nginx 1.23.1

This release got a bit delayed due to some issues with being able to properly test http/3 in the CI. Thanks @imraan-go for a helpful hint here!

Changes with nginx 1.23.1                                        19 Jul 2022

    *) Feature: memory usage optimization in configurations with SSL
       proxying.

    *) Feature: looking up of IPv4 addresses while resolving now can be
       disabled with the "ipv4=off" parameter of the "resolver" directive.

    *) Change: the logging level of the "bad key share", "bad extension",
       "bad cipher", and "bad ecpoint" SSL errors has been lowered from
       "crit" to "info".

    *) Bugfix: while returning byte ranges nginx did not remove the
       "Content-Range" header line if it was present in the original backend
       response.

    *) Bugfix: a proxied response might be truncated during reconfiguration
       on Linux; the bug had appeared in 1.17.5.

nginx 1.21.6

Changes with nginx 1.21.6                                        25 Jan 2022

    *) Bugfix: when using EPOLLEXCLUSIVE on Linux client connections were
       unevenly distributed among worker processes.

    *) Bugfix: nginx returned the "Connection: keep-alive" header line in
       responses during graceful shutdown of old worker processes.

    *) Bugfix: in the "ssl_session_ticket_key" when using TLSv1.3.

nginx 1.21.5

Please note that $quic variable has been removed in favour of $http3 (https://hg.nginx.org/nginx-quic/rev/651cc905b7c2).

Changes with nginx 1.21.5                                        28 Dec 2021

    *) Change: now nginx is built with the PCRE2 library by default.

    *) Change: now nginx always uses sendfile(SF_NODISKIO) on FreeBSD.

    *) Feature: support for sendfile(SF_NOCACHE) on FreeBSD.

    *) Feature: the $ssl_curve variable.

    *) Bugfix: connections might hang when using HTTP/2 without SSL with the
       "sendfile" and "aio" directives.

nginx 1.21.4

nginx 1.21.4 + the latest BoringSSL changes #70

Changes with nginx 1.21.4                                        02 Nov 2021

    *) Change: support for NPN instead of ALPN to establish HTTP/2
       connections has been removed.

    *) Change: now nginx rejects SSL connections if ALPN is used by the
       client, but no supported protocols can be negotiated.

    *) Change: the default value of the "sendfile_max_chunk" directive was
       changed to 2 megabytes.

    *) Feature: the "proxy_half_close" directive in the stream module.

    *) Feature: the "ssl_alpn" directive in the stream module.

    *) Feature: the $ssl_alpn_protocol variable.

    *) Feature: support for SSL_sendfile() when using OpenSSL 3.0.

    *) Feature: the "mp4_start_key_frame" directive in the
       ngx_http_mp4_module.
       Thanks to Tracey Jaquith.

    *) Bugfix: in the $content_length variable when using chunked transfer
       encoding.

    *) Bugfix: after receiving a response with incorrect length from a
       proxied backend nginx might nevertheless cache the connection.
       Thanks to Awdhesh Mathpal.

    *) Bugfix: invalid headers from backends were logged at the "info" level
       instead of "error"; the bug had appeared in 1.21.1.

    *) Bugfix: requests might hang when using HTTP/2 and the "aio_write"
       directive.

nginx 1.21.3

https://hg.nginx.org/nginx-quic

Changes with nginx 1.21.3                                        07 Sep 2021

    *) Change: optimization of client request body reading when using
       HTTP/2.

    *) Bugfix: in request body filters internal API when using HTTP/2 and
       buffering of the data being processed.


Changes with nginx 1.21.2                                        31 Aug 2021

    *) Change: now nginx rejects HTTP/1.0 requests with the
       "Transfer-Encoding" header line.

    *) Change: export ciphers are no longer supported.

    *) Feature: OpenSSL 3.0 compatibility.

    *) Feature: the "Auth-SSL-Protocol" and "Auth-SSL-Cipher" header lines
       are now passed to the mail proxy authentication server.
       Thanks to Rob Mueller.

    *) Feature: request body filters API now permits buffering of the data
       being processed.

    *) Bugfix: backend SSL connections in the stream module might hang after
       an SSL handshake.

    *) Bugfix: the security level, which is available in OpenSSL 1.1.0 or
       newer, did not affect loading of the server certificates when set
       with "@SECLEVEL=N" in the "ssl_ciphers" directive.

    *) Bugfix: SSL connections with gRPC backends might hang if select,
       poll, or /dev/poll methods were used.

    *) Bugfix: when using HTTP/2 client request body was always written to
       disk if the "Content-Length" header line was not present in the
       request.

nginx 1.21.1

Changes with nginx 1.21.1                                        06 Jul 2021

    *) Change: now nginx always returns an error for the CONNECT method.

    *) Change: now nginx always returns an error if both "Content-Length"
       and "Transfer-Encoding" header lines are present in the request.

    *) Change: now nginx always returns an error if spaces or control
       characters are used in the request line.

    *) Change: now nginx always returns an error if spaces or control
       characters are used in a header name.

    *) Change: now nginx always returns an error if spaces or control
       characters are used in the "Host" request header line.

    *) Change: optimization of configuration testing when using many
       listening sockets.

    *) Bugfix: nginx did not escape """, "<", ">", "\", "^", "`", "{", "|",
       and "}" characters when proxying with changed URI.

    *) Bugfix: SSL variables might be empty when used in logs; the bug had
       appeared in 1.19.5.

    *) Bugfix: keepalive connections with gRPC backends might not be closed
       after receiving a GOAWAY frame.

    *) Bugfix: reduced memory consumption for long-lived requests when
       proxying with more than 64 buffers.

nginx v1.21.0 with an experimental http/3 support

• this version is built from a technology preview from this hg branch
• I've updated the Docker Hub / ghcr image name to better reflect image's features

docker pull macbre/nginx-http3:latest
# or
docker pull ghcr.io/macbre/nginx-http3:latest

Old Docker will not be updated.

Added support for quic + http/3

Please read https://github.com/macbre/docker-nginx-brotli#quic--http3-support on how to set up nginx and your browser to talk using quic (http/3).

docker pull macbre/nginx-brotli:1.19.6-http3

(note the -http3 label suffix)

• downgrade to nginx 1.19.6 ⚠️ in order to have http/3 support patch work properly
• use the most recent curl to test http/3 support in our CI / Docker build pipeline
• tested with Firefox 88

See #35 and #32 for more details.

nginx 1.19.10

Changes with nginx 1.19.10                                       13 Apr 2021

    *) Change: the default value of the "keepalive_requests" directive was
       changed to 1000.

    *) Feature: the "keepalive_time" directive.

    *) Feature: the $connection_time variable.

    *) Workaround: "gzip filter failed to use preallocated memory" alerts
       appeared in logs when using zlib-ng.

nginx 1.19.9

Merge pull request #27 from macbre/nginx-1.19.9

Use nginx-1.19.9