diff --git a/content/nginx/releases.md b/content/nginx/releases.md
index e3568d55d..6533b24dd 100644
--- a/content/nginx/releases.md
+++ b/content/nginx/releases.md
@@ -9,39 +9,36 @@ type:
- concept
---
-
-### Software Development Policy
+### Software Development Policy {#support}
Each F5 NGINX Plus release reaches End of Software Development (EoSD) on the release date of the next version. For NGINX Plus, EoSD means no additional features or routine bug fixes will be applied to that version.
Critical bug patches and security updates are applied to the two (2) most recent releases of NGINX Plus.
-{{}}
+{{}}
| NGINX Plus Release | Release Date | End of Software Development | End of Security Updates | End of Technical Support |
-|---------------------|--------------|-----------------------------|-------------------------|--------------------------|
-| R34 | 1st April 2025 | R35 release date | R36 release date | 31st March 2027 |
-| R33 | 19th Nov 2024 | 1st April 2025 | R35 release date | 18th Nov 2026 |
-| R32 | 29th May 2024 | 19th Nov 2024 | 1st April 2025 | 28th May 2026 |
-| R31 | 19th Dec 2023 | 29th May 2024 | 18th Nov 2024 | 18th Dec 2025 |
-| R30 | 15th Aug 2023 | 19th Dec 2023 | 28th May 2024 | 14th Aug 2025 |
-| R29 | 2nd May 2023 | 15th Aug 2023 | 18th Dec 2023 | 1st May 2025 |
-
+|--------------------|--------------|-----------------------------|-------------------------|--------------------------|
+| [R34](#r34) | Apr 1, 2025 | R35 release date | R36 release date | Mar 31, 2027 |
+| [R33](#r33) | Nov 19, 2024 | Apr 1, 2025 | R35 release date | Nov 18, 2026 |
+| [R32](#r32) | May 29, 2024 | Nov 19, 2024 | Apr 1, 2025 | May 28, 2026 |
+| [R31](#r31) | Dec 19, 2023 | May 29, 2024 | Nov 18, 2024 | Dec 18, 2025 |
+| [R30](#r30) | Aug 15, 2023 | Dec 19, 2023 | May 28, 2024 | Aug 14, 2025 |
+| [R29](#r29) | May 2, 2023 | Aug 15, 2023 | Dec 18, 2023 | May 1, 2025 |
{{< /bootstrap-table >}}
We strongly recommend running the latest version of NGINX Plus in production to ensure you have the latest features, security updates, and critical patches.
### Technical Support Services
-F5 offers 24 months of technical support for each F5 NGINX Plus release. The 24-month support period begins on the initial release date for each version of NGINX Plus, as noted in the table. The release of a patch (for example, `NGINX Plus R33p2`) does not reset the 24-month technical support period for the impacted release.
+F5 offers 24 months of technical support for each F5 NGINX Plus release. The 24-month support period begins on the initial release date for each version of NGINX Plus, as noted in the table. The release of a patch (for example, `NGINX Plus R34p1`) does not reset the 24-month technical support period for the impacted release.
-
-## NGINX Plus Release 34 (R34)
-_01 April 2025_
+## NGINX Plus Release 34 (R34) {#r34}
+_April 01, 2025_
_Based on NGINX Open Source 1.27.4_
NGINX Plus R34 is a feature release:
-- [OIDC authentication support]({{< ref "nginx/admin-guide/security-controls/configuring-oidc.md" >}}) via native [ngx_http_oidc_module](https://nginx.org/en/docs/http/ngx_http_oidc_module.html) module.
+- [OIDC authentication support]({{< ref "/nginx/admin-guide/security-controls/configuring-oidc.md" >}}) via native [ngx_http_oidc_module](https://nginx.org/en/docs/http/ngx_http_oidc_module.html) module.
- NGINX usage reporting: [proxy](https://nginx.org/en/docs/ngx_mgmt_module.html#proxy) support.
- [Caching](https://blog.nginx.org/blog/optimizing-resource-usage-for-complex-ssl-configurations) of SSL certificates and secret keys with variables for [http](https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_certificate_cache) and [stream](https://nginx.org/en/docs/stream/ngx_stream_ssl_module.html#ssl_certificate_cache).
@@ -57,16 +54,16 @@ NGINX Plus R34 is a feature release:
NGINX Plus R34 is supported on:
-{{< bootstrap-table "table table-striped table-bordered" >}}
+{{}}
| Distribution | Versions |
|----------------------------------|-----------------------------------|
| AlmaLinux | 8, 9 |
| Alpine Linux | 3.18, 3.19, 3.20, 3.21 |
-| Amazon Linux | 2 LTS, 2023 |
+| Amazon Linux | 2 LTS, 2023 |
| Debian | 11, 12 |
| FreeBSD | 13, 14 |
| Oracle Linux | 8.1+, 9 |
-| RHEL | 8.1+, 9.0+ |
+| RHEL | 8.1+, 9.0+ |
| Rocky Linux | 8, 9 |
| SUSE Linux Enterprise Server | 15 SP5+ |
| Ubuntu | 20.04 LTS, 22.04 LTS, 24.04 LTS |
@@ -79,7 +76,7 @@ NGINX Plus R34 is supported on:
- Alpine Linux 3.21 is new in this release
- SUSE Linux Enterprise Server 12 is removed
- Ubuntu 20.04 is deprecated
-- the [OpenTracing]({{< ref "nginx/admin-guide/dynamic-modules/opentracing.md" >}}) dynamic module is no longer available. It is recommended to use the [OpenTelemetry Distributed Tracing]({{< ref "nginx/admin-guide/dynamic-modules/opentelemetry.md" >}}) module, which incorporates all the features of the OpenTracing module.
+- the [OpenTracing]({{< ref "/nginx/admin-guide/dynamic-modules/opentracing.md" >}}) dynamic module is no longer available. It is recommended to use the [OpenTelemetry Distributed Tracing]({{< ref "/nginx/admin-guide/dynamic-modules/opentelemetry.md" >}}) module, which incorporates all the features of the OpenTracing module.
More information: [Announcing NGINX Plus R34](https://community.f5.com/kb/technicalarticles/f5-nginx-plus-r34-release-now-available/340300)
@@ -87,16 +84,15 @@ More information: [Announcing NGINX Plus R34](https://community.f5.com/kb/techni
### NGINX Plus R34 Update {#r34_p1}
NGINX Plus R34 P1
-_28 May 2025_
+_May 28, 2025_
This is a bugfix release for NGINX Plus R34.
- Fixed license expiration warning issue in the NGINX Plus live activity monitoring dashboard specifically for deployments utilizing marketplace images of NGINX Plus.
-
-## NGINX Plus Release 33 (R33)
-_19 November 2024_
+## NGINX Plus Release 33 (R33) {#r33}
+_November 19, 2024_
_Based on NGINX Open Source 1.27.2_
NGINX Plus R33 is a feature release:
@@ -125,20 +121,20 @@ The argument is a file name in the `SSLKEYLOGFILE` format compatible with Wiresh
- Response trailers support in proxy with the [`proxy_pass_trailers`](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_pass_trailers) directive that allows passing trailer fields from a proxied server to a client.
-- The [NGINX JavaScript]({{< ref "nginx/admin-guide/dynamic-modules/nginscript.md" >}}) module was updated to version [0.8.7](https://nginx.org/en/docs/njs/changes.html#njs0.8.7), featuring QuickJS [runtime support](https://nginx.org/en/docs/njs/engine.html).
+- The [NGINX JavaScript]({{< ref "/nginx/admin-guide/dynamic-modules/nginscript.md" >}}) module was updated to version [0.8.7](https://nginx.org/en/docs/njs/changes.html#njs0.8.7), featuring QuickJS [runtime support](https://nginx.org/en/docs/njs/engine.html).
- Added initial support for Post Quantum Cryptography.
