Hi folks,

I am excited to announce the new formal release, 1.11.2.1, of the
OpenResty web platform based on NGINX and LuaJIT:

https://openresty.org/en/download.html

Both the (portable) source code distribution and the Win32 binary
distribution are provided on this Download page.

Also, we now provide official pre-built packages and repositories for
CentOS, RHEL, and Fedora. Support for other Linux distributions will
come in the near future (contributors welcome!):

https://openresty.org/en/linux-packages.html

https://openresty.org/en/rpm-packages.html

The highlights of this release are:

1. New NGINX 1.11.2 core.

2. The official Lua 5.1 reference manual and LuaJIT 2 documentation
have been added to the restydoc documentation index.

3. New ssl_session_fetch_by_lua* and ssl_session_store_by_lua*
directives for doing (distributed) nonblocking caching of SSL session
data by SSL session IDs for downstream SSL handshakes performed for
https requests:

https://github.com/openresty/lua-nginx-module#ssl_session_fetch_by_lua_block

4. New Lua API for manipulating user-defined shm-based queues or lists
in lua_shared_dict:

https://github.com/openresty/lua-nginx-module#ngxshareddictlpush

5. New Lua API in ngx.balancer for setting per-session timeout
threshold values for upstream communications in the context of
balancer_by_lua*:

https://github.com/openresty/lua-resty-core/blob/master/lib/ngx/balancer.md#set_timeouts

6. Better HTTP/2 support in ngx_lua and other OpenResty components.

The complete change log since the last (formal) release, 1.9.15.1:

* upgraded the Nginx core to 1.11.2.

* see the changes here: http://nginx.org/en/CHANGES

* feature: bundled the sess_set_get_cb_yield patch for OpenSSL to
support the ssl_session_fetch_by_lua* directives of ngx_lua.

* win32: we now use pcre 8.39 and openssl 1.0.2h in our official
build.

* feature: applied the "ssl_pending_session.patch" to the nginx
core to support the ssl_session_fetch_by_lua* and
ssl_session_store_by_lua* in ngx_lua.

* feature: added "<openresty-prefix>/site/lualib/" to the default
Lua module search paths used by OpenResty. This location is for
3rd-party Lua modules so that the users will not pollute the
"<openresty-prefix>/lualib/" directory with non-standard Lua
module files.

* feature: now we create the "<openresty-prefix>/bin/openresty"
symlink which points to "<openresty-prefix>/nginx/sbin/nginx" to
avoid polluting the "PATH" environment with the name "nginx".

* feature: added the "upstream_timeout_fields" patch to the nginx
core to allow efficient per-request connect/send/read timeout
settings for individual upstream requests and retries.

* feature: added the official LuaJIT documentation from LuaJIT 2.1
to our "restydoc" indexes.

* feature: added the Lua 5.1 reference manual from lua 5.1.5 to
our restydoc indexes.

* bugfix: special characters like spaces in nginx configure option
values (like "--with-pcre-opt" and "--with-openssl-opt") were
not passed correctly. thanks Andreas Lubbe for the report.

* change: now we use our own version of default "index.html" and
"50x.html" pages.

* upgraded ngx_lua to 0.10.6.

* feature: added new shdict methods: lpush, lpop, rpush, rpop,
llen for manipulating list-typed values. these methods can
be used in the same way as the redis commands of the same
names. Essentially we now have shared memory based queues
now. each queue is indexed by a key. thanks Dejiang Zhu for
the patch.

* feature: implemented ssl_session_fetch_by_lua* and
ssl_session_store_by_lua* configuration directives for doing
(distributed) caching of SSL sessions (via SSL session IDs)
for downstream connections. thanks Zi Lin for the patches.

* feature: added pure C API for setting upstream request
connect/send/read timeouts in balancer_by_lua* on a per
session basis. thanks Jianhao Dai for the original patch.

* feature: ssl: add FFI functions to parse certs and private
keys to cdata. With the current FFI functions the
certificate chain and the private key are parsed from DER
every time they are set into the SSL state. Now we can cache
the parsed certs and private keys as cdata objects directly.
These new functions make it possible to avoid the DER ->
OpenSSL parsing. Thanks Alessandro Ghedini for the patch.

* feature: shdict:incr(): added the optional "init" argument
to allow intializing nonexistent keys with an initial value.

* feature: allow tcpsock:setkeepalive() to receive nil args.
thanks Thibault Charbonnier for the patch.

* bugfix: *_by_lua_file: did not support absolute file paths
on non-UNIX systems like Win32. thanks Someguynamedpie for
the report and the original patch.

* bugfix: fake connections did not carry a proper connection
number. thanks Piotr Sikora for the patch.

* bugfix: "lua_check_client_abort on" broke HTTP/2 requests.

* bugfix: "ngx_http_lua_ffi_ssl_create_ocsp_request": we did
not clear the openssl stack errors in the right place.

* bugfix: ngx.sha1_bin() was always disabled with nginx
1.11.2+ due to incompatible changes in nginx 1.11.2+. thanks
manwe for the report.

