HanbitGaram
diff --git a/‎CHANGES‎
Lines changed: 331 additions & 0 deletions b/‎CHANGES‎
Lines changed: 331 additions & 0 deletions
@@ -1,4 +1,335 @@
 
+Changes with nginx 1.23.1                                        19 Jul 2022
+
+    *) Feature: memory usage optimization in configurations with SSL
+       proxying.
+
+    *) Feature: looking up of IPv4 addresses while resolving now can be
+       disabled with the "ipv4=off" parameter of the "resolver" directive.
+
+    *) Change: the logging level of the "bad key share", "bad extension",
+       "bad cipher", and "bad ecpoint" SSL errors has been lowered from
+       "crit" to "info".
+
+    *) Bugfix: while returning byte ranges nginx did not remove the
+       "Content-Range" header line if it was present in the original backend
+       response.
+
+    *) Bugfix: a proxied response might be truncated during reconfiguration
+       on Linux; the bug had appeared in 1.17.5.
+
+
+Changes with nginx 1.23.0                                        21 Jun 2022
+
+    *) Change in internal API: now header lines are represented as linked
+       lists.
+
+    *) Change: now nginx combines arbitrary header lines with identical
+       names when sending to FastCGI, SCGI, and uwsgi backends, in the
+       $r->header_in() method of the ngx_http_perl_module, and during lookup
+       of the "$http_...", "$sent_http_...", "$sent_trailer_...",
+       "$upstream_http_...", and "$upstream_trailer_..." variables.
+
+    *) Bugfix: if there were multiple "Vary" header lines in the backend
+       response, nginx only used the last of them when caching.
+
+    *) Bugfix: if there were multiple "WWW-Authenticate" header lines in the
+       backend response and errors with code 401 were intercepted or the
+       "auth_request" directive was used, nginx only sent the first of the
+       header lines to the client.
+
+    *) Change: the logging level of the "application data after close
+       notify" SSL errors has been lowered from "crit" to "info".
+
+    *) Bugfix: connections might hang if nginx was built on Linux 2.6.17 or
+       newer, but was used on systems without EPOLLRDHUP support, notably
+       with epoll emulation layers; the bug had appeared in 1.17.5.
+       Thanks to Marcus Ball.
+
+    *) Bugfix: nginx did not cache the response if the "Expires" response
+       header line disabled caching, but following "Cache-Control" header
+       line enabled caching.
+
+
+Changes with nginx 1.21.6                                        25 Jan 2022
+
+    *) Bugfix: when using EPOLLEXCLUSIVE on Linux client connections were
+       unevenly distributed among worker processes.
+
+    *) Bugfix: nginx returned the "Connection: keep-alive" header line in
+       responses during graceful shutdown of old worker processes.
+
+    *) Bugfix: in the "ssl_session_ticket_key" when using TLSv1.3.
+
+
+Changes with nginx 1.21.5                                        28 Dec 2021
+
+    *) Change: now nginx is built with the PCRE2 library by default.
+
+    *) Change: now nginx always uses sendfile(SF_NODISKIO) on FreeBSD.
+
+    *) Feature: support for sendfile(SF_NOCACHE) on FreeBSD.
+
+    *) Feature: the $ssl_curve variable.
+
+    *) Bugfix: connections might hang when using HTTP/2 without SSL with the
+       "sendfile" and "aio" directives.
+
+
+Changes with nginx 1.21.4                                        02 Nov 2021
+
+    *) Change: support for NPN instead of ALPN to establish HTTP/2
+       connections has been removed.
+
+    *) Change: now nginx rejects SSL connections if ALPN is used by the
+       client, but no supported protocols can be negotiated.
+
+    *) Change: the default value of the "sendfile_max_chunk" directive was
+       changed to 2 megabytes.
+
+    *) Feature: the "proxy_half_close" directive in the stream module.
+
+    *) Feature: the "ssl_alpn" directive in the stream module.
+
+    *) Feature: the $ssl_alpn_protocol variable.
+
+    *) Feature: support for SSL_sendfile() when using OpenSSL 3.0.
+
+    *) Feature: the "mp4_start_key_frame" directive in the
+       ngx_http_mp4_module.
+       Thanks to Tracey Jaquith.
+
+    *) Bugfix: in the $content_length variable when using chunked transfer
+       encoding.
