OpenResty® Scalable Web Platform by Extending NGINX with Lua

Contribute on GitHub Official Forum Try OpenResty XRay

OpenResty XRay

Advanced observability built for OpenResty and more

OpenResty XRay Live Demo →

×
limited time offer
Request TRIAL today and receive a diagnostic REPORT
Learn more
New! OpenResty 1.27.1.1 is now released!
New! OpenResty 1.25.3.2 is now released!
New! New blog post Pinpointing the Python Code Paths with High Disk I/O (using OpenResty XRay) is published.
New! New blog post How to Trace Exceptions inside PHP Applications (using OpenResty XRay) is published.
New! New blog post Install OpenResty XRay’s Agents on Kubernetes cluster is published.
New! New blog post How to Automate Managing Gateway Servers in K8s Environment (using OpenResty Edge) is published.
New! New blog post Use Lua Extensions to Respond to Gateway Server Offline Events in OpenResty Edge is published.
New! New blog post Pinpointing the Hottest Rust Code Paths with High Disk I/O (using OpenResty XRay) is published.

ChangeLog for 1.27.1.x

lijunlong , 15 Oct 2024 (created 14 Aug 2024)

Version 1.27.1.1 - 16 Oct 2024

  • upgraded the nginx core to 1.27.1
  • upgraded lua-nginx-module to 0.10.27
    • bugfix: fixed keepalive error in cosocket. Thanks lijunlong for the patch.
    • bugfix: ensure compatibility with older nginx versions lacking TLS 1.3 support. Thanks lijunlong for the patch.
    • bugfix: initialize ASN1_GENERALIZEDTIME pointers in ssl_validate_ocsp_response. Thanks lijunlong for the patch.
    • bugfix: nginx crashed when binding local address failed from lua. Thanks lijunlong for the patch.
    • bugfix: treat shared dict entries with TTL of 0 as expired. Thanks lijunlong for the patch.
    • bugfix: let balancer.recreate_request API work for body data changed case. Thanks Jun Ouyang for the patch.
    • feature: add support for SSL trusted certificates in client verification. Thanks xiangwei for the patch.
    • bugfix: respect max retry after using balancer pool. Thanks kurt for the patch.
    • feature: support ngx.location.capture and ngx.location.capture_multi with headers option. Thanks Tinglong Yang for the patch.
    • bugfix: undefined symbol SSL_client_hello_get0_ext when linking against libressl. Thanks lijunlong for the patch.
    • bugfix: fixed compilation errors when building without SSL. Thanks Johnny Wang for the patch.
    • change: should match the local address when get connection from the keepalive pool. Thanks lijunlong for the patch.
    • feature: implemented keepalive pooling in balancer_by_lua*. Thanks lijunlong for the patch.
    • bugfix: prevent main thread access to freed fake request in init_worker. Thanks fesily for the patch.
    • bugfix: preserve lua-nginx-module context when ngx.send_header() triggers filter_finalize. Thanks Jun Ouyang for the patch.
    • bugfix: fix config test for signalfd with gcc 11. Thanks Jiří Setnička for the patch.
    • bugfix: worker thread Lua VM may take lots of memory. Thanks lijunlong for the patch.
    • bugfix: ensure proper connection closure when setting empty body before last chunk. Thanks Liu Wei for the patch.
    • bugfix: wrong arguments of setkeepalive() result in the compromise of data integrity. Thanks lijunlong for the patch.
    • bugfix: Fixing compatibility issues with BoringSSL. Thanks lijunlong for the patch.
    • feature: validate and expose nextUpdate field in OCSP response. Thanks Elvin Efendi for the patch.
    • feature: add support for deriving key from tls master secret. Thanks bas-vk for the patch.
    • feature: add UDP cosocket bind api. Thanks syz for the patch.
    • bugfix: fixed HTTP HEAD request smuggling issue. Thanks lijunlong for the patch.
    • optimize: allow to reenable the tls for the upstream. Thanks lijunlong for the patch.
    • feature: add FFI function for balancer.disable_ssl(). Thanks lijunlong for the patch.
