OpenResty 18.104.22.168 is a patch release addressing recent security vulnerabilities in both the Nginx core and the ngx_http_lua module.
The (portable) source code distribution, the Win32/Win64 binary distributions, and the pre-built binary Linux packages for Ubuntu, Debian, Fedora, CentOS, RHEL, OpenSUSE, Amazon Linux are provided on this page:
We also upgraded PCRE to 8.44 and OpenSSL to 1.1.0l for our binary packages.
This is the third OpenResty release based on the nginx 1.15.8 core.
Thanks the HackerOne team for reporting the memory content leak vulnerabilities.
Thanks Thibault Charbonnier and Dejiang Zhu for helping this release.
Complete change logs since the last (formal) release, 22.214.171.124, can be browsed in the page Change Log for 1.15.8.x.
The next release will be OpenResty 126.96.36.199 based on the recent nginx 1.17.8 core and its RC1 version is already out for community testing. See