+
+    *) Bugfix: after receiving a response with incorrect length from a
+       proxied backend nginx might nevertheless cache the connection.
+       Thanks to Awdhesh Mathpal.
+
+    *) Bugfix: invalid headers from backends were logged at the "info" level
+       instead of "error"; the bug had appeared in 1.21.1.
+
+    *) Bugfix: requests might hang when using HTTP/2 and the "aio_write"
+       directive.
+
+
+Changes with nginx 1.21.3                                        07 Sep 2021
+
+    *) Change: optimization of client request body reading when using
+       HTTP/2.
+
+    *) Bugfix: in request body filters internal API when using HTTP/2 and
+       buffering of the data being processed.
+
+
+Changes with nginx 1.21.2                                        31 Aug 2021
+
+    *) Change: now nginx rejects HTTP/1.0 requests with the
+       "Transfer-Encoding" header line.
+
+    *) Change: export ciphers are no longer supported.
+
+    *) Feature: OpenSSL 3.0 compatibility.
+
+    *) Feature: the "Auth-SSL-Protocol" and "Auth-SSL-Cipher" header lines
+       are now passed to the mail proxy authentication server.
+       Thanks to Rob Mueller.
+
+    *) Feature: request body filters API now permits buffering of the data
+       being processed.
+
+    *) Bugfix: backend SSL connections in the stream module might hang after
+       an SSL handshake.
+
+    *) Bugfix: the security level, which is available in OpenSSL 1.1.0 or
+       newer, did not affect loading of the server certificates when set
+       with "@SECLEVEL=N" in the "ssl_ciphers" directive.
+
+    *) Bugfix: SSL connections with gRPC backends might hang if select,
+       poll, or /dev/poll methods were used.
+
+    *) Bugfix: when using HTTP/2 client request body was always written to
+       disk if the "Content-Length" header line was not present in the
+       request.
+
+
+Changes with nginx 1.21.1                                        06 Jul 2021
+
+    *) Change: now nginx always returns an error for the CONNECT method.
+
+    *) Change: now nginx always returns an error if both "Content-Length"
+       and "Transfer-Encoding" header lines are present in the request.
+
+    *) Change: now nginx always returns an error if spaces or control
+       characters are used in the request line.
+
+    *) Change: now nginx always returns an error if spaces or control
+       characters are used in a header name.
+
+    *) Change: now nginx always returns an error if spaces or control
+       characters are used in the "Host" request header line.
+
+    *) Change: optimization of configuration testing when using many
+       listening sockets.
+
+    *) Bugfix: nginx did not escape """, "<", ">", "\", "^", "`", "{", "|",
+       and "}" characters when proxying with changed URI.
+
+    *) Bugfix: SSL variables might be empty when used in logs; the bug had
+       appeared in 1.19.5.
+
+    *) Bugfix: keepalive connections with gRPC backends might not be closed
+       after receiving a GOAWAY frame.
+
+    *) Bugfix: reduced memory consumption for long-lived requests when
+       proxying with more than 64 buffers.
+
+
+Changes with nginx 1.21.0                                        25 May 2021
+
+    *) Security: 1-byte memory overwrite might occur during DNS server
+       response processing if the "resolver" directive was used, allowing an
+       attacker who is able to forge UDP packets from the DNS server to
+       cause worker process crash or, potentially, arbitrary code execution
+       (CVE-2021-23017).
+
+    *) Feature: variables support in the "proxy_ssl_certificate",
+       "proxy_ssl_certificate_key" "grpc_ssl_certificate",
+       "grpc_ssl_certificate_key", "uwsgi_ssl_certificate", and
+       "uwsgi_ssl_certificate_key" directives.
+
+    *) Feature: the "max_errors" directive in the mail proxy module.
+
+    *) Feature: the mail proxy module supports POP3 and IMAP pipelining.
+
+    *) Feature: the "fastopen" parameter of the "listen" directive in the
+       stream module.
+       Thanks to Anbang Wen.
+
+    *) Bugfix: special characters were not escaped during automatic redirect
+       with appended trailing slash.
+
+    *) Bugfix: connections with clients in the mail proxy module might be
+       closed unexpectedly when using SMTP pipelining.
+
+
+Changes with nginx 1.19.10                                       13 Apr 2021
+
+    *) Change: the default value of the "keepalive_requests" directive was
+       changed to 1000.
+
+    *) Feature: the "keepalive_time" directive.
+
+    *) Feature: the $connection_time variable.
+
+    *) Workaround: "gzip filter failed to use preallocated memory" alerts
+       appeared in logs when using zlib-ng.
+
+
+Changes with nginx 1.19.9                                        30 Mar 2021
+
+    *) Bugfix: nginx could not be built with the mail proxy module, but
+       without the ngx_mail_ssl_module; the bug had appeared in 1.19.8.
+
+    *) Bugfix: "upstream sent response body larger than indicated content
+       length" errors might occur when working with gRPC backends; the bug
+       had appeared in 1.19.1.
+
+    *) Bugfix: nginx might not close a connection till keepalive timeout
+       expiration if the connection was closed by the client while
+       discarding the request body.
+
+    *) Bugfix: nginx might not detect that a connection was already closed
+       by the client when waiting for auth_delay or limit_req delay, or when
+       working with backends.
+
+    *) Bugfix: in the eventport method.
+
+
+Changes with nginx 1.19.8                                        09 Mar 2021
+
+    *) Feature: flags in the "proxy_cookie_flags" directive can now contain
+       variables.
+
+    *) Feature: the "proxy_protocol" parameter of the "listen" directive,
+       the "proxy_protocol" and "set_real_ip_from" directives in mail proxy.
+
+    *) Bugfix: HTTP/2 connections were immediately closed when using
+       "keepalive_timeout 0"; the bug had appeared in 1.19.7.
+
+    *) Bugfix: some errors were logged as unknown if nginx was built with
+       glibc 2.32.
+
+    *) Bugfix: in the eventport method.
+
+
+Changes with nginx 1.19.7                                        16 Feb 2021
+
+    *) Change: connections handling in HTTP/2 has been changed to better
+       match HTTP/1.x; the "http2_recv_timeout", "http2_idle_timeout", and
+       "http2_max_requests" directives have been removed, the
+       "keepalive_timeout" and "keepalive_requests" directives should be
+       used instead.
+
+    *) Change: the "http2_max_field_size" and "http2_max_header_size"
+       directives have been removed, the "large_client_header_buffers"
+       directive should be used instead.
+
+    *) Feature: now, if free worker connections are exhausted, nginx starts
+       closing not only keepalive connections, but also connections in
+       lingering close.
+
+    *) Bugfix: "zero size buf in output" alerts might appear in logs if an
+       upstream server returned an incorrect response during unbuffered
+       proxying; the bug had appeared in 1.19.1.
+
+    *) Bugfix: HEAD requests were handled incorrectly if the "return"
+       directive was used with the "image_filter" or "xslt_stylesheet"
+       directives.
+
+    *) Bugfix: in the "add_trailer" directive.
+
+
+Changes with nginx 1.19.6                                        15 Dec 2020
+
+    *) Bugfix: "no live upstreams" errors if a "server" inside "upstream"
+       block was marked as "down".
+
+    *) Bugfix: a segmentation fault might occur in a worker process if HTTPS
+       was used; the bug had appeared in 1.19.5.
+
+    *) Bugfix: nginx returned the 400 response on requests like
+       "GET http://example.com?args HTTP/1.0".
+
+    *) Bugfix: in the ngx_http_flv_module and ngx_http_mp4_module.
+       Thanks to Chris Newton.
+
+
+Changes with nginx 1.19.5                                        24 Nov 2020
+
+    *) Feature: the -e switch.
+
+    *) Feature: the same source files can now be specified in different
+       modules while building addon modules.
+
+    *) Bugfix: SSL shutdown did not work when lingering close was used.
+
+    *) Bugfix: "upstream sent frame for closed stream" errors might occur
+       when working with gRPC backends.
+
+    *) Bugfix: in request body filters internal API.
+
+
+Changes with nginx 1.19.4                                        27 Oct 2020
+
+    *) Feature: the "ssl_conf_command", "proxy_ssl_conf_command",
+       "grpc_ssl_conf_command", and "uwsgi_ssl_conf_command" directives.
+
+    *) Feature: the "ssl_reject_handshake" directive.
+
+    *) Feature: the "proxy_smtp_auth" directive in mail proxy.
+
+
 Changes with nginx 1.19.3                                        29 Sep 2020
 
     *) Feature: the ngx_stream_set_module.