Quantcast
Channel: Nginx Forum - Nginx Announcements - English
Viewing latest articles
Browse all 313 Browse latest View live

[nginx-announce] njs-0.7.11

March 9, 2023, 3:44 pm
$
0
0
Hello,

I'm glad to announce a new release of NGINX JavaScript module (njs).

Notable new features:
- XMLNode API to modify XML documents:
: const xml = require("xml");
: let data = `<note><to b="bar" a="foo">Tove</to><from>Jani</from></note>`;
: let doc = xml.parse(data);
:
: doc.$root.to.$attr$b = 'bar2';
: doc.$root.to.setAttribute('c', 'baz');
: delete doc.$root.to.$attr$a;
:
: console.log(xml.serializeToString(doc.$root.to))
: /* '<to b="bar2" c="baz">Tove</to>' */
:
: doc.$root.to.removeAllAttributes();
: doc.$root.from.$text = 'Jani2';
:
: console.log(xml.serializeToString(doc))
: /* '<note><to>Tove</to><from>Jani2</from></note>' */
:
: doc.$root.to.$tags = [xml.parse(`<a/>`), xml.parse(`<b/>`)];
: doc.$root.to.addChild(xml.parse(`<a/>`));
:
: console.log(xml.serializeToString(doc.$root.to))
: /* '<to><a></a><b></b><a></a></to>' */
:
: doc.$root.to.removeChildren('a');
:
: console.log(xml.serializeToString(doc.$root.to))
: /* '<to><b></b></to>' */


Learn more about njs:

- Overview and introduction:
https://nginx.org/en/docs/njs/
- NGINX JavaScript in Your Web Server Configuration:
https://youtu.be/Jc_L6UffFOs
- Extending NGINX with Custom Code:
https://youtu.be/0CVhq4AUU7M
- Using node modules with njs:
https://nginx.org/en/docs/njs/node_modules.html
- Writing njs code using TypeScript definition files:
https://nginx.org/en/docs/njs/typescript.html

Feel free to try it and give us feedback on:

- Github:
https://github.com/nginx/njs/issues
- Mailing list:
https://mailman.nginx.org/mailman/listinfo/nginx-devel

Additional examples and howtos can be found here:

- Github:
https://github.com/nginx/njs-examples

Changes with njs 0.7.11 9 Mar 2023
nginx modules:

*) Bugfix: added missed linking with libxml2 for the dynamic module.
The bug was introduced in 0.7.10.

Core:

*) Feature: added XMLNode API to modify XML documents.

*) Change: removed XML_PARSE_DTDVALID during parsing of XML document
due to security implications. The issue was introduced
in 0.7.10. When XML_PARSE_DTDVALID is enabled, libxml2 parses and
executes external entities present inside an XML document.

*) Bugfix: fixed the detection of await in arguments.

*) Bugfix: fixed Error() instance dumping when "name" prop is not
primitive.

*) Bugfix: fixed array instance with a getter property dumping.

*) Bugfix: fixed njs_object_property() with NJS_WHITEOUT properties.

*) Bugfix: fixed func instance dumping with "name" as getter.

*) Bugfix: fixed attaching of a stack to an error object.

*) Bugfix: fixed String.prototype.replace() with replacement
containing "$'", "$`".
_______________________________________________
nginx-announce mailing list
nginx-announce@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-announce
Search

[nginx-announce] nginx-1.23.4

March 28, 2023, 9:46 am
$
0
0
Changes with nginx 1.23.4 28 Mar 2023

*) Change: now TLSv1.3 protocol is enabled by default.

*) Change: now nginx issues a warning if protocol parameters of a
listening socket are redefined.

*) Change: now nginx closes connections with lingering if pipelining was
used by the client.

*) Feature: byte ranges support in the ngx_http_gzip_static_module.

*) Bugfix: port ranges in the "listen" directive did not work; the bug
had appeared in 1.23.3.
Thanks to Valentin Bartenev.

*) Bugfix: incorrect location might be chosen to process a request if a
prefix location longer than 255 characters was used in the
configuration.

*) Bugfix: non-ASCII characters in file names on Windows were not
supported by the ngx_http_autoindex_module, the ngx_http_dav_module,
and the "include" directive.

*) Change: the logging level of the "data length too long", "length too
short", "bad legacy version", "no shared signature algorithms", "bad
digest length", "missing sigalgs extension", "encrypted length too
long", "bad length", "bad key update", "mixed handshake and non
handshake data", "ccs received early", "data between ccs and
finished", "packet length too long", "too many warn alerts", "record
too small", and "got a fin before a ccs" SSL errors has been lowered
from "crit" to "info".

*) Bugfix: a socket leak might occur when using HTTP/2 and the
"error_page" directive to redirect errors with code 400.

*) Bugfix: messages about logging to syslog errors did not contain
information that the errors happened while logging to syslog.
Thanks to Safar Safarly.

*) Workaround: "gzip filter failed to use preallocated memory" alerts
appeared in logs when using zlib-ng.

*) Bugfix: in the mail proxy server.


--
Maxim Dounin
http://nginx.org/
_______________________________________________
nginx-announce mailing list
nginx-announce@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-announce

[nginx-announce] njs-0.7.12

April 10, 2023, 3:40 pm
$
0
0
Hello,

I'm glad to announce a new release of NGINX JavaScript module (njs).

