Version 1.21.4.3 - 7 Nov 2023

• bugfix: applied the patch for security advisory to NGINX cores. (CVE-2023-44487).

Version 1.21.4.2 - 19 Jul 2023

• win32/win64: upgraded zlib to 1.2.13.

• win32/win64: upgraded OpenSSL to 1.1.1t.

• upgraded lua-nginx-module to v0.10.25

  • bugfix: used after free when encountering invalid http IF-Match header. Thanks lijunlong for the patch.
  • bugfix: ssl_client_hello_by_lua generating chunk cache key and chunk name. Thanks willmafh for the patch.
  • bugfix: cosocket did not exit when worker_shutdown_timeout handler is called. Thanks lijunlong for the patch.
  • feature: implement HTTP 3.0 support for ngx.req.http_version(). Thanks Yu.Zhu for the patch.
  • bugfix: fix receiveuntil rest bytes count. Thanks ZongRun for the patch.
  • bugfix: add a timed recycling child process as a last resort. Thanks lijunlong for the patch.
  • feature: add new FFI API ngx_http_lua_ffi_msec. Thanks lijunlong for the patch.
  • bugfix: did not wakeup coroutine when worker thread finished. Thanks kingluo for the patch.
  • feature: add ngx_http_lua_ffi_worker_pids to get all workers pid map. Thanks attenuation for the patch.
  • bugfix: run_worker_thread arg is self-reference. Thanks fesily for the patch.
  • feature: introduced new API tcpsock:bind(). Thanks lijunlong for the patch.
  • feature: add shdict APIs into worker thread. Thanks jinhua luo for the patch.
  • bugfix: set flags for Darwin arm64. Thanks lijunlong for the patch.
  • bugfix: improved handling of multiple headers changed in nginx 1.23.0. Thanks Hiroaki Nakamura for the patch.
  • change: increased the maximum size to 65536 for the udp datagram. Thanks lijunlong for the patch.
  • optimize: destroy pipe proc when freeing the request. Thanks lijunlong for the patch.
  • optimize: add error log when closing the pipe failed. Thanks lijunlong for the patch.
  • bugfix: fix potential null pointer dereference found by Coverity. Thanks Ilya Shipitsin for the patch.
  • optimize: fixed dead code found by Coverity. Thanks Ilya Shipitsin for the patch.
  • feature: in content_by_lua_file, return 503 for file read error. Thanks jizhuozhi for the patch.
  • bugfix: Apple Silicon FFI ABI limitation workaround. Thanks Chrono for the patch.
  • bugfix: failed to compile when nginx https is disabled. Thanks lijunlong for the patch.
  • feature: add server_rewrite_by_lua*. Thanks xiaobiaozhao for the patch.
  • cosocket: add function tcpsock:setclientcert, reimplemented tcpsock:sslhandshake with FFI. Thanks Datong Sun for the patch.
  • optimize: use ngx_hash_t to optimize the built-in header look-up process for ngx.header.HEADER. Thanks lijunlong for the patch.
  • feature: add FFI implementation for ngx.arg getter. Thanks 罗泽轩 for the patch.
  • bugfix: fixed size of the array when initialized in the init_worker_by* phase. Thanks Jiahao Wang for the patch.
  • bugfix: ambiguous error message 'connection in dubious state' when connection is closed. Thanks lijunlong for the patch.
  • bugfix: passing the wrong chunkname argument to luaL_loadbuffer. Thanks lijunlong for the patch.
  • optimize: change lua chunkname to config filename and line number for {init,header_filter,body_filter}_by_lua_block and so on. Thanks lijunlong for the patch.
  • change: the error message should use the first line rather than the last line of the code block when loading lua code block fails. Thanks lijunlong for the patch.
  • bugfix: segment fault when get header via ngx.req.raw_header with malformed requests. Thanks Gordon McKinney for the patch.
  • change: remove useless code for get old_cpath. Thanks Tinglong Yang for the patch.
  • bugfix: ngx.run_worker_thread injected API into the wrong table. Thanks jinhua luo for the patch.
  • feature: add API to fetch raw nginx SSL pointer of the downstream request. Thanks James Callahan for the patch.
  • feature: SSL/TLS: support for passphrase protected key. Thanks lijunlong for the patch.
  • feature: expose the 'Last-Modified' response header as ngx.header["Last-Modified"]. Thanks lijunlong for the patch.
  • bugfix: posted event handler was called after event memory was freed. Thanks lijunlong for the patch.
  • optimize: don't calculate hash when clearing the request header. Thanks spacewander for the patch.
  • feature: check the number of parameters for ngx.thread.wait. Thanks tan jinhua for the patch.
  • change: use nil instead of false when lpush & rpush overflow. Thanks yang.yang for the patch.
  • feature: prevent calling ngx.exit() with invalid values. Thanks Thibault Charbonnier for the patch.
  • feature: added FFI-based function ngx_http_lua_ffi_req_is_internal. Thanks chronolaw for the patch.
  • feature: added http const HTTP_NOT_IMPLEMENTED. Thanks Landon Manning for the patch.

