OpenResty® 通过 Lua 扩展 NGINX 实现的可伸缩的 Web 平台

OpenResty XRay

Advanced observability built for OpenResty and more

×

limited time offer

Request TRIAL today and receive a diagnostic REPORT
Learn more

ChangeLog for 1.27.1.x

lijunlong , 15 Oct 2024 (created 14 Aug 2024)

Version 1.27.1.1 - 16 Oct 2024

  • upgraded the nginx core to 1.27.1
  • upgraded lua-nginx-module to 0.10.27
    • bugfix: fixed keepalive error in cosocket. Thanks lijunlong for the patch.
    • bugfix: ensure compatibility with older nginx versions lacking TLS 1.3 support. Thanks lijunlong for the patch.
    • bugfix: initialize ASN1_GENERALIZEDTIME pointers in ssl_validate_ocsp_response. Thanks lijunlong for the patch.
    • bugfix: nginx crashed when binding local address failed from lua. Thanks lijunlong for the patch.
    • bugfix: treat shared dict entries with TTL of 0 as expired. Thanks lijunlong for the patch.
    • bugfix: let balancer.recreate_request API work for body data changed case. Thanks Jun Ouyang for the patch.
    • feature: add support for SSL trusted certificates in client verification. Thanks xiangwei for the patch.
    • bugfix: respect max retry after using balancer pool. Thanks kurt for the patch.
    • feature: support ngx.location.capture and ngx.location.capture_multi with headers option. Thanks Tinglong Yang for the patch.
    • bugfix: undefined symbol SSL_client_hello_get0_ext when linking against libressl. Thanks lijunlong for the patch.
    • bugfix: fixed compilation errors when building without SSL. Thanks Johnny Wang for the patch.
    • change: should match the local address when get connection from the keepalive pool. Thanks lijunlong for the patch.
    • feature: implemented keepalive pooling in balancer_by_lua*. Thanks lijunlong for the patch.
    • bugfix: prevent main thread access to freed fake request in init_worker. Thanks fesily for the patch.
    • bugfix: preserve lua-nginx-module context when ngx.send_header() triggers filter_finalize. Thanks Jun Ouyang for the patch.
    • bugfix: fix config test for signalfd with gcc 11. Thanks Jiří Setnička for the patch.
    • bugfix: worker thread Lua VM may take lots of memory. Thanks lijunlong for the patch.
    • bugfix: ensure proper connection closure when setting empty body before last chunk. Thanks Liu Wei for the patch.
    • bugfix: wrong arguments of setkeepalive() result in the compromise of data integrity. Thanks lijunlong for the patch.
    • bugfix: Fixing compatibility issues with BoringSSL. Thanks lijunlong for the patch.
    • feature: validate and expose nextUpdate field in OCSP response. Thanks Elvin Efendi for the patch.
    • feature: add support for deriving key from tls master secret. Thanks bas-vk for the patch.
    • feature: add UDP cosocket bind api. Thanks syz for the patch.
    • bugfix: fixed HTTP HEAD request smuggling issue. Thanks lijunlong for the patch.
    • optimize: allow to reenable the tls for the upstream. Thanks lijunlong for the patch.
    • feature: add FFI function for balancer.disable_ssl(). Thanks lijunlong for the patch.
    • bugfix: correct offset vector memory allocation size for PCRE2. Thanks Zhongwei Yao for the patch.
    • feature: implemented ngx_http_lua_ffi_ssl_client_random. Thanks Ruidong-X for the patch.
    • bugfix: fix memory corruption in consecutive regex calls. Thanks Zhongwei Yao for the patch.
    • feature: add ngx_http_lua_ffi_parse_der_cert and ngx_http_lua_ffi_parse_der_key functions. Thanks Brian Rak for the patch.
  • upgraded stream-lua-nginx-module to 0.0.15
    • bugfix: fixed keepalive error in cosocket. Thanks lijunlong for the patch.
    • bugfix: treat shared dict entries with TTL of 0 as expired. Thanks lijunlong for the patch.
    • feature: add support for SSL trusted certificates in client verification. Thanks xiangwei for the patch.
    • feature: support lua balancer set proxy bind dynamic Thanks ytlm for the patch.
    • bugfix: check for SSL context instead of listen flag for nginx 1.25.5+ compatibility. Thanks Konstantin Pavlov for the patch.
    • bugfix: wrong arguments of setkeepalive() result in the compromise of data integrity. Thanks lijunlong for the patch.
    • bugfix: correct offset vector memory allocation size for PCRE2. Thanks Zhongwei Yao for the patch.
    • feature: implemented ngx_stream_lua_ffi_ssl_client_random. Thanks Ruidong-X for the patch.
    • bugfix: wrong argument for pcre2_match. Thanks lijunlong for the patch.
    • feature: add functions to parse DER formatted certificates/keys. Thanks Brian Rak for the patch.
    • changes: remove the useless pcre config. Thanks swananan for the patch.
  • upgraded lua-resty-core to 0.1.29
    • feature: add ssl_trusted_certificate argument for ssl.verify_client(). Thanks xiangwei for the patch.
    • feature: add balancer.bind_to_local_addr for stream module. Thanks ytlm for the patch.
    • feature: makes outgoing connections to a proxied server originate from the specified local IP address with an optional port. Thanks lijunlong for the patch.
    • feature: implemented keepalive pooling in balancer_by_lua*. Thanks lijunlong for the patch.
    • bugfix: initialize next_update pointer to avoid potential stale values. Thanks YanLIU for the patch.
    • optimize: localize tonumber for ngx.worker.pids. Thanks Chrono for the patch.
