nginx
詳細情報
| タイトル | nginx |
|---|---|
| URL | http://nginx.org/en/ |
| バージョン | ver 1.27.4 |
| 更新日 | 2025/02/06 |
| 追加日 | 2016/02/26 |
| 種別 | フリーソフト / オープンソース(その他) |
| 説明 | フリーでオープンソースの高速Webサーバー。 |
レビュー
レビューはありません。
スクリーンショット
スクリーンショットはありません。
更新グラフ
バージョン履歴
Changes with nginx 1.27.4 05 Feb 2025
*) Security: insufficient check in virtual servers handling with TLSv1.3
SNI allowed to reuse SSL sessions in a different virtual server, to
bypass client SSL certificates verification (CVE-2025-23419).
*) Feature: the "ssl_object_cache_inheritable", "ssl_certificate_cache",
"proxy_ssl_certificate_cache", "grpc_ssl_certificate_cache", and
"uwsgi_ssl_certificate_cache" directives.
*) Feature: the "keepalive_min_timeout" directive.
*) Workaround: "gzip filter failed to use preallocated memory" alerts
appeared in logs when using zlib-ng.
*) Bugfix: nginx could not build libatomic library using the library
sources if the --with-libatomic=DIR option was used.
*) Bugfix: QUIC connection might not be established when using 0-RTT;
the bug had appeared in 1.27.1.
*) Bugfix: nginx now ignores QUIC version negotiation packets from
clients.
*) Bugfix: nginx could not be built on Solaris 10 and earlier with the
ngx_http_v3_module.
*) Bugfixes in HTTP/3.
*) Security: insufficient check in virtual servers handling with TLSv1.3
SNI allowed to reuse SSL sessions in a different virtual server, to
bypass client SSL certificates verification (CVE-2025-23419).
*) Feature: the "ssl_object_cache_inheritable", "ssl_certificate_cache",
"proxy_ssl_certificate_cache", "grpc_ssl_certificate_cache", and
"uwsgi_ssl_certificate_cache" directives.
*) Feature: the "keepalive_min_timeout" directive.
*) Workaround: "gzip filter failed to use preallocated memory" alerts
appeared in logs when using zlib-ng.
*) Bugfix: nginx could not build libatomic library using the library
sources if the --with-libatomic=DIR option was used.
*) Bugfix: QUIC connection might not be established when using 0-RTT;
the bug had appeared in 1.27.1.
*) Bugfix: nginx now ignores QUIC version negotiation packets from
clients.
*) Bugfix: nginx could not be built on Solaris 10 and earlier with the
ngx_http_v3_module.
*) Bugfixes in HTTP/3.
Changes with nginx 1.27.3 26 Nov 2024
*) Feature: the "server" directive in the "upstream" block supports the
"resolve" parameter.
*) Feature: the "resolver" and "resolver_timeout" directives in the
"upstream" block.
*) Feature: SmarterMail specific mode support for IMAP LOGIN with
untagged CAPABILITY response in the mail proxy module.
*) Change: now TLSv1 and TLSv1.1 protocols are disabled by default.
*) Change: an IPv6 address in square brackets and no port can be
specified in the "proxy_bind", "fastcgi_bind", "grpc_bind",
"memcached_bind", "scgi_bind", and "uwsgi_bind" directives, and as
client address in ngx_http_realip_module.
*) Bugfix: in the ngx_http_mp4_module.
Thanks to Nils Bars.
*) Bugfix: the "so_keepalive" parameter of the "listen" directive might
be handled incorrectly on DragonFly BSD.
*) Bugfix: in the "proxy_store" directive.
*) Feature: the "server" directive in the "upstream" block supports the
"resolve" parameter.
*) Feature: the "resolver" and "resolver_timeout" directives in the
"upstream" block.
*) Feature: SmarterMail specific mode support for IMAP LOGIN with
untagged CAPABILITY response in the mail proxy module.
*) Change: now TLSv1 and TLSv1.1 protocols are disabled by default.
*) Change: an IPv6 address in square brackets and no port can be
specified in the "proxy_bind", "fastcgi_bind", "grpc_bind",
"memcached_bind", "scgi_bind", and "uwsgi_bind" directives, and as
client address in ngx_http_realip_module.
*) Bugfix: in the ngx_http_mp4_module.
Thanks to Nils Bars.
*) Bugfix: the "so_keepalive" parameter of the "listen" directive might
be handled incorrectly on DragonFly BSD.
*) Bugfix: in the "proxy_store" directive.
Changes with nginx 1.27.2 02 Oct 2024
*) Feature: SSL certificates, secret keys, and CRLs are now cached on
start or during reconfiguration.
*) Feature: client certificate validation with OCSP in the stream
module.
*) Feature: OCSP stapling support in the stream module.
