Month: February 2024

NGINX 1.25.4 Mainline with Brotli, TLS 1.3, OpenSSL 3.0.13, HTTP/2 and HTTP/3 for Red Hat Enterprise Linux, CentOS, Rocky, Oracle, Alma Linux EL7/EL8/EL9

NGINX 1.25.4 mainline with HTTP/3 support added to EL7, EL8, EL9 repositories. brotli compression module from Google, http2, ngx cache purge and ngx http geoip2 modules added or built-in. OpenSSL built dynamically using OpenSSL+QUIC 3.0.12.

Major changes:

  • fixes for vulnerabilities in HTTP/3 (CVE-2024-24989, CVE-2024-24990)

RHEL 7 / CentOS 7:

yum upgrade -y codeit-repo-release
yum-config-manager --enable CodeIT-mainline --save
yum install nginx

RHEL 8-9 / Alma Linux 8-9 / Rocky Linux 8-9 / CentOS 8-9 / Other EL8/EL9 repos are modular now. To install nginx with HTTP/3 support, you need to enable the appropriate stream:

dnf module reset -y nginx
dnf module enable -y nginx:codeit-mainline
dnf install nginx

We build OpenSSL+QUIC 3.0 separately since v1.21.6, installing it separately to /lib64 with .so.81.3 suffix to ensure it won’t interfere with your system libraries.

Exerimental HTTP/3 support added in NGINX 1.25.0 Mainline. We build it with the corresponding module (–with-http_v3_module).

nghttp3 1.2.0, ngtcp2 1.3.0 released

nghttp3 1.2.0, ngtcp2 1.3.0 rpms released and added to all supported platforms

nghttp3 1.2.0:

Clarify the behavior when a stream is not found by @tatsuhiro-t in #181 Fix typo by @tatsuhiro-t in #183 cmake: restore ENABLE_STATIC_CRT and ENABLE_ASAN options by @vszakats in #184 Migrate to munit form cunit by @tatsuhiro-t in #187 Pull sfparse via git submodule by @tatsuhiro-t in #188 Update .gitignore by @tatsuhiro-t in #190 Update git submodule by @tatsuhiro-t in #189 Add nghttp3_conn_update_ack_offset by @tatsuhiro-t in #191 Add include path to munit directory by @tatsuhiro-t in #192 Bump munit by @tatsuhiro-t in #193 Shrink nghttp3_stream size by @tatsuhiro-t in #194 Fix typo by @tatsuhiro-t in #195 Bump munit by @tatsuhiro-t in #196 Bump submodules by @tatsuhiro-t in #198

ngtcp2 1.3.0:

Do not run docker-build on tag by @tatsuhiro-t in #1085 Speed up git clone by @tatsuhiro-t in #1086 Use cmake -B consistently by @tatsuhiro-t in #1087 Bump actions/cache from 3 to 4 by @dependabot in #1088 Optimize STOP_SENDING by @tatsuhiro-t in #1089 Fix retransmit frames on stream by @tatsuhiro-t in #1090 Set NGTCP2_STRM_FLAG_RESET_STREAM when RESET_STREAM is sent by @tatsuhiro-t in #1091 Add helper functions to encode/decode zero length transport parameter by @tatsuhiro-t in #1092 Verify decoding truncated frames by @tatsuhiro-t in #1093 Use typed frame type rather than ngtcp2_frame by @tatsuhiro-t in #1094 Verify decoding truncated packet headers by @tatsuhiro-t in #1095 Open a remote stream if RESET_STREAM is received by @tatsuhiro-t in #1096 nghttp3 now requires git submodule by @tatsuhiro-t in #1098 Migrate to munit from cunit by @tatsuhiro-t in #1099 Rewrite ngtcp2_cbrt by @tatsuhiro-t in #1100 Add missing munit header file to HFILES by @tatsuhiro-t in #1101 Bump munit by @tatsuhiro-t in #1102 Fix typo by @tatsuhiro-t in #1103 Bump microsoft/setup-msbuild from 1 to 2 by @dependabot in #1104 Remove pthread from BORINGSSL_LIBS by @tatsuhiro-t in #1105 boringssl: Add certificate compression by @tatsuhiro-t in #1106 Rewrite hexdump by @tatsuhiro-t in #1107 hexdump: Add an extra whitespace after address by @tatsuhiro-t in #1108 hexdump: Fix the last address is not shown by @tatsuhiro-t in #1110 examples: Add include in GnuTLS example by @atlesn in #1111 Use assert_stdsv_equal and print title by @tatsuhiro-t in #1112 examples: Minor fixup by @tatsuhiro-t in #1113 Bump aws-lc to v1.21.0 by @tatsuhiro-t in #1115 Add security policy by @tatsuhiro-t in #1116 Bump boringssl by @tatsuhiro-t in #1117 Bump openssl by @tatsuhiro-t in #1119 examples: Fix operator precedence error by @tatsuhiro-t in #1120 Bump munit by @tatsuhiro-t in #1121