    • feature: validate_ocsp_response should return nextUpdate if available. Thanks Elvin Efendi for the patch.
    • feature: add ssl.get_req_ssl_pointer. Thanks James Callahan for the patch.
    • feature: add support for exporting key material to derive keys from the tls master secret. Thanks bas-vk for the patch.
    • feature: add balancer.set_upstream_tls(on). Thanks lijunlong for the patch.
    • feature: add ssl.get_client_random. Thanks Ruidong-X for the patch.
    • optimize: explicit requirement to use bash. Thanks lynch for the patch.
    • feature: add parse_der_cert and parse_der_priv_key functions. Thanks Brian Rak for the patch.
  • upgraded lua-resty-websocket to 0.12
    • feature: add send_continue method. Thanks Toru for the patch.
    • feature: client:connect() returns HTTP response header. Thanks Michael Martin for the patch.
    • feature: custom sec-websocket-key in client. Thanks Michael Martin for the patch.
    • feature: add support for discrete send/recv payload limits in WebSocket client. Thanks Michael Martin for the patch.
    • feature: support custom host header in client. Thanks flrgh for the patch.
    • feature: support connecting to unix sockets. Thanks Petter Berven for the patch.
    • optimization: check ssl_support early. Thanks Michael Martin for the patch.
  • upgraded lua-resty-redis to v0.31
    • optimize: cache the table for sending requests. Thanks lijunlong for the patch.
  • upgraded lua-resty-string to 0.16
    • feature: add AAD support in aes gcm. Thanks wzxjohn for the patch.
    • change: make random.bytes cryptographically strong by default. Thanks rfl890 for the patch.
  • upgraded lua-cjson to 2.1.0.14
    • feature: Lua 5.3 + 5.4 integer support, with CI and conflicts fixed. Thanks Hisham Muhammad for the patch.
    • bugfix: bus error or SIGSEGV caused by encode not keep buffer. Thanks hyw0810 for the patch.
  • upgraded lua-resty-signal to 0.04
    • bugfix: handle '?.so' in package.cpath. Thanks Michael Martin for the patch.
  • upgraded lua-resty-lrucache to v0.14
    • optimize: echo warning message when install this library to "/usr/local/lib/lua/" and copy installation guide from lua_resty_core module. Thanks lynch for the patch.
  • upgraded rds-json-nginx-module to 0.17
    • bugfix: failed to compilation on rockylinux 9. Thanks lijunlong for the patch.
  • upgraded luajit2 to 2.1-20240815
    • Reflect override of INSTALL_LJLIBD in package.path.
    • ARM64: Use movi to materialize FP constants.
    • Add more FOLD rules for integer conversions.
    • Different fix for partial snapshot restore due to stack overflow. Reported by Junlong Li. Fixed by Peter Cawley.
    • change: disable hash computation optimization in the OpenResty branch (agentzh-v2.1) due to the possibility of severe performance degradation (CVE-2024-39702). This issue is specific to our branch and does not affect upstream LuaJIT. Thanks to Zhongwei Yao from Kong Inc. for reporting this issue. Thanks lijunlong for the patch.
    • bugfix: Enabled ppc64le arch on travis and fixed one failing test case. Thanks Alhad Deshpande for the patch.
    • Prevent sanitizer warning in snap_restoredata().
    • Limit number of string format elements to compile.
    • FFI: Clarify scalar boxing behavior.
    • OSX/iOS: Fix SDK incompatibility.
    • Windows/MSVC: Cleanup msvcbuild.bat and always generate PDB.
    • Fix segment release check in internal memory allocator.
    • FFI: Turn FFI finalizer table into a proper GC root.
    • OSX/iOS: Always generate 64 bit non-FAT Mach-O object files.
    • Show name of NYI bytecode in -jv and -jdump.
    • Use generic trace error for OOM during trace stitching.
    • feature: add s390x disassembler. Thanks Aditya Bisht for the patch.
    • Handle all types of errors during trace stitching.
    • Fix recording of __concat metamethod.
    • Prevent down-recursion for side traces.
    • Check frame size limit before returning to a lower frame.
    • FFI: Treat cdata finalizer table as a GC root.
    • Handle stack reallocation in debug.setmetatable() and lua_setmetatable().
    • optimize: [ppc64le] Aligned code as per other archs for next_1 function and relevant code changes. Thanks Alhad Deshpande for the patch.
    • Rework stack overflow handling.
    • Preserve keys with dynamic values in template tables when saving bytecode.
    • Prevent include of luajit_rolling.h.
    • Fix zero stripping in %g number formatting.
    • Fix unsinking of IR_FSTORE for NULL metatable.
    • DynASM/x86: Add endbr instruction.
    • MIPS64 R2/R6: Fix FP to integer conversions.
    • Add cross-32/64 bit and deterministic bytecode generation.
    • DynASM/x86: Allow [&expr] operand.
    • Check for IR_HREF vs. IR_HREFK aliasing in non-nil store check.
    • Respect jit.off() on pending trace exit.
    • Simplify handling of instable types in TNEW/TDUP load forwarding.
    • Only emit proper parent references in snapshot replay.
    • Fix anchoring for string buffer set() method (again).
    • ARM: Fix stack restore for FP slots.
    • Document workaround for multilib vs. cross-compiler conflict.
    • Fix anchoring for string buffer set() method.
    • Fix runtime library flags for MSVC debug builds.
    • Fix .debug_abbrev section in GDB JIT API.
    • Optimize table.new() with constant args to (sinkable) IR_TNEW.
    • Emit sunk IR_NEWREF only once per key on snapshot replay.