* bugfix: segfaults might happen when calling ngx.log() in
ssl_certificate_by_lua* and error_log was configured with
syslog. thanks Jonathan Serafini and Greg Karékinian for the
report.

* bugfix: fixed a typo in the error handling of the
"SSL_get_ex_new_index()" call for our ssl ctx index. thanks
Jie Chen for the report.

* bugfix: when the nginx core does not properly initialize
"r->headers_in.headers" (due to 400 bad requests and etc),
ngx.req.set_header() and ngx.req.clear_header() might lead
to crashes. thanks Marcin Teodorczyk for the report.

* bugfix: fixed crashes in ngx.req.raw_header() for HTTP/2
requests. now we always throw out a Lua exception in
ngx.req.raw_header() when being called in HTTP/2 requests.

* bugfix: specifying the C macro "NGX_LUA_NO_FFI_API" broke
the build. thanks jsopenrb for the report.

* doc: ngx.worker.count() is available in the
init_worker_by_lua* context.

* doc: documented that ngx.req.raw_header() does not work in
HTTP/2 requests.

* doc: typo fixes from Otto Kekäläinen and Nick Galbreath.

* upgraded lua-resty-core to 0.1.8.

* updated the "resty.core.shdict" Lua module to reflect the
recent addition of list-typed shdict values in ngx_lua.

* feature: shdict:incr(): added the optional "init" argument
to allow intializing nonexistent keys with an initial value.

* feature: added the ngx.ssl.session module for the contexts
ssl_session_fetch_by_lua* and ssl_session_store_by_lua*.
thanks Zi Lin for the patches.

* feature: ngx.balancer: added new API functions
set_timeouts() for setting per-session connect/send/read
timeouts for the current upstream request and subsequent
retries. thanks Jianhao Dai for the patch.

* feature: ngx.ssl: add new API functions parse_pem_cert(),
parse_pem_priv_key(), set_cert(), and set_priv_key(). thanks
Alessandro Ghedini for the patch.

* upgraded lua-resty-dns to 0.17.

* feature: now we support parsing answer records in all the
answer sections ("AN", "NS", and "AR"). thanks Zekai Zheng
for the patch.

* optimize: commented out 3 lines of useless Lua code in
"parse_response()".

* upgraded lua-resty-redis to 0.25.

* feature: now this module automatically generate Lua methods
for *any* Redis commands the caller attempts to use. The
lazily generated Lua methods are cached in the Lua module
table for faster subsequent uses. In theory, any Redis
commands in existing Redis or even future Redis servers can
work out of the box. thanks spacewander for the patch.

* upgraded ngx_lua_upstream to 0.06.

* feature: added upstream.current_upstream_name() to return
the proxy target used in the current request. thanks Justin
Li for the patch.

* minor Lua table initialization optimizations from Scott
Francis.

* upgraded resty-cli to 0.13.

* bugfix: restydoc: pod2man from older perl versions (like
5.8) does not support "-u" option. we should be smarter
here.

* bugfix: when resty/restydoc/restydoc-index were invoked
through symlinks, they might fail to locate the nginx
executable of openresty.

* bugfix: POD errors might get displayed in pod2man with older
versions of perl (like perl 5.20.2). thanks Dominic for the
patch.

* bugfix: pod2man might abort with a "Can't open file" error
with perl 5.24+.

* bugfix: restydoc-index: improved the seciton name
normalization for the documentation indexes.

* upgraded ngx_echo to 0.60.

* bugfix: fixed compilation failures when specifying the C
compiler option "-DDDEBUG=2". thanks amdei for the report.

* bugfix: fixed crashes in $echo_client_request_headers for
HTTP/2 requests. thanks dilyanpalauzov for the report. Now
$echo_client_request_headers always evaluates to an empty
value (not found) in HTTP/2 requests.

* doc: make it clearer when to use the "--" form.

* upgraded ngx_headers_more to 0.31.

* bugfix: when the nginx core does not properly initialize
"r->headers_in.headers" (due to 400 bad requests and etc),
more_set_input_headers might lead to crashes. thanks Marcin
Teodorczyk for the report.

* bugfix: fixed a typo in an error message. thanks Albert
Strasheim for the patch.

* upgraded ngx_set_misc to 0.31.

* bugfix: the set_sha1 directive is always disabled when
working with nginx 1.11.2+ due to recent changes in the new
nginx cores.

* upgraded ngx_encrypted_session to 0.06.

* doc: we do require ngx_http_ssl_module to work properly.

The HTML version of the change log with lots of helpful hyper-links
can be browsed here:

https://openresty.org/en/changelog-1011002.html

OpenResty is a full-fledged web platform
by bundling the standard Nginx core, Lua/LuaJIT, lots of
3rd-party Nginx modules and Lua libraries, as well as most of their external
dependencies. See OpenResty's homepage for details:

https://openresty.org/

We have run extensive testing on our Amazon EC2 test cluster and
ensured that all the components (including the Nginx core) play well
together. The latest test report can always be found here:

https://qa.openresty.org/

Have fun!
-agentzh

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx