OpenResty® Scalable Web Platform by Extending NGINX with Lua

New! OpenResty is now released!
New! Test::Nginx 0.30 is now released!
New! New blog post Configure HTTP basic auth in OpenResty Edge is published.
New! New blog post How to use custom dynamic metrics in OpenResty Edge is published.
New! New blog post Limit Request Rate by Custom Keys in OpenResty Edge is published.

ChangeLog 1.2.8

Yichun Zhang , 10 Jun 2013 (created 26 Apr 2013)

Stable Release - 10 June 2013

  • upgraded LuaJIT to 2.0.2.
  • LuaJIT-2.0.2
  • array-var-nginx-module-0.03rc1
  • auth-request-nginx-module-0.2
  • drizzle-nginx-module-0.1.5
  • echo-nginx-module-0.45
  • encrypted-session-nginx-module-0.03
  • form-input-nginx-module-0.07
  • headers-more-nginx-module-0.20
  • iconv-nginx-module-0.10
  • lua-5.1.5
  • lua-cjson-1.0.3
  • lua-rds-parser-0.05
  • lua-redis-parser-0.10
  • lua-resty-dns-0.09
  • lua-resty-memcached-0.11
  • lua-resty-mysql-0.13
  • lua-resty-redis-0.15
  • lua-resty-string-0.08
  • lua-resty-upload-0.08
  • memc-nginx-module-0.13rc3
  • nginx-1.2.8
  • ngx_coolkit-0.2rc1
  • ngx_devel_kit-0.2.18
  • ngx_lua-0.8.2
  • ngx_postgres-1.0rc2
  • rds-csv-nginx-module-0.05rc2
  • rds-json-nginx-module-0.12rc10
  • redis-nginx-module-0.3.6
  • redis2-nginx-module-0.10
  • set-misc-nginx-module-0.22rc8
  • srcache-nginx-module-0.21
  • xss-nginx-module-0.03rc9

Mainline Version - 23 May 2013

  • upgraded Lua Nginx Module to 0.8.2.
    • feature: added ngx.HTTP_MKCOL, ngx.HTTP_COPY, ngx.HTTP_MOVE, and other WebDAV request method constants; also added corresponding support to ngx.req.set_method and ngx.location.capture. thanks Adallom Roy for the patch.
    • feature: allow injecting new user Lua APIs (and overriding existing Lua APIs) in the "ngx" table.
    • bugfix: ngx.req.set_body_file() always enabled Direct I/O which caused the alert message "fcntl(O_DIRECT) ... Invalid argument" in error logs on file systems lacking the Direct I/O support. thanks Matthieu Tourne for reporting this issue.
    • bugfix: buffer corruption might happen in ngx.req.set_body_file() when Nginx upstream modules were used later because ngx.req.set_body_file() incorrectly set r->request_body->buf to the in-file buffer which could get reused by ngx_http_upstream for its own purposes.
    • bugfix: no longer automatically turn underscores (_) to dashes (-) in header names for ngx.req.set_header and ngx.req.clear_header. thanks aviramc for the report.
    • bugfix: segmentation fault might happen in nginx 1.4.x when calling ngx.req.set_header on the Cookie request headers because recent versions of Nginx no longer always initialize r->headers_in.cookies. thanks Rob W for reporting this issue.
    • bugfix: fixed the C compiler warning "argument 'nret' might be clobbered by 'longjmp' or 'vfork'" when compiling with Ubuntu 13.04's gcc 4.7.3. thanks jacky and Rajeev's reports.
    • bugfix: temporary memory leaks might happen when using ngx.escape_uri, ngx.unescape_uri, ngx.quote_sql_str, ngx.decode_base64, and ngx.encode_base64 in tight Lua loops because we allocated memory in nginx's request memory pool for these methods.
    • optimize: ngx.escape_uri now runs faster when the input string contains no special bytes to be escaped.
    • testing: added custom test scaffold t::TestNginxLua which subclasses Test::Nginx::Socket. it supports the environment TEST_NGINX_INIT_BY_LUA which can be used to add more custom Lua code to the value of the init_by_lua directive in the Nginx configuration.
  • upgraded Srcache Nginx Module to 0.21.
    • bugfix: responses with a status code smaller than all the status codes specified in the srcache_store_statuses directive were not skipped as expected. thanks Lanshun Zhou for the patch.
  • feature: applied the invalid_referer_hash patch to the Nginx core to make the $invalid_referer variable accessible in embedded dynamic languages like Perl and Lua. thanks Fry-kun for requesting this.
  • updated the dtrace patch for the Nginx core.
    • print out more info about the Nginx in-file bufs in the tapset function ngx_chain_dump.

Mainline Version - 13 May 2013

  • applied the official patch for the nginx core to address the recent nginx security vulnerability CVE-2013-2070.

Mainline Version - 26 April 2013