Hi folks!

I am happy to announce the new formal release, 1.13.6.2, of the
OpenResty web platform based on NGINX and LuaJIT:

https://openresty.org/en/download.html

The (portable) source code distribution, the Win32/Win64 binary
distributions, and the pre-built binary Linux packages for Ubuntu,
Debian, Fedora, CentOS, RHEL, Amazon Linux are provided on this
Download page.

Starting from this release, we provide official 64-bit Windows native
binary package for OpenResty. We also provide new yum package
repositories for Ubuntu 18.04 Bionic.

The next OpenResty release will be based on the nginx core 1.13.12 or
a version in the upcoming nginx 1.15.x series.

Special thanks go to all our developers and contributors! And thanks
OpenResty Inc. (https://openresty.com/ ) for sponsoring a lot of the
OpenResty core development work.

We have the following highlights in this release:

1. We now have full official support for the OpenSSL 1.1.0 series (the
last tested version is OpenSSL 1.1.0h).

2. We now provide official 64-bit Windows native binary packages for OpenResty.

3. We now provide a new table.clone() builtin Lua API function in our
bundled version of LuaJIT, which can also be JIT compiled.

4. We now provide UDP downstream cosocket API in our ngx_stream_lua
module. Now the community can build high performance UDP server
applications with Lua atop OpenResty.

5. New flush_all() method added to our lua-resty-lrucache Lua library.

6. Our resty command-line utility's startup/exit time is significantly
reduced on *NIX systems. Now it takes only ~10ms to run a hello world
program on a mid-2015 Macbook Pro.

7. We now avoid running Lua VM instances in NGINX's helper processes
like "cache loader" and "cache manager" to reduce memory footprint in those
processes.

8. New raw_client_addr() function added to the ngx.ssl Lua module.

9. New ngx.base64 module added to lua-resty-core with new Lua API
functions encode_base64url() and decode_base64url().

10. Various time-related Lua APIs provided by ngx_lua are now
re-implemented via LuaJIT FFI in lua-resty-core so that they can be
JIT compiled and run much faster.

11. New lua_add_variable config directive provided by the
ngx_stream_lua module so that we can define new NGINX variables for
the stream subsystem.

12. New add_header() Lua API has been added to the new ngx.resp Lua
module to mimic NGINX's standard add_header directive on the Lua land.

13. Support for the optional "init_ttl" argument in shdict:incr()
method so that when the key is missing we can add a default TTL value
of our own.

14. Added the "local=on" and "local=/path/to/resolv.conf" options to
the standard "resolver" config directive. This can enable the use of
system-level nameserver configurations of /etc/resolv.conf, for
example, in nginx's own nonblocking DNS resolver.

The complete change log since the last (formal) release, 1.13.6.1:

* win64: distributing official 64-bit Windows binary packages for
OpenResty using the MSYS2/MinGW toolchain.

* win32: now we build our official 32-bit Windows binary packages
for OpenResty using the MSYS2/MinGW toolchain.

* win32: upgraded pcre to 8.42 and openssl to 1.1.0h.

* optimize: now the openresty build system ("./configure")
automatically patches the resty command-line utility to use its
own nginx binary so that it does not have to compute it at
runtime (which is a bit expensive). this saves about 10ms (from
for total 20ms to 10ms) for resty's startup time, as measured on
a mid-2015 MBP. That's 50% reduction in total startup time! Yay!

* win32/win64: enabled ngx_stream_ssl_preread_module in our binary
builds.

* bugfix: ./configure: relative paths in --add-dynamic-module=PATH
option did not work. thanks catatsuy for the patch.

* feature: added a patch for the nginx core to add the "local=on"
and "local=/path/to/resolv.conf" options to the standard
"resolver" config directive. This can enable the use of
system-level nameserver configurations of /etc/resolv.conf, for
example, in nginx's own nonblocking DNS resolver. thanks Datong
Sun for the patch.

* feature: added the "socket_cloexec" patch to ensure most of the
nginx connections could be closed before child process
terminates. thanks spacewander for the patch.

* feature: added patches to the nginx core to make sure
ngx_stream_ssl_preread_module will not skip the rest of the
preread phase when SNI server name parsing was successful.
thanks Datong Sun for the patch.

* feature: ./configure: updated the stream subsystem related
options from nginx 1.13.6. thanks hy05190134 for the patch.

* feature: added the SSL "sess_set_get_cb" yielding support patch
for OpenSSL 1.1.0d and beyond. thanks spacewander for the patch.

* feature: applied the "init_cycle_pool_release" patch to nginx
1.13.6+ cores to make it valgrind or asan clean.

* bugfix: we incorrectly removed the existing Makefile even for
"./configure --help". thanks spacewander for the patch.

