Version 1.9.15.1 - 3 June 2016

• upgraded the Nginx core to 1.9.15.
  • see the changes here: http://nginx.org/en/CHANGES
• bugfix: applied the patch for nginx security advisory (CVE-2016-4450) to the nginx 1.9.15 core.
• feature: added restydoc documentation indexes for the official nginx core and most of the official openresty components.
• upgraded [ngx_lua](https://github.com/openresty/ -nginx-module#readme) to 0.10.5.
  • bugfix: use of ssl_certificate_by_lua* in the http {} scope could lead to process crashes. thanks Andreas Lubbe for the report.
  • bugfix: ngx.print("") did not trigger response header sending.
  • feature: linux x64: now we try limiting the growth of the data segment of the nginx processes to preserve as much lowest address space for LuaJIT as possible. thanks Shuxin Yang for the help.
  • bugfix: init_worker_by_lua* did not honor http {} top-level configurations like lua_ssl_verify_depth and lua_ssl_trusted_certificate. thanks Vladimir Shaykovskiy for the report.
  • bugfix: ngx.exit() could not be used in the context of balancer_by_lua* when lua-resty-core was used.
  • bugfix: *_by_lua_block: fixed Lua long bracket parsing at buffer boundaries. thanks Maxim Ivanov and Tom Thorogood for the report.
  • bugfix: ngx.req.append_body() might enter infinite loops when ngx.req.init_body() has not specified a buffer size and the request header Content-Length is 0 (or client_body_buffer_size is configured to 0). thanks Hai for the report and Dejiang Zhu for the patch.
  • bugfix: ngx.re.match: the 5th argument hid the 4th one. thanks iorichina for the report and rako9000 for the original patch.
  • bugfix: ngx.worker.id() should return nil in non-worker processes like nginx's cache managers. thanks Weixie Cui for the patch.
  • bugfix: fixed a memory leak in cert_pem_to_der(), caught by valgrind.
  • bugfix: ignore unexpected closing long-brackets in *_by_lua_block directives. thanks Thibault Charbonnier for the patch.
  • bugfix: changing peers in balancer_by_lua* might lead to stale values of $upstream_addr.
  • bugfix: clear errors in ngx.ssl and ngx.ocsp functions to avoid flooding nginx error logs. thanks Hamish for the original patch.
  • bugfix: tcpsock:sslhandshake() did not correctly check argument count. thanks Ilya Shipitsin for the report.
  • bugfix: tcpsock:sslhandshake() accepts up to 5 arguments now (including the object itself).
  • bugfix: assignment to ngx.status might not affect subsequent ngx.status reads when error_page had already taken place. thanks wangwei4514 for the report.
  • refactor: refactored the implementation of the ngx.semaphore API. thanks Weixie Cui for the patch.
  • doc: typo fixes from Christos Trochalakis.
• upgraded lua-resty-core to 0.1.6.
  • feature: implemented ngx.worker.id() and ngx.worker.count() with FFI. thanks Yuansheng Wang for the patch.
  • bugfix: Lua's tail-call optimization might unexpectedly make ngx.semaphore objects get garbage-collected prematurely even when there're still waiters. this could happen when lua_check_client_abort is enabled. thanks Dejiang Zhu for the patch.
  • doc: ngx.semaphore: documented the "timeout" argument of wait() in more detail.
  • doc: typo fixes from Alessandro Ghedini.
  • doc: formatting fixes from ms2008.
• upgraded lua-resty-redis to 0.24.
  • bugfix: added a tostring() call to avoid the "attempt to concatenate local 'prefix' (a nil value)" error in Lua function _read_reply().
  • optimize: we now alway call tostring() upon args in Redis query methods.
  • optimize: reduced Lua string concatenations in redis query composition.
• upgraded lua-resty-dns to 0.16.
  • bugfix: when the AD and CD bits are set in the DNS responses as per RFC 2065, they would erroneously be treated as a part of the error code (RCODE). thanks Celebi Lui for the report and patch.
• upgraded lua-resty-memcached to 0.14.
  • optimize: reduced table.concat() calls while constructing memcached requests, which can lead to fewer Lua string creation operations.
  • bugfix: get() did not return server error responses. thanks Lorenz Bauer for the report.
  • bugfix: gets() did not return server error responses. thanks Lorenz Bauer for the report.
  • bugfix: get(): simplified the error messages so that the caller can check the error more easily.
  • feature: set_timeout() now returns the result of the operation. thanks Guanlan Dai for the report.
• upgraded lua-resty-mysql to 0.16.
  • bugfix: close(): we did not send the COM_QUIT packet to the MySQL server. thanks Andreas Fischer for the report.
  • bugfix: fixed the Lua exception "attempt to concatenate field 'state' (a nil value)". thanks heyuanlong for the report.
  • doc: typo fixes from Boris Nagaev.
• upgraded resty-cli to 0.12.
  • feature: resty: multiple -e options, along with the file argument, are supported.
  • feature: added new command-line utility, restydoc, for viewing OpenResty/Nginx documentation on the terminal (inspired by Perl's perldoc utility) via groff (used by man as well).
  • feature: added new command-line utility, md2pod.pl, for converting GitHub-flavored Markdown source to Perl's POD format.
  • feature: added new command-line utility, restydoc-index, for generating the documentation indexes by scanning Markdown and POD document files in user-specified directories, which can be used by the restydoc tool.
  • feature: added new command-line utility, nginx-xml2pod, for converting NGINX's official XML-formatted documentation to Perl's POD format.
  • bugfix: resty: the --valgrind command-line option was broken.
• upgraded lua-cjson to 2.1.0.4.
  • feature: added the cjson.as_array metamethod to enforce empty array encoding. thanks Thibault Charbonnier for the patch.
  • bugfix: fixed the 16 decimal number encoding assertion. thanks Thibault Charbonnier for the patch.
  • doc: added proper documentation for OpenResty's fork of lua-cjson. thanks Thibault Charbonnier for the patch.
• upgraded LuaJIT to v2.1-20160517: https://github.com/openresty/luajit2/tags
  • imported Mike Pall's latest changes:

    • Rollback due to HREFK + load fwd must restore guardemit state.