-{{< bootstrap-table "table table-striped table-bordered" >}}
+{{}}
| Distribution | Versions |
|----------------------------------|-----------------------------------|
| AlmaLinux | 8, 9 |
| Alpine Linux | 3.17, 3.18, 3.19, 3.20 |
-| Amazon Linux | 2 LTS, 2023 |
+| Amazon Linux | 2 LTS, 2023 |
| Debian | 11, 12 |
| FreeBSD | 13, 14 |
| Oracle Linux | 8.1+, 9 |
-| RHEL | 8.1+, 9.0+ |
+| RHEL | 8.1+, 9.0+ |
| Rocky Linux | 8, 9 |
| SUSE Linux Enterprise Server | 12, 15 SP5+ |
| Ubuntu | 20.04 LTS, 22.04 LTS, 24.04 LTS |
@@ -155,16 +151,15 @@ The argument is a file name in the `SSLKEYLOGFILE` format compatible with Wiresh
- Oracle Linux 7.4+ is removed
- SUSE Linux Enterprise Server 12 is deprecated
- support for s390x architecture removed
-- the [Lua]({{< ref "nginx/admin-guide/dynamic-modules/lua.md" >}}) module is no longer available for SUSE Linux Enterprise Server 12
+- the [Lua]({{< ref "/nginx/admin-guide/dynamic-modules/lua.md" >}}) module is no longer available for SUSE Linux Enterprise Server 12
More information: [Announcing NGINX Plus R33](https://community.f5.com/kb/technicalarticles/announcing-nginx-plus-r33-release/336403)
-
-### NGINX Plus R33 Updates
+### NGINX Plus R33 Updates {#r33_p1}
NGINX Plus R33 P1
-_4 December 2024_
+_December 4, 2024_
This is a bugfix release for NGINX Plus R33.
@@ -172,15 +167,15 @@ This is a bugfix release for NGINX Plus R33.
NGINX Plus R33 P2
-_5 February 2025_
+_February 5, 2025_
This is a security release for NGINX Plus R33.
- Security Fix [CVE-2025-23419](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-23419) in SNI that adds a restriction for TLSv1.3 cross-SNI session resumption.
-
-## NGINX Plus Release 32 (R32)
-_29 May 2024_
+
+## NGINX Plus Release 32 (R32) {#r32}
+_May 29, 2024_
_Based on NGINX Open Source 1.25.5_
NGINX Plus R32 is a feature release:
@@ -189,7 +184,7 @@ NGINX Plus R32 is a feature release:
- The [`stream_pass`](https://nginx.org/en/docs/stream/ngx_stream_pass_module.html) module that allows passing the accepted connection directly to any configured listening socket in `http`, `stream`, `mail`, and other similar modules
-- NGINX Plus [official container images](https://docs.nginx.com/nginx/admin-guide/installing-nginx/installing-nginx-docker/)
+- NGINX Plus [official container images]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-docker.md" >}})
- [Virtual servers](https://nginx.org/en/docs/stream/ngx_stream_core_module.html#server_name) in the [`stream`](https://nginx.org/en/docs/stream/ngx_stream_core_module.html) module
@@ -233,7 +228,7 @@ NGINX Plus R32 is a feature release:
NGINX Plus R32 is supported on:
-{{< bootstrap-table "table table-striped table-bordered" >}}
+{{}}
| Distribution | Versions |
|----------------------------------|-----------------------------------|
| AlmaLinux | 8, 9 |
@@ -256,19 +251,18 @@ NGINX Plus R32 is supported on:
- RHEL 7 is deprecated
- Oracle Linux 7 is deprecated
- FreeBSD 12 is removed
-- [OpenTracing dynamic module](https://docs.nginx.com/nginx/admin-guide/dynamic-modules/opentracing/) (package name is `nginx-plus-module-opentracing-module`) is deprecated
-- [ModSecurity WAF dynamic module](https://docs.nginx.com/nginx/admin-guide/dynamic-modules/nginx-waf/) (package name is `nginx-plus-module-modsecurity`) reached end of support and is no longer available
+- [OpenTracing dynamic module]({{< ref "/nginx/admin-guide/dynamic-modules/opentracing.md" >}}) (package name is `nginx-plus-module-opentracing-module`) is deprecated
+- [ModSecurity WAF dynamic module]({{< ref "/nginx/admin-guide/dynamic-modules/nginx-waf.md" >}}) (package name is `nginx-plus-module-modsecurity`) reached end of support and is no longer available
More information: [Announcing NGINX Plus R32](https://www.f5.com/company/blog/nginx/announcing-NGINX-plus-R32)
-
-### NGINX Plus R32 Updates
+### NGINX Plus R32 Updates {#r32_p1}
These are security releases for NGINX Plus R32.
NGINX Plus R32 P1
-_14 August 2024_
+_August 14, 2024_
- Security:
@@ -280,21 +274,21 @@ _14 August 2024_
NGINX Plus R32 P2
-_5 February 2025_
+_February 5, 2025_
- Security Fix [CVE-2025-23419](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-23419) in SNI that adds a restriction for TLSv1.3 cross-SNI session resumption.
- Regression issue fix in SSL Certificate Caching.
-
-## NGINX Plus Release 31 (R31)
-_19 December 2023_
+
+## NGINX Plus Release 31 (R31) {#r31}
+_December 19, 2023_
_Based on NGINX Open Source 1.25.3_
NGINX Plus R31 is a feature release:
- [Native usage reporting](https://nginx.org/en/docs/ngx_mgmt_module.html)
-of NGINX Plus installations to [NGINX Instance Manager](https://docs.nginx.com/nginx-management-suite/nim/)
+of NGINX Plus installations to [NGINX Instance Manager]({{< ref "/nim/" >}})
- The [$upstream_last_server_name](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#var_upstream_last_server_name) variable that keeps the name of the last selected upstream server and allows passing it to the proxied server through SNI
@@ -342,11 +336,11 @@ of NGINX Plus installations to [NGINX Instance Manager](https://docs.nginx.com/n
- improved detection of misbehaving clients when using HTTP/2
-- The [OpenTracing](https://docs.nginx.com/nginx/admin-guide/dynamic-modules/opentracing/) module introduced in NGINX Plus [R18](#r18) is deprecated, it recommended to use the [OpenTelemetry Distributed Tracing](https://nginx.org/en/docs/ngx_otel_module.html) module that incorporates all the features of the OpenTracing module.
+- The [OpenTracing]({{< ref "/nginx/admin-guide/dynamic-modules/opentracing.md" >}}) module introduced in NGINX Plus [R18](#r18) is deprecated, it recommended to use the [OpenTelemetry Distributed Tracing](https://nginx.org/en/docs/ngx_otel_module.html) module that incorporates all the features of the OpenTracing module.
NGINX Plus R31 is supported on:
-{{< bootstrap-table "table table-striped table-bordered" >}}
+{{}}
| Distribution | Versions |
|----------------------------------|-----------------------------------|
| AlmaLinux | 8, 9 |
@@ -362,7 +356,6 @@ NGINX Plus R31 is supported on:
| Ubuntu | 20.04 LTS, 22.04 LTS |
{{< /bootstrap-table >}}
-
**Notes:**
- Alpine Linux 3.19 is new in this release
@@ -373,13 +366,13 @@ NGINX Plus R31 is supported on:
More information: [Announcing NGINX Plus R31](https://www.nginx.com/blog/nginx-plus-r31-released/)
-
-### NGINX Plus R31 Update
+
+### NGINX Plus R31 Update {#r31_p1}
This is an improvement release for NGINX Plus R31.
