Nginx core

• Upgrade from nginx 1.27.1 to 1.29.2.

OpenSSL

• upgraded from version 3.4.1 to 3.5.5.

PCRE

• upgraded from version 10.44 to 10.47.

lua-nginx-module v0.10.29

• feature: added ngx_http_lua_ffi_ssl_get_client_hello_ext_present(). Thanks Gabriel Clima for the patch.
• feature: add function to bypass HTTP conditional request checks (#2401) Thanks kurt for the patch.
• feature: add lua_ssl_key_log directive. Thanks willmafh for the patch.
• feature: add ngx_http_lua_ffi_req_shared_ssl_ciphers(). Thanks Sunny Chan for the patch.
• feature: add sock:getfd(). Thanks lijunlong for the patch.
• feature: Export three functions for manipulating ngx_http_lua_co_ctx_t structures. Thanks lijunlong for the patch.
• feature: ngx_http_lua_ffi_ssl_get_client_hello_ciphers(). Thanks Gabriel Clima for the patch.
• feature: proxy_ssl_verify_by_lua directives. Thanks willmafh for the patch.
• feature: support tcp binding ip:port or ip of ipv4 or ipv6 Thanks ElvaLiu for the patch.
• bugfix: add HTTP/3 QUIC SSL Lua yield patch macro protection. Thanks swananan for the patch.
• bugfix: didn't flush send buffer after lua phase(access/rewrite/server_rewrite) done. Thanks lijunlong for the patch.
• bugfix: didn't use right hostname when the length of hostname is greater than 32. Thanks lijunlong for the patch.
• bugfix: ensure context is restorable on fd writable events. Thanks Zeping Bai for the patch.
• bugfix: improve HTTP/3 SSL Lua callback yield handling. Thanks swananan for the patch.
• bugfix: resume QUIC handshake for OpenSSL external QUIC API builds Thanks swananan for the patch.
• bugfix: the modifications in this PR are to supplement the overlooked changes in the commit e8f65dc53. Thanks lijunlong for the patch.
• optimize: unnecessary to do error check. Thanks willmafh for the patch.
• change: ngx_http_lua_ffi_get_req_ssl_pointer() add err argument. Thanks lijunlong for the patch.
• style: code style consistency. Thanks willmafh for the patch.

stream-lua-nginx-module v0.0.17

• feature: add lua_ssl_key_log directive to log client connection SSL keys in the tcpsock:sslhandshake method. Keys are logged in the SSLKEYLOGFILE format compatible with Wireshark. Thanks willmafh for the patch.
• feature: add ngx_stream_lua_ffi_get_req_ssl_pointer() for stream subsystem. Thanks lijunlong for the patch.
• feature: add ngx_stream_lua_ffi_req_dst_addr(). Thanks lijunlong for the patch.
• feature: add support for nginx-1.29.2. Thanks lijunlong for the patch.
• feature: add support for nginx-1.29.2. Thanks lijunlong for the patch.
• feature: add support for tcp/udp bind. Thanks alonbg for the patch.
• feature: ngx_stream_lua_ffi_req_shared_ssl_ciphers(). Thanks Ri Shen Chen for the patch.
• feature: proxy_ssl_verify_by_lua directives. Thanks willmafh for the patch.
• bugfix: failed to build with openssl 1.x.x and boringssl. Thanks lijunlong for the patch.
• bugfix: failed to build with openssl < 3.0.2. Thanks lijunlong for the patch.
• bugfix: fixed typo. Thanks willmafh for the patch.
• bugfix: fixed warning. Thanks lijunlong for the patch.
• bugfix resolve unused function warning in BoringSSL builds. Thanks swananan for the patch.
• optimize: add error checking for SSL_set_tlsext_status_type(). Thanks Fahnenfluchtige for the patch.
• optimize: checked r before using it. Thanks Fahnenfluchtige for the patch.
• optimize: fixed build warning. Thanks lijunlong for the patch.
• style: fixed coding style. Thanks lijunlong for the patch.
• style: fixed coding style. Thanks willmafh for the patch.

lua-resty-core v0.1.32

• feature: add bind support for the stream subsystem. Thanks lijunlong for the patch.
• feature: add bypass_if_checks method to ngx.resp (#495) Thanks kurt for the patch.
• feature: add get_req_ssl_pointer() for stream subsystem. Thanks lijunlong for the patch.
• feature: add ngx.req.get_original_addr. Thanks lijunlong for the patch.
• feature: add sock:getfd(). Thanks lijunlong for the patch.
• feature: add ssl.get_shared_ssl_ciphers for stream subsystem. Thanks Sunny Chan for the patch.
• feature: add support for nginx-1.29.2. Thanks lijunlong for the patch.
• feature: add support for ssl.get_req_shared_ssl_ciphers() Thanks Sunny Chan for the patch.
• feature: get_client_hello_ciphers() (#498) Thanks Gabriel Clima for the patch.
• feature: proxy_ssl_verify_by_lua directives. Thanks willmafh for the patch.
• feature: add get_client_hello_ext_present Thanks Gabriel Clima for the patch.
• optimize: remove unused code. Thanks lijunlong for the patch.
• optimize: remove unused param. Thanks Bai Miao for the patch.
• bugfix: failed to get error message because the input buffer length is not set. Thanks lijunlong for the patch.
• bugfix: fix issue #499，to avoid unexpect assertion when c func return FFI_OK immediately. Thanks akf00000 for the patch.
• doc: add doc for get_client_hello_ext_present(). Thanks lijunlong for the patch.
• doc: fixed typo. Thanks lijunlong for the patch.
• style: fixed coding style. Thanks lijunlong for the patch.

