OpenResty® Scalable Web Platform by Extending NGINX with Lua

OpenResty XRay

Advanced observability built for OpenResty and more

×

limited time offer

Request TRIAL today and receive a diagnostic REPORT
Learn more

ChangeLog for 1.21.4.x

Johnny Wang , 18 May 2022 (created 13 May 2022)

Version 1.21.4.1 - 18 May 2022

  • upgraded the nginx core to 1.21.4.

  • win32/win64: upgraded zlib to 1.2.12.

  • win32/win64: upgraded OpenSSL to 1.1.1n.

  • feature: allow to be compiled with LibreSSL 3.0+. Thanks spacewander for the patch.

  • feature: add lua_ssl_conf_command directive for setting arbitrary OpenSSL configuration parameter particularly the TLSv1.3 ciphersuites. Thanks Zhefeng Chen for the patch.

  • feature: implemented the ssl_client_hello_by_lua* api for controlling the NGINX downstream SSL handshake dynamically with Lua. Thanks Zhefeng Chen for the patch.

  • feature: the number connections of privileged agent can be set by enable_privileged_agent(connections). Thanks wangyao for the patch.

  • feature: implemented the new ngx.run_worker_thread API to run Lua function in a seperated worker thread. Thanks kingluo for the patch.

  • upgraded lua-nginx-module to 0.10.21

    • bugfix: ngx.pipe waits until timeout because child process forgot to close pipe after dup2. Thanks Junlong Li for the patch.
    • bugfix: posted event handler was called after event memory was freed. Thanks Junlong Li for the patch.
    • bugfix: prevent illegal memory access in ngx_http_lua_util.c. Thanks Jiahao Wang for the patch.
    • optimize: removed superfluous code from shdict_store. Thanks Odin Hultgren Van Der Horst for the patch.
    • bugfix: fix nginx crash caused by a bad format specifier. Thanks balus for the patch.
    • bugfix: fixed memcpy param overlap detected by asan. Thanks pengyanfeng for the patch.
    • bugfix: fix possible null pointer dereference found by Coverity. Thanks doujiang24 for the patch.
    • bugfix: we should use luaL_typename() with lua stack index. Thanks balus for the patch.
    • bugfix: fixed potential leak on memory allocation errors. we have to clean just created SSL context manually, thus appropriate call added. Thanks nandsky for the patch.
    • bugfix: nginx crash when resolve an not exist domain in thread create by ngx.thread.spawn. Thanks lijunlong for the patch.
    • bugfix: should reset the value_len to 0 when reuse the expired list type key in shared dict. Thanks ngtee8 for the patch.
    • change: do not need to create the Lua request ctx data table from C. Thanks doujiang for the patch.
    • bugfix: we should ignore match limit in DFA mode. Thanks Jianyong Chen for the patch.
    • bugfix: buffer bloat and CPU 100% when download large file was filtered by body_filter_by_lua. Thanks lijunlong for the patch.
    • bugfix: fixed missing 'const' qualifier causing compilation failure on freebsd. Thanks Jiahao Wang for the patch.
    • bugfix: should not allow to create timer in the exit process phase. Thanks Jinhua Tan for the patch.
    • feature: support environ in ngx.pipe on mac. Thanks tzssangglass for the patch.
  • upgraded stream-lua-nginx-module to 0.0.11

    • bugfix: compilation failed when building without --with-stream_ssl_module. Thanks vislee for the patch.
    • bugfix: we should use luaL_typename() with lua stack index. Thanks Jianyong Chen for the patch.
    • bugfix: fixed possible null pointer dereference found by Coverity. Thanks Ilya Shipitsin for the patch.
    • bugfix: nginx crash when resolve an not exist domain. Thanks lijunlong for the patch.
    • bugfix: should reset the value_len to 0 when reuse the expired list type key in shared dict. Thanks ngtee8 for the patch.
    • bugfix: we should ignore match limit in DFA mode. Thanks balus for the patch.
    • bugfix: some lua configurations (i.e. lua_ssl_trusted_certificate) were missing in the init_worker phase. Thanks doujiang for the patch.
    • bugfix: failed to start when non-ssl server configured with ssl_certificate_by_lua* directive. Thanks Zhefeng Chen for the patch.
    • bugfix: old coroutine APIs were used in the preread and ssl_cert phase. Thanks Zhefeng Chen for the patch.
  • upgraded lua-resty-core to 0.1.23

