OpenResty® Scalable Web Platform by Extending NGINX with Lua

OpenResty 1.21.4.1 RC1 is out

Johnny Wang , 10 Jan 2022 (created 16 Dec 2021)

We have just kicked out a new release candidate, OpenResty 1.21.4.1 RC1, for the community to test out.

Source package

https://openresty.org/download/openresty-1.21.4.1rc1.tar.gz

PGP for this source tar ball:

https://openresty.org/download/openresty-1.21.4.1rc1.tar.gz.asc

Acknowledgment

Special thanks go to all our developers and contributors! Also thanks Junlong Li, and Jiahao Wang for their help in preparing this release.

Version highlights

The highlights of this release candidate are:

Full Change logs

Complete change logs since the last (formal) release, 1.19.9.1:

  • upgraded the nginx core to 1.21.4.
  • feature: allow to be compiled with LibreSSL 3.0+. Thanks spacewander for the patch.
  • feature: add lua_ssl_conf_command directive for setting arbitrary OpenSSL configuration parameter particularly the TLSv1.3 ciphersuites. Thanks Zhefeng Chen for the patch.
  • feature: implemented the ssl_client_hello_by_lua* api for controlling the NGINX downstream SSL handshake dynamically with Lua. Thanks Zhefeng Chen for the patch.
  • feature: the number connections of privileged agent can be set by enable_privileged_agent(connections). Thanks wangyao for the patch.
  • feature: implemented the new ngx.run_worker_thread API to run Lua function in a seperated worker thread. Thanks kingluo for the patch.
  • upgraded lua-nginx-module to 0.10.21rc1
    • bugfix: prevent illegal memory access in ngx_http_lua_util.c. Thanks Jiahao Wang for the patch.
    • optimize: removed superfluous code from shdict_store. Thanks Odin Hultgren Van Der Horst for the patch.
    • bugfix: fix nginx crash caused by a bad format specifier. Thanks balus for the patch.
    • bugfix: fixed memcpy param overlap detected by asan. Thanks pengyanfeng for the patch.
    • bugfix: fix possible null pointer dereference found by Coverity. Thanks doujiang24 for the patch.
    • bugfix: we should use luaL_typename() with lua stack index. Thanks balus for the patch.
    • bugfix: fixed potential leak on memory allocation errors. we have to clean just created SSL context manually, thus appropriate call added. Thanks nandsky for the patch.
    • bugfix: nginx crash when resolve an not exist domain in thread create by ngx.thread.spawn. Thanks lijunlong for the patch.
    • bugfix: should reset the value_len to 0 when reuse the expired list type key in shared dict. Thanks ngtee8 for the patch.
    • change: do not need to create the Lua request ctx data table from C. Thanks doujiang for the patch.
    • bugfix: we should ignore match limit in DFA mode. Thanks Jianyong Chen for the patch.
    • bugfix: buffer bloat and CPU 100% when download large file was filtered by body_filter_by_lua. Thanks lijunlong for the patch.
    • bugfix: fixed missing 'const' qualifier causing compilation failure on freebsd. Thanks Jiahao Wang for the patch.
    • bugfix: should not allow to create timer in the exit process phase. Thanks Jinhua Tan for the patch.
    • feature: support environ in ngx.pipe on mac. Thanks tzssangglass for the patch.
  • upgraded stream-lua-nginx-module to 0.0.11rc1
    • bugfix: compilation failed when building without --with-stream_ssl_module. Thanks vislee for the patch.
    • bugfix: we should use luaL_typename() with lua stack index. Thanks Jianyong Chen for the patch.
    • bugfix: fixed possible null pointer dereference found by Coverity. Thanks Ilya Shipitsin for the patch.
    • bugfix: nginx crash when resolve an not exist domain. Thanks lijunlong for the patch.