* feature: added information about OpenResty's commercial support
in the default index.html page.

* opm: doc index: updated the LuaJIT 2.1's official docs to the
latest version.

* upgraded resty-cli to 0.21.

* resty: got rid of prerequisite perl modules to improve
startup time. Startup time has been significantly reduced on
*NIX systems. No improvment on Win32 though. On my mid-2015
MBP, the "resty -e "print(1)"" command's total time can drop
from ~36ms to ~10ms. *bugfix: when the signal is received
but the child process is already gone, resty incorrectly
returned non-zero return code and output "No such process"
error. thanks Datong Sun for the patch.

* upgraded opm to 0.0.5.

* bugfix: opm get: curl via HTTP proxies would complain about
"bad response status line received". The first "Connection
established" response might not come with any response
header entries at all.

* upgraded ngx_lua to 0.10.13.

* feature: ngx.req.get_post_args(), ngx.req.get_uri_args(),
ngx.req.get_headers(), ngx.resp.get_headers(), and
ngx.decode_args() now would return an error string,
"truncated", when the input exceeds the
"max_args"/"max_headers" limits.

* feature: added support for the OpenSSL 1.1.0 serires. thanks
Alessandro Ghedini for the original patch and the subsequent
polishment work from Dejiang Zhu and spacewander.

* feature: added the "init_ttl" argument to the pure C
function for the shdict:incr() API. thanks Thibault
Charbonnier for the patch.

* feature: added support for the 308 status code in
ngx.redirect(). thanks Mikhail Senin for the patch.

* feature: ssl: support enabling TLSv1.3 via the
lua_ssl_protocols config directive. thanks Alessandro
Ghedini for the patch.

* feature: "ngx_http_lua_ffi_set_resp_header()": now add an
override flag argument to control whether to override
existing resp headers. this feature is required by the new
ngx.resp module's "add_header()" Lua API (in
lua-resty-core). thanks spacewander for the patch.

* feature: allowed sending boolean and nil values in
cosockets. thanks spacewander for the patch.

* feature: api.h: exposed the "ngx_http_lua_ffi_str_t" C data
type for other Nginx C modules.

* feature: logged the tcp cosocket's remote end address when
tcpsock:connect() times out and "lua_socket_log_errors" is
on. This feature makes debug connect timeout errors easier,
since domain name may map to different ip address in
different time. thanks spacewander for the patch.

* bugfix: ngx.resp.get_headers(): the "max_headers" limit did
not cover builtin headers.

* bugfix: "ngx_http_lua_ffi_ssl_set_serialized_session()":
avoided memory leak when calling it repeatly.

* bugfix: we now throw a Lua exception when
ngx.location.capture* Lua API is used inside an HTTP2
request since it is known to lead to hanging.

* bugfix: nginx rewrite directive may initiate internal
redirects without clearing any module ctx and
rewrite_by_lua* handlers might think it was re-entered and
thus it might lead to request hang. thanks twistedfall for
the report.

* bugfix: avoided sharing the same code object for identical
Lua inlined code chunks in different phases due to chunk
name conflicts. thanks yandongxiao for the report and
spacewander for the patch.

* bugfix: ngx.req.raw_header(): the first part of the header
would be discarded when using single LF as delimiter and the
number of headers is large enough. thanks tokers for the
patch.

* bugfix: pure C API for ngx.var assignment: we failed to
output the error message length. this might lead to error
buffer overreads. thanks Ka-Hing Cheung for the patch.

* bugfix: the upper bound of port ranges should be 65535
instead of 65536. thanks spacewander for the patch.

* bugfix: we did not always free up all connections when
cleaning up socket pools. thanks spacewander for the patch.

* bugfix: use of lua-resty-core's ngx.re API in init_by_lua*
might lead to memory issues during nginx HUP reload when no
lua_shared_dict directives are used and the regex cache is
enabled.

* change: switched to "SSL_version()" calls from
"TLS1_get_version()". "TLS1_get_version" is a simple wrapper
for "SSL_version" that returns 0 when used with DTLS.
However, it was removed from BoringSSL in 2015 so instead
use "SSL_version" directly. Note: BoringSSL is never an
officially supported target for this module.
"ngx_http_lua_ffi_ssl_get_tls1_version" can never be reached
with DTLS so the behaviour is the same. thanks Tom Thorogood
for the patch.

* optimize: switched exptime argument type to 'long' in the
shdict FFI API to mitigate potential overflows. thanks
Thibault Charbonnier for the patch.

* optimize: avoided the string copy in
"ngx_http_lua_ffi_req_get_method_name()".

* optimize: corrected the initial table size of req socket
objects. thanks spacewander for the patch.

* optimize: destroy the Lua VM and avoid running any
init_worker_by_lua* code inside cache helper processes.
thanks spacewander for the patch.