    • bugfix: ngx.re.sub/gsub may incorrectly dropped the last character. Thanks Jianyong Chen for the patch.
    • optimize: use a new upvalue table for the ctxs holder to make LuaJIT JIT compiler happy to generate more efficient machine code. Thanks doujiang for the patch.
  • upgraded lua-resty-websocket to 0.09

    • bugfix: should abort when status code is invalid in wb:send_close(server). Thanks Gerrard-YNWA for the patch.
  • upgraded lua-resty-redis to 0.30

    • feature: add a surface to support redis module. Thanks spacewander for the patch.
  • upgraded lua-resty-limit-traffic to 0.08

    • optimize: resty.limit.conn call dict:incr with init_ttl argument. Thanks WindMGC for the patch.
  • upgraded lua-resty-mysql to 0.25

    • bugfix: fallback to default auth plugin if server doesn't have CLIENT_PLUGIN_AUTH capability. Thanks Wangchong Zhou for the patch.
  • upgraded set-misc-nginx-module to 0.33

    • feature: added url safe base64 encoding/decoding. Thanks Pavel for the patch.
    • bugfix: fix a possible resource leak of fd when exception occur. Thanks Hai Shi for the patch.
    • feature: added new directive set_hmac_sha256. Thanks erankor for the patch.
  • upgraded encrypted-session-nginx-module to 0.09

    • optimize: make it compatible with boringssl. Thanks lijunlong for the patch.
  • upgraded lua-resty-string to 0.15

    • feature: added an optional len parameter for resty.md5.update(). Thanks lijunlong for the patch.
    • feature: add enable_padding option for aes. Thanks beimingfish for the patch.
    • optimize: speed up string.to_hex by reusing hex buf. Thanks jinjiezhao for the patch.
  • upgraded lua-cjson to 2.1.0.10

    • bugfix: fixed bugs suspected by cppcheck: shift signed 32-bit value by 31 bits and uninitialized variable. Thanks Jiahao Wang for the patch.
    • bugfix: fixed a possible division by zero bugs found by cppcheck. Thanks Jiahao Wang for the patch.
    • feature: support lua 5.2+.
  • upgraded luajit2 to 2.1-20220411

