NGINX 1.25.4 Mainline with Brotli, TLS 1.3, OpenSSL 3.0.13, HTTP/2 and HTTP/3 for Red Hat Enterprise Linux, CentOS, Rocky, Oracle, Alma Linux EL7/EL8/EL9

NGINX 1.25.4 mainline with HTTP/3 support added to EL7, EL8, EL9 repositories. brotli compression module from Google, http2, ngx cache purge and ngx http geoip2 modules added or built-in. OpenSSL built dynamically using OpenSSL+QUIC 3.0.12.

Major changes:

  • fixes for vulnerabilities in HTTP/3 (CVE-2024-24989, CVE-2024-24990)

RHEL 7 / CentOS 7:

yum upgrade -y codeit-repo-release
yum-config-manager --enable CodeIT-mainline --save
yum install nginx

RHEL 8-9 / Alma Linux 8-9 / Rocky Linux 8-9 / CentOS 8-9 / Other EL8/EL9 repos are modular now.
To install nginx with HTTP/3 support, you need to enable the appropriate stream:

dnf module reset -y nginx
dnf module enable -y nginx:codeit-mainline
dnf install nginx

We build OpenSSL+QUIC 3.0 separately since v1.21.6, installing it separately to /lib64 with .so.81.3 suffix to ensure it won’t interfere with your system libraries.

Exerimental HTTP/3 support added in NGINX 1.25.0 Mainline. We build it with the corresponding module (—with-http_v3_module).

nghttp3 1.2.0, ngtcp2 1.3.0 released

nghttp3 1.2.0, ngtcp2 1.3.0 rpms released and added to all supported platforms

nghttp3 1.2.0:

Clarify the behavior when a stream is not found by @tatsuhiro-t in #181
Fix typo by @tatsuhiro-t in #183
cmake: restore ENABLE_STATIC_CRT and ENABLE_ASAN options by @vszakats in #184
Migrate to munit form cunit by @tatsuhiro-t in #187
Pull sfparse via git submodule by @tatsuhiro-t in #188
Update .gitignore by @tatsuhiro-t in #190
Update git submodule by @tatsuhiro-t in #189
Add nghttp3_conn_update_ack_offset by @tatsuhiro-t in #191
Add include path to munit directory by @tatsuhiro-t in #192
Bump munit by @tatsuhiro-t in #193
Shrink nghttp3_stream size by @tatsuhiro-t in #194
Fix typo by @tatsuhiro-t in #195
Bump munit by @tatsuhiro-t in #196
Bump submodules by @tatsuhiro-t in #198

ngtcp2 1.3.0:

Do not run docker-build on tag by @tatsuhiro-t in #1085
Speed up git clone by @tatsuhiro-t in #1086
Use cmake -B consistently by @tatsuhiro-t in #1087
Bump actions/cache from 3 to 4 by @dependabot in #1088
Optimize STOP_SENDING by @tatsuhiro-t in #1089
Fix retransmit frames on stream by @tatsuhiro-t in #1090
Set NGTCP2_STRM_FLAG_RESET_STREAM when RESET_STREAM is sent by @tatsuhiro-t in #1091
Add helper functions to encode/decode zero length transport parameter by @tatsuhiro-t in #1092
Verify decoding truncated frames by @tatsuhiro-t in #1093
Use typed frame type rather than ngtcp2_frame by @tatsuhiro-t in #1094
Verify decoding truncated packet headers by @tatsuhiro-t in #1095
Open a remote stream if RESET_STREAM is received by @tatsuhiro-t in #1096
nghttp3 now requires git submodule by @tatsuhiro-t in #1098
Migrate to munit from cunit by @tatsuhiro-t in #1099
Rewrite ngtcp2_cbrt by @tatsuhiro-t in #1100
Add missing munit header file to HFILES by @tatsuhiro-t in #1101
Bump munit by @tatsuhiro-t in #1102
Fix typo by @tatsuhiro-t in #1103
Bump microsoft/setup-msbuild from 1 to 2 by @dependabot in #1104
Remove pthread from BORINGSSL_LIBS by @tatsuhiro-t in #1105
boringssl: Add certificate compression by @tatsuhiro-t in #1106
Rewrite hexdump by @tatsuhiro-t in #1107
hexdump: Add an extra whitespace after address by @tatsuhiro-t in #1108
hexdump: Fix the last address is not shown by @tatsuhiro-t in #1110
examples: Add include in GnuTLS example by @atlesn in #1111
Use assert_stdsv_equal and print title by @tatsuhiro-t in #1112
examples: Minor fixup by @tatsuhiro-t in #1113
Bump aws-lc to v1.21.0 by @tatsuhiro-t in #1115
Add security policy by @tatsuhiro-t in #1116
Bump boringssl by @tatsuhiro-t in #1117
Bump openssl by @tatsuhiro-t in #1119
examples: Fix operator precedence error by @tatsuhiro-t in #1120
Bump munit by @tatsuhiro-t in #1121