mod_http2 v2.0.35 rpms released and added to all supported platforms.
Changes:
New directive H2MaxStreamErrors to control how much bad behaviour by clients is tolerated before the connection is closed.
Рубрика: Repository
NGINX 1.29.1 Mainline with Brotli, TLS 1.3, OpenSSL 3.5.1, HTTP/2 and HTTP/3 for Red Hat Enterprise Linux, CentOS, Rocky, Oracle, Alma Linux EL7/EL8/EL9/EL10
nginx 1.29.1 Mainline with HTTP/3 support added to EL7, EL8, EL9, EL10 repositories. brotli compression module from Google, http2, ngx cache purge and ngx http geoip2 modules added or built-in. OpenSSL built dynamically using official OpenSSL 3.5.1 with QUIC support.
Our OpenSSL 3.5.1 builds break compatibility with nginx 1.28.x and earlier versions, as they are compiled against quictls project with their own APIs. Thus, to upgrade OpenSSL QUIC libs, please use nginx >= 1.29.0.
- CVE fix CVE-2025-53859 Buffer overread in the ngx_mail_smtp_module
- PCRE license fix for win32 zip by @pluknet in #753
- QUIC: adjusted OpenSSL 3.5 QUIC API feature test. by @pluknet in #749
- OPENSSL_VERSION_NUMBER fix for OpenSSL 3.0 by @pluknet in #775
- kqueue build fixes by @pluknet in #777
- HTTP/3: limited prefixed integers encoded length. by @pluknet in #124
- HTTP/3: fixed handling :authority and Host with port. by @arut in #772
- HTTP/2: fixed flushing early hints. by @arut in #808
- HTTP/2 fixes for «:authority» vs «Host» by @pluknet in #803
Certificate compression by @pluknet in #788 - Auth basic: fixed file descriptor leak on memory allocation error. by @pluknet in #833
- smtp module fixes by @pluknet in #842
- Changes 1.29.1 by @pluknet in #843
mod_http2 v2.0.34 rpms released
mod_http2 v2.0.34 rpms released and added to all supported platforms.
Changes:
Added support for «ProxyErrorOverride» directive in mod_proxy_http2.
Fix a bug in calculating the log2 value of integers, used in push
diaries and proxy window size calculations. Apache PR69741.
[Benjamin P. Kallus]
ngtcp2 1.14.0, nghttp3 1.11.0 rpms released
ngtcp2 1.14.0, nghttp3 1.11.0 rpms released and added to all supported platforms.
All the libraries stack built with OpenSSL 3.5.0, including ngtcp2 (quic client name changed from qtlsclient to osslclient).
Apache httpd 2.4.65 with brotli support, TLS 1.3, OpenSSL 3.5.1 with http2, mod_http2 2.0.33 and ALPN for Red Hat Enterprise Linux, CentOS 7, Alma Linux, Rocky Linux 8/9/10 fixing CVE-2025-54090
Apache httpd 2.4.65 added to the repository.
Changes:
*) SECURITY: CVE-2025-54090: Apache HTTP Server: 'RewriteCond expr'
always evaluates to true in 2.4.64 (cve.mitre.org)
A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond
expr ..." tests evaluating as "true".
Users are recommended to upgrade to version 2.4.65, which fixes
the issue.mod_http2 v2.0.33 rpms released
mod_http2 v2.0.33 rpms released
Apache httpd 2.4.64 with brotli support, TLS 1.3, OpenSSL 3.5.1 with http2, mod_http2 2.0.32 and ALPN for Red Hat Enterprise Linux, CentOS 7, Alma Linux, Rocky Linux 8/9/10
Apache httpd 2.4.64 added to the repository.
OpenSSL 3.5.1 rpms released for EL7/EL8/EL9/EL10
openssl 3.5.1 rpms released and added to all supported platforms (Alma Linux, Rocky Linux, RedHat Enterprise Linux RHEL, Oracle Linux).
Fix x509 application adds trusted use instead of rejected use (CVE-2025-4575)
OpenSSL 3.5.1 is a release featuring QUIC server support.
We continue to build libs with quic support as a separate non-conflicting package openssl-quic-libs, files have separate .so.81.3 suffix to avoid conflicts with the official .so.3.
ngtcp2 1.13.0, nghttp3 1.10.1 rpms released
ngtcp2 1.13.0, nghttp3 1.10.1 rpms released and added to all supported platforms.
All the libraries stack rebuilt with OpenSSL 3.5.0, including ngtcp2 (quic client name changed from qtlsclient to osslclient).
OpenSSL 3.5.0 with official QUIC server support rpms released
openssl 3.5.0 rpms released and added to all supported platforms.
OpenSSL 3.5.0 is a major release featuring QUIC server support.