OpenResty 1.15.8.3 is a patch release addressing recent security vulnerabilities in both the Nginx core and the ngx_http_lua module.

The (portable) source code distribution, the Win32/Win64 binary distributions, and the pre-built binary Linux packages for Ubuntu, Debian, Fedora, CentOS, RHEL, OpenSUSE, Amazon Linux are provided on this page:

https://openresty.org/en/download.html

We also upgraded PCRE to 8.44 and OpenSSL to 1.1.0l for our binary packages.

This is the third OpenResty release based on the nginx 1.15.8 core.

Acknowledgments

Thanks the HackerOne team for reporting the memory content leak vulnerabilities.

Thanks Thibault Charbonnier and Dejiang Zhu for helping this release.

Full Changelog

Complete change logs since the last (formal) release, 1.15.8.2, can be browsed in the page Change Log for 1.15.8.x.

Feedback

Feedback on this release is more than welcome. Feel free to create new GitHub issues or send emails to one of our mailing lists.

The Next Release

The next release will be OpenResty 1.17.8.1 based on the recent nginx 1.17.8 core and its RC1 version is already out for community testing. See

https://openresty.org/en/ann-1017008001rc1.html