• upgraded stream-lua-nginx-module to v0.0.12

  • feature: introduced new API ngx_stream_lua_ffi_monotonic_msec. Thanks lijunlong for the patch.
  • feature: add CONTEXT_YIELDABLE constant to stream subsys. Thanks 罗泽轩 for the patch.
  • bugfix: wrong size for the pending timers. Thanks lijunlong for the patch.
  • feature: add ngx_stream_lua_ffi_worker_pids to get all workers pid map. Thanks attenuation for the patch.
  • bugfix: Apple Silicon FFI ABI limitation workaround. Thanks Chrono for the patch.
  • feature: SSL/TLS supports passphrase protected private key. Thanks lijunlong for the patch.
  • bugfix: posted event handler was called after event memory was freed. Thanks lijunlong for the patch.

• upgraded lua-resty-core to v0.1.27

  • optimize: avoid NYI in the get_string_buf function. Thanks Jiahao Wang for the patch.
  • feature: implemented monotonic_msec() and monotonic_time() in resty.core.time. Thanks lijunlong for the patch.
  • bugfix: get ngx_lua_version before 'not ngx.config'. Thanks willmafh for the patch.
  • feature: add ngx.worker.pids to get all workers pid map. Thanks attenuation for the patch.
  • optimize: destroy pipe when freeing request. Thanks lijunlong for the patch.
  • optimize: localize pcall function in base.lua to improve performance. Thanks Chrono for the patch.
  • feature: implemented get_supported_versions() in clienthello phase. Thanks Attenuation for the patch.
  • bugfix: Apple Silicon FFI ABI limitation workaround. Thanks Chrono for the patch.
  • bugfix: did not get the correct error message for when require module. Thanks lijunlong for the patch.
  • feature: added support for ssl_server_rewrite_by_lua. Thanks lijunlong for the patch.
  • cosocket: add function tcpsock:setclientcert, reimplemented tcpsock:sslhandshake with FFI. Thanks Datong Sun for the patch.
  • feature: provide a way to reuse table in ngx.req.get_uri_args. Thanks 罗泽轩 for the patch.
  • feature: add FFI implementation for ngx.arg getter. Thanks 罗泽轩 for the patch.
  • optimize: localize bit.bor in clienthello.lua to improve performance. Thanks Chrono for the patch.
  • optimize: reimplemented the coroutine wrapper using the FFI API. Thanks lijunlong for the patch.
  • feature: support passphrase protected private key. Thanks lijunlong for the patch.
  • feature: reimplemented ngx.req.is_internal with LuaJIT FFI. Thanks chronolaw for the patch.
  • optimize: removed the extra return. Thanks lijunlong for the patch.