*) Feature: the "proxy_pass_trailers" directive in the
ngx_http_proxy_module.
*) Feature: the "ssl_client_certificate" directive now supports
certificates with auxiliary information.
*) Change: now the "ssl_client_certificate" directive is not required
for client SSL certificates verification.
*) Feature: SSL certificates, secret keys, and CRLs are now cached on
start or during reconfiguration.
*) Feature: client certificate validation with OCSP in the stream
module.
*) Feature: OCSP stapling support in the stream module.
*) Feature: the "proxy_pass_trailers" directive in the
ngx_http_proxy_module.
*) Feature: the "ssl_client_certificate" directive now supports
certificates with auxiliary information.
*) Change: now the "ssl_client_certificate" directive is not required
for client SSL certificates verification.
Changes with nginx 1.27.1 14 Aug 2024
*) Security: processing of a specially crafted mp4 file by the
ngx_http_mp4_module might cause a worker process crash
(CVE-2024-7347).
Thanks to Nils Bars.
*) Change: now the stream module handler is not mandatory.
*) Bugfix: new HTTP/2 connections might ignore graceful shutdown of old
worker processes.
Thanks to Kasei Wang.
*) Bugfixes in HTTP/3.
*) Bugfix: nginx could not be built by gcc 14 if the --with-libatomic
*) Security: processing of a specially crafted mp4 file by the
ngx_http_mp4_module might cause a worker process crash
(CVE-2024-7347).
Thanks to Nils Bars.
*) Change: now the stream module handler is not mandatory.
*) Bugfix: new HTTP/2 connections might ignore graceful shutdown of old
worker processes.
Thanks to Kasei Wang.
*) Bugfixes in HTTP/3.
*) Bugfix: nginx could not be built by gcc 14 if the --with-libatomic
Changes with nginx 1.27.0 29 May 2024
*) Security: when using HTTP/3, processing of a specially crafted QUIC
session might cause a worker process crash, worker process memory
disclosure on systems with MTU larger than 4096 bytes, or might have
potential other impact (CVE-2024-32760, CVE-2024-31079,
CVE-2024-35200, CVE-2024-34161).
Thanks to Nils Bars of CISPA.
*) Feature: variables support in the "proxy_limit_rate",
"fastcgi_limit_rate", "scgi_limit_rate", and "uwsgi_limit_rate"
directives.
*) Bugfix: reduced memory consumption for long-lived requests if "gzip",
"gunzip", "ssi", "sub_filter", or "grpc_pass" directives are used.
*) Bugfix: nginx could not be built by gcc 14 if the --with-atomic
option was used.
Thanks to Edgar Bonet.
*) Bugfixes in HTTP/3.
*) Security: when using HTTP/3, processing of a specially crafted QUIC
session might cause a worker process crash, worker process memory
disclosure on systems with MTU larger than 4096 bytes, or might have
potential other impact (CVE-2024-32760, CVE-2024-31079,
CVE-2024-35200, CVE-2024-34161).
Thanks to Nils Bars of CISPA.
*) Feature: variables support in the "proxy_limit_rate",
"fastcgi_limit_rate", "scgi_limit_rate", and "uwsgi_limit_rate"
directives.
*) Bugfix: reduced memory consumption for long-lived requests if "gzip",
"gunzip", "ssi", "sub_filter", or "grpc_pass" directives are used.
*) Bugfix: nginx could not be built by gcc 14 if the --with-atomic
option was used.
Thanks to Edgar Bonet.
*) Bugfixes in HTTP/3.
Changes with nginx 1.25.5 16 Apr 2024
*) Feature: virtual servers in the stream module.
*) Feature: the ngx_stream_pass_module.
*) Feature: the "deferred", "accept_filter", and "setfib" parameters of
the "listen" directive in the stream module.
*) Feature: cache line size detection for some architectures.
Thanks to Piotr Sikora.
*) Feature: support for Homebrew on Apple Silicon.
Thanks to Piotr Sikora.
*) Bugfix: Windows cross-compilation bugfixes and improvements.
Thanks to Piotr Sikora.
*) Bugfix: unexpected connection closure while using 0-RTT in QUIC.
Thanks to Vladimir Khomutov.
*) Feature: virtual servers in the stream module.
*) Feature: the ngx_stream_pass_module.
*) Feature: the "deferred", "accept_filter", and "setfib" parameters of
the "listen" directive in the stream module.
*) Feature: cache line size detection for some architectures.
Thanks to Piotr Sikora.
*) Feature: support for Homebrew on Apple Silicon.
Thanks to Piotr Sikora.
*) Bugfix: Windows cross-compilation bugfixes and improvements.
Thanks to Piotr Sikora.
*) Bugfix: unexpected connection closure while using 0-RTT in QUIC.
Thanks to Vladimir Khomutov.