    • Always merge snapshots without instructions inbetween.

    • FFI: Parse #line NN and #NN.

    • MIPS: Switch to dual-number mode. Fix soft-float interpreter.

    • PS4: Switch default build to amalgamated and LJ_GC64 mode.

    • MIPS: Add soft-float support to JIT compiler backend.

    • Don't allocate unused 2nd result register in JIT compiler backend.

    • Use internal implementation for converting FP numbers to strings.

    • MIPS soft-float: Fix code generation for HREF.

    • ARM: Fix build problem with external frame unwinding.

    • Fix display of NULL (light)userdata in -jdump.

    • x64/LJ_GC64: Fix JIT glue code in interpreter.

    • x86: Detect BMI2 instruction support.

    • x86: Generate BMI2 shifts and rotates, if available.

    • MIPS: Fix use of ffgccheck delay slots in interpreter.

    • Windows/x64/LJ_GC64: Fix math.frexp() and math.modf().

    • Cygwin: Allow cross-builds to non-Cygwin targets.

    • Fix recording of select(n, ...) with off-trace varargs.

    • x86: Improve disassembly of BMI2 instructions.

    • x64/LJ_GC64: Fix BC_UCLO check for fast-path.

    • MIPS: Fix BC_ISNEXT fallback path.

    • Rewrite memory block allocator.

      Use a mix of linear probing and pseudo-random probing.

Workaround for 1GB MAP_32BIT limit on Linux/x64. Now 2GB with !LJ_GC64. Enforce 128TB LJ_GC64 limit for > 47 bit memory layouts (ARM64). * x86/x64: Search for exit jumps with instruction length decoder. * Fix handling of non-numeric strings in arithmetic coercions. * Fix GCC 6 -Wmisleading-indentation warnings. * Constrain value range of lj_ir_kptr() to unsigned 32 bit pointers.

• upgraded ngx_srcache to 0.31.
  • bugfix: this module should not depend on builtin modules like ngx_http_ssi and ngx_http_addition to pull in the ngx_http_postpone module to function properly. thanks Dejiang Zhu for the original patch.
  • feature: this module can now be compiled as a dynamic module with NGINX 1.9.11+ via the --with-dynamic-module=PATH option of ./configure. thanks Hiroaki Nakamura for the original patch.
  • bugfix: fixed errors and warnings with C compilers without variadic macro support.
  • doc: clarified what 0s means for the default expiration time. thanks matlloyd for the patch.
  • doc: documented the memcached maximum key length and the set_md5 directive. thanks Jérémy Lal for the patch.
• upgraded ngx_form_input to 0.12.
  • bugfix: avoided use of C global variables in configuration phase since it might cause problems in failed HUP reloads.
  • feature: this module can now be compiled as a dynamic module with NGINX 1.9.11+ via the --with-dynamic-module=PATH option of ./configure.
• upgraded ngx_devel_kit to 0.3.0.
  • feature: this module can now be compiled as a dynamic module with NGINX 1.9.11+ via the --with-dynamic-module=PATH option of ./configure. thanks Andrei Belov for the patch.
  • bugfix: compiler errors: comparison between signed and unsigned integer expressions. thanks Xiaochen Wang for the patch.
  • doc: added the new section "Modules using NDK".
• upgraded ngx_encrypted_session to 0.05.
  • feature: this module can now be compiled as a dynamic module with NGINX 1.9.11+ via the --with-dynamic-module=PATH option of ./configure.
• upgraded ngx_headers_more to 0.30.
  • feature: this module can now be compiled as a dynamic module with NGINX 1.9.11+ via the --with-dynamic-module=PATH option of ./configure. thanks Sjir Bagmeijer for the original patch.
• upgraded ngx_echo to 0.59.
  • feature: added support for nginx 1.9.11+ when no nginx builtin modules pull in the ngx_http_postpone module.
  • feature: this module can now be compiled as a dynamic module with NGINX 1.9.11+ via the --with-dynamic-module=PATH option of ./configure.
  • bugfix: fixed warnings with C compilers without variadic macro support.
• upgraded ngx_memc to 0.17.
  • feature: this module can now be compiled as a dynamic module with NGINX 1.9.11+ via the --with-dynamic-module=PATH option of ./configure.
  • bugfix: fixed errors and warnings with C compilers without variadic macro support.
• upgraded ngx_redis2 to 0.13.
  • feature: this module can now be compiled as a dynamic module with NGINX 1.9.11+ via the --with-dynamic-module=PATH option of ./configure.
  • bugfix: fixed errors and warnings with C compilers without variadic macro support.
• upgraded ngx_iconv to 0.14.
  • feature: this module can now be compiled as a dynamic module with NGINX 1.9.11+ via the --with-dynamic-module=PATH option of ./configure.

See ChangeLog 1.9.7 for change log for OpenResty 1.9.7.x.