• upgraded luajit2 to v2.1-20230119

  • Avoid negation of signed integers in C that may hold INT*_MIN.
  • Correct fix for stack check when recording BC_VARG.
  • Disable FMA by default. Use -Ofma or jit.opt.start("+fma") to enable.
  • FFI: Fix dangling reference to CType. Improve checks.
  • ARM64: Fix code generation for IR_SLOAD with typecheck + conversion.
  • Avoid assertion in case of stack overflow from stitched trace.
  • Ensure correct stack top for OOM error message.
  • ARM64: Fix IR_SLOAD assembly.
  • Fix trace join to BC_JLOOP originating from BC_ITERN.
  • bugfix: fix math.floor() and math.ceil(). Thanks Aditya Bisht for the patch.
  • Add -F option to override filename in jit.bcsave (luajit -b).
  • Patch luajit.pc with INSTALL_INC, if customized.
  • LJ_GC64: Fix lua_concat().
  • Prevent use of RTLD_DEFAULT when NO_RTLD_DEFAULT is defined.
  • Improve GC estimation for userdata with attached managed memory.
  • Add missing GC steps to string buffer methods.
  • x86/x64: Limit VLOAD fusion to simple cases.
  • OSX/iOS/ARM64: Fix generation of Mach-O object files.
  • Prevent trace start at BC_ITERL after compiled BC_ITERN.
  • ARM64: Allow building with unwinding disabled.
  • FFI: Fix sizeof expression in C parser for reference types.
  • FFI: Fix ffi.alignof() for reference types.
  • FFI: Allow ffi.metatype() for typedefs with attributes.
  • OSX/iOS/ARM64: Fix bytecode embedding in Mach-O object file.
  • LJ_GC64: Fix IR_VARG offset for fixed number of results.
  • x86/x64: Fix math.ceil(-0.9) result sign.
  • Make embedded bytecode readable and forward-compatible.
  • Update console build instructions.
  • Avoid zero-sized arrays in jit_State.
  • Don't use jit_State during build with JIT disabled.
  • DynASM/ARM64: Fix LSL/BFI* encoding with variable registers.
  • Fix ITERN loop detection when hook checks are enabled.
  • Prevent C compiler undefined-behavior optimization.
  • Fix alias analysis for table length forwarding.
  • Fix loop initialization in table.foreach().
  • LJ_GC64: Fix HREFK optimization.
  • Fix recording of __concat metamethod.
  • Cleanup of system and architecture support docs.

• upgraded resty-cli to v0.29

  • change: save the original ngx.exit to ngx.orig_exit. Thanks lijunlong for the patch.

• upgraded lua-cjson to 2.1.0.11

  • bugfix: empty_array can not work on Apple because cjson did not compare light userdata address with masked address. Thanks Datong Sun for the patch.
  • bugfix: windows luarocks doesn't export cjson.safe. Thanks momoterraw for the patch.

• upgraded headers-more-nginx-module to v0.34

  • bugfix: nginx crash when accessing uninitialized pointer. Thanks lijunlong for the patch.
  • bugfix: update handling of multiple headers changed in nginx 1.23.0. Thanks Hiroaki Nakamura for the patch.
  • bugfix: fixed build error with nginx >= 1.23.0. Thanks somni for the patch.

• upgraded lua-resty-upstream-healthcheck to v0.07

  • change: improved healthcheck status for prometheus. Thanks Jonas Badstübner for the patch.
  • bugfix: opts.host has not been assigned to ctx. Thanks yueziii for the patch.
  • feature: allowing check on different port. Thanks Franck Lombardi for the patch.
  • feature: add HTTPS health check. Thanks Yannic Rieger for the patch.
  • feature: add prometheus metrics format status. Thanks Yannic Bastian Rieger for the patch.

• upgraded opm to v0.0.7

  • change: web: show the package installation command in the package details page. Thanks guisheng zhou for the patch.
  • bugfix: 'install_dir' should not be /usr/local/openresty/site but /usr/local/openresty/bin. Thanks lijunlong for the patch.
  • feature: web: support github login and deferred deletion. Thanks xlibor for the patch.

• upgraded ngx_devel_kit to v0.3.2

  • change: fixed a typo in ndk_upstream_list.c. Thanks lijunlong for the patch.

• upgraded lua-resty-lock to v0.09

  • optimize: return setmetatable is NYI. Thanks lijunlong for the patch.

• upgraded srcache-nginx-module to v0.33

  • bugfix: update handling of cache_control changed in nginx 1.23.0. Thanks Hiroaki Nakamura for the patch.
  • change: add status code 307, 308 to the default value of srcache_store_statuses. Thanks Jérémy Lal for the patch.

• upgraded lua-resty-websocket to v0.10

  • feature: add mtls client cert support. Thanks Qi for the patch.
  • optimize: localize some ngx.* API to improve performance. Thanks Chrono for the patch.
  • bugfix: default to port 443 for wss urls. Thanks John Regan for the patch.

• upgraded lua-resty-lrucache to v0.13

  • optimize: remove NYI call in lurcache. Thanks lijunlong for the patch.

• upgraded lua-resty-upload to v0.11

  • feature: add an option to preserve body. Thanks Suika for the patch.

