OpenResty® Scalable Web Platform by Extending NGINX with Lua

ChangeLog 1.2.7

Yichun Zhang , 13 May 2013 (created 23 Feb 2013)

Stable Release 1.2.7.8 - 13 May 2013

  • applied the official patch for the nginx core to address the recent nginx security vulnerability CVE-2013-2070.

Stable Release 1.2.7.6 - 17 April 2013

  • upgraded Lua Nginx Module to 0.7.21.
    • bugfix: boolean values in an array table were rejected with the exception "attempt to use boolean as query arg value" while encoding a Lua (hash) table as URL arguments. thanks Calin Don for reporting this issue.
    • bugfix: ngx.req.raw_header() would return an empty string value when the default header buffer (c->buffer) can hold the request line but not the whole header. thanks KDr2 for reporting this issue.
  • upgraded Encrypted Session Nginx Module to 0.03.
    • refactor: fixed typos in the source code: replacing "3des" with "aes"; thanks Edgar Liu for reporting this issue.
  • upgraded Iconv Nginx Module to 0.10.
    • bugfix: failed to build on Solaris with the bogus error message "ngx_devel_kit is required to build ngx_iconv; please put it before ngx_iconv". The following components are bundled:
  • LuaJIT-2.0.1 (with hotfix #1)
  • array-var-nginx-module-0.03rc1
  • auth-request-nginx-module-0.2
  • drizzle-nginx-module-0.1.5
  • echo-nginx-module-0.45
  • encrypted-session-nginx-module-0.03
  • form-input-nginx-module-0.07
  • headers-more-nginx-module-0.19
  • iconv-nginx-module-0.10
  • lua-5.1.5
  • lua-cjson-1.0.3
  • lua-rds-parser-0.05
  • lua-redis-parser-0.10
  • lua-resty-dns-0.09
  • lua-resty-memcached-0.11
  • lua-resty-mysql-0.13
  • lua-resty-redis-0.15
  • lua-resty-string-0.08
  • lua-resty-upload-0.08
  • memc-nginx-module-0.13rc3
  • nginx-1.2.7
  • ngx_coolkit-0.2rc1
  • ngx_devel_kit-0.2.18
  • ngx_lua-0.7.21
  • ngx_postgres-1.0rc2
  • rds-csv-nginx-module-0.05rc2
  • rds-json-nginx-module-0.12rc10
  • redis-nginx-module-0.3.6
  • redis2-nginx-module-0.10
  • set-misc-nginx-module-0.22rc8
  • srcache-nginx-module-0.19
  • xss-nginx-module-0.03rc9

Mainline Version 1.2.7.5 - 9 April 2013

  • upgraded Echo Nginx Module to 0.45.
  • upgraded Drizzle Nginx Module to 0.1.5.
    • bugfix: compilation errors occurred with nginx 1.3.15. thanks Karl Blessing for reporting this issue.
    • docs: fixed a typo in the sample code for $drizzle_thread_id reported by 岚偑/yy秋叶.
    • docs: documented the config syntax for db passwords with special chars in them.
  • upgraded Lua Nginx Module to 0.7.20.
    • feature: now we allow the "0" time argument in ngx.sleep().
    • feature: ngx.location.capture and ngx.location.capture_multi now return a lua table with the boolean field "truncated", which indicates whether the subrequest response body is truncated.
    • bugfix: request hung when rewrite cycled in ngx.req.set_uri(uri, true) instead of throwing out an error log message and a 500 page properly. thanks Calin Don for the report.
    • bugfix: assignment to ngx.status did not take effect when the response status line had already been generated (by ngx_proxy or others). thanks eqiuno for reporting this issue.
    • bugfix: ngx.req.raw_header() would return the first part of the request body when request body was read before the call. thanks Matthieu Tourne for reporting this issue.
    • bugfix: ngx.req.raw_header() might not work properly in a subrequest.
    • bugfix: we would override the subrequest response status code later when error happens.
    • bugfix: the debug log message "lua set uri jump to " generated by ngx.req.set_uri(uri, true) was wrong for "" was the old URI.
  • upgraded Lua Resty MySQL Library to 0.13.
    • bugfix: 64-bit integer values in the MySQL packets (like last insert ids) could not be properly parsed due to the lack of support for 64-bit integers in LuaJIT's standard "bit" module. thanks Azure Wang for the patch implementing a temporary workaround.
    • docs: various typo fixes from Tor Hveem and doledoletree.
  • upgraded Lua Resty Memcached Library to 0.11.
    • feature: added new method "touch" for the new Memcached command "touch". thanks merlin for the patch.
  • updated the upstream_truncation patch for the Nginx core.
    • bugfix: chunked upstream response bodies were treated as 502. thanks Andy Yuan for the report.
    • bugfix: request response status was changed to 502 after response header was sent in case of data truncation.
    • bugfix: the "last buf" (i.e., bufs with "last_buf" or "last_in_chain" set) should not be sent downstream in case of upstream data truncation.
  • updated the dtrace patch for the Nginx core.
    • feature: made the stap function ngx_chain_dump() print out info about the "last_buf" and "last_in_chain" flags in bufs and removed the old "" notation in the output.