NGINX Plus R31 P1
-_14 February 2024_
+_February 14, 2024_
- Security: a segmentation fault might occur in a worker process if HTTP/3 was used ([CVE-2024-24989](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24989), [CVE-2024-24990](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24990))
@@ -387,9 +380,9 @@ _14 February 2024_
More information: [Updating NGINX for the Vulnerabilities in the HTTP/3 Module](https://www.nginx.com/blog/updating-nginx-for-the-vulnerabilities-in-the-http-3-module/)
-
-NGINX Plus R31 P2
-_29 May 2024_
+
+NGINX Plus R31 P2
{#r31_p2}
+_May 29, 2024_
- Security:
@@ -401,9 +394,9 @@ _29 May 2024_
- Memory Disclosure during QUIC handshake ([CVE-2024-34161](https://my.f5.com/manage/s/article/K000139627)): When the network infrastructure supports a Maximum Transmission Unit (MTU) of 4096 or greater without fragmentation, undisclosed QUIC messages can cause NGINX worker processes to terminate or cause leakage of previously freed memory
-
-NGINX Plus R31 P3
-_14 August 2024_
+
+NGINX Plus R31 P3
{#r31_p3}
+_August 14, 2024_
- Security:
@@ -412,10 +405,8 @@ _14 August 2024_
- In the [MP4](https://nginx.org/en/docs/http/ngx_http_mp4_module.html) module, a specially crafted `mp4` file can cause NGINX worker memory over-read resulting in its termination by using a specially crafted `mp4` file ([CVE-2024-7347](https://my.f5.com/manage/s/article/K000140529))
-
-
-## NGINX Plus Release 30 (R30)
-_15 August 2023_
+## NGINX Plus Release 30 (R30) {#r30}
+_August 15, 2023_
_Based on NGINX Open Source 1.25.1_
NGINX Plus R30 is a feature release:
@@ -426,7 +417,7 @@ NGINX Plus R30 is a feature release:
- Per-worker connection statistics including accepted, dropped, active and idle connections, total and current requests
-- The [Prometheus-njs module](https://docs.nginx.com/nginx/admin-guide/dynamic-modules/prometheus-njs/) now supports version [`9`](https://nginx.org/en/docs/http/ngx_http_api_module.html) of the [API](https://nginx.org/en/docs/http/ngx_http_api_module.html)
+- The [Prometheus-njs module]({{< ref "/nginx/admin-guide/dynamic-modules/prometheus-njs.md" >}}) now supports version [`9`](https://nginx.org/en/docs/http/ngx_http_api_module.html) of the [API](https://nginx.org/en/docs/http/ngx_http_api_module.html)
- DNS reload optimization: now DNS name expiry time for dynamically-resolved upstream hosts is preserved across reloads
@@ -456,12 +447,12 @@ required for troubleshooting are available as a separate download package
NGINX Plus R30 is supported on:
-{{}}
+{{}}
| OS Distribution | Versions |
|-----------------------------------|-------------------------------|
| AlmaLinux | 8, 9 |
| Alpine Linux | 3.16, 3.17, 3.18 |
-| Amazon Linux | 2 LTS, 2023 |
+| Amazon Linux | 2 LTS, 2023 |
| CentOS | 7.4+ |
| Debian | 11, 12 |
| FreeBSD | 12.1+, 13 |
@@ -472,7 +463,6 @@ NGINX Plus R30 is supported on:
| Ubuntu | 20.04 LTS, 22.04 LTS |
{{}}
-
**Notes:**
- Alpine Linux 3.18 is new in this release
@@ -485,31 +475,28 @@ NGINX Plus R30 is supported on:
More information: [Announcing NGINX Plus R30](https://www.nginx.com/blog/nginx-plus-r30-released/)
-
-### NGINX Plus R30 Update
+### NGINX Plus R30 Update {#r30_p1}
This is an improvement release for NGINX Plus R30.
NGINX Plus R30 P1
-_11 October 2023_
+_October 11, 2023_
- Additional protection against HTTP/2 Rapid Reset Attack vulnerability ([CVE-2023-44487](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44487)) that may affect NGINX only when it is configured with the [keepalive requests](https://nginx.org/en/docs/http/ngx_http_core_module.html#keepalive_requests) value substantially higher than the default value. Limitations in HTTP/2 protocol allow clients to produce a higher RPS rate than expected from a configured HTTP/2 [max concurrent streams](https://nginx.org/en/docs/http/ngx_http_v2_module.html#http2_max_concurrent_streams) setting which can be exploited to trigger a Denial-of-Service attack.
More information: [HTTP/2 Rapid Reset Attack Impacting NGINX Products](https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/)
-
-NGINX Plus R30 P2
-_14 February 2024_
+NGINX Plus R30 P2
{#r30_p2}
+_February 14, 2024_
- Security: a segmentation fault might occur in a worker process if HTTP/3 was used ([CVE-2024-24990](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24990))
More information: [Updating NGINX for the Vulnerabilities in the HTTP/3 Module](https://www.nginx.com/blog/updating-nginx-for-the-vulnerabilities-in-the-http-3-module/)
-
-## NGINX Plus Release 29 (R29)
-_02 May 2023_
+## NGINX Plus Release 29 (R29) {#r29}
+_May 2, 2023_
_Based on NGINX Open Source 1.23.4_
NGINX Plus R29 is a feature release:
@@ -518,7 +505,7 @@ NGINX Plus R29 is a feature release:
- [SAML Authentication reference implementation](https://github.com/nginxinc/nginx-saml) based on native njs [XML support](http://nginx.org/en/docs/njs/reference.html#xml)
-- OpenTelemetry Distributed Tracing [module](https://nginx.org/en/docs/ngx_otel_module.html), distributed in NGINX Plus packages (package name is `nginx-plus-module-otel`) and is available as a [dynamic module](https://docs.nginx.com/nginx/admin-guide/dynamic-modules/opentelemetry/)
+- OpenTelemetry Distributed Tracing [module](https://nginx.org/en/docs/ngx_otel_module.html), distributed in NGINX Plus packages (package name is `nginx-plus-module-otel`) and is available as a [dynamic module]({{< ref "/nginx/admin-guide/dynamic-modules/opentelemetry.md" >}})
- Experimental support for [HTTP/3 and QUIC](https://nginx.org/en/docs/http/ngx_http_v3_module.html), distributed in NGINX Plus packages (package name is `nginx-plus-quic`)
@@ -528,13 +515,13 @@ NGINX Plus R29 is a feature release:
- New feature in [OpenID Connect reference implementation](https://github.com/nginxinc/nginx-openid-connect): support for access token
-- The [Prometheus-njs module](https://docs.nginx.com/nginx/admin-guide/dynamic-modules/prometheus-njs/) now supports version [`8`](https://nginx.org/en/docs/http/ngx_http_api_module.html#compatibility) of the [API](https://nginx.org/en/docs/http/ngx_http_api_module.html), including SSL extended statistics for each HTTP [upstream](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_http_upstream) and stream [upstream](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_stream_upstream), SSL extended statistics for each HTTP [server zone](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_http_server_zone) and stream [server zone](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_stream_server_zone), and extended statistics for [SSL](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_ssl_object)
+- The [Prometheus-njs module]({{< ref "/nginx/admin-guide/dynamic-modules/prometheus-njs.md" >}}) now supports version [`8`](https://nginx.org/en/docs/http/ngx_http_api_module.html#compatibility) of the [API](https://nginx.org/en/docs/http/ngx_http_api_module.html), including SSL extended statistics for each HTTP [upstream](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_http_upstream) and stream [upstream](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_stream_upstream), SSL extended statistics for each HTTP [server zone](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_http_server_zone) and stream [server zone](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_stream_server_zone), and extended statistics for [SSL](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_ssl_object)
-- The NGINX JavaScript ([njs](https://docs.nginx.com/nginx/admin-guide/dynamic-modules/nginscript/)) module for NGINX Plus was updated to version [0.7.12](http://nginx.org/en/docs/njs/changes.html#njs0.7.12), featuring extended [Fetch API](https://nginx.org/en/docs/njs/reference.html#ngx_fetch) and [WebCrypto API](http://nginx.org/en/docs/njs/reference.html#builtin_crypto), [XML module](https://nginx.org/en/docs/njs/reference.html#xml_node) to parse and modify XML documents, [Zlib module](https://nginx.org/en/docs/njs/reference.html#zlib) to support compression
+- The NGINX JavaScript ([njs]({{< ref "/nginx/admin-guide/dynamic-modules/nginscript.md" >}}) module for NGINX Plus was updated to version [0.7.12](http://nginx.org/en/docs/njs/changes.html#njs0.7.12), featuring extended [Fetch API](https://nginx.org/en/docs/njs/reference.html#ngx_fetch) and [WebCrypto API](http://nginx.org/en/docs/njs/reference.html#builtin_crypto), [XML module](https://nginx.org/en/docs/njs/reference.html#xml_node) to parse and modify XML documents, [Zlib module](https://nginx.org/en/docs/njs/reference.html#zlib) to support compression
NGINX Plus R29 is supported on:
-{{}}
+{{}}
| OS Distribution | Versions |
|-----------------------------------|-------------------------------|
| AlmaLinux | 8, 9 |
@@ -561,22 +548,20 @@ NGINX Plus R29 is supported on:
More information: [Announcing NGINX Plus R29](https://www.nginx.com/blog/nginx-plus-r29-released/)
-
-### NGINX Plus R29 Update
+### NGINX Plus R29 Update {#r29_p1}
This is an improvement release for NGINX Plus R29.
NGINX Plus R29 P1
-_11 October 2023_
+_October 11, 2023_
- Additional protection against HTTP/2 Rapid Reset Attack vulnerability ([CVE-2023-44487](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44487)) that may affect NGINX only when it is configured with the [keepalive requests](https://nginx.org/en/docs/http/ngx_http_core_module.html#keepalive_requests) value substantially higher than the default value. Limitations in HTTP/2 protocol allow clients to produce a higher RPS rate than expected from a configured HTTP/2 [max concurrent streams](https://nginx.org/en/docs/http/ngx_http_v2_module.html#http2_max_concurrent_streams) setting which can be exploited to trigger a Denial-of-Service attack.
More information: [HTTP/2 Rapid Reset Attack Impacting NGINX Products](https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/)
-
-## NGINX Plus Release 28 (R28)
-_29 November 2022_
+## NGINX Plus Release 28 (R28) {#r28}
+_November 29, 2022_
_Based on NGINX Open Source 1.23.2_
NGINX Plus R28 is a feature release:
@@ -609,8 +594,8 @@ NGINX Plus R28 is a feature release:
NGINX Plus R28 is supported on:
-{{}}
-| OS Distribution | Versions |
+{{}}
+| OS Distribution | Versions |
|-----------------------------------|-------------------------------------|
| AlmaLinux | 8, 9 |
| Alpine Linux | 3.13, 3.14, 3.15, 3.16, 3.17 |
@@ -637,9 +622,8 @@ NGINX Plus R28 is supported on:
More information: [Announcing NGINX Plus R28](https://www.nginx.com/blog/nginx-plus-r28-released/)
-
-## NGINX Plus Release 27 (R27)
-_28 June 2022_
+## NGINX Plus Release 27 (R27) {#r27}
+_June 28, 2022_
_Based on NGINX Open Source 1.21.6_
NGINX Plus R27 is a feature release:
@@ -656,15 +640,15 @@ NGINX Plus R27 is a feature release:
that enables keepalive connections for health checks and specifies the time
during which requests can be processed through one keepalive connection
-- The [Prometheus-njs module](https://docs.nginx.com/nginx/admin-guide/dynamic-modules/prometheus-njs/) now supports version [`7`](https://nginx.org/en/docs/http/ngx_http_api_module.html#compatibility) of the [API](https://nginx.org/en/docs/http/ngx_http_api_module.html), including `/stream/limit_conns/`, `/http/limit_conns/`, `/http/limit_req/` data, and HTTP status code statistics for [upstreams](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_http_upstream), [server zones](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_http_server_zone) and [location zones](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_http_location_zone)
+- The [Prometheus-njs module]({{< ref "/nginx/admin-guide/dynamic-modules/prometheus-njs.md" >}}) now supports version [`7`](https://nginx.org/en/docs/http/ngx_http_api_module.html#compatibility) of the [API](https://nginx.org/en/docs/http/ngx_http_api_module.html), including `/stream/limit_conns/`, `/http/limit_conns/`, `/http/limit_req/` data, and HTTP status code statistics for [upstreams](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_http_upstream), [server zones](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_http_server_zone) and [location zones](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_http_location_zone)
- [kTLS](https://www.nginx.com/blog/improving-nginx-performance-with-kernel-tls/) is now also available on RHEL 9.0 and Ubuntu 22.04
NGINX Plus R27 is supported on:
-{{}}
-| OS Distribution | Versions |
+{{}}
+| OS Distribution | Versions |
|-----------------------------------|-------------------------------------|
| Alpine Linux | 3.13, 3.14, 3.15, 3.16 |
| Amazon Linux | 2 LTS |
@@ -689,19 +673,19 @@ NGINX Plus R27 is supported on:
More information: [Announcing NGINX Plus R27](https://www.nginx.com/blog/nginx-plus-r27-released/)
-
-### NGINX Plus R27 Update
+
+### NGINX Plus R27 Update {#r27_p1}
This is a bug‑fix release for NGINX Plus R27.
NGINX Plus R27 P1
-_19 October 2022_
+_October 19, 2022_
- In HLS ([CVE-2022-41743](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41743)) and MP4 ([CVE-2022-41741](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41741)) modules when processing specially crafted video files a memory corruption, or a memory disclosure in MP4 module ([CVE-2022-41742](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41742)) could happen.
-
-## NGINX Plus Release 26 (R26)
-_15 February 2022_
+
+## NGINX Plus Release 26 (R26) {#r26}
+_February 15, 2022_
_Based on NGINX Open Source 1.21.5_
NGINX Plus R26 is a feature release:
@@ -720,8 +704,8 @@ NGINX Plus R26 is a feature release:
NGINX Plus R26 is supported on:
-{{}}
-| OS Distribution | Versions |
+{{}}
+| OS Distribution | Versions |
|-----------------------------------|-------------------------------------|
| Alpine Linux | 3.12, 3.13, 3.14, 3.15 |
| Amazon Linux | 2 LTS |
@@ -747,23 +731,23 @@ NGINX Plus R26 is supported on:
- The [`js_include`](https://nginx.org/en/docs/http/ngx_http_js_module.html#js_include) directive was removed, the [`js_import`](http://nginx.org/en/docs/http/ngx_http_js_module.html#js_import) directive should be used instead
- The [`aio sendfile`](https://nginx.org/en/docs/http/ngx_http_core_module.html#aio) directive was removed, the [`sendfile`](https://nginx.org/en/docs/http/ngx_http_core_module.html#sendfile) directive should be used instead
- The third-party `Cookie‑Flag` was removed from the dynamic modules repository, the [`proxy_cookie_flags`](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cookie_flags) directive should be used instead
-- Swagger UI with REST API YAML specification is not included into NGINX Plus packages by default any more and now is a part of [docs.nginx.com](https://docs.nginx.com/nginx/admin-guide/monitoring/live-activity-monitoring/#the-swagger-ui)
+- Swagger UI with REST API YAML specification is not included into NGINX Plus packages by default any more and now is a part of [docs.nginx.com]({{< ref "/nginx/admin-guide/monitoring/live-activity-monitoring.md#the-swagger-ui" >}})
More information: [Announcing NGINX Plus R26](https://www.nginx.com/blog/nginx-plus-r26-released/)
-
-### NGINX Plus R26 Update
+
+### NGINX Plus R26 Update {#r26_p1}
This is a bug‑fix release for NGINX Plus R26.
NGINX Plus R26 P1
-_19 October 2022_
+_October 19, 2022_
- In HLS ([CVE-2022-41743](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41743)) and MP4 ([CVE-2022-41741](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41741)) modules when processing specially crafted video files a memory corruption, or a memory disclosure in MP4 module ([CVE-2022-41742](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41742)) could happen.
-
-## NGINX Plus Release 25 (R25)
-_28 September 2021_
+
+## NGINX Plus Release 25 (R25) {#r25}
+_September 28, 2021_
_Based on NGINX Open Source 1.21.3_
NGINX Plus R25 is a feature release:
@@ -810,8 +794,8 @@ NGINX Plus R25 is a feature release:
NGINX Plus R25 is supported on:
-{{}}
-| OS Distribution | Versions |
+{{}}
+| OS Distribution | Versions |
|-----------------------------------|-------------------------------------|
| Alpine Linux | 3.11, 3.12, 3.13, 3.14 |
| Amazon Linux | 2 LTS |
@@ -835,20 +819,20 @@ NGINX Plus R25 is supported on:
More information: [Announcing NGINX Plus R25](https://www.nginx.com/blog/nginx-plus-r25-released/)
-
-### NGINX Plus R25 Update
+
+### NGINX Plus R25 Update {#r25_p1}
This is a bug‑fix release for NGINX Plus R25.
NGINX Plus R25 P1
-_14 December 2021_
+_December 14, 2021_
- Swagger UI updated to version 4.1.2
- Fixed a crash that might happen when an upstream server was updated via the API
-
-## NGINX Plus Release 24 (R24)
-_27 April 2021_
+
+## NGINX Plus Release 24 (R24) {#r24}
+_April 27, 2021_
_Based on NGINX Open Source 1.19.10_
NGINX Plus R24 is a feature release:
@@ -870,8 +854,8 @@ NGINX Plus R24 is a feature release:
NGINX Plus R24 is supported on:
-{{}}
-| OS Distribution | Versions |
+{{}}
+| OS Distribution | Versions |
|-----------------------------------|------------------------------------------|
| Alpine Linux | 3.10, 3.11, 3.12, 3.13 |
| Amazon Linux | 2018.03+, 2 LTS |
@@ -898,27 +882,29 @@ NGINX Plus R24 is supported on:
**Upgrade Note:**
-NGINX Plus repositories have been separated into individual repositories based on operating system distribution and license subscription. Before upgrading from previous NGINX Plus versions, you must first reconfigure your repositories to point to the correct location. To reconfigure your repository, follow the [installation instructions](http://docs.nginx.com/nginx/admin-guide/installing-nginx/installing-nginx-plus/) for your operating system.
+NGINX Plus repositories have been separated into individual repositories based on operating system distribution and license subscription. Before upgrading from previous NGINX Plus versions, you must first reconfigure your repositories to point to the correct location. To reconfigure your repository, follow the [installation instructions]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md" >}}).
+
+ for your operating system.
More information: [Announcing NGINX Plus R24](https://www.nginx.com/blog/nginx-plus-r24-released/)
-
-### NGINX Plus R24 Updates
+
+### NGINX Plus R24 Updates {#r24_p1}
These are bug‑fix releases for NGINX Plus R24.
NGINX Plus R24 P1
-_18 May 2021_
+_May 18, 2021_
- Resolver: an [issue](https://support.f5.com/csp/article/K12331123) in NGINX resolver may allow an attacker who is able to forge UDP packets from the specified DNS server to cause a 1-byte memory overwrite, resulting in a worker process interruption or other unspecified impact ([CVE-2021-23017](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23017))
NGINX Plus R24 P2
-_14 December 2021_
+_December 14, 2021_
- Swagger UI updated to version 4.1.2
-
-## NGINX Plus Release 23 (R23)
-_8 December 2020_
+
+## NGINX Plus Release 23 (R23) {#r23}
+_December 8, 2020_
_Based on NGINX Open Source 1.19.5_
NGINX Plus R23 is a feature release:
@@ -929,7 +915,7 @@ NGINX Plus R23 is a feature release:
- Support for cookie flags with the [proxy_cookie_flags](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cookie_flags) and [userid_flags](https://nginx.org/en/docs/http/ngx_http_userid_module.html#userid_flags) directives
-- Introduced script that performs [unprivileged installation](https://docs.nginx.com/nginx/admin-guide/installing-nginx#unpriv_install) of NGINX Plus
+- Introduced script that performs [unprivileged installation]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md#unpriv_install" >}}) of NGINX Plus
- New command-line switch to redefine an error log file: [-e](https://nginx.org/en/docs/switches.html)
@@ -945,8 +931,8 @@ NGINX Plus R23 is a feature release:
NGINX Plus R23 is supported on:
-{{}}
-| OS Distribution | Versions |
+{{}}
+| OS Distribution | Versions |
|-----------------------------------|------------------------------------------|
| Alpine Linux | 3.10, 3.11, 3.12 |
| Amazon Linux | 2018.03+, 2 LTS |
@@ -969,19 +955,19 @@ NGINX Plus R23 is supported on:
More information: [Announcing NGINX Plus R23](https://www.nginx.com/blog/nginx-plus-r23-released/)
-
-### NGINX Plus R23 Update
+
+### NGINX Plus R23 Update {#r23_p1}
This is a bug‑fix release for NGINX Plus R23.
NGINX Plus R23 P1
-_18 May 2021_
+_May 18, 2021_
- Resolver: an [issue](https://support.f5.com/csp/article/K12331123) in NGINX resolver may allow an attacker who is able to forge UDP packets from the specified DNS server to cause a 1-byte memory overwrite, resulting in a worker process interruption or other unspecified impact ([CVE-2021-23017](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23017))
-
-## NGINX Plus Release 22 (R22)
-_9 June 2020_
+
+## NGINX Plus Release 22 (R22) {#r22}
+_June 9, 2020_
_Based on NGINX Open Source 1.19.0_
NGINX Plus R22 is a feature release:
@@ -992,8 +978,8 @@ NGINX Plus R22 is a feature release:
NGINX Plus R22 is supported on:
-{{}}
-| OS Distribution | Versions |
+{{}}
+| OS Distribution | Versions |
|-----------------------------------|-------------------------------------------------|
| Alpine Linux | 3.9, 3.10, 3.11 |
| Amazon Linux | 2018.03+, 2 LTS |
@@ -1012,9 +998,9 @@ NGINX Plus R22 is supported on:
More information: [Announcing NGINX Plus R22](https://www.nginx.com/blog/nginx-plus-r22-released/)
-
-## NGINX Plus Release 21 (R21)
-_7 April 2020_
+
+## NGINX Plus Release 21 (R21) {#r21}
+_April 7, 2020_
_Based on NGINX Open Source 1.17.9_
NGINX Plus R21 is a feature release:
@@ -1023,8 +1009,8 @@ NGINX Plus R21 is a feature release:
NGINX Plus R21 is supported on:
-{{}}
-| OS Distribution | Versions |
+{{}}
+| OS Distribution | Versions |
|-----------------------------------|-------------------------------------------------|
| Alpine Linux | 3.8, 3.9, 3.10, 3.11 |
| Amazon Linux | 2018.03+, 2 LTS |
@@ -1049,9 +1035,9 @@ NGINX Plus R21 is supported on:
More information: [Announcing NGINX Plus R21](https://www.nginx.com/blog/nginx-plus-r21-released/)
-
-## NGINX Plus Release 20 (R20)
-_3 December 2019_
+
+## NGINX Plus Release 20 (R20) {#r20}
+_December 3, 2019_
_Based on NGINX Open Source 1.17.6_
NGINX Plus R20 is a feature release:
@@ -1065,8 +1051,8 @@ NGINX Plus R20 is a feature release:
NGINX Plus R20 R20 is supported on:
-{{}}
-| OS Distribution | Versions |
+{{}}
+| OS Distribution | Versions |
|-----------------------------------|-------------------------------------------------|
| Alpine Linux | 3.8, 3.9, 3.10 |
| Amazon Linux | 2018.03+, 2 LTS |
@@ -1088,9 +1074,9 @@ NGINX Plus R20 R20 is supported on:
More information: [Announcing NGINX Plus R20](https://www.nginx.com/blog/nginx-plus-r20-released/)
-
-## NGINX Plus Release 19 (R19)
-_13 August 2019_
+
+## NGINX Plus Release 19 (R19) {#r19}
+_August 13, 2019_
_Based on NGINX Open Source 1.17.3_
NGINX Plus R19 is a feature release:
@@ -1105,8 +1091,8 @@ NGINX Plus R19 is a feature release:
NGINX Plus R19 is supported on:
-{{}}
-| OS Distribution | Versions |
+{{}}
+| OS Distribution | Versions |
|-----------------------------------|-------------------------------------------------|
| Alpine Linux | 3.8, 3.9, 3.10 |
| Amazon Linux | 2018.03+, 2 LTS |
@@ -1129,9 +1115,9 @@ NGINX Plus R19 is supported on:
More information: [Announcing NGINX Plus R19](https://www.nginx.com/blog/nginx-plus-r19-released/)
-
-## NGINX Plus Release 18 (R18)
-_9 April 2019_
+
+## NGINX Plus Release 18 (R18) {#r18}
+_April 9, 2019_
_Based on NGINX Open Source 1.15.10_
NGINX Plus R18 is a feature release:
@@ -1144,15 +1130,15 @@ NGINX Plus R18 is a feature release:
- For TCP/UDP, existing connections to proxied upstream server can be explicitly closed after server is removed from upstream group due to health check failure, API call, or re-resolve action (new [proxy_session_drop](https://nginx.org/en/docs/stream/ngx_stream_proxy_module.html#proxy_session_drop) directive)
- New variable, [$upstream_bytes_sent](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#var_upstream_bytes_sent), contains number of bytes sent to an upstream server
- New or updated dynamic modules:
- - [Brotli](https://docs.nginx.com/nginx/admin-guide/dynamic-modules/brotli/) (New): General‑purpose, lossless data compression algorithm
- - [OpenTracing](https://docs.nginx.com/nginx/admin-guide/dynamic-modules/opentracing/) (New): Ability to instrument NGINX Plus with OpenTracing‑compliant requests for a range of distributed tracing services, such as Datadog, Jaeger, and Zipkin
- - [Lua](https://docs.nginx.com/nginx/admin-guide/dynamic-modules/lua//) (Updated): Scripting language for NGINX Plus, updated to use LuaJIT 2.1
- - [NGINX JavaScript](https://docs.nginx.com/nginx/admin-guide/dynamic-modules/nginscript/) (Updated): JavaScript module for NGINX Plus, updated to version [0.3.0](https://nginx.org/en/docs/njs/changes.html#njs0.3.0)
+ - [Brotli]({{< ref "/nginx/admin-guide/dynamic-modules/brotli.md" >}}) (New): General‑purpose, lossless data compression algorithm
+ - [OpenTracing]({{< ref "/nginx/admin-guide/dynamic-modules/opentracing.md" >}}) (New): Ability to instrument NGINX Plus with OpenTracing‑compliant requests for a range of distributed tracing services, such as Datadog, Jaeger, and Zipkin
+ - [Lua]({{< ref "/nginx/admin-guide/dynamic-modules/lua.md" >}}) (Updated): Scripting language for NGINX Plus, updated to use LuaJIT 2.1
+ - [NGINX JavaScript]({{< ref "/nginx/admin-guide/dynamic-modules/nginscript.md" >}}) (Updated): JavaScript module for NGINX Plus, updated to version [0.3.0](https://nginx.org/en/docs/njs/changes.html#njs0.3.0)
NGINX Plus R18 is supported on:
-{{}}
-| OS Distribution | Versions |
+{{}}
+| OS Distribution | Versions |
|-----------------------------------|-------------------------------------------------|
| Alpine Linux | 3.8, 3.9 |
| Amazon Linux | 2018.03+, 2 LTS |
@@ -1179,13 +1165,13 @@ More information: [Announcing NGINX Plus R18](https://www.nginx.com/blog/nginx-p
This is a bug‑fix release for NGINX Plus R18.
NGINX Plus R18 P1
-_6 August 2019_
+_August 6, 2019_
- Security patch: When using HTTP/2 a client might cause excessive memory consumption and CPU usage ([CVE-2019-9511](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511), [CVE-2019-9513](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513), [CVE-2019-9516](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9516))
-
-## NGINX Plus Release 17 (R17)
-_11 December 2018_
+
+## NGINX Plus Release 17 (R17) {#r17}
+_December 11, 2018_
_Based on NGINX Open Source 1.15.7_
NGINX Plus R17 is a feature release:
@@ -1207,8 +1193,8 @@ NGINX Plus R17 is a feature release:
NGINX Plus R17 is supported on:
-{{}}
-| OS Distribution | Versions |
+{{}}
+| OS Distribution | Versions |
|-----------------------------------|-------------------------------------------------|
| Alpine Linux | 3.8, 3.9 |
| Amazon Linux | 2017.09, 2 LTS |
@@ -1231,9 +1217,9 @@ NGINX Plus R17 is supported on:
More information: [Announcing NGINX Plus R17](https://www.nginx.com/blog/nginx-plus-r17-released/)
-
-## NGINX Plus Release 16 (R16)
-_5 September 2018_
+
+## NGINX Plus Release 16 (R16) {#r16}
+_September 5, 2018_
_Based on NGINX Open Source 1.15.2_
NGINX Plus R16 is a feature release:
@@ -1247,15 +1233,15 @@ NGINX Plus R16 is a feature release:
- Support for [AWS PrivateLink](https://aws.amazon.com/privatelink/), Amazon's technology for creating secure tunnels into a VPC
- opaque session token support in the [OpenID Connect reference implementation](https://github.com/nginxinc/nginx-openid-connect)
- New [$ssl_preread_protocol](https://nginx.org/en/docs/stream/ngx_stream_ssl_preread_module.html#var_ssl_preread_protocol) variable to distinguish between SSL/TLS and other protocols when forwarding traffic using a TCP ([stream](https://nginx.org/en/docs/stream/ngx_stream_core_module.html)) proxy
-- New [Encrypted Session](https://docs.nginx.com/nginx/admin-guide/dynamic-modules/encrypted-session/) dynamic module
+- New [Encrypted Session]({{< ref "/nginx/admin-guide/dynamic-modules/encrypted-session.md" >}}) dynamic module
- The NGINX JavaScript module has been updated:
- Single object (`r`) is used to access both request and response attributes associated with each HTTP request
- New language support: `bytesFrom()`, `padStart()`, `padEnd()`, `getrandom()`, `getentropy()`, and binary literals
NGINX Plus R16 is supported on:
-{{}}
-| OS Distribution | Versions |
+{{}}
+| OS Distribution | Versions |
|-----------------------------------|------------------------------------------------|
| Amazon Linux | 2017.09, 2 LTS |
| CentOS | 6.5+, 7.0+ |
@@ -1282,14 +1268,14 @@ More information: [Announcing NGINX Plus R16](https://www.nginx.com/blog/nginx-p
This is a bug‑fix release for NGINX Plus R16.
NGINX Plus R16 P1
-_30 October 2018_
+_October 30, 2018_
- Security patch: When using HTTP/2 a client might cause excessive memory consumption ([CVE-2018-16843](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16843)) and CPU usage ([CVE-2018-16844](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16844))
- Security patch: Processing of a specially crafted MP4 file with the ngx\_http\_mp4\_module might result in worker process memory disclosure ([CVE-2018-16845](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16845))
-
-## NGINX Plus Release 15 (R15)
-_10 April 2018_
+
+## NGINX Plus Release 15 (R15) {#r15}
+_April 10, 2018_
_Based on NGINX Open Source 1.13.10_
NGINX Plus R15 is a feature release:
@@ -1306,12 +1292,12 @@ NGINX Plus R15 is a feature release:
- Updates to [LDAP authentication reference implementation](https://github.com/nginxinc/nginx-ldap-auth)
- New [$upstream_queue_time](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#var_upstream_queue_time) variable to hold the amount of time a request spends in the [upstream queue](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#queue)
- New [$ssl_preread_alpn_protocols](https://nginx.org/en/docs/stream/ngx_stream_ssl_preread_module.html#var_ssl_preread_alpn_protocols) variable to hold the Application Layer Protocol Negotiation (ALPN) protocols presented by client
-- New [Cookie-Flag](https://docs.nginx.com/nginx/admin-guide/dynamic-modules/cookie-flag/) dynamic module
+- New [Cookie-Flag]({{< ref "/nginx/admin-guide/dynamic-modules/cookie-flag.md" >}}) dynamic module
NGINX Plus R15 is supported on:
-{{}}
-| OS Distribution | Versions |
+{{}}
+| OS Distribution | Versions |
|-----------------------------------|------------------------------------------------|
| Amazon Linux | 2017.09, 2 LTS |
| CentOS | 6.5+, 7.0+ |
@@ -1337,19 +1323,19 @@ More information: [Announcing NGINX Plus R15](https://www.nginx.com/blog/nginx-p
These are bug‑fix releases for NGINX Plus R15.
NGINX Plus R15 P2
-_30 October 2018_
+_October 30, 2018_
- Security patch: When using HTTP/2 a client might cause excessive memory consumption ([CVE-2018-16843](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16843)) and CPU usage ([CVE-2018-16844](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16844))
- Security patch: Processing of a specially crafted mp4 file with the ngx_http_mp4_module might result in worker process memory disclosure ([CVE-2018-16845](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16845))
NGINX Plus R15 P1
-_12 April 2018_
+_April 12, 2018_
- Third‑party modules might not be loaded due to signature incompatibility
-
-## NGINX Plus Release 14 (R14)
-_12 December 2017_
+
+## NGINX Plus Release 14 (R14) {#r14}
+_December 12, 2017_
_NGINX Open Source build 1.13.7_
NGINX Plus R14 is a feature release:
@@ -1363,12 +1349,10 @@ NGINX Plus R14 is a feature release:
- Enhanced DNS resolver that preserves the list of upstream IP addresses across a reload of the NGINX Plus configuration
- Ability to drain upstream servers extended to file‑based configurations with the [drain](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#server) parameter to the upstream `server` directive
-
-
NGINX Plus R14 is supported on:
-{{}}
-| OS Distribution | Versions |
+{{}}
+| OS Distribution | Versions |
|-----------------------------------|------------------------------------------------|
| Amazon Linux | 2016.09, 2 (2017.12) |
| CentOS | 6.5+, 7.0+ |
@@ -1393,14 +1377,14 @@ More information: [Announcing NGINX Plus R14](https://www.nginx.com/blog/nginx-p
This is a bug‑fix release for NGINX Plus R14.
NGINX Plus R14 P1
-_25 January 2018_
+_January 25, 2018_
- Live activity monitoring: Reinstated some missing tooltips for the dashboard
- NGINX Plus API: HTTP Basic Authentication support for read‑write mode
-
-## NGINX Plus Release 13 (R13)
-_29 August 2017_
+
+## NGINX Plus Release 13 (R13) {#r13}
+_August 29, 2017_
_Based on NGINX Open Source 1.13.4_
NGINX Plus R13 is a feature release:
@@ -1416,8 +1400,8 @@ NGINX Plus R13 is a feature release:
NGINX Plus R13 is supported on:
-{{}}
-| OS Distribution | Versions |
+{{}}
+| OS Distribution | Versions |
|------------------------|------------------------------------------|
| Amazon Linux | 2016.09+ |
| CentOS | 6.5+, 7.0+ |
@@ -1438,9 +1422,9 @@ NGINX Plus R13 is supported on:
More information: [Announcing NGINX Plus R13](https://www.nginx.com/blog/nginx-plus-r13-released)
-
-## NGINX Plus Release 12 (R12)
-_14 March 2017_
+
+## NGINX Plus Release 12 (R12) {#r12}
+_March 14, 2017_
_Based on NGINX Open Source 1.11.10_
NGINX Plus R12 is a feature release:
@@ -1465,8 +1449,8 @@ NGINX Plus R12 is a feature release:
NGINX Plus R12 is supported on:
-{{}}
-| OS Distribution | Versions |
+{{}}
+| OS Distribution | Versions |
|------------------------|------------------------------------------------------|
| Amazon Linux | 2016.09+ |
| CentOS | 5.10+, 6.5+, 7.0+ |
@@ -1492,23 +1476,23 @@ More information: [Announcing NGINX Plus R12](https://www.nginx.com/blog/nginx
These are bug‑fix releases for NGINX Plus R12.
NGINX Plus R12 P3
-_29 June 2017_
+_June 29, 2017_
- Content caching: Cache response might contain additional internal cache header data
NGINX Plus R12 P2
-_30 March 2017_
+_March 30, 2017_
- Live activity monitoring: Response time metric was miscalculated under certain conditions
NGINX Plus R12 P1
-_14 March 2017_
+_March 14, 2017_
- Live activity monitoring: Dashboard might hang with certain configurations
-
-## NGINX Plus Release 11 (R11)
-_25 October 2016_
+
+## NGINX Plus Release 11 (R11) {#r11}
+_October 25, 2016_
_Based on NGINX Open Source 1.11.5_
NGINX Plus R11 is a feature release:
@@ -1522,8 +1506,8 @@ NGINX Plus R11 is a feature release:
NGINX Plus R11 is supported on:
-{{}}
-| OS Distribution | Versions |
+{{}}
+| OS Distribution | Versions |
|------------------------|------------------------------------------------------|
| Amazon Linux | 2016.03+ |
| CentOS | 5.10+, 6.5+, 7.0+ |
@@ -1539,13 +1523,13 @@ NGINX Plus R11 is supported on:
- FreeBSD 11.0 is new in this release
- Ubuntu 16.10 is new in this release
-- The `nginx-plus-extras` package is no longer provided; migrate to the `nginx-plus` package and then install the needed [dynamic modules](https://www.nginx.com/products/dynamic-modules)
+- The `nginx-plus-extras` package is no longer provided; migrate to the `nginx-plus` package and then install the needed [dynamic modules][Cookie-Flag]({{< ref "/nginx/admin-guide/dynamic-modules/dynamic-modules.md" >}})
More information: [Announcing NGINX Plus R11](https://www.nginx.com/blog/nginx-plus-r11-released/)
-
-## NGINX Plus Release 10 (R10)
-_23 August 2016_
+
+## NGINX Plus Release 10 (R10) {#r10}
+_August 23, 2016_
_Based on NGINX Open Source 1.11.3_
NGINX Plus R10 is a feature release:
@@ -1568,8 +1552,8 @@ NGINX Plus R10 is a feature release:
NGINX Plus R10 is supported on:
-{{}}
-| OS Distribution | Versions |
+{{}}
+| OS Distribution | Versions |
|------------------------|------------------------------------------------------|
| Amazon Linux | 2016.03+ |
| CentOS | 5.10+, 6.5+, 7.0+ |
@@ -1584,13 +1568,13 @@ NGINX Plus R10 is supported on:
**Notes:**
- Ubuntu 15.10 is no longer supported
-- NGINX Plus R10 is the last release to include the `nginx-plus-extras` package; if using this package, migrate to the `nginx-plus` package and then install the needed [dynamic modules](https://www.nginx.com/products/dynamic-modules)
+- NGINX Plus R10 is the last release to include the `nginx-plus-extras` package; if using this package, migrate to the `nginx-plus` package and then install the needed [dynamic modules]({{< ref "/nginx/admin-guide/dynamic-modules/dynamic-modules.md" >}})
More information: [Announcing NGINX Plus R10](https://www.nginx.com/blog/nginx-plus-r10-released/)
-
-## NGINX Plus Release 9 (R9)
-_12 April 2016_
+
+## NGINX Plus Release 9 (R9) {#r9}
+_April 12, 2016_
_Based on NGINX Open Source 1.9.13_
NGINX Plus R9 is a feature release:
@@ -1625,8 +1609,8 @@ NGINX Plus R9 is a feature release:
NGINX Plus R9 is supported on:
-{{}}
-| OS Distribution | Versions |
+{{}}
+| OS Distribution | Versions |
|------------------------|------------------------------------------------------|
| Amazon Linux | 2016.03+ |
| CentOS | 5.10+, 6.5+, 7.0+ |
@@ -1649,14 +1633,14 @@ More information: [Announcing NGINX Plus R9](https://www.nginx.com/blog/nginx-
This is a bug‑fix release for NGINX Plus R9.
NGINX Plus R9 P1
-_25 May 2016_
+_May 25, 2016_
- Segmentation fault might occur when writing a client request body to a temporary file
- Specially crafted request might cause NGINX worker process to crash due to a NULL pointer dereference ([CVE-2016-4450](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4450))
-
-## NGINX Plus Release 8 (R8)
-_19 January 2016_
+
+## NGINX Plus Release 8 (R8) {#r8}
+_January 19, 2016_
_Based on NGINX Open Source 1.9.9_
NGINX Plus R8 is a feature release:
@@ -1677,8 +1661,8 @@ NGINX Plus R8 is a feature release:
NGINX Plus R8 is supported on:
-{{}}
-| OS Distribution | Versions |
+{{}}
+| OS Distribution | Versions |
|------------------------|------------------------------------------------------|
| Amazon Linux | |
| CentOS | 5.10+, 6.5+, 7.0 |
@@ -1699,24 +1683,24 @@ More information: [Announcing NGINX Plus R8](https://www.nginx.com/blog/nginx-
These are bug‑fix releases for NGINX Plus R8.