Notable new features:
- "zlib" module:
: const zlib = require('zlib');
: zlib.deflateRawSync('αβγ').toString('base64')
: /* "O7fx3KZzmwE=" */
:
: zlib.inflateRawSync(Buffer.from('O7fx3KZzmwE=', 'base64')).toString()
: /* "αβγ" */

Learn more about njs:

- Overview and introduction:
https://nginx.org/en/docs/njs/
- NGINX JavaScript in Your Web Server Configuration:
https://youtu.be/Jc_L6UffFOs
- Extending NGINX with Custom Code:
https://youtu.be/0CVhq4AUU7M
- Using node modules with njs:
https://nginx.org/en/docs/njs/node_modules.html
- Writing njs code using TypeScript definition files:
https://nginx.org/en/docs/njs/typescript.html

Feel free to try it and give us feedback on:

- Github:
https://github.com/nginx/njs/issues
- Mailing list:
https://mailman.nginx.org/mailman/listinfo/nginx-devel

Additional examples and howtos can be found here:

- Github:
https://github.com/nginx/njs-examples

Changes with njs 0.7.12 10 Apr 2023

nginx modules:

*) Bugfix: fixed Headers() constructor in Fetch API.

Core:

*) Feature: added Hash.copy() method in "crypto" module.

*) Feature: added "zlib" module.

*) Improvement: added support for export {name as default}
statement.

*) Bugfix: fixed Number constructor according to the spec.
_______________________________________________
nginx-announce mailing list
nginx-announce@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-announce

[nginx-announce] nginx-1.24.0

April 11, 2023, 9:18 am
$
0
0
Changes with nginx 1.24.0 11 Apr 2023

*) 1.24.x stable branch.


--
Maxim Dounin
http://nginx.org/
_______________________________________________
nginx-announce mailing list
nginx-announce@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-announce

[nginx-announce] nginx-1.25.0

May 23, 2023, 9:34 am
$
0
0
Changes with nginx 1.25.0 23 May 2023

*) Feature: experimental HTTP/3 support.


--
Maxim Dounin
http://nginx.org/
_______________________________________________
nginx-announce mailing list
nginx-announce@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-announce

[nginx-announce] nginx-1.25.1

June 13, 2023, 9:44 am
$
0
0
Changes with nginx 1.25.1 13 Jun 2023

*) Feature: the "http2" directive, which enables HTTP/2 on a per-server
basis; the "http2" parameter of the "listen" directive is now
deprecated.

*) Change: HTTP/2 server push support has been removed.

*) Change: the deprecated "ssl" directive is not supported anymore.

*) Bugfix: in HTTP/3 when using OpenSSL.


--
Maxim Dounin
http://nginx.org/
_______________________________________________
nginx-announce mailing list
nginx-announce@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-announce

[nginx-announce] njs-0.8.0

July 6, 2023, 3:24 pm
$
0
0
Hello,

I'm glad to announce a new release of NGINX JavaScript module (njs).

Notable new features:
- shared dictionaries:
Shared dictionary keeps the key-value pairs shared between worker
processes. This allows to cache data in memory and share it between
workers.

: example.conf:
: # Creates a 1Mb dictionary with string values,
: # removes key-value pairs after 60 seconds of inactivity:
: js_shared_dict_zone zone=foo:1M timeout=60s;
:
: # Creates a 512Kb dictionary with string values,
: # forcibly removes oldest key-value pairs when the zone is overflowed:
: js_shared_dict_zone zone=bar:512K timeout=30s evict;
:
: # Creates a 32Kb permanent dictionary with numeric values:
: js_shared_dict_zone zone=num:32k type=number;
:
: example.js:
: function get(r) {
: r.return(200, ngx.shared.foo.get(r.args.key));
: }
:
: function set(r) {
: r.return(200, ngx.shared.foo.set(r.args.key, r.args.value));
: }
:
: function delete(r) {
: r.return(200, ngx.shared.bar.delete(r.args.key));
: }
:
: function increment(r) {
: r.return(200, ngx.shared.num.incr(r.args.key, 2));
: }

Learn more about njs:

- Overview and introduction:
https://nginx.org/en/docs/njs/
- NGINX JavaScript in Your Web Server Configuration:
https://youtu.be/Jc_L6UffFOs
- Extending NGINX with Custom Code:
https://youtu.be/0CVhq4AUU7M
- Using node modules with njs:
https://nginx.org/en/docs/njs/node_modules.html
- Writing njs code using TypeScript definition files:
https://nginx.org/en/docs/njs/typescript.html

Feel free to try it and give us feedback on:

- Github:
https://github.com/nginx/njs/issues
- Mailing list:
https://mailman.nginx.org/mailman/listinfo/nginx-devel

Additional examples and howtos can be found here:

- Github:
https://github.com/nginx/njs-examples

Changes with njs 0.8.0 6 Jul 2023

nginx modules:

*) Change: removed special treatment of forbidden headers in Fetch API
introduced in 0.7.10.

*) Change: removed deprecated since 0.5.0 r.requestBody and
r.responseBody in HTTP module.

*) Change: throwing an exception in r.internalRedirect() while
filtering in HTTP module.

*) Feature: introduced global nginx properties.
ngx.build - an optional nginx build name, corresponds to
--build=name argument of configure script, by default is "".
ngx.conf_file_path - the file path to current nginx configuration
file.
ngx.error_log_path - the file path to current error log file.
ngx.prefix - the directory that keeps server files.
ngx.version - the nginx version as a string, for example: "1.25.0".
ngx.version_number - the nginx version as a number, for example:
1025000.
ngx.worker_id - corresponds to an nginx internal worker id.
The value is between 0 and worker_processes - 1.

*) Feature: introduced js_shared_dict_zone directive.
The directive allows to declare a dictionary that is shared
among the
working processes.