Changes with nginx 1.25.4 14 Feb 2024
*) Security: when using HTTP/3 a segmentation fault might occur in a
worker process while processing a specially crafted QUIC session
(CVE-2024-24989, CVE-2024-24990).
*) Bugfix: connections with pending AIO operations might be closed
prematurely during graceful shutdown of old worker processes.
*) Bugfix: socket leak alerts no longer logged when fast shutdown was
requested after graceful shutdown of old worker processes.
*) Bugfix: a socket descriptor error, a socket leak, or a segmentation
fault in a worker process (for SSL proxying) might occur if AIO was
used in a subrequest.
*) Bugfix: a segmentation fault might occur in a worker process if SSL
proxying was used along with the "image_filter" directive and errors
with code 415 were redirected with the "error_page" directive.
*) Bugfixes and improvements in HTTP/3.
*) Security: when using HTTP/3 a segmentation fault might occur in a
worker process while processing a specially crafted QUIC session
(CVE-2024-24989, CVE-2024-24990).
*) Bugfix: connections with pending AIO operations might be closed
prematurely during graceful shutdown of old worker processes.
*) Bugfix: socket leak alerts no longer logged when fast shutdown was
requested after graceful shutdown of old worker processes.
*) Bugfix: a socket descriptor error, a socket leak, or a segmentation
fault in a worker process (for SSL proxying) might occur if AIO was
used in a subrequest.
*) Bugfix: a segmentation fault might occur in a worker process if SSL
proxying was used along with the "image_filter" directive and errors
with code 415 were redirected with the "error_page" directive.
*) Bugfixes and improvements in HTTP/3.
Changes with nginx 1.25.3 24 Oct 2023
*) Change: improved detection of misbehaving clients when using HTTP/2.
*) Feature: startup speedup when using a large number of locations.
Thanks to Yusuke Nojima.
*) Bugfix: a segmentation fault might occur in a worker process when
using HTTP/2 without SSL; the bug had appeared in 1.25.1.
*) Bugfix: the "Status" backend response header line with an empty
reason phrase was handled incorrectly.
*) Bugfix: memory leak during reconfiguration when using the PCRE2
library.
Thanks to ZhenZhong Wu.
*) Bugfixes and improvements in HTTP/3.
*) Change: improved detection of misbehaving clients when using HTTP/2.
*) Feature: startup speedup when using a large number of locations.
Thanks to Yusuke Nojima.
*) Bugfix: a segmentation fault might occur in a worker process when
using HTTP/2 without SSL; the bug had appeared in 1.25.1.
*) Bugfix: the "Status" backend response header line with an empty
reason phrase was handled incorrectly.
*) Bugfix: memory leak during reconfiguration when using the PCRE2
library.
Thanks to ZhenZhong Wu.
*) Bugfixes and improvements in HTTP/3.
Changes with nginx 1.25.2 15 Aug 2023
*) Feature: path MTU discovery when using HTTP/3.
*) Feature: TLS_AES_128_CCM_SHA256 cipher suite support when using
HTTP/3.
*) Change: now nginx uses appname "nginx" when loading OpenSSL
configuration.
*) Change: now nginx does not try to load OpenSSL configuration if the
--with-openssl option was used to built OpenSSL and the OPENSSL_CONF
environment variable is not set.
*) Bugfix: in the $body_bytes_sent variable when using HTTP/3.
*) Bugfix: in HTTP/3.
*) Feature: path MTU discovery when using HTTP/3.
*) Feature: TLS_AES_128_CCM_SHA256 cipher suite support when using
HTTP/3.
*) Change: now nginx uses appname "nginx" when loading OpenSSL
configuration.
*) Change: now nginx does not try to load OpenSSL configuration if the
--with-openssl option was used to built OpenSSL and the OPENSSL_CONF
environment variable is not set.
*) Bugfix: in the $body_bytes_sent variable when using HTTP/3.
*) Bugfix: in HTTP/3.
Changes with nginx 1.25.1 13 Jun 2023
*) Feature: the "http2" directive, which enables HTTP/2 on a per-server
basis; the "http2" parameter of the "listen" directive is now
deprecated.
*) Change: HTTP/2 server push support has been removed.
*) Change: the deprecated "ssl" directive is not supported anymore.
*) Bugfix: in HTTP/3 when using OpenSSL.
*) Feature: the "http2" directive, which enables HTTP/2 on a per-server
basis; the "http2" parameter of the "listen" directive is now
deprecated.
*) Change: HTTP/2 server push support has been removed.
*) Change: the deprecated "ssl" directive is not supported anymore.
*) Bugfix: in HTTP/3 when using OpenSSL.
Changes with nginx 1.25.0 23 May 2023
*) Feature: experimental HTTP/3 support.
*) Feature: experimental HTTP/3 support.
RSS[全体]
Tw[@softantenna]