* doc: fixed an error message typo in "set_der_priv_key()".
thanks Tom Thorogood for the patch.

* doc: mentioned that OpenResty includes its own version of
LuaJIT which is specifically optmized and enhanced for
OpenResty.

* doc: some typo fixes from hongliang.

* doc: setting ngx.header.HEADER no longer throws out an
exception when the header is already sent out; it now just
logs an error message. thanks yandongxiao for the patch.

* doc: typo fixes from yandongxiao.

* doc: typo fixes from tan jinhua.

* doc: fixed a typo in a code comment. thanks Alex Zhang for
the patch.

* upgraded lua-resty-core to 0.1.15.

* feature: implemented ngx.resp module and its function
add_header(). The ngx.resp module's "add_header" works like
the "add_header" Nginx directive. Unlike the
"ngx.header.HEADER=" API, this method appends new header to
the old one instead of overriding any existing ones. Unlike
the "add_header" directive, this method overrides the
builtin header instead of appending to it. thanks
spacewander for the patch.

* feature: the FFI version of the ngx.req.get_uri_args() and
ngx.req.get_headers() API functions now would return an
error string, "truncated", when the input exceeds the
"max_args"/"max_headers" limits.

* bugfix: ngx.re: fixed a "split()" corner case when
successtive separator characters are at the end of the
subject string.

* bugfix: shdict: switched exptime argument type to 'long' to
mitigate potential overflows.

* bugfix: ngx.ssl.session: avoided memory leaks when calling
set_serialized_session repeatly. thanks spacewander for the
patch.

* optimize: avoided an extra string copy in
ngx.req.get_method(). thanks spacewander for the patch.

* change: replaced "return error()" with "error()" to avoid
stack unwinding upon Lua exceptions. this should give much
better Lua backtrace for the errors. thanks spacewander for
the patch.

* bugfix: ngx.re: fixed a split() edge-case when using control
characters in the regex. thanks Thibault Charbonnier for the
patch.

* feature: shdict:incr(): added the "init_ttl" argument to set
the ttl of values when they are first created via the "init"
argument. thanks Thibault Charbonnier for the patch.

* feature: re-implemented the remaining time related Lua APIs
with FFI (like ngx.update_time, ngx.http_time,
ngx.parse_http_time, and etc.). thanks spacewander for the
patch.

* feature: ngx.errlog: added the raw_log() API function to
allow the building of custom logging facilities. thanks
Thibault Charbonnier for the patch.

* feature: added new API function "get_master_pid()" to the
ngx.process module. thanks chronolaw for the patch.

* doc: typo fixes from chronolaw.

* feature: added new resty.core.phase module to include the
pure FFI version of the ngx.get_phase() API. thanks Robert
Paprocki for the patch.

* feature: added new ngx.base64 Lua module with the functions
encode_base64url() and decode_base64url(). thanks Datong Sn
for the patch.

* bugfix: resty.core.var: ngx.var.VAR assignment might
over-read the error msg buffer. thanks Ka-Hing Cheung for
the patch.

* optimize: use plain text string.find calls when we mean it.

* feature: ngx.ssl: added new raw_client_addr() Lua API
function. thanks 王军伟 for the patch.

* upgraded lua-cjson to 2.1.0.6.

* optimize: improved forward-compatibility with older versions
of Lua/LuaJIT. thanks Thibault Charbonnier for the patch.

* bugfix: fixed the C compiler warning "SO C90 forbids mixed
declarations and code" on older operating systems.

* feature: set "cjson.array_mt" on decoded JSON arrays. this
can be turned on via
"cjson.decode_array_with_array_mt(true)". off by default for
backward compatibility. thanks Thibault Charbonnier for the
patch.

* feature: added new cjson.array_mt metatable to allow
enforcing JSON array encoding. thanks Thibault Charbonnier
for the patch.

* bugfix: fixed a -Wsign-compare compiler warning. thanks
gnought for the patch.

* upgraded lua-resty-lrucache to 0.08.

* feature: added new method flush_all() to flush all the data
in an existing cache object. thanks yang.yang for the patch.

* upgraded lua-resty-dns to 0.21.

* refactor: cleaned up some variable names and locals. thanks
Thijs Schreijer for the patch.

* bugfix: fixed issues with retrans not being honoured upon
connection failures. thanks Thijs Schreijer for the patch.

* feature: improved error reporting, making it more precise,
and returning errors of previous tries. thanks Thijs
Schreijer for the patch.

* bugfix: fix parsing state after SOA record. Correct parsing
of Additional Records failed due to a bad parsing state
after processing a SOA record in the Authorative nameservers
section. DNS response based on "dig @ns1.google.com SOA
google.com". thanks Peter Wu for the patch.