    • bugfix: should reset the value_len to 0 when reuse the expired list type key in shared dict. Thanks ngtee8 for the patch.
    • bugfix: we should ignore match limit in DFA mode. Thanks balus for the patch.
    • bugfix: some lua configurations (i.e. lua_ssl_trusted_certificate) were missing in the init_worker phase. Thanks doujiang for the patch.
    • bugfix: failed to start when non-ssl server configured with ssl_certificate_by_lua* directive. Thanks Zhefeng Chen for the patch.
    • bugfix: old coroutine APIs were used in the preread and ssl_cert phase. Thanks Zhefeng Chen for the patch.
  • upgraded lua-resty-core to 0.1.23rc1
    • bugfix: ngx.re.sub/gsub may incorrectly dropped the last character. Thanks Jianyong Chen for the patch.
    • optimize: use a new upvalue table for the ctxs holder to make LuaJIT JIT compiler happy to generate more efficient machine code. Thanks doujiang for the patch.
  • upgraded lua-resty-websocket to 0.09rc1
    • bugfix: should abort when status code is invalid in wb:send_close(server). Thanks Gerrard-YNWA for the patch.
  • upgraded lua-resty-redis to 0.30rc1
    • feature: add a surface to support redis module. Thanks spacewander for the patch.
  • upgraded lua-resty-limit-traffic to 0.08rc1
    • optimize: resty.limit.conn call dict:incr with init_ttl argument. Thanks WindMGC for the patch.
  • upgraded lua-resty-mysql to 0.25rc1
    • bugfix: fallback to default auth plugin if server doesn't have CLIENT_PLUGIN_AUTH capability. Thanks Wangchong Zhou for the patch.
  • upgraded set-misc-nginx-module to 0.33
    • feature: added url safe base64 encoding/decoding. Thanks Pavel for the patch.
    • bugfix: fix a possible resource leak of fd when exception occur. Thanks Hai Shi for the patch.
    • feature: added new directive set_hmac_sha256. Thanks erankor for the patch.
  • upgraded encrypted-session-nginx-module to 0.09
    • optimize: make it compatible with boringssl. Thanks lijunlong for the patch.
  • upgraded lua-resty-string to 0.15
    • feature: added an optional len parameter for resty.md5.update(). Thanks lijunlong for the patch.
    • feature: add 'enable_padding' option for aes. Thanks beimingfish for the patch.
    • optimize: speed up string.to_hex by reusing hex buf. Thanks jinjiezhao for the patch.
  • upgraded lua-cjson to 2.1.0.10rc1
    • bugfix: fixed bugs suspected by cppcheck: shift signed 32-bit value by 31 bits and uninitialized variable. Thanks Jiahao Wang for the patch.
    • bugfix: fixed a possible division by zero bugs found by cppcheck. Thanks Jiahao Wang for the patch.
    • feature: support lua 5.2+.
  • upgraded luajit2 to 2.1-20211210
    • ARM64: Fix pcall() error case.
    • refactor: removed duplicated table entries. Thanks lijunlong for the patch.
    • OSX/ARM64: Fix external unwinding.
    • Fix interaction of profiler and ITERN recording.
    • Fix compilation of multi-result call to next().
    • ARM64: Fix IR_HREF code generation.
    • MIPS64: Fix soft-float IR_TOSTR.
    • MIPS: Fix register allocation in assembly of HREF.
    • Windows/x64: Document MSVC flags for C++ exception interoperability.
    • FFI: Ensure returned string is alive in ffi.typeinfo().
    • bugfix: fixed merge error which was introduced by commit 63dee93f4e. Thanks lijunlong for the patch.
    • OSX/ARM64: Disable unwind info.
    • Fix stack allocation after on-trace stack check.
    • Fix ITERN blacklisting.
    • Ensure ITERN forward progress on interpreter bailout.
    • ARM64: Reorder interpreter stack frame and fix unwinding.
    • Don't bail out to interpreter to JLOOP originating from ITERN.
    • FFI: Don't load PC from non-function object in FFI continuation.