    • bugfix: correct offset vector memory allocation size for PCRE2. Thanks Zhongwei Yao for the patch.
    • feature: implemented ngx_http_lua_ffi_ssl_client_random. Thanks Ruidong-X for the patch.
    • bugfix: fix memory corruption in consecutive regex calls. Thanks Zhongwei Yao for the patch.
    • feature: add ngx_http_lua_ffi_parse_der_cert and ngx_http_lua_ffi_parse_der_key functions. Thanks Brian Rak for the patch.
  • upgraded stream-lua-nginx-module to 0.0.15
    • bugfix: fixed keepalive error in cosocket. Thanks lijunlong for the patch.
    • bugfix: treat shared dict entries with TTL of 0 as expired. Thanks lijunlong for the patch.
    • feature: add support for SSL trusted certificates in client verification. Thanks xiangwei for the patch.
    • feature: support lua balancer set proxy bind dynamic Thanks ytlm for the patch.
    • bugfix: check for SSL context instead of listen flag for nginx 1.25.5+ compatibility. Thanks Konstantin Pavlov for the patch.
    • bugfix: wrong arguments of setkeepalive() result in the compromise of data integrity. Thanks lijunlong for the patch.
    • bugfix: correct offset vector memory allocation size for PCRE2. Thanks Zhongwei Yao for the patch.
    • feature: implemented ngx_stream_lua_ffi_ssl_client_random. Thanks Ruidong-X for the patch.
    • bugfix: wrong argument for pcre2_match. Thanks lijunlong for the patch.
    • feature: add functions to parse DER formatted certificates/keys. Thanks Brian Rak for the patch.
    • changes: remove the useless pcre config. Thanks swananan for the patch.
  • upgraded lua-resty-core to 0.1.29
    • feature: add ssl_trusted_certificate argument for ssl.verify_client(). Thanks xiangwei for the patch.
    • feature: add balancer.bind_to_local_addr for stream module. Thanks ytlm for the patch.
    • feature: makes outgoing connections to a proxied server originate from the specified local IP address with an optional port. Thanks lijunlong for the patch.
    • feature: implemented keepalive pooling in balancer_by_lua*. Thanks lijunlong for the patch.
    • bugfix: initialize next_update pointer to avoid potential stale values. Thanks YanLIU for the patch.
    • optimize: localize tonumber for ngx.worker.pids. Thanks Chrono for the patch.
    • feature: validate_ocsp_response should return nextUpdate if available. Thanks Elvin Efendi for the patch.
    • feature: add ssl.get_req_ssl_pointer. Thanks James Callahan for the patch.
    • feature: add support for exporting key material to derive keys from the tls master secret. Thanks bas-vk for the patch.
    • feature: add balancer.set_upstream_tls(on). Thanks lijunlong for the patch.
    • feature: add ssl.get_client_random. Thanks Ruidong-X for the patch.
    • optimize: explicit requirement to use bash. Thanks lynch for the patch.
    • feature: add parse_der_cert and parse_der_priv_key functions. Thanks Brian Rak for the patch.
  • upgraded lua-resty-websocket to 0.12
    • feature: add send_continue method. Thanks Toru for the patch.
    • feature: client:connect() returns HTTP response header. Thanks Michael Martin for the patch.
    • feature: custom sec-websocket-key in client. Thanks Michael Martin for the patch.
    • feature: add support for discrete send/recv payload limits in WebSocket client. Thanks Michael Martin for the patch.
    • feature: support custom host header in client. Thanks flrgh for the patch.
    • feature: support connecting to unix sockets. Thanks Petter Berven for the patch.
    • optimization: check ssl_support early. Thanks Michael Martin for the patch.
  • upgraded lua-resty-redis to v0.31
    • optimize: cache the table for sending requests. Thanks lijunlong for the patch.
  • upgraded lua-resty-string to 0.16
    • feature: add AAD support in aes gcm. Thanks wzxjohn for the patch.
    • change: make random.bytes cryptographically strong by default. Thanks rfl890 for the patch.
  • upgraded lua-cjson to 2.1.0.14