• upgraded lua-resty-memcached to v0.17

  • optimize: return setmetatable is NYI which can not be jit compiled. Thanks lijunlong for the patch.
  • optimize: reuse the cmd_tab to minimize the gc. Thanks lijunlong for the patch.
  • feature: implemented {init,commit,cancel}_pipeline(). Thanks syz for the patch.
  • feature: add support for connecting over TLS. Thanks Alessandro Ghedini for the patch.

• upgraded echo-nginx-module to v0.63

  • optimize: fix potential null pointer dereference found by Coverity. Thanks Ilya Shipitsin for the patch.
  • bugfix: fix potential null pointer dereference found by Coverity. Thanks Ilya Shipitsin for the patch.
  • bugfix: fix minor issue found by Coverity in src/ngx_http_echo_subrequest.c. Thanks Ilya Shipitsin for the patch.

• upgraded drizzle-nginx-module to v0.1.12

  • bugfix: fix potential null pointer dereference found by Coverity. Thanks Ilya Shipitsin for the patch.

Version 1.21.4.1 - 18 May 2022

• upgraded the nginx core to 1.21.4.

  • see the changes here: http://nginx.org/en/CHANGES

• win32/win64: upgraded zlib to 1.2.12.

• win32/win64: upgraded OpenSSL to 1.1.1n.

• feature: allow to be compiled with LibreSSL 3.0+. Thanks spacewander for the patch.

• feature: add lua_ssl_conf_command directive for setting arbitrary OpenSSL configuration parameter particularly the TLSv1.3 ciphersuites. Thanks Zhefeng Chen for the patch.

• feature: implemented the ssl_client_hello_by_lua* api for controlling the NGINX downstream SSL handshake dynamically with Lua. Thanks Zhefeng Chen for the patch.

• feature: the number connections of privileged agent can be set by enable_privileged_agent(connections). Thanks wangyao for the patch.

• feature: implemented the new ngx.run_worker_thread API to run Lua function in a seperated worker thread. Thanks kingluo for the patch.

• upgraded lua-nginx-module to 0.10.21

  • bugfix: ngx.pipe waits until timeout because child process forgot to close pipe after dup2. Thanks Junlong Li for the patch.
  • bugfix: posted event handler was called after event memory was freed. Thanks Junlong Li for the patch.
  • bugfix: prevent illegal memory access in ngx_http_lua_util.c. Thanks Jiahao Wang for the patch.
  • optimize: removed superfluous code from shdict_store. Thanks Odin Hultgren Van Der Horst for the patch.
  • bugfix: fix nginx crash caused by a bad format specifier. Thanks balus for the patch.
  • bugfix: fixed memcpy param overlap detected by asan. Thanks pengyanfeng for the patch.
  • bugfix: fix possible null pointer dereference found by Coverity. Thanks doujiang24 for the patch.
  • bugfix: we should use luaL_typename() with lua stack index. Thanks balus for the patch.
  • bugfix: fixed potential leak on memory allocation errors. we have to clean just created SSL context manually, thus appropriate call added. Thanks nandsky for the patch.
  • bugfix: nginx crash when resolve an not exist domain in thread create by ngx.thread.spawn. Thanks lijunlong for the patch.
  • bugfix: should reset the value_len to 0 when reuse the expired list type key in shared dict. Thanks ngtee8 for the patch.
  • change: do not need to create the Lua request ctx data table from C. Thanks doujiang for the patch.
  • bugfix: we should ignore match limit in DFA mode. Thanks Jianyong Chen for the patch.
  • bugfix: buffer bloat and CPU 100% when download large file was filtered by body_filter_by_lua. Thanks lijunlong for the patch.
  • bugfix: fixed missing 'const' qualifier causing compilation failure on freebsd. Thanks Jiahao Wang for the patch.
  • bugfix: should not allow to create timer in the exit process phase. Thanks Jinhua Tan for the patch.
  • feature: support environ in ngx.pipe on mac. Thanks tzssangglass for the patch.