*) Improvement: added compile-time options to disable njs modules.
For example to disable libxslt related code:
NJS_LIBXSLT=NO ./configure .. --add-module=/path/to/njs/module

*) Bugfix: fixed r.status setter when filtering in HTTP module.

*) Bugfix: fixed setting of Location header in HTTP module.

Core:

*) Change: native methods are provided with retval argument.
This change breaks compatibility with C extension for njs
requiring to modify the code.

*) Change: non-compliant deprecated String methods were removed.
The following methods were removed: String.bytesFrom(),
String.prototype.fromBytes(), String.prototype.fromUTF8(),
String.prototype.toBytes(), String.prototype.toUTF8(),
String.prototype.toString(encoding).

*) Change: removed support for building with GNU readline.

*) Feature: added Array.from(), Array.prototype.toSorted(),
Array.prototype.toSpliced(), Array.prototype.toReversed().

*) Feature: added %TypedArray%.prototype.toSorted(),
%TypedArray%.prototype.toSpliced(),
%TypedArray%.prototype.toReversed().

*) Feature: added CryptoKey properties in WebCrypto.
The following properties for CryptoKey were added:
algorithm, extractable, type, usages.

*) Bugfix: fixed retval of crypto.getRandomValues().

*) Bugfix: fixed evaluation of computed property names with function
expressions.

*) Bugfix: fixed implicit name for a function expression declared in
arrays.

*) Bugfix: fixed parsing of for-in loops.

*) Bugfix: fixed Date.parse() with ISO-8601 format and UTC time
offset.
_______________________________________________
nginx-announce mailing list
nginx-announce@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-announce

[nginx-announce] nginx-1.25.2

August 15, 2023, 11:38 am
$
0
0
Changes with nginx 1.25.2 15 Aug 2023

*) Feature: path MTU discovery when using HTTP/3.

*) Feature: TLS_AES_128_CCM_SHA256 cipher suite support when using
HTTP/3.

*) Change: now nginx uses appname "nginx" when loading OpenSSL
configuration.

*) Change: now nginx does not try to load OpenSSL configuration if the
--with-openssl option was used to built OpenSSL and the OPENSSL_CONF
environment variable is not set.

*) Bugfix: in the $body_bytes_sent variable when using HTTP/3.

*) Bugfix: in HTTP/3.


--
Maxim Dounin
http://nginx.org/
_______________________________________________
nginx-announce mailing list
nginx-announce@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-announce
Search

[nginx-announce] njs-0.8.1

September 12, 2023, 4:10 pm
$
0
0
Hello,

I'm glad to announce a new release of NGINX JavaScript module (njs).

Notable new features:
- Periodic code execution:
js_periodic direcrive specifies a content handler to run at regular
interval.
The handler receives a session object as its first argument, it also has
access
to global objects such as ngx.

: example.conf:
: location @periodics {
: # to be run at 1 minute intervals in worker process 0
: js_periodic main.handler interval=60s;
:
: # to be run at 1 minute intervals in all worker processes
: js_periodic main.handler interval=60s worker_affinity=all;
:
: # to be run at 1 minute intervals in worker processes 1 and 3
: js_periodic main.handler interval=60s worker_affinity=0101;
:
: resolver 10.0.0.1;
: js_fetch_trusted_certificate /path/to/ISRG_Root_X1.pem;
: }
:
: example.js:
: async function handler(s) {
: let reply = async ngx.fetch('https://nginx.org/en/docs/njs/');
: let body = async reply.text();
:
: ngx.log(ngx.INFO, body);
: }

Learn more about njs:

- Overview and introduction:
https://nginx.org/en/docs/njs/
- NGINX JavaScript in Your Web Server Configuration:
https://youtu.be/Jc_L6UffFOs
- Extending NGINX with Custom Code:
https://youtu.be/0CVhq4AUU7M
- Using node modules with njs:
https://nginx.org/en/docs/njs/node_modules.html
- Writing njs code using TypeScript definition files:
https://nginx.org/en/docs/njs/typescript.html

Feel free to try it and give us feedback on:

- Github:
https://github.com/nginx/njs/issues
- Mailing list:
https://mailman.nginx.org/mailman/listinfo/nginx-devel

Additional examples and howtos can be found here:

- Github:
https://github.com/nginx/njs-examples

Changes with njs 0.8.1 12 Sep 2023

nginx modules:

*) Feature: introduced js_periodic directive.
The directive specifies a JS handler to run at regular intervals.

*) Feature: implemented items() method for a shared dictionary.
The method returns all the non-expired key-value pairs.

*) Bugfix: fixed size() and keys() methods of a shared dictionary.

*) Bugfix: fixed erroneous exception in r.internalRedirect()
introduced in 0.8.0.

Core:

*) Bugfix: fixed incorrect order of keys in
Object.getOwnPropertyNames().
_______________________________________________
nginx-announce mailing list
nginx-announce@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-announce

[nginx-announce] nginx-1.25.3

October 24, 2023, 8:54 am
$
0
0
Changes with nginx 1.25.3 24 Oct 2023

*) Change: improved detection of misbehaving clients when using HTTP/2.

*) Feature: startup speedup when using a large number of locations.
Thanks to Yusuke Nojima.

*) Bugfix: a segmentation fault might occur in a worker process when
using HTTP/2 without SSL; the bug had appeared in 1.25.1.

*) Bugfix: the "Status" backend response header line with an empty
reason phrase was handled incorrectly.

*) Bugfix: memory leak during reconfiguration when using the PCRE2
library.
Thanks to ZhenZhong Wu.