* bugfix: fix typo in SOA record field "minimum". Rename
"mininum" to "minimum", fixes issue in original feature
added with lua-resty-dns v0.19rc1.

* upgraded lua-resty-string to 0.11.

* feature: resty.aes: added compaibility with OpenSSL 1.1.0+.
thanks spacewander for the patch.

* upgraded ngx_stream_lua to 0.0.5.

* feature: we now have raw request downstream cosocket support
for scripting UDP servers. thanks Datong Sun for the patch.

* feature: added the preread handler postponing feature.
thanks Datong Sun for the patch.

* feature: added new config directive lua_add_variable to
allow adding changeable. thanks Datong Sun for the patch.

* upgraded ngx_set_misc to 0.32.

* bugfix: set_quote_pgsql_str: we did not escape the "$"
character. thanks Yuansheng Wang for the patch.

* refactor: made "ngx_http_pg_utf_islegal()" much better.

* bugfix: fixed the "-Wimplicit-fallthrough" warinings from
GCC 7. thanks Andrei Belov for the patch.

* upgraded ngx_redis2 to 0.15.

* bugfix: "ragel -G2" genreates C code which results in
"-Werror=implicit-fallthrough" compilation errors at least
with gcc 7.2. switched to "ragel -T1" instaed.

* upgraded ngx_memc to 0.19

* bugfix: "ragel -G2" genreates C code which results in
"-Werror=implicit-fallthrough" compilation errors at least
with gcc 7.2. switched to "ragel -T1" instaed.

* upgraded ngx_encrypted_session to 0.08.

* feature: added support for OpenSSL 1.1.0. thanks spacewander
for the patch.

* upgraded ngx_rds_csv to 0.09.

* bugfix: fixed the "-Werror=implicit-fallthrough" compilation
errors at least with gcc 7.2.

* upgraded ngx_drizzle to 0.1.11.

* bugfix: fixed the "-Werror=implicit-fallthrough" compilation
errors at least with gcc 7.2.

* upgraded ngx_xss to 0.06.

* bugfix: "ragel -G2" genreates C code which results in
"-Werror=implicit-fallthrough" compilation errors at least
with gcc 7.2. switched to "ragel -T1" instaed.

* bugfix: fixed errors and warnings with C compilers without
variadic macro support.

* upgraded LuaJIT to 2.1-20180419:
https://github.com/openresty/luajit2/tags

* feature: implemented new API function "jit.prngstate()" for
reading or setting the current PRNG state number used in the
JIT compiler.

* feature: implemented the table.clone() builtin Lua API. This
change only support shallow clone. e.g

local tab_clone = require "table.clone" local x = {x=12,
y={5, 6, 7}} local y = tab_clone(x) -- ... use y here ...

We observed 7% over-all speedup in the edgelang-fan
compiler's compiling speed whose Lua is generated by the
fanlang compiler. thanks Shuxin Yang for the patch and
OpenResty Inc. for sponsoring this work.

* imported Mike Pall's latest changes:

* DynASM/x86: Add BMI1 and BMI2 instructions.

* Fix rechaining of pseudo-resurrected string keys.

* Clear stack after "print_jit_status()" in CLI.

* Fix GCC 7 "-Wimplicit-fallthrough" warnings.

* FFI: Don't assert on "#1LL" (Lua 5.2 compatibility mode
only).

* MIPS64: Fix soft-float +-0.0 vs. +-0.0 comparison.

* Fix LuaJIT API docs for "LUAJIT_MODE_*".

* Fix ARMv8 (32 bit subset) detection.

* Fix "string.format("%c", 0)".

* Fix "IR_BUFPUT" assembly.

* MIPS64: Fix "xpcall()" error case.

* ARM64: Fix "xpcall()" error case.

* Fix saved bytecode encapsulated in ELF objects.

* MIPS64: Fix register allocation in assembly of HREF.

* ARM64: Fix assembly of HREFK.

* Fix FOLD rule for strength reduction of widening.

The HTML version of the change log with lots of helpful hyper-links
can be browsed here:

https://openresty.org/en/changelog-1013006.html

OpenResty is a full-fledged web platform
by bundling the standard Nginx core, LuaJIT, lots of
3rd-party Nginx modules and Lua libraries, as well as most of their external
dependencies. See OpenResty's homepage for details:

https://openresty.org/

We have run extensive testing on our Amazon EC2 test cluster and
ensured that all the components (including the Nginx core) play well
together. The latest test report can always be found here:

https://qa.openresty.org/

We also always run our OpenResty Edge commercial software based on the
latest open source version of OpenResty in our own global CDN network
(dubbed "mini CDN") powering our openresty.org and openresty.com
websites. See https://openresty.com/ for more details.

Enjoy!

Best regards,
Yichun
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx