1.26.0 Stable with HTTP/3 support added to EL7, EL8, EL9 repositories. brotli compression module from Google, http2, ngx cache purge and ngx http geoip2 modules added or built-in. OpenSSL built dynamically using OpenSSL+QUIC 3.0.13.
Month: April 2024
NGINX 1.25.5 Mainline with Brotli, TLS 1.3, OpenSSL 3.0.13, HTTP/2 and HTTP/3 for Red Hat Enterprise Linux, CentOS, Rocky, Oracle, Alma Linux EL7/EL8/EL9
NGINX 1.25.5 mainline with HTTP/3 support added to EL7, EL8, EL9 repositories. brotli compression module from Google, http2, ngx cache purge and ngx http geoip2 modules added or built-in. OpenSSL built dynamically using OpenSSL+QUIC 3.0.13.
Apache httpd 2.4.59 with brotli support, TLS 1.3, OpenSSL 3.0.13 with http2, mod_http2 2.0.27 and ALPN for Red Hat Enterprise Linux 7/8/9, CentOS 7, Alma Linux 8/9, Rocky Linux 8/9
Apache httpd 2.4.59-1 with brotli compression library from Google, TLS 1.3, http2 (HTTP/2) support for Red Hat Enterprise Linux and CentOS 7/8, Alma Linux 8/9, Rocky Linux 8/9 added to repository. mod_http2 2.0.13 and mod_ssl are built dynamically against OpenSSL 3.0.11. Important fix: CVE-2024-27316 We build OpenSSL+QUIC 3.0.11 separately since v2.4.56-2, installing it separately to /lib64 with .so.81.3 suffix to ensure it won’t interfere with your system libraries. You can safely delete openssl111* packages. On EL8 and EL9 please enable httpd module:
dnf module enable httpd:codeit
Since 2.4.33 we added brotli compression library. Since 2.4.35 release we start building Apache httpd against OpenSSL 1.1.1*. Since 2.4.37 release TLS 1.3 final version (not to be confused with any draft versions) is supported and enabled by default. Please note that TLS 1.3 final version is supported in Chrome 70+ and Mozilla Firefox 63+. brotli support is already included in base RPM file. All you need is to add filters like
AddOutputFilterByType BROTLI_COMPRESS text/html text/plain text/xml text/css text/javascript application/javascript
nghttp2 1.61.0 released fixing CVE-2024-28182
nghttp2 1.61.0 rpms released and added to all platforms.
UPD. EL7 and EL8 also updated with the added patch reverting migrate-to-ares_getaddrinfo changes.
Fixes CVE-2024-28182
nghttpx: Shutdown h3 stream read with trailer as well by @tatsuhiro-t in #2087
Checkout with submodules by @jonaski in #2093
Respect BUILD_STATIC_LIBS and add option for tests by @jonaski in #2092
build(deps): bump golang.org/x/net from 0.21.0 to 0.22.0 by @dependabot in #2097
Workaround llvm issue on github ubuntu runner by @tatsuhiro-t in #2098
docker: Use copy –link by @tatsuhiro-t in #2099
Nghttpx header idle timeout by @tatsuhiro-t in #2100
nghttpx: Fix frontend-header-timeout does not work in config file by @tatsuhiro-t in #2101
Rewrite hexdump by @tatsuhiro-t in #2102
Switch to distroless/base-nossl by @tatsuhiro-t in #2103
Bump ngtcp2 by @tatsuhiro-t in #2105
nghttpx: Simplify quic connection close handling by @tatsuhiro-t in #2106
build(deps): bump github.com/quic-go/quic-go from 0.41.0 to 0.42.0 by @dependabot in #2107
autotools: Use tar-ustar automake option by @tatsuhiro-t in #2108
Automate release process by @tatsuhiro-t in #2109
autotools: Switch to tar-pax by @tatsuhiro-t in #2110
nghttpx: Drop a UDP datagram from well-known port by @tatsuhiro-t in #2111
nghttpx: Fix port byte order by @tatsuhiro-t in #2112
h2load: Allow host header to be overridden by @tatsuhiro-t in #2113
nghttpx: Rework QUIC stateless reset packet size by @tatsuhiro-t in #2114
nghttpx: More QUIC prohibited ports by @tatsuhiro-t in #2115
Add actions/stale by @tatsuhiro-t in #2116
nghttpx: Discard UDP datagram that is too short to be a valid QUIC packet by @tatsuhiro-t in #2117
nghttp: Support SSLKEYLOGFILE by @tatsuhiro-t in #2119
No rfc7540 priority fix by @tatsuhiro-t in #2120
Further reduce Stateless reset emission by @tatsuhiro-t in #2122
nghttpx: Rework Connection ID construction by @tatsuhiro-t in #2124
Nghttpx faster worker lookup by @tatsuhiro-t in #2125
nghttpx: Split thread into worker_process and thread by @tatsuhiro-t in #2126
bpf: Drop bad QUIC packet by @tatsuhiro-t in #2127
cmake: check SSL_provide_quic_data when ENABLE_HTTP3 is ON by @jimmy-park in #2128
nghttpx: Allocate 3 bits for QUIC configuration in Connection ID by @tatsuhiro-t in #2129
nghttpx: Migrate to ares_getaddrinfo by @tatsuhiro-t in #2132
Bump munit by @tatsuhiro-t in #2131
nghttpx: Fix error message by @tatsuhiro-t in #2133
nghttpd: Fix read stall by @tatsuhiro-t in #2134
mod_http2 2.0.27 released
mod_http2 v2.0.27 rpms released and added to all supported platforms
Changes:
- Added cmake support provided by @jfclere.
- Improved handling of excess request headers to lead to an early stream reset.