*) Bugfixes and improvements in HTTP/3.


--
Maxim Dounin
http://nginx.org/
_______________________________________________
nginx-announce mailing list
nginx-announce@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-announce

[nginx-announce] njs-0.8.2

October 24, 2023, 1:00 pm
$
0
0
Hello,

I'm glad to announce a new release of NGINX JavaScript module (njs).

Notable new features:
- console object in nginx modules:
Console object is a global object that provides access to the environment's
console. It can be used to log information to the console, using
console.log(), console.info(), console.warn(), console.error() methods.

This feature unifies logging in nginx modules and njs CLI.

Learn more about njs:

- Overview and introduction:
https://nginx.org/en/docs/njs/
- NGINX JavaScript in Your Web Server Configuration:
https://youtu.be/Jc_L6UffFOs
- Extending NGINX with Custom Code:
https://youtu.be/0CVhq4AUU7M
- Using node modules with njs:
https://nginx.org/en/docs/njs/node_modules.html
- Writing njs code using TypeScript definition files:
https://nginx.org/en/docs/njs/typescript.html

Feel free to try it and give us feedback on:

- Github:
https://github.com/nginx/njs/issues
- Mailing list:
https://mailman.nginx.org/mailman/listinfo/nginx-devel

Additional examples and howtos can be found here:

- Github:
https://github.com/nginx/njs-examples

Changes with njs 0.8.2 24 Oct 2023

nginx modules:

*) Feature: introduced console object. The following methods
were introduced: error(), info(), log(), time(), timeEnd(),
warn().

*) Bugfix: fixed HEAD response handling with large Content-Length
in fetch API.

*) Bugfix: fixed items() method for a shared dictionary.

*) Bugfix: fixed delete() method for a shared dictionary.

Core:

*) Feature: extended "fs" module. Added existsSync().

*) Bugfix: fixed "xml" module. Fixed broken XML exception handling
in parse() method.

*) Bugfix: fixed RegExp.prototype.exec() with global regexp and
unicode input.

*) Bugfix: fixed return statement parsing with invalid expression.
_______________________________________________
nginx-announce mailing list
nginx-announce@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-announce

[nginx-announce] njs-0.8.3

February 7, 2024, 3:20 pm
$
0
0
Hello,

I'm glad to announce a new release of NGINX JavaScript module (njs).

This release focuses on stabilization of recently released features
and fixing bugs found by various fuzzers.

Learn more about njs:

- Overview and introduction:
      https://nginx.org/en/docs/njs/
- NGINX JavaScript in Your Web Server Configuration:
      https://youtu.be/Jc_L6UffFOs
- Extending NGINX with Custom Code:
      https://youtu.be/0CVhq4AUU7M
- Using node modules with njs:
      https://nginx.org/en/docs/njs/node_modules.html
- Writing njs code using TypeScript definition files:
      https://nginx.org/en/docs/njs/typescript.html

Feel free to try it and give us feedback on:

- Github:
      https://github.com/nginx/njs/issues
- Mailing list:
      https://mailman.nginx.org/mailman/listinfo/nginx-devel

Additional examples and howtos can be found here:

- Github:
      https://github.com/nginx/njs-examples

Changes with njs 0.8.3                                       07 Feb 2024

    nginx modules:

    *) Bugfix: fixed Headers.set().

    *) Bugfix: fixed js_set with Buffer values.

    *) Bugfix: fixed clear() method of a shared dictionary when
       timeout is not specified.

    *) Bugfix: fixed stub_status statistic when js_periodic is
       enabled.

    Core:

    *) Bugfix: fixed building with libxml2 2.12 and later.

    *) Bugfix: fixed Date constructor for overflows and with
       NaN values.

    *) Bugfix: fixed underflow in querystring.parse().

    *) Bugfix: fixed potential buffer overread in
       String.prototype.match().

    *) Bugfix: fixed parsing of for-in loops.

    *) Bugfix: fixed parsing of hexadecimal, octal, and binary
       literals with no digits.
_______________________________________________
nginx-announce mailing list
nginx-announce@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-announce

[nginx-announce] nginx-1.25.4

February 14, 2024, 9:00 am
$
0
0
Changes with nginx 1.25.4 14 Feb 2024

*) Security: when using HTTP/3 a segmentation fault might occur in a
worker process while processing a specially crafted QUIC session
(CVE-2024-24989, CVE-2024-24990).

*) Bugfix: connections with pending AIO operations might be closed
prematurely during graceful shutdown of old worker processes.

*) Bugfix: socket leak alerts no longer logged when fast shutdown was
requested after graceful shutdown of old worker processes.

*) Bugfix: a socket descriptor error, a socket leak, or a segmentation
fault in a worker process (for SSL proxying) might occur if AIO was
used in a subrequest.

*) Bugfix: a segmentation fault might occur in a worker process if SSL
proxying was used along with the "image_filter" directive and errors
with code 415 were redirected with the "error_page" directive.

*) Bugfixes and improvements in HTTP/3.


--
Sergey Kandaurov
_______________________________________________
nginx-announce mailing list
nginx-announce@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-announce

[nginx-announce] nginx security advisory (CVE-2024-24989, CVE-2024-24990)

February 14, 2024, 9:02 am
$
0
0
Two security issues were identified in nginx HTTP/3 implementation,
which might allow an attacker that uses a specially crafted QUIC session
to cause a worker process crash (CVE-2024-24989, CVE-2024-24990) or
might have potential other impact (CVE-2024-24990).

The issues affect nginx compiled with the ngx_http_v3_module (not
compiled by default) if the "quic" option of the "listen" directive
is used in a configuration file.

The issue affects nginx 1.25.0 - 1.25.3.
The issue is fixed in nginx 1.25.4.


--
Sergey Kandaurov
_______________________________________________
nginx-announce mailing list
nginx-announce@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-announce

[nginx-announce] nginx-1.25.5

April 16, 2024, 9:42 am
$
0
0
Changes with nginx 1.25.5 16 Apr 2024

*) Feature: virtual servers in the stream module.

*) Feature: the ngx_stream_pass_module.

*) Feature: the "deferred", "accept_filter", and "setfib" parameters of
the "listen" directive in the stream module.

*) Feature: cache line size detection for some architectures.
Thanks to Piotr Sikora.

*) Feature: support for Homebrew on Apple Silicon.
Thanks to Piotr Sikora.

*) Bugfix: Windows cross-compilation bugfixes and improvements.
Thanks to Piotr Sikora.

*) Bugfix: unexpected connection closure while using 0-RTT in QUIC.
Thanks to Vladimir Khomutov.


----
Roman Arutyunyan
arut@nginx.com




_______________________________________________
nginx-announce mailing list
nginx-announce@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-announce
Search

[nginx-announce] njs-0.8.4

April 16, 2024, 2:24 pm
$
0
0
Hello,

I'm glad to announce a new release of NGINX JavaScript module (njs).

This release introduced the initial QuickJS engine support in CLI
as well as regular bugfixes.

Notable new features:
- QuickJS in njs CLI:
: $ ./configure --cc-opt="-I/path/to/quickjs -L/path/to/quickjs" && make njs
: $ ./build/njs -n QuickJS
:
: >> new Map()
: [object Map]

Learn more about njs:

- Overview and introduction:
      https://nginx.org/en/docs/njs/
- NGINX JavaScript in Your Web Server Configuration:
      https://youtu.be/Jc_L6UffFOs
- Extending NGINX with Custom Code:
      https://youtu.be/0CVhq4AUU7M
- Using node modules with njs:
      https://nginx.org/en/docs/njs/node_modules.html
- Writing njs code using TypeScript definition files:
      https://nginx.org/en/docs/njs/typescript.html

Feel free to try it and give us feedback on:

- Github:
      https://github.com/nginx/njs/issues
- Mailing list:
      https://mailman.nginx.org/mailman/listinfo/nginx-devel

Additional examples and howtos can be found here:

- Github:
      https://github.com/nginx/njs-examples

Changes with njs 0.8.4                                       16 Apr 2024

    nginx modules:

    *) Feature: allowing to set Server header for outgoing headers.

    *) Improvement: validating URI and args arguments in r.subrequest().

    *) Improvement: checking for duplicate js_set variables.

    *) Bugfix: fixed clear() method of a shared dictionary without
       timeout introduced in 0.8.3.

    *) Bugfix: fixed r.send() with Buffer argument.

    Core:

    *) Feature: added QuickJS engine support in CLI.

    *) Bugfix: fixed atob() with non-padded base64 strings.
_______________________________________________
nginx-announce mailing list
nginx-announce@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-announce

[nginx-announce] nginx-1.26.0

April 23, 2024, 10:52 am
$
0
0
Changes with nginx 1.26.0 23 Apr 2024

*) 1.26.x stable branch.


----
Roman Arutyunyan
arut@nginx.com
_______________________________________________
nginx-announce mailing list
nginx-announce@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-announce

[nginx-announce] nginx-1.27.0

May 29, 2024, 8:12 am
$
0
0
Changes with nginx 1.27.0 29 May 2024

*) Security: when using HTTP/3, processing of a specially crafted QUIC
session might cause a worker process crash, worker process memory
disclosure on systems with MTU larger than 4096 bytes, or might have
potential other impact (CVE-2024-32760, CVE-2024-31079,
CVE-2024-35200, CVE-2024-34161).
Thanks to Nils Bars of CISPA.

*) Feature: variables support in the "proxy_limit_rate",
"fastcgi_limit_rate", "scgi_limit_rate", and "uwsgi_limit_rate"
directives.

*) Bugfix: reduced memory consumption for long-lived requests if "gzip",
"gunzip", "ssi", "sub_filter", or "grpc_pass" directives are used.

*) Bugfix: nginx could not be built by gcc 14 if the --with-atomic
option was used.
Thanks to Edgar Bonet.

*) Bugfixes in HTTP/3.


--
Sergey Kandaurov
_______________________________________________
nginx-announce mailing list
nginx-announce@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-announce

[nginx-announce] nginx-1.26.1

May 29, 2024, 8:14 am
$
0
0
Changes with nginx 1.26.1 29 May 2024

*) Security: when using HTTP/3, processing of a specially crafted QUIC
session might cause a worker process crash, worker process memory
disclosure on systems with MTU larger than 4096 bytes, or might have
potential other impact (CVE-2024-32760, CVE-2024-31079,
CVE-2024-35200, CVE-2024-34161).
Thanks to Nils Bars of CISPA.

*) Bugfix: reduced memory consumption for long-lived requests if "gzip",
"gunzip", "ssi", "sub_filter", or "grpc_pass" directives are used.

*) Bugfix: nginx could not be built by gcc 14 if the --with-atomic
option was used.
Thanks to Edgar Bonet.

*) Bugfix: in HTTP/3.


--
Sergey Kandaurov
_______________________________________________
nginx-announce mailing list
nginx-announce@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-announce

[nginx-announce] nginx security advisory (CVE-2024-31079, CVE-2024-32760, CVE-2024-34161, CVE-2024-35200)

May 29, 2024, 8:14 am
$
0
0
Hello!