Mainline Version 1.2.7.3 - 24 March 2013

  • upgraded Lua Nginx Module to 0.7.18.
    • feature: implemented ngx.req.http_version() that returns the HTTP version number for the current request. thanks Matthieu Tourne for requesting this.
    • feature: implemented the ngx.req.raw_header() function for returning the original raw HTTP protocol header string received by Nginx. thanks Matthieu Tourne for requesting this.
    • feature: added new methods safe_set and safe_add to ngx.shared.DICT objects, which never override existing unexpired items but immediately return nil and a "no memory" string message when running out of storage. thanks Matthieu Tourne for requesting this.
    • feature: datagram Unix domain sockets created by ngx.socket.udp() can now receive data from the other endpoint via "autobind" on Linux. thanks Dirk Feytons for the patch.
    • change: the ngx.re.match, ngx.re.gmatch, ngx.re.sub, and ngx.re.gsub functions used to throw Lua exceptions aggressively for all the error conditions; now they just return an additional Lua string describing the error for almost all common errors instead of throwing exceptions, including pcre compile-time and exec-time failures. thanks Matthieu Tourne for requesting this change.
    • bugfix: use of ngx.req.socket() could make socket reading hang infinitely when the request did not take a request body at all (that is, when the Content-Length request header is missing). thanks Matthieu Tourne for reporting this issue.
    • bugfix: when a non-table value was specified for the "args" option in the ngx.location.capture or ngx.location.capture_multi call, memory invalid access might happen, which resulted in garbage data at least. thanks Siddon Tang for reporting this issue.
    • bugfix: when the Lua code using UDP/TCP cosockets + resolver was run in a subrequest, the subrequest could hang due to missing calls to ngx_http_run_posted_requests in the UDP/TCP cosocket resolver handler. thanks Lanshun Zhou for reporting this issue.
    • bugfix: ngx.socket.udp: memory leaks or invalid memory accesses might happen when the DNS resolver failed to resolve.
    • bugfix: rewrite_by_lua_no_postpone can only work globally and did not reject contexts like "server" and "location" configuration blocks. thanks Matthieu Tourne for reporting this issue.
    • bugfix: (large) in-file request bodies could not be inherited correctly by multiple subrequests issued by ngx.location.capture. thanks Matthieu Tourne for reporting this issue.
    • bugfix: ngx.req.get_headers(limit, true) would still return header names in the pure lower-case form when the "limit" argument was an integer. thanks Matthieu Tourne for reporting this issue.
    • bugfix: ngx.re.match: when the "D" regular expression option was specified, an empty Lua table would always be created even when the named capture was actually empty. thanks Matthieu Tourne for reporting this issue.
    • docs: made it explicit that redirecting to external domains is also supported in ngx.redirect(). thanks Ron Gomes for asking.
  • upgraded Echo Nginx Module to 0.44.
  • upgraded Redis2 Nginx Module to 0.10.
    • feature: allow use of the request body data in Nginx variables for main requests by always reading the request body automatically; we used to always discard the request body just like the standard ngx_memcached module. thanks Ristona Hua for sharing this usage.
    • docs: updated the docs for the limitations on Redis pub/sub. thanks LazyZhu for pointing out the potential confusions.
    • docs: now we recommend Lua Resty Redis Library instead when being used with Lua Nginx Module.
  • upgraded Lua Resty Upload Library to 0.08.
    • bugfix: when multiple Content-Type request headers were given, a Lua exception would be thrown; now we just pick up the first one.
    • docs: better error handling in the code sample. thanks wgm.china for the report.
  • feature: applied the variables_in_redis_pass patch to Redis Nginx Module 0.3.6 to allow use of Nginx variables in the redis_pass directive. thanks Diptamay Sanyal for requesting this feature.
  • bugfix: applied Lanshun Zhou's run_posted_requests_in_resolver patch to the Nginx core: http://mailman.nginx.org/pipermail/nginx-devel/2013-March/003476.html
  • bugfix: applied the official hotfix #1 patch for the bundled LuaJIT 2.0.1.

Mainline Version 1.2.7.1 - 22 February 2013