The release of the main branch nginx 1.23.4 has been formed, within which the development of new features continues. In the 1.22.x stable branch, which is maintained in parallel, only changes related to the elimination of serious bugs and vulnerabilities are made. In the future, on the basis of the main branch 1.23.x, a stable branch 1.24 will be formed.
Among the changes:
- The TLSv1.3 protocol is enabled by default.
- Provided a warning in case of redefining the settings of the used protocols for the listening socket.
- When using the "pipelining" mode by the client, connections are closed with the expectation of additional data (lingering close).
- Support for byte ranges has been added to the ngx_http_gzip_static_module module.
- Logging level for SSL errors "data length too long", "length too short", "bad legacy version", "no shared signature algorithms", "bad digest length", "missing sigalgs" changed from "crit" to "info" extension", "encrypted length too long", "bad length", "bad key update", "mixed handshake and non handshake data", "ccs received early", "data between ccs and finished", "packet length too long" , "too many warn alerts", "record too small" and "got a fin before a ccs".
- The work of port ranges in the listen directive has been adjusted.
- Fixed an issue with selecting the wrong location block when using a location prefix longer than 255 characters.
- Added support for non-ASCII characters in filenames on the Windows platform in the ngx_http_autoindex_module and ngx_http_dav_module modules, as well as in the include directive.
- Fixed a socket leak when using HTTP/2 and the error_page directive to redirect 400 errors.
Source: opennet.ru