Four security issues were identified in nginx HTTP/3 implementation, which
might allow an attacker that uses a specially crafted QUIC session to cause
a worker process crash (CVE-2024-31079, CVE-2024-32760, CVE-2024-35200),
worker process memory disclosure on systems with MTU larger than 4096
bytes (CVE-2024-34161), or might have potential other impact (CVE-2024-31079,
CVE-2024-32760).

The issues affect nginx compiled with the experimental ngx_http_v3_module
(not compiled by default) if the "quic" option of the "listen" directive
is used in a configuration file.

The issues affect nginx 1.25.0-1.25.5, 1.26.0.
The issues are fixed in nginx 1.27.0, 1.26.1.

Thanks to Nils Bars of CISPA.


--
Sergey Kandaurov
_______________________________________________
nginx-announce mailing list
nginx-announce@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-announce

[nginx-announce] njs-0.8.5

June 25, 2024, 3:00 pm
$
0
0
Hello,

I'm glad to announce a new release of NGINX JavaScript module (njs).

Learn more about njs:

- Overview and introduction:
      https://nginx.org/en/docs/njs/
- NGINX JavaScript in Your Web Server Configuration:
      https://youtu.be/Jc_L6UffFOs
- Extending NGINX with Custom Code:
      https://youtu.be/0CVhq4AUU7M
- Using node modules with njs:
      https://nginx.org/en/docs/njs/node_modules.html
- Writing njs code using TypeScript definition files:
      https://nginx.org/en/docs/njs/typescript.html

Feel free to try it and give us feedback on:

- Github:
      https://github.com/nginx/njs/issues

Additional examples and howtos can be found here:

- Github:
      https://github.com/nginx/njs-examples

Changes with njs 0.8.5                                       25 Jun 2024

    nginx modules:

    *) Change: r.variables.var, r.requestText, r.responseText,
       s.variables.var, and the "data" argument of the s.on() callback
       with "upload" or "download" event types will now convert bytes
       invalid in UTF-8 encoding into the replacement character. When
       working with binary data, use r.rawVariables.var, r.requestBuffer,
       r.responseBuffer, s.rawVariables.var, and the "upstream" or
       "downstream" event type for s.on() instead.

    *) Feature: added timeout argument for shared dictionary methods
       add(), set() and incr().

    *) Bugfix: fixed checking for duplicate js_set variables.

    *) Bugfix: fixed request Host header when the port is non-standard.

    *) Bugfix: fixed handling of a zero-length request body in ngx.fetch()
       and r.subrequest().

    *) Bugfix: fixed heap-buffer-overflow in Headers.get().

    *) Bugfix: fixed r.subrequest() error handling.

    Core:

    *) Feature: added zlib module for QuickJS engine.

    *) Bugfix: fixed zlib.inflate().

    *) Bugfix: fixed String.prototype.replaceAll() with zero-length
       argument.

    *) Bugfix: fixed retval handling after an exception in
       Array.prototype.toSpliced(), Array.prototype.toReversed(),
       Array.prototype.toSorted().

    *) Bugfix: fixed RegExp.prototype[@@replace]() with replacements
       containing "$'", "$\`" and strings with Unicode characters.

    *) Bugfix: fixed a one-byte overread in decodeURI() and
       decodeURIComponent().

    *) Bugfix: fixed tracking of argument scope.

    *) Bugfix: fixed integer overflow in Date.parse().
_______________________________________________
nginx-announce mailing list
nginx-announce@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-announce

[nginx-announce] nginx-1.27.1

August 14, 2024, 7:26 am
$
0
0
Changes with nginx 1.27.1 14 Aug 2024

*) Security: processing of a specially crafted mp4 file by the
ngx_http_mp4_module might cause a worker process crash
(CVE-2024-7347).
Thanks to Nils Bars.

*) Change: now the stream module handler is not mandatory.

*) Bugfix: new HTTP/2 connections might ignore graceful shutdown of old
worker processes.
Thanks to Kasei Wang.

*) Bugfixes in HTTP/3.


--
Sergey Kandaurov
_______________________________________________
nginx-announce mailing list
nginx-announce@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-announce
Search

[nginx-announce] nginx-1.26.2

August 14, 2024, 7:28 am
$
0
0
Changes with nginx 1.26.2 14 Aug 2024

*) Security: processing of a specially crafted mp4 file by the
ngx_http_mp4_module might cause a worker process crash
(CVE-2024-7347).
Thanks to Nils Bars.


--
Sergey Kandaurov
_______________________________________________
nginx-announce mailing list
nginx-announce@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-announce

[nginx-announce] nginx security advisory (CVE-2024-7347)

August 14, 2024, 8:08 am
$
0
0
A security issue was identified in the ngx_http_mp4_module, which might allow an attacker to cause a worker process crash by using a specially crafted mp4 file (CVE-2024-7347). The issue only affects nginx if it is built with the ngx_http_mp4_module (the module is not built by default) and the “mp4” directive is used in the configuration file. Further, the attack is only possible if an attacker is able to trigger processing of a specially crafted mp4 file with the ngx_http_mp4_module.
 
The issue affects nginx 1.5.13+.
The issue is fixed in 1.27.1, 1.26.2.
 
Patch for the issue can be found here: https://nginx.org/download/patch.2024.mp4.txt
 
Thanks to Nils Bars for the initial report.
 
 
_______________________________________________
nginx-announce mailing list
nginx-announce@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-announce

[nginx-announce] NGINX has moved to Github!

