long", "too many warn alerts", "record
       too small", and "got a fin before a ccs" SSL errors has been lowered
       from "crit" to "info".

    *) Bugfix: a socket leak might occur when using HTTP/2 and the
       "error_page" directive to redirect errors with code 400.

    *) Bugfix: messages about logging to syslog errors did not contain
       information that the errors happened while logging to syslog.
       Thanks to Safar Safarly.

    *) Workaround: "gzip filter failed to use preallocated memory" alerts
       appeared in logs when using zlib-ng.

    *) Bugfix: in the mail proxy server.

nginx 1.23.3

19 Dec 13:57
95264ac
Compare
Choose a tag to compare
Changes with nginx 1.23.3                                        13 Dec 2022

    *) Bugfix: an error might occur when reading PROXY protocol version 2
       header with large number of TLVs.

    *) Bugfix: a segmentation fault might occur in a worker process if SSI
       was used to process subrequests created by other modules.
       Thanks to Ciel Zhao.

    *) Workaround: when a hostname used in the "listen" directive resolves
       to multiple addresses, nginx now ignores duplicates within these
       addresses.

    *) Bugfix: nginx might hog CPU during unbuffered proxying if SSL
       connections to backends were used.

Potential breaking changes

Please note that thanks to #97 this container now runs the nginx daemon as a non-root user. You may need to update the ports your nginx binds if your using anything below port 1024.

nginx 1.23.2

27 Oct 09:55
d78f5bf
Compare
Choose a tag to compare
Changes with nginx 1.23.2                                        19 Oct 2022

    *) Security: processing of a specially crafted mp4 file by the
       ngx_http_mp4_module might cause a worker process crash, worker
       process memory disclosure, or might have potential other impact
       (CVE-2022-41741, CVE-2022-41742).

    *) Feature: the "$proxy_protocol_tlv_..." variables.

    *) Feature: TLS session tickets encryption keys are now automatically
       rotated when using shared memory in the "ssl_session_cache"
       directive.

    *) Change: the logging level of the "bad record type" SSL errors has
       been lowered from "crit" to "info".
       Thanks to Murilo Andrade.

    *) Change: now when using shared memory in the "ssl_session_cache"
       directive the "could not allocate new session" errors are logged at
       the "warn" level instead of "alert" and not more often than once per
       second.

    *) Bugfix: nginx/Windows could not be built with OpenSSL 3.0.x.

    *) Bugfix: in logging of the PROXY protocol errors.
       Thanks to Sergey Brester.

    *) Workaround: shared memory from the "ssl_session_cache" directive was
       spent on sessions using TLS session tickets when using TLSv1.3 with
       OpenSSL.

    *) Workaround: timeout specified with the "ssl_session_timeout"
       directive did not work when using TLSv1.3 with OpenSSL or BoringSSL.