ProHoster > Blog > internet news > nginx 1.22.0 release

nginx 1.22.0 release

After 13 months of development, a new stable branch of the high-performance HTTP server and multi-protocol proxy server nginx 1.22.0 is presented, which incorporates the changes accumulated in the 1.21.x main branch. In the future, all changes in the 1.22 stable branch will be related to the elimination of serious bugs and vulnerabilities. The main branch of nginx 1.23 will soon be formed, in which the development of new features will continue. For ordinary users who do not have the task of ensuring compatibility with third-party modules, it is recommended to use the main branch, on the basis of which releases of the commercial Nginx Plus product are formed every three months.

According to Netcraft's April report, nginx is used on 20.08% of all active sites (20.15% a year ago, 19.56% two years ago), which corresponds to the second place in popularity in this category (Apache's share corresponds to 22.58% (25.38% a year ago), Cloudflare - 10.42% (8.51%), Google - 8.89% (10.09%) At the same time, when considering all sites, nginx retains its leadership and occupies 31.13% of the market (35.34% a year ago, 36.91% two years ago), while the share of Apache corresponds to 23.08% (25.98%), OpenResty (a platform based on nginx and LuaJIT) - 8.01% (6.55%), Cloudflare - 5.49%, Microsoft IIS - 4% (5.96%).

Among the million most visited sites in the world, the share of nginx is 21.79% (23.06% a year ago, 25.54% two years ago). Currently, about 361 million sites are running nginx (419 million a year ago). According to W3Techs, nginx is used on 33.5% of the million most visited sites, in May last year this figure was 33.8%, the year before - 31.9%. The share of Apache decreased from 33.8% to 31.5% over the year, and the share of Microsoft IIS from 7% to 6%. The share of LiteSpeed ​​increased from 8.5% to 12.1%, and Node.js from 1.2% to 1.9%. In Russia, nginx is used by 79.8% of the most visited sites (a year ago - 79.1%).

The most notable improvements added during the formation of the 1.21.x main branch:

  • Support for variables has been added to the "proxy_ssl_certificate", "proxy_ssl_certificate_key" "grpc_ssl_certificate", "grpc_ssl_certificate_key", "uwsgi_ssl_certificate" and "uwsgi_ssl_certificate_key" directives.
  • Support for "pipelining" mode has been added to the mail proxy module for sending multiple POP3 or IMAP requests in one connection, and a new "max_errors" directive has been added that determines the maximum number of protocol errors after which the connection will be closed.
  • Implemented transmission of "Auth-SSL-Protocol" and "Auth-SSL-Cipher" headers server mail proxy authentication.
  • Added support for the ALPN TLS extension to the stream module. To determine the list of supported ALPN protocols (h2, http/1.1), the ssl_alpn directive is proposed, and to obtain information about the ALPN protocol agreed with the client, the $ssl_alpn_protocol variable.
  • The "fastopen" parameter has been added to the stream module, enabling the "TCP Fast Open" mode for listening sockets.
  • Improved escaping of characters """, "", "\", "^", "`", "{", "|" and "}" when proxying with a URI change.
  • The proxy_half_close directive has been added to the stream module, with which you can configure the behavior when a proxied TCP connection is closed on one of the sides ("TCP half-close").
  • A new directive mp4_start_key_frame has been added to the ngx_http_mp4_module module for broadcasting a video stream starting from a key frame.
  • The $ssl_curve variable has been added to return the type of elliptic curve selected for key negotiation in a TLS session.
  • In the "sendfile_max_chunk" directive, the default value has been changed to 2 megabytes;
  • Provided compatibility with the OpenSSL 3.0 library. Added support for calling SSL_sendfile() when using OpenSSL 3.0.
  • The assembly with the PCRE2 library is enabled by default, providing functions for processing regular expressions.
  • When loading certificates Server The use of security levels supported since OpenSSL 1.1.0 and set via the "@SECLEVEL=N" parameter in the ssl_ciphers directive has been established.
  • Support for the export cipher suite has been dropped.
  • In the request body filtering API, buffering of processed data is allowed.
  • The FreeBSD platform has improved support for the sendfile system call, which is designed to organize direct data transfer between a file descriptor and a socket. The sendfile(SF_NODISKIO) mode is permanently enabled and support for the sendfile(SF_NOCACHE) mode has been added.
  • Removed support for establishing HTTP/2 connections using the NPN (Next Protocol Negotiation) extension instead of ALPN.
  • Implemented blocking of HTTP/1.0 requests that include the "Transfer-Encoding" HTTP header (introduced in the HTTP/1.1 protocol version).
  • Enhanced protection against HTTP Request Smuggling attacks on front-end-backend systems that allow you to wedge into the content of requests from other users processed in the same thread between the front-end and back-end. Nginx now always returns an error when using the CONNECT method; when specifying the "Content-Length" and "Transfer-Encoding" headers at the same time; when there are spaces or control characters in the query string, HTTP header name, or "Host" header value.

Source: opennet.ru

Buy reliable hosting for sites with DDoS protection, VPS VDS servers 🔥 Buy reliable website hosting with DDoS protection, VPS VDS servers | ProHoster