OpenResty® Scalable Web Platform by Extending NGINX with Lua

Contribute on GitHub Official Forum Try OpenResty XRay

New! OpenResty 1.29.2.4 is now released!

New! OpenResty 1.27.1.2 is now released!

New! New blog post Binary Evidence-Driven Vulnerability Scanning: Eliminating False Positives with OpenResty XRay is published.

New! New blog post OpenResty XRay Version 26.2.1. Now Available is published.

New! New blog post End-to-End Client Real IP Passthrough in OpenResty Edge is published.

New! New blog post How OpenResty XRay Enables Full-Stack Dynamic Tracing in Production is published.

New! New blog post What is OpenResty Edge is published.

New! New blog post Introduction to OpenResty XRay is published.

OpenResty 1.29.2.4 Released

lijunlong , 19 May 2026 (created 19 May 2026)

We are happy to announce the new formal release, 1.29.2.4, of the OpenResty web platform based on NGINX and LuaJIT.

Download this version here.

The (portable) source code distribution, the pre-built binary Linux packages for Ubuntu, Debian, Fedora, CentOS, RHEL, OpenSUSE, Amazon Linux are provided on this Download page.

Version highlights

backported patches from nginx
- CVE-2026-42945: Buffer overflow in the ngx_http_rewrite_module
- CVE-2026-42946: Buffer overread in the ngx_http_scgi_module and ngx_http_uwsgi_module
- CVE-2026-42934: Buffer overread in the ngx_http_charset_module
- CVE-2026-40460: HTTP/3 address spoofing
- CVE-2026-40701: resolver use-after-free in OCSP

Complete change logs since the last (formal) release, 1.29.2.3, can be browsed in the page Change Log for 1.29.2.x.

Testing

We have run extensive testing on our Amazon EC2 test cluster and ensured that all the components (including the Nginx core) play well together. The latest test report can always be found here:

https://qa.openresty.org/

We also always run our OpenResty Edge commercial software based on the latest open source version of OpenResty in our own global CDN network (dubbed "mini CDN") powering our openresty.org and openresty.com websites. See https://openresty.com/ for more details.

Community Support

See the Community Page.

Commercial Support

Commercial technical support and real-time noninvasive online monitoring and profiling solution is provided through the official OpenResty XRay product.

Feedback

Feedback on this release is more than welcome. Feel free to create new GitHub issues or send emails to one of our mailing lists.

More Interesting Topics

Binary Evidence-Driven Vulnerability Scanning: Eliminating False Positives with OpenResty XRay

OpenResty XRay Version 26.2.1. Now Available

End-to-End Client Real IP Passthrough in OpenResty Edge

How OpenResty XRay Enables Full-Stack Dynamic Tracing in Production

What is OpenResty Edge

Introduction to OpenResty XRay

OpenResty Edge Design Notes: Bringing Global Traffic Scheduling Back to the Application Layer

Hunting Down a Silent Memory Leak in OpenResty Without a Reboot

Anatomy of a 15x Performance Drop: A 90k to 6k QPS Root Cause Analysis with OpenResty XRay

An Introduction to the Programmable WAF of OpenResty Edge

Deconstructing the LuaJIT Pseudo Memory Leak

Building "Less is More" Event-Driven Operations with OpenResty Edge Webhook

How We Pinpointed a 244ms Latency Spike in a 500k QPS OpenResty Gateway

From Open Source OpenResty to OpenResty Edge: Evolving Your High-Performance Infrastructure

Why More and More Enterprises Are Building Private CDNs

How OpenResty XRay Pinpointed Java Memory Issues

When a "Black Box" Plugin Consumes 45% CPU: How We Pinpointed Lua Line 93 Without Source Code

OpenResty XRay Version 25.10.11 Now Available

How to Pinpoint the Hidden Cost of Gzip Configuration with OpenResty XRay

Performance Takes a Leap Forward: OpenResty Edge Now Supports zstd Compression