luajit2 v2.1-20251022

• Add compatibility string coercion for fp:seek() argument. Thanks Mike Pall for the patch.
• Add GNU/Hurd build support. Thanks Mike Pall for the patch.
• ARM64: Fix pass-by-value struct calling conventions. Thanks Mike Pall for the patch.
• ARM: Fix soft-float math.min()/math.max(). Thanks Mike Pall for the patch.
• Avoid out-of-range PC for stack overflow error from snapshot restore. Thanks Mike Pall for the patch.
• Avoid out-of-range PC for stack overflow error from snapshot restore. Thanks Mike Pall for the patch.
• Avoid unpatching bytecode twice after a trace flush. Thanks Mike Pall for the patch.
• bugfix: table.clone can't work after commit 538a82133ad. Thanks lijunlong for the patch.
• Change handling of nil value markers in template tables. Thanks Mike Pall for the patch.
• Change handling of nil value markers in template tables. Thanks Mike Pall for the patch.
• FFI: Add pre-declared int128_t, uint128_t, __int128 types. Thanks Mike Pall for the patch.
• FFI: Fix dangling CType references (again). Thanks Mike Pall for the patch.
• FFI: Fix dangling CType references. Thanks Mike Pall for the patch.
• Fix error generation in load*. Thanks Mike Pall for the patch.
• Fix handling of nil value markers in template tables. Thanks Mike Pall for the patch.
• Fix io.write() of newly created buffer. Thanks Mike Pall for the patch.
• Fix JIT slot overflow during up-recursion. Thanks Mike Pall for the patch.
• Fix reporting of an error during error handling. Thanks Mike Pall for the patch.
• Fix state restore when recording __concat metamethod. Thanks Mike Pall for the patch.
• Gracefully handle broken custom allocator. Thanks Mike Pall for the patch.
• Improve CLI signal handling on POSIX. Thanks Mike Pall for the patch.
• Initialize unused value when specializing to cdata metatable. Thanks Mike Pall for the patch.
• macOS: Add support for Apple hardened runtime. Thanks Mike Pall for the patch.
• macOS: Fix Apple hardened runtime support and put behind build option. Thanks Mike Pall for the patch.
• macOS: Fix support for Apple hardened runtime. Thanks Mike Pall for the patch.
• Merge from upstream v2.1. Thanks lijunlong for the patch.
• Prevent Clang UB 'optimization' which breaks integerness checks. Thanks Mike Pall for the patch.
• Remove Cygwin from docs, since it's not a supported target. Thanks Mike Pall for the patch.
• REVERT: Change handling of nil value markers in template tables. Thanks Mike Pall for the patch.
• Use dylib extension for iOS installs, too. Thanks Mike Pall for the patch.
• Windows: Add lua52compat option to msvcbuild.bat. Thanks Mike Pall for the patch.
• Windows: Allow mixed builds with msvcbuild.bat. Thanks Mike Pall for the patch.
• Windows: Clarify installation directory layout. Thanks Mike Pall for the patch.
• x64: Add support for CET IBT. Thanks Mike Pall for the patch.
• x86/x64: Don't use undefined MUL/IMUL zero flag. Thanks Mike Pall for the patch.

lua-resty-redis

• bugfix: connection is closed after the blpop and brpop calls time out. Thanks 冉朋 for the patch.
• docs: fix typo in README.markdown. Thanks hms5232 for the patch.
• optimize: return setmetatable is NYI which can not be jit compiled. (#287) Thanks Zero King for the patch.

xss-nginx-module

• feature: add dynamic build support. Thanks Su Yang for the patch.

lua-upstream-nginx-module

• doc: small typo fixes in the docs for get_servers. Thanks chronolaw for the patch.

lua-resty-lock

• doc: correct package status in README.markdown. Thanks jumper047 for the patch.

ngx_devel_kit

• src/ndk.h: Do not #error if 'NDK' is undefined Thanks Simpl for the patch.
• src/ndk.h: do not #error if 'NDK' is undefined Thanks Zurab Kvachadze for the patch.
• src/ndk.h: Update version Thanks Simpl for the patch.

headers-more-nginx-module

• bugfix: didn't set next to NULL for the output header. Thanks lijunlong for the patch.
• Move the LICENSE content to a separate file. Thanks uhliarik for the patch.

rds-csv-nginx-module

• bugfix: change bit filed member type to unsigned to suppress the warning. Thanks lijunlong for the patch.

lua-resty-shell

• doc: add a description of the default value of the max_size parameter. Thanks lijunlong for the patch.
• README.md: add info about default timeout (#21) Thanks Jeffrey 'jf' Lim for the patch.

lua-resty-mysql

• bugfix: mysql driver doesn't handle well server side query timeout (Query execution was interrupted). Thanks Nir Nahum for the patch.

resty-cli

• feature: add new option --load-module. Thanks lijunlong for the patch.
• feature: resty: implemented the --dump-nginx-conf option to print out the generated configuration. Thanks 罗泽轩 for the patch.

opm

• opm: revamp options. Thanks Dmitry Meyer for the patch.
• doc: fixed wrong example of user command line arguments. Thanks Johnny Wang for the patch.