• upgraded stream-lua-nginx-module to 0.0.11

  • bugfix: compilation failed when building without --with-stream_ssl_module. Thanks vislee for the patch.
  • bugfix: we should use luaL_typename() with lua stack index. Thanks Jianyong Chen for the patch.
  • bugfix: fixed possible null pointer dereference found by Coverity. Thanks Ilya Shipitsin for the patch.
  • bugfix: nginx crash when resolve an not exist domain. Thanks lijunlong for the patch.
  • bugfix: should reset the value_len to 0 when reuse the expired list type key in shared dict. Thanks ngtee8 for the patch.
  • bugfix: we should ignore match limit in DFA mode. Thanks balus for the patch.
  • bugfix: some lua configurations (i.e. lua_ssl_trusted_certificate) were missing in the init_worker phase. Thanks doujiang for the patch.
  • bugfix: failed to start when non-ssl server configured with ssl_certificate_by_lua* directive. Thanks Zhefeng Chen for the patch.
  • bugfix: old coroutine APIs were used in the preread and ssl_cert phase. Thanks Zhefeng Chen for the patch.

• upgraded lua-resty-core to 0.1.23

  • bugfix: ngx.re.sub/gsub may incorrectly dropped the last character. Thanks Jianyong Chen for the patch.
  • optimize: use a new upvalue table for the ctxs holder to make LuaJIT JIT compiler happy to generate more efficient machine code. Thanks doujiang for the patch.

• upgraded lua-resty-websocket to 0.09

  • bugfix: should abort when status code is invalid in wb:send_close(server). Thanks Gerrard-YNWA for the patch.

• upgraded lua-resty-redis to 0.30

  • feature: add a surface to support redis module. Thanks spacewander for the patch.

• upgraded lua-resty-limit-traffic to 0.08

  • optimize: resty.limit.conn call dict:incr with init_ttl argument. Thanks WindMGC for the patch.

• upgraded lua-resty-mysql to 0.25

  • bugfix: fallback to default auth plugin if server doesn't have CLIENT_PLUGIN_AUTH capability. Thanks Wangchong Zhou for the patch.

• upgraded set-misc-nginx-module to 0.33

  • feature: added url safe base64 encoding/decoding. Thanks Pavel for the patch.
  • bugfix: fix a possible resource leak of fd when exception occur. Thanks Hai Shi for the patch.
  • feature: added new directive set_hmac_sha256. Thanks erankor for the patch.

• upgraded encrypted-session-nginx-module to 0.09

  • optimize: make it compatible with boringssl. Thanks lijunlong for the patch.

• upgraded lua-resty-string to 0.15

  • feature: added an optional len parameter for resty.md5.update(). Thanks lijunlong for the patch.
  • feature: add enable_padding option for aes. Thanks beimingfish for the patch.
  • optimize: speed up string.to_hex by reusing hex buf. Thanks jinjiezhao for the patch.

• upgraded lua-cjson to 2.1.0.10

  • bugfix: fixed bugs suspected by cppcheck: shift signed 32-bit value by 31 bits and uninitialized variable. Thanks Jiahao Wang for the patch.
  • bugfix: fixed a possible division by zero bugs found by cppcheck. Thanks Jiahao Wang for the patch.
  • feature: support lua 5.2+.