September 6, 2024, 8:12 am
$
0
0
Hello from NGINX!

Today we're thrilled to announce that the official NGINX Open Source development
repository has moved from Mercurial to GitHub [1][2][3], where we will now start
accepting contributions in the form of Pull Requests. Additionally, starting
today, we will begin accepting bugs reports, feature requests and enhancements
directly through GitHub, under the "Issues" tab. Moreover, we've moved our
community forums to the GitHub "Discussions" area, where you will now be able
to engage in conversation, ask, and answer questions.

Important: to report a security vulnerability, please follow our security
policy [4].

We understand that changes like these may require adjustment, so to give you
more time, we will continue accepting patches and provide community support
via mailing lists until December 31st, 2024.

We believe these changes will serve to centralize, modernize and expand access
to NGINX development and communities. They represent our continued commitment
to open source, as outlined in the blog post [5]. Most of all, we can't wait to
see all of your contributions, discussions and feedback, as we move into this
next chapter for NGINX.

[1] https://github.com/nginx/nginx
[2] https://github.com/nginx/nginx-tests
[3] https://github.com/nginx/nginx.org
[4] https://github.com/nginx/nginx/blob/master/SECURITY.md
[5] https://www.f5.com/company/blog/nginx/meetup-recap-nginxs-commitments-to-the-open-source-community


On behalf of the NGINX Team,

Roman Arutyunyan
arut@nginx.com
_______________________________________________
nginx-announce mailing list
nginx-announce@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-announce

[nginx-announce] nginx-1.27.2

October 2, 2024, 9:20 am
$
0
0
Changes with nginx 1.27.2 02 Oct 2024

*) Feature: SSL certificates, secret keys, and CRLs are now cached on
start or during reconfiguration.

*) Feature: client certificate validation with OCSP in the stream
module.

*) Feature: OCSP stapling support in the stream module.

*) Feature: the "proxy_pass_trailers" directive in the
ngx_http_proxy_module.

*) Feature: the "ssl_client_certificate" directive now supports
certificates with auxiliary information.

*) Change: now the "ssl_client_certificate" directive is not required
for client SSL certificates verification.


--
Sergey Kandaurov
_______________________________________________
nginx-announce mailing list
nginx-announce@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-announce

[nginx-announce] njs-0.8.6

October 2, 2024, 3:00 pm
$
0
0
Hello,

I'm glad to announce a new release of NGINX JavaScript module (njs).

This release introduced the QuickJS engine support in nginx modules.
Read more here: https://nginx.org/en/docs/njs/engine.html

Notable new features:
- QuickJS in nginx:
: nginx.conf:
: location /engine {
:     js_engine qjs;
:     js_content main.entry;
: }
:
: main.js:
: function entry(r) {
:     let  m = new Map();
:     m.set(1, "QJS");
:     r.return(200, "Hello from " + m.get(1));
: }

Learn more about njs:

- Overview and introduction:
      https://nginx.org/en/docs/njs/
- NGINX JavaScript in Your Web Server Configuration:
      https://youtu.be/Jc_L6UffFOs
- Extending NGINX with Custom Code:
      https://youtu.be/0CVhq4AUU7M
- Using node modules with njs:
      https://nginx.org/en/docs/njs/node_modules.html
- Writing njs code using TypeScript definition files:
      https://nginx.org/en/docs/njs/typescript.html

Feel free to try it and give us feedback on:

- Github:
      https://github.com/nginx/njs/issues

Additional examples and howtos can be found here:

- Github:
      https://github.com/nginx/njs-examples

Changes with njs 0.8.6                                            02 Oct
2024

    nginx modules:

    *) Feature: introduced QuickJS engine.

    *) Feature: added optional nocache flag for js_set directive.
       Thanks to Thomas P.

    *) Feature: exposed capture group variables in HTTP module.
       Thanks to Thomas P.

    Core:

    *) Feature: added Buffer module for QuickJS engine.

    *) Bugfix: fixed handling of empty labelled statement in a function.

    *) Bugfix: fixed Function constructor handling when called without
       arguments.

    *) Bugfix: fixed Buffer.prototype.writeInt8() and friends.

    *) Bugfix: fixed Buffer.prototype.writeFloat() and friends.

    *) Bugfix: fixed Buffer.prototype.lastIndexOf().

    *) Bugfix: fixed Buffer.prototype.write().

    *) Bugfix: fixed maybe-uninitialized warnings in error creation.

    *) Bugfix: fixed 'ctx.codepoint' initialization in UTF-8 decoding.

    *) Bugfix: fixed 'length' initialization in Array.prototype.pop().

    *) Bugfix: fixed handling of encode arg in fs.readdir() and
       fs.realpath().
_______________________________________________
nginx-announce mailing list
nginx-announce@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-announce

[nginx-announce] njs-0.8.7

October 22, 2024, 1:52 pm
$
0
0
Hello,

I'm glad to announce a new release of NGINX JavaScript module (njs).

This release fixes excessive memory consumption introduced in 0.8.6.

Learn more about njs:

- Overview and introduction:
      https://nginx.org/en/docs/njs/
- NGINX JavaScript in Your Web Server Configuration:
      https://youtu.be/Jc_L6UffFOs
- Extending NGINX with Custom Code:
      https://youtu.be/0CVhq4AUU7M
- Using node modules with njs:
      https://nginx.org/en/docs/njs/node_modules.html
- Writing njs code using TypeScript definition files:
      https://nginx.org/en/docs/njs/typescript.html

Feel free to try it and give us feedback on:

- Github:
      https://github.com/nginx/njs/issues

Additional examples and howtos can be found here:

- Github:
      https://github.com/nginx/njs-examples

Changes with njs 0.8.7                                       22 Oct 2024

    nginx modules:

    *) Bugfix: eliminated unnecessary VM creation.
       Previously, njs consumed memory proportionally to the number of
       nginx locations. The issue was introduced 0.8.6.

