The release of the main branch of nginx 1.29.4 has been published, in which the development of new features continues. In parallel, the stable branch 1.28.x is supported, only changes related to the elimination of serious errors and vulnerabilities are made. In the future, the stable branch 1.29 will be formed on the basis of the main branch 1.30.x. The project code is written in C and is distributed under the BSD license.
In the new release:
- The ngx_http_proxy module now supports the HTTP/2 protocol, allowing you to use HTTP/2 when accessing backends.
- Added support for the ECH (Encrypted ClientHello) TLS extension, an evolution of the ESNI (Encrypted Server Name Indication) extension used to encrypt TLS session parameter information, such as the requested domain name. The key difference between ECH and ESNI is that ECH encrypts the entire ClientHello TLS message instead of encrypting individual fields. This helps block leaks through fields not covered by ESNI, such as the PSK (Pre-Shared Key) field. ECH is enabled by specifying the "ssl_ech_file" directive in the ECHConfig configuration file in PEM format. Support is available when using OpenSSL builds with ECH.
- The rules for checking the host and port in the request text, the "Host" header, and the ":authority" pseudo-header have been adjusted to the requirements of RFC 3986.
- Specifying a single newline character as the terminating sequence in chunked requests or in the response body is now treated as an error.
- Fixed a crash when using HTTP/3 with OpenSSL 3.5.1+.
- Fixed a crash that could occur when the try_files and proxy_pass directives were specified simultaneously with a URI.
Source: opennet.ru