    • feature: Lua 5.3 + 5.4 integer support, with CI and conflicts fixed. Thanks Hisham Muhammad for the patch.
    • bugfix: bus error or SIGSEGV caused by encode not keep buffer. Thanks hyw0810 for the patch.
  • upgraded lua-resty-signal to 0.04
    • bugfix: handle '?.so' in package.cpath. Thanks Michael Martin for the patch.
  • upgraded lua-resty-lrucache to v0.14
    • optimize: echo warning message when install this library to "/usr/local/lib/lua/" and copy installation guide from lua_resty_core module. Thanks lynch for the patch.
  • upgraded rds-json-nginx-module to 0.17
    • bugfix: failed to compilation on rockylinux 9. Thanks lijunlong for the patch.
  • upgraded luajit2 to 2.1-20240815
    • Reflect override of INSTALL_LJLIBD in package.path.
    • ARM64: Use movi to materialize FP constants.
    • Add more FOLD rules for integer conversions.
    • Different fix for partial snapshot restore due to stack overflow. Reported by Junlong Li. Fixed by Peter Cawley.
    • change: disable hash computation optimization in the OpenResty branch (agentzh-v2.1) due to the possibility of severe performance degradation (CVE-2024-39702). This issue is specific to our branch and does not affect upstream LuaJIT. Thanks to Zhongwei Yao from Kong Inc. for reporting this issue. Thanks lijunlong for the patch.
    • bugfix: Enabled ppc64le arch on travis and fixed one failing test case. Thanks Alhad Deshpande for the patch.
    • Prevent sanitizer warning in snap_restoredata().
    • Limit number of string format elements to compile.
    • FFI: Clarify scalar boxing behavior.
    • OSX/iOS: Fix SDK incompatibility.
    • Windows/MSVC: Cleanup msvcbuild.bat and always generate PDB.
    • Fix segment release check in internal memory allocator.
    • FFI: Turn FFI finalizer table into a proper GC root.
    • OSX/iOS: Always generate 64 bit non-FAT Mach-O object files.
    • Show name of NYI bytecode in -jv and -jdump.
    • Use generic trace error for OOM during trace stitching.
    • feature: add s390x disassembler. Thanks Aditya Bisht for the patch.
    • Handle all types of errors during trace stitching.
    • Fix recording of __concat metamethod.
    • Prevent down-recursion for side traces.
    • Check frame size limit before returning to a lower frame.
    • FFI: Treat cdata finalizer table as a GC root.
    • Handle stack reallocation in debug.setmetatable() and lua_setmetatable().
    • optimize: [ppc64le] Aligned code as per other archs for next_1 function and relevant code changes. Thanks Alhad Deshpande for the patch.
    • Rework stack overflow handling.
    • Preserve keys with dynamic values in template tables when saving bytecode.
    • Prevent include of luajit_rolling.h.
    • Fix zero stripping in %g number formatting.
    • Fix unsinking of IR_FSTORE for NULL metatable.
    • DynASM/x86: Add endbr instruction.
    • MIPS64 R2/R6: Fix FP to integer conversions.
    • Add cross-32/64 bit and deterministic bytecode generation.
    • DynASM/x86: Allow [&expr] operand.
    • Check for IR_HREF vs. IR_HREFK aliasing in non-nil store check.
    • Respect jit.off() on pending trace exit.
    • Simplify handling of instable types in TNEW/TDUP load forwarding.
    • Only emit proper parent references in snapshot replay.
    • Fix anchoring for string buffer set() method (again).
    • ARM: Fix stack restore for FP slots.
    • Document workaround for multilib vs. cross-compiler conflict.
    • Fix anchoring for string buffer set() method.
    • Fix runtime library flags for MSVC debug builds.
    • Fix .debug_abbrev section in GDB JIT API.
    • Optimize table.new() with constant args to (sinkable) IR_TNEW.
    • Emit sunk IR_NEWREF only once per key on snapshot replay.
  • Timeline

OpenResty® is a registered trademark owned by OpenResty Inc.

Copyright © 2017, 2018, 2019, 2020, 2021, 2022 by Yichun Zhang (agentzh)

100% Powered by OpenResty and PostgreSQL ( view the source code of this site)