    *) Improvement: added strict syntax validation for js_body_filter.

    *) Improvement: improved error messages for module loading
       failures.

    Core:

    *) Feature: implemented fs.readlink() and friends.

    *) Improvement: implemented lazy stack symbolization.

    *) Bugfix: fixed heap-buffer-overflow in Buffer.prototype.indexOf().
       The issue was introduced in 0.8.6.

    *) Bugfix: fixed Buffer.prototype.lastIndexOf() when `from` is
       provided.

_______________________________________________
nginx-announce mailing list
nginx-announce@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-announce

[nginx-announce] nginx-1.27.3

November 26, 2024, 9:14 am
$
0
0
Changes with nginx 1.27.3 26 Nov 2024

*) Feature: the "server" directive in the "upstream" block supports the
"resolve" parameter.

*) Feature: the "resolver" and "resolver_timeout" directives in the
"upstream" block.

*) Feature: SmarterMail specific mode support for IMAP LOGIN with
untagged CAPABILITY response in the mail proxy module.

*) Change: now TLSv1 and TLSv1.1 protocols are disabled by default.

*) Change: an IPv6 address in square brackets and no port can be
specified in the "proxy_bind", "fastcgi_bind", "grpc_bind",
"memcached_bind", "scgi_bind", and "uwsgi_bind" directives, and as
client address in ngx_http_realip_module.

*) Bugfix: in the ngx_http_mp4_module.
Thanks to Nils Bars.

*) Bugfix: the "so_keepalive" parameter of the "listen" directive might
be handled incorrectly on DragonFly BSD.

*) Bugfix: in the "proxy_store" directive.


--
Sergey Kandaurov
_______________________________________________
nginx-announce mailing list
nginx-announce@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-announce
Search

[nginx-announce] njs-0.8.8

December 10, 2024, 12:16 pm
$
0
0
Hello,

I'm glad to announce a new release of NGINX JavaScript module (njs).

This release introduced shared dictionary for QuickJS engine.

Learn more about njs:

- Overview and introduction:
      https://nginx.org/en/docs/njs/
- NGINX JavaScript in Your Web Server Configuration:
      https://youtu.be/Jc_L6UffFOs
- Extending NGINX with Custom Code:
      https://youtu.be/0CVhq4AUU7M
- Using node modules with njs:
      https://nginx.org/en/docs/njs/node_modules.html
- Writing njs code using TypeScript definition files:
      https://nginx.org/en/docs/njs/typescript.html

Feel free to try it and give us feedback on:

- Github:
      https://github.com/nginx/njs/issues

Additional examples and howtos can be found here:

- Github:
      https://github.com/nginx/njs-examples

Changes with njs 0.8.8                                       10 Dec 2024

    nginx modules:

    *) Feature: implemented shared dictionary for QuickJS engine.

    *) Improvement: js_preload_object is refactored.

    *) Bugfix: fixed rate-limited output.

    *) Bugfix: optimized use of SSL contexts for
       js_fetch_trusted_certificate directive.

    Core:

    *) Feature: implemented process object for QuickJS engine.

    *) Feature: implemented process.kill() method.

    *) Bugfix: fixed tests with libxml2 2.13 and later.

    *) Bugfix: fixed promise resolving when Promise is inherited.

    *) Bugfix: fixed absolute scope in cloned VMs.

_______________________________________________
nginx-announce mailing list
nginx-announce@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-announce
Viewing latest articles
Browse all 313 Browse latest View live
Search

Latest Images

Popeyes S’pore 1-for-1 Midnight Crunch Combo Meal at $11.10 (18-22 May 2026)

Popeyes S’pore 1-for-1 Midnight Crunch Combo Meal at $11.10 (18-22 May 2026)

May 15, 2026, 4:54 pm
Call Of The Elder Gods Review – Maintaining Sanity

Call Of The Elder Gods Review – Maintaining Sanity

May 15, 2026, 7:13 am
Make Your Bike Summer-Ready

Make Your Bike Summer-Ready

May 15, 2026, 7:00 am
Child, 2 Adults Confirmed Dead in `Suspicious’ Domestic Violence Fire in...

Child, 2 Adults Confirmed Dead in `Suspicious’ Domestic Violence Fire in...

May 15, 2026, 6:28 am
How to Face Swap on macOS (2026 Guide)

How to Face Swap on macOS (2026 Guide)

May 14, 2026, 10:14 am
Hadone-Bite The Hand That Feeds You-PI012-24BIT-WEB-FLAC-2026-WAVED

Hadone-Bite The Hand That Feeds You-PI012-24BIT-WEB-FLAC-2026-WAVED

May 14, 2026, 7:05 am
Audials One 2026.1.17 Premium

Audials One 2026.1.17 Premium

May 14, 2026, 6:49 am
Five Frames From ?

Five Frames From ?

May 14, 2026, 6:41 am
Twins with Batten disease benefit from UNC Health drug trial

Twins with Batten disease benefit from UNC Health drug trial

May 14, 2026, 6:12 am
Google just helped Apple sell a million more MacBook Neos

Google just helped Apple sell a million more MacBook Neos

May 14, 2026, 4:00 am
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>