    • FFI: Fix missing cts->L initialization in argv2ctype().
    • OSX/ARM64: Disable external unwinding for now.
    • Compile table traversals: next(), pairs(), BC_ISNEXT/BC_ITERN.
    • Use IR_HIOP for generalized two-register returns.
    • Refactor table traversal.
    • ARM: Fix symbol display in trace disassembly.
    • Refactor IR_TMPREF generation.
    • Refactor IR_VLOAD to take an offset.
    • MIPS: Fix trace linking.
    • feature: implemented string.buffer library.
    • Consider slots used by upvalues in use-def analysis.
    • Prevent loop in snap_usedef().
    • Fix io.close().
    • Fix minilua vararg stack handling.
    • Avoid out-of-range number of results when compiling select(k, ...).
    • Fix error message in lj_lib_checkintrange().
    • Fix IRXLOAD_* mode bits description.
    • Add IRCONV_NONE for pass-through INT to I64/U64 type change.
    • Fix jit.dump() output for IR_CONV.
    • Change: Resolve luaL_newstate() return NULL in ppc64le issue. Thanks ManirajDeivendran for the patch.
    • Disable unreliable assertion for external frame unwinding.
    • Flush and close output file after profiling run.
    • Avoid conflict between 64 bit lightuserdata and ITERN key.
    • Change: Resolve compilation error in ppc Thanks Maniraj Deivendran for the patch.
    • bugfix: disabled the assertion since it might be a false alarm on fedora aarch64.
    • feature: added the trace entry and normal exit events in the GC64 interpreter. Thanks doujiang24 for the patch.
    • Throw any errors before stack changes in trace stitching.
    • DynASM/x86: Add missing escape in pattern.
    • DynASM/ARM64: Fix LSL/BFI* encoding with variable shifts.
    • Fix MinGW static build.
    • Fix dependencies.
    • Fix IR_BUFHDR assembly.
    • FFI: Support FFI numbers in string.format() and buf:putf().
    • ARM64: More improvements to the generation of immediates.
    • Abstract out on-demand loading of FFI library.
    • FFI: Fix dangling reference to CType.
    • PPC/PS3: Fix BC_ADD*/BC_SUB*.
    • Fix use-def analysis for vararg functions.
    • Fix use-def analysis for BC_VARG.
    • DynASM/ARM64: Fix ADRP encoding with absolute address.
    • Fix compiler warnings.
    • DynASM/ARM64: Add .long expr. Add .quad/.addr expr + refs.
    • DynASM/x86: Fix x64 .aword refs. Add .qword, .quad, .addr and .long.
    • FFI/ARM64/OSX: Fix vararg call handling.
    • Prevent compile of __concat with tailcall to fast function.
    • Fix IR_RENAME snapshot number. Follow-up fix for a32aeadc.
    • DynASM: Fix global label references
    • DynASM/ARM64: Add VREG support.
    • Fix build with busybox grep.
    • NetBSD: Use PROT_MPROTECT() and disable getentropy().
    • Allow disabling the serializer.
    • BSD: Fix build with BSD grep.
    • Fix .bat file builds.
    • OSX: Fix build by hardcoding external frame unwinding.
    • Reorganize lightuserdata interning code.
    • Upgrade docs to HTML5. It's about time.
    • FFI: Handle zero-fill of struct-of-NYI.
    • ARM64: Improve generation of immediates.
    • Detect inconsistent renames even in the presence of sunk values.
    • Handle on-trace OOM errors from helper functions.
    • Use weak guards for on-trace allocations.
    • PPC: Fix GG_State loads.
    • MIPS: Fix handling of long-range spare jumps.
    • Cleanup and enable external unwinding for more platforms.
    • Remove specific version numbers from the docs.
    • iOS: Don't use getentropy() since it's disallowed in the App Store.
    • Linux/ARM64: Make mremap() non-moving due to VA space woes.

Feedback

Feedback on this new release candidate is most welcome. Feel free to create new GitHub issues or contact us via one of our mailing lists.