NGINX Plus R8 P3
-_24 February 2016_
+_February 24, 2016_
- HTTP/2: `client_body_timeout` directive was not handled correctly
NGINX Plus R8 P2
-_11 February 2016_
+_February 11, 2016_
- Logging: Buffer over‑read might occur while logging invalid request headers
- HTTP/2: Various fixes
NGINX Plus R8 P1
-_26 January 2016_
+_January 26, 2016_
- Resolver: Limit `CNAME` resolutions to prevent remote attackers from causing a denial of service ([CVE-2016-0747](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0747))
-
-## NGINX Plus Release 7 (R7)
-_15 September 2015_
+
+## NGINX Plus Release 7 (R7) {#r7}
+_September 15, 2015_
_Based on NGINX Open Source 1.9.4_
NGINX Plus R7 is a feature release:
@@ -1751,8 +1735,8 @@ NGINX Plus R7 is a feature release:
NGINX Plus R7 is supported on:
-{{}}
-| OS Distribution | Versions |
+{{}}
+| OS Distribution | Versions |
|------------------------|-------------------------------------------|
| CentOS | 5.10+, 6.5+, 7.0+ |
| Debian | 7.0, 8.0 |
@@ -1773,9 +1757,9 @@ NGINX Plus R7 is supported on:
More information and important upgrade information for users of the Phusion Passenger Open Source module: [Announcing NGINX Plus Release 7](https://www.nginx.com/blog/nginx-plus-r7-released/)
-
-## NGINX Plus Release 6 (R6)
-_14 April 2015_
+
+## NGINX Plus Release 6 (R6) {#r6}
+_April 14, 2015_
_Based on NGINX Open Source 1.7.11_
NGINX Plus R6 is a feature release:
@@ -1795,8 +1779,8 @@ NGINX Plus R6 is a feature release:
NGINX Plus R6 is supported on:
-{{}}
-| OS Distribution | Versions |
+{{}}
+| OS Distribution | Versions |
|------------------------|------------------------------------------------------|
| CentOS | 5.10+, 6.5+, 7.0 |
| Debian | 6.0, 7.0, 8.0 |
@@ -1811,9 +1795,9 @@ The `nginx-plus-extras` package has additional dependencies.
More information: [Announcing NGINX Plus Release 6 with Enhanced Load Balancing, High Availability, and Monitoring Features](https://www.nginx.com/blog/nginx-plus-r6-released/)
-
-## NGINX Plus Release 5 (R5)
-_2 December 2014_
+
+## NGINX Plus Release 5 (R5) {#r5}
+_December 2, 2014_
_Based on NGINX Open Source 1.7.7_
NGINX Plus R5 is a feature release:
@@ -1828,13 +1812,13 @@ NGINX Plus R5 is a feature release:
- In the `nginx-plus-extras` package:
- [Lua](https://github.com/openresty/lua-nginx-module) module updated to version 0.9.13
- [Phusion Passenger Open Source](https://blog.phusion.nl/tag/passenger-releases/) module updated to version 4.0.53
-- In the nginx-plus-lua package:
+- In the `nginx-plus-lua` package:
- [Lua](https://github.com/openresty/lua-nginx-module) module updated to version 0.9.13
NGINX Plus R5 is supported on:
-{{}}
-| OS Distribution | Versions |
+{{}}
+| OS Distribution | Versions |
|------------------------|------------------------------------------------------|
| CentOS | 5.9, 6.5, 7.0 |
| Debian | 6.0, 7.0 |
@@ -1849,9 +1833,9 @@ The `nginx-plus-extras` and `nginx-plus-lua` packages have additional dependenci
More information: [NGINX Plus R5 Released](https://www.nginx.com/blog/nginx-plus-r5-released/)
-
-## NGINX Plus Release 4 (R4)
-_24 July 2014_
+
+## NGINX Plus Release 4 (R4) {#r4}
+_July 24, 2014_
_Based on NGINX Open Source 1.7.3_
NGINX Plus R4 is a feature release:
@@ -1868,13 +1852,13 @@ NGINX Plus R4 is a feature release:
- In the `nginx-plus-extras` package:
- [Lua](https://github.com/openresty/lua-nginx-module) module updated to version 0.9.10
- [Phusion Passenger Open Source](https://blog.phusion.nl/tag/passenger-releases/) module updated to version 4.0.45
-- In the nginx-plus-lua package:
+- In the `nginx-plus-lua` package:
- [Lua](https://github.com/openresty/lua-nginx-module) module updated to version 0.9.10
NGINX Plus R4 is supported on:
-{{}}
-| OS Distribution | Versions |
+{{}}
+| OS Distribution | Versions |
|------------------------|------------------------------------------------|
| CentOS | 5.9, 6.5, 7.0 |
| Debian | 6.0, 7.0 |
@@ -1889,9 +1873,9 @@ The `nginx-plus-extras` and `nginx-plus-lua` packages have additional dependenc
More information: [NGINX Plus R4 Released](https://www.nginx.com/blog/nginx-plus-r4-released/)
-
-## NGINX Plus Release 3 (R3)
-_2 April 2014_
+
+## NGINX Plus Release 3 (R3) {#r3}
+_April 2, 2014_
_Based on NGINX Open Source 1.5.12‑1_
NGINX Plus R3 is a feature release:
@@ -1905,8 +1889,8 @@ NGINX Plus R3 is a feature release:
NGINX Plus R3 is supported on:
-{{}}
-| OS Distribution | Versions |
+{{}}
+| OS Distribution | Versions |
|------------------------|------------------------------------------------|
| CentOS | 5.9, 6.5 |
| Debian | 6.0, 7.0 |
@@ -1921,9 +1905,9 @@ The `nginx-plus-extras` and `nginx-plus-lua` packages have additional dependenci
More information: [NGINX Plus R3 Released](https://www.nginx.com/blog/nginx-plus-r3-released/)
-
-## NGINX Plus Release 2 (R2)
-_12 December 2013_
+
+## NGINX Plus Release 2 (R2) {#r2}
+_December 12, 2013_
_Based on NGINX Open Source 1.5.7‑1_
NGINX Plus R2 is a feature release:
@@ -1937,19 +1921,19 @@ NGINX Plus R2 is a feature release:
### NGINX Plus R2 Updates
Security Update to NGINX Plus Release R2
-_21 March 2014_
+_March 21, 2014_
_Based on NGINX Open Source 1.5.7‑4_
- Fixes vulnerability in experimental SPDY implementation in NGINX Open Source 1.5.7‑3 and earlier.
Functional Update to NGINX Plus R2
-_5 March 2014_
+_March 5, 2014_
_Based on NGINX Open Source 1.5.7‑3_
- NGINX Plus now correctly applies the value set with the [client_max_body_size](https://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size) directive when processing HTTP requests that contain chunk‑encoded body data.
Functional Update to NGINX Plus R2
-_13 February 2014_
+_February 13, 2014_
_Based on NGINX Open Source 1.5.7‑2_
- Updates to MP4 and HLS streaming functionality
@@ -1957,9 +1941,9 @@ _Based on NGINX Open Source 1.5.7‑2_
- Updates to implementation of SPDY/2
- Added **status.html** file for live activity monitoring, missing from some packages
-
-## NGINX Plus Initial Release (R1)
-_22 August 2013_
+
+## NGINX Plus Initial Release (R1) {#r1}
+_August 22, 2013_
_Based on NGINX Open Source 1.5.3‑1_
NGINX Plus is the fully supported, commercial version of NGINX. It includes most NGINX open source modules and adds further features:
@@ -1967,7 +1951,7 @@ NGINX Plus is the fully supported, commercial version of NGINX. It includes mos
- Application health checks
- Live activity monitoring (implemented in the Extended Status module)
- Advanced load balancing
-- On‑the‑fly reconfiguration of load‑balanced upstream groups
+- On‑the‑fly reconfiguration of load‑balanced upstream groups
- Extended logging capabilities
- High availability setup
- Adaptive media streaming