    • Add missing check for LJ_KEYINDEX in ITERN recording.
    • DynASM/ARM64: Fix NOP instruction for aligment.
    • Fix soft-float IR_POW splitting.
    • Fix BC_UCLO insertion for returns.
    • Fix string buffer COW handling.
    • Fix command-line argv handling.
    • Always exit after machine code page protection change fails.
    • Fix FOLD rule for BUFHDR append with intervening buffer use.
    • Fix compiled error handling for buffer methods.
    • FFI: Ensure library is loaded before de-serializing FFI types.
    • Fix HREFK forwarding vs. table.clear().
    • Fix FOLD rule for BUFHDR append.
    • Fix tonumber("-0") in dual-number mode.
    • Limit work done in SINK pass.
    • Fix ABC FOLD rule with constants.
    • Windows: Fix binary output of jit.bcsave to stdout.
    • Fix FOLD rule for x-0.
    • ARM64: Fix pcall() error case.
    • refactor: removed duplicated table entries. Thanks lijunlong for the patch.
    • OSX/ARM64: Fix external unwinding.
    • Fix interaction of profiler and ITERN recording.
    • Fix compilation of multi-result call to next().
    • ARM64: Fix IR_HREF code generation.
    • MIPS64: Fix soft-float IR_TOSTR.
    • MIPS: Fix register allocation in assembly of HREF.
    • Windows/x64: Document MSVC flags for C++ exception interoperability.
    • FFI: Ensure returned string is alive in ffi.typeinfo().
    • bugfix: fixed merge error which was introduced by commit 63dee93f4e. Thanks lijunlong for the patch.
    • OSX/ARM64: Disable unwind info.
    • Fix stack allocation after on-trace stack check.
    • Fix ITERN blacklisting.
    • Ensure ITERN forward progress on interpreter bailout.
    • ARM64: Reorder interpreter stack frame and fix unwinding.
    • Don't bail out to interpreter to JLOOP originating from ITERN.
    • FFI: Don't load PC from non-function object in FFI continuation.
    • FFI: Fix missing cts->L initialization in argv2ctype().
    • OSX/ARM64: Disable external unwinding for now.
    • Compile table traversals: next(), pairs(), BC_ISNEXT/BC_ITERN. This work sponsored by OpenResty INC.
    • Use IR_HIOP for generalized two-register returns.
    • Refactor table traversal.
    • ARM: Fix symbol display in trace disassembly.
    • Refactor IR_TMPREF generation.
    • Refactor IR_VLOAD to take an offset.
    • MIPS: Fix trace linking.
    • feature: implemented string.buffer library.
    • Consider slots used by upvalues in use-def analysis.
    • Prevent loop in snap_usedef().
    • Fix io.close().
    • Fix minilua vararg stack handling.
    • Avoid out-of-range number of results when compiling select(k, ...).
    • Fix error message in lj_lib_checkintrange().
    • Fix IRXLOAD_* mode bits description.
    • Add IRCONV_NONE for pass-through INT to I64/U64 type change.
    • Fix jit.dump() output for IR_CONV.
    • Change: Resolve luaL_newstate() return NULL in ppc64le issue. Thanks ManirajDeivendran for the patch.
    • Disable unreliable assertion for external frame unwinding.
    • Flush and close output file after profiling run.
    • Avoid conflict between 64 bit lightuserdata and ITERN key.
    • Change: Resolve compilation error in ppc Thanks Maniraj Deivendran for the patch.
    • bugfix: disabled the assertion since it might be a false alarm on fedora aarch64.
    • feature: added the trace entry and normal exit events in the GC64 interpreter. Thanks doujiang24 for the patch.
    • Throw any errors before stack changes in trace stitching.
    • DynASM/x86: Add missing escape in pattern.
    • DynASM/ARM64: Fix LSL/BFI* encoding with variable shifts.
    • Fix MinGW static build.
    • Fix dependencies.
    • Fix IR_BUFHDR assembly.
    • FFI: Support FFI numbers in string.format() and buf:putf().
    • ARM64: More improvements to the generation of immediates.
    • Abstract out on-demand loading of FFI library.
    • FFI: Fix dangling reference to CType.
    • PPC/PS3: Fix BC_ADD*/BC_SUB*.
    • Fix use-def analysis for vararg functions.
    • Fix use-def analysis for BC_VARG.
    • DynASM/ARM64: Fix ADRP encoding with absolute address.
    • Fix compiler warnings.
    • DynASM/ARM64: Add .long expr. Add .quad/.addr expr + refs.
    • DynASM/x86: Fix x64 .aword refs. Add .qword, .quad, .addr and .long.
    • FFI/ARM64/OSX: Fix vararg call handling.
    • Prevent compile of __concat with tailcall to fast function.
    • Fix IR_RENAME snapshot number. Follow-up fix for a32aeadc.
    • DynASM: Fix global label references
    • DynASM/ARM64: Add VREG support.
    • Fix build with busybox grep.
    • NetBSD: Use PROT_MPROTECT() and disable getentropy().
    • Allow disabling the serializer.
    • BSD: Fix build with BSD grep.
    • Fix .bat file builds.
    • OSX: Fix build by hardcoding external frame unwinding.
    • Reorganize lightuserdata interning code.
    • Upgrade docs to HTML5. It's about time.
    • FFI: Handle zero-fill of struct-of-NYI.
    • ARM64: Improve generation of immediates.
    • Detect inconsistent renames even in the presence of sunk values.
    • Handle on-trace OOM errors from helper functions.
    • Use weak guards for on-trace allocations.
    • PPC: Fix GG_State loads.
    • MIPS: Fix handling of long-range spare jumps.
    • Cleanup and enable external unwinding for more platforms.
    • Remove specific version numbers from the docs.
    • iOS: Don't use getentropy() since it's disallowed in the App Store.
    • Linux/ARM64: Make mremap() non-moving due to VA space woes.