The release of the main branch of nginx 1.21.2 has been formed, within which the development of new features continues (only changes related to the elimination of serious errors and vulnerabilities are made in the parallel supported stable branch 1.20).
Major changes:
- Implemented blocking of HTTP/1.0 requests that include the "Transfer-Encoding" HTTP header (introduced in the HTTP/1.1 protocol version).
- Support for the export cipher suite has been dropped.
- Provided compatibility with the OpenSSL 3.0 library.
- The "Auth-SSL-Protocol" and "Auth-SSL-Cipher" headers have been passed to the mail proxy authentication server.
- In the request body filtering API, buffering of processed data is allowed.
- When loading server certificates, the use of security levels supported since OpenSSL 1.1.0 and set via the "@SECLEVEL=N" parameter in the ssl_ciphers directive has been adjusted.
- Fixed hangs that occurred when creating an SSL connection to backends in the stream and gRPC modules.
- The problem with writing the request body to disk when using HTTP/2, in the absence of the "Content-Length" header in the request, has been solved.
At the same time, njs 0.6.2, a JavaScript interpreter for the nginx web server, was released. The njs interpreter implements the ECMAScript standards and allows you to extend nginx's ability to process requests using scripts in the configuration. Scripts can be used in a configuration file to define advanced request processing logic, generate a configuration, dynamically generate a response, modify a request/response, or quickly create problem-solving stubs in web applications. The new version adds the Promise.all(), Promise.allSettled(), Promise.any(), and Promise.race() methods to the Promise implementation. Implemented support for the AggregateError object.
Source: opennet.ru