• upgraded luajit2 to 2.1-20220411

  • Add missing check for LJ_KEYINDEX in ITERN recording.
  • DynASM/ARM64: Fix NOP instruction for aligment.
  • Fix soft-float IR_POW splitting.
  • Fix BC_UCLO insertion for returns.
  • Fix string buffer COW handling.
  • Fix command-line argv handling.
  • Always exit after machine code page protection change fails.
  • Fix FOLD rule for BUFHDR append with intervening buffer use.
  • Fix compiled error handling for buffer methods.
  • FFI: Ensure library is loaded before de-serializing FFI types.
  • Fix HREFK forwarding vs. table.clear().
  • Fix FOLD rule for BUFHDR append.
  • Fix tonumber("-0") in dual-number mode.
  • Limit work done in SINK pass.
  • Fix ABC FOLD rule with constants.
  • Windows: Fix binary output of jit.bcsave to stdout.
  • Fix FOLD rule for x-0.
  • ARM64: Fix pcall() error case.
  • refactor: removed duplicated table entries. Thanks lijunlong for the patch.
  • OSX/ARM64: Fix external unwinding.
  • Fix interaction of profiler and ITERN recording.
  • Fix compilation of multi-result call to next().
  • ARM64: Fix IR_HREF code generation.
  • MIPS64: Fix soft-float IR_TOSTR.
  • MIPS: Fix register allocation in assembly of HREF.
  • Windows/x64: Document MSVC flags for C++ exception interoperability.
  • FFI: Ensure returned string is alive in ffi.typeinfo().
  • bugfix: fixed merge error which was introduced by commit 63dee93f4e. Thanks lijunlong for the patch.
  • OSX/ARM64: Disable unwind info.
  • Fix stack allocation after on-trace stack check.
  • Fix ITERN blacklisting.
  • Ensure ITERN forward progress on interpreter bailout.
  • ARM64: Reorder interpreter stack frame and fix unwinding.
  • Don't bail out to interpreter to JLOOP originating from ITERN.
  • FFI: Don't load PC from non-function object in FFI continuation.
  • FFI: Fix missing cts->L initialization in argv2ctype().
  • OSX/ARM64: Disable external unwinding for now.
  • Compile table traversals: next(), pairs(), BC_ISNEXT/BC_ITERN. This work sponsored by OpenResty INC.
  • Use IR_HIOP for generalized two-register returns.
  • Refactor table traversal.
  • ARM: Fix symbol display in trace disassembly.
  • Refactor IR_TMPREF generation.
  • Refactor IR_VLOAD to take an offset.
  • MIPS: Fix trace linking.
  • feature: implemented string.buffer library.
  • Consider slots used by upvalues in use-def analysis.
  • Prevent loop in snap_usedef().
  • Fix io.close().
  • Fix minilua vararg stack handling.
  • Avoid out-of-range number of results when compiling select(k, ...).
  • Fix error message in lj_lib_checkintrange().
  • Fix IRXLOAD_* mode bits description.
  • Add IRCONV_NONE for pass-through INT to I64/U64 type change.
  • Fix jit.dump() output for IR_CONV.
  • Change: Resolve luaL_newstate() return NULL in ppc64le issue. Thanks ManirajDeivendran for the patch.
  • Disable unreliable assertion for external frame unwinding.
  • Flush and close output file after profiling run.
  • Avoid conflict between 64 bit lightuserdata and ITERN key.
  • Change: Resolve compilation error in ppc Thanks Maniraj Deivendran for the patch.
  • bugfix: disabled the assertion since it might be a false alarm on fedora aarch64.
  • feature: added the trace entry and normal exit events in the GC64 interpreter. Thanks doujiang24 for the patch.
  • Throw any errors before stack changes in trace stitching.
  • DynASM/x86: Add missing escape in pattern.
  • DynASM/ARM64: Fix LSL/BFI* encoding with variable shifts.
  • Fix MinGW static build.
  • Fix dependencies.
  • Fix IR_BUFHDR assembly.
  • FFI: Support FFI numbers in string.format() and buf:putf().
  • ARM64: More improvements to the generation of immediates.
  • Abstract out on-demand loading of FFI library.
  • FFI: Fix dangling reference to CType.
  • PPC/PS3: Fix BC_ADD*/BC_SUB*.
  • Fix use-def analysis for vararg functions.
  • Fix use-def analysis for BC_VARG.
  • DynASM/ARM64: Fix ADRP encoding with absolute address.
  • Fix compiler warnings.
  • DynASM/ARM64: Add .long expr. Add .quad/.addr expr + refs.
  • DynASM/x86: Fix x64 .aword refs. Add .qword, .quad, .addr and .long.
  • FFI/ARM64/OSX: Fix vararg call handling.
  • Prevent compile of __concat with tailcall to fast function.
  • Fix IR_RENAME snapshot number. Follow-up fix for a32aeadc.
  • DynASM: Fix global label references
  • DynASM/ARM64: Add VREG support.
  • Fix build with busybox grep.
  • NetBSD: Use PROT_MPROTECT() and disable getentropy().
  • Allow disabling the serializer.
  • BSD: Fix build with BSD grep.
  • Fix .bat file builds.
  • OSX: Fix build by hardcoding external frame unwinding.
  • Reorganize lightuserdata interning code.
  • Upgrade docs to HTML5. It's about time.
  • FFI: Handle zero-fill of struct-of-NYI.
  • ARM64: Improve generation of immediates.
  • Detect inconsistent renames even in the presence of sunk values.
  • Handle on-trace OOM errors from helper functions.
  • Use weak guards for on-trace allocations.
  • PPC: Fix GG_State loads.
  • MIPS: Fix handling of long-range spare jumps.
  • Cleanup and enable external unwinding for more platforms.
  • Remove specific version numbers from the docs.
  • iOS: Don't use getentropy() since it's disallowed in the App Store.
  • Linux/ARM64: Make mremap() non-moving due to VA space woes.