Tengine-3.1.0

Security

• fixed HTTP2 CVE-2023-44487 @lianglli

Features

• dynamically configure different TLS protocols for different server names without tengine reload based on tengine-ingress @lianglli
• dynamically configure HTTP routes based on multiple values of a specific header, cookie or query parameter without tengine reload based on tengine-ingress @lianglli, @dreamwind1985
• dynamically configure HTTP routes based on the modulo operation for a specific header, cookie or query parameter without tengine reload based on tengine-ingress @lianglli, @dreamwind1985
• dynamically configure HTTP routes to add/append custom headers or add query parameter to the HTTP request without tengine reload based on tengine-ingress @lianglli, @dreamwind1985
• dynamically configure HTTP routes to add custom headers to the HTTP response without tengine reload based on tengine-ingress @lianglli, @dreamwind1985
• add new option https_allow_http of listen for receiving HTTP traffic on the TLS listener @drawing
• add new module ngx_http_debug_conn_module for debugging connection info @hongxiaolong

Changes

• xquic readme: add complie document by @drawing in #1818
• Fix compilation failure of grpc module when add ngx_tongsuo_ntls by @dongbeiouba in #1822
• README:add xquic document by @drawing in #1824
• xquic: support lua cert cb by @drawing in #1828
• bugfix: When using thread_pool program crash by @zhsnew in #1814
• xquic document: example add error_log and change user root by @drawing in #1829
• Fixed segfault in ngx_http_find_virtual_server() within xquic module by @morf in #1813
• add ngx_debug_conn to show connection usage. by @hongxiaolong in #1127
• ngx_debug_conn: fixed test case failure by @chobits in #1848
• bugfix: filename wrong in error log when get cpuinfo by @fuchencong in #1858
• match server block first in ngx_http_v3_cert_cb by @lurker-Chen in #1860
• add feature https_allow_http by @drawing in #1866
• HTTP/2: per-iteration stream handling limit. by @lianglli in #1874
• TLS: allow support for different protocols on different hosts (same m… by @lianglli in #1863
• HTTP Route: supports routing based on multiple values, nginx var, or … by @lianglli in #1864
• Tengine 3.1.0: HTTP route and TLS enhancements without tengine reload based on tengine-ingress by @lianglli in #1877
• 修复xquic module可能出现的连接泄漏 by @dreamwind1985 in #1878

New Contributors

• @zhsnew made their first contribution in #1814
• @morf made their first contribution in #1813
• @fuchencong made their first contribution in #1858
• @dreamwind1985 made their first contribution in #1878

Details

• pull requests
• 3.0.0...3.1.0

Tengine-3.0.0

Features

• dynamically reconfigure the servers, locations and upstreams without reloading or restarting worker processes [tengine-ingress] @drawing, @lianglli
• HTTP/3 support (QUIC v1 and draft-29)[XQUIC] @lurker-Chen, @Kulsk, @lianglli
• high-speed UDP transmission with kernel-bypass [XUDP] @D-Wythe, @fengidri
• dynamically reconfigure canary routing based on standard and custom HTTP headers, header value, and weights [tengine-ingress] @drawing, @lianglli
• dynamically reconfigure timeout setting, SSL Redirects, CORS and enabling/disabling robots for the ingress/path [tengine-ingress] @drawing, @lianglli

Core

• update core to stable version Nginx-1.24.0 @lianglli

Changes

• add ingress module by @drawing in #1743
• stream log module: add pipe log by @drawing in #1750
• tengine: ingress+xquic+xudp by @lianglli in #1754
• makefile for the xquic-xdp by @lianglli in #1755
• modify makefile for the xquic-xdp module by @lianglli in #1756
• xquic and xudp macro by @lianglli in #1757
• http xquic NGX_QUIC_CID_ROUTE_FIRST_OCTER by @lianglli in #1758
• convert ngx_sockaddr_t to sockaddr for debug mode of xquic-recv by @lianglli in #1759
• uninitialized warn about xquic filter by @lianglli in #1760
• uninitialized warn about xquic filter by @lianglli in #1761
• check ret code for geting chain certificate failed by @lianglli in #1762
• add ngx_http_find_virtual_server_inner with alibaba comments by @lianglli in #1763
• HTTP/3: long connection for QUIC request. by @lianglli in #1781
• HTTP/3: the $xquic_ssl_protocol, $xquic_ssl_cipher and $xquic_ssl_ses… by @lianglli in #1791
• Tengine 3.0.0 by @lianglli in #1792
• HTTP/3: get ssl handler in callback of connection establishment by @lianglli in #1796
• fixed segfault in ngx_ssl_shutdown() with ssl_async enabled by @foxriver1025 in #1795
• Tengine core 1.24.0 with test codes by @lianglli in #1801
• lua-nginx-module: update to 0.10.25 with xquic and tengine var by @lianglli in #1803
• fix test cases problem by @drawing in #1802
• Test: add lua_package_path for resty.core of lua-nginx-module-0.10.25 by @lianglli in #1806
• Test: add lua_package_path for resty.core with nginx-core 1.24.0 by @lianglli in #1808
• Core: update to stable version Nginx-1.24.0 by @lianglli in #1807
• Readme: tengine 3.0.0 features by @lianglli in #1809
• Readme: update features of tengine 3.0.0 by @lianglli in #1810
• bugfix: fix xudp crash when no listener by @drawing in #1815
• Changes: update change list of nginx-core v1.24.0 by @lianglli in #1816
• Readme: add star count and logo by @lianglli in #1819

New Contributors

• @drawing made their first contribution in #1743
• @foxriver1025 made their first contribution in #1795

Details

• pull requests
• 2.4.1...3.0.0

Tengine-2.4.1

Changes

• Change: updated ngx_http_proxy_connect_module to v0.0.4 by @chobits in #1735
• Bugfix: fixed compilation error in stream_set module by @chobits in #1749
• Bugfix: fixed NTLS cert check, move sign/enc certficate to upstream by @dongbeiouba in #1753
  • Change: add new module ngx_tongsuo_ntls
• Bugfix: fixed bug that client cannot receive right packages with ssl_async enabled by @oyaya in #1774

Changes for automating builds and tests with GitHub Actions

• Fixed some test cases that failed to start the DNS daemon by @chobits in #1783
• Fixed the failure of test case image_filter_finalize.t by @chobits in #1768

New Contributors

• @oyaya made their first contribution in #1774

Details

• pull requests

Tengine-2.4.0

Changes

• Change: updated to nginx core 1.22.1 by @jiuzhoucui @chobits in #1719 #1733 #1731
• Security: nginx security advisory (CVE-2022-41741, CVE-2022-41742) by @taomaree in #1687
• Feature: ssl proxy module support ntls. by @wa5i in #1637
• Bugfix: VNSWRR: reduces memory usage with GCD algorithm by @jizhuozhi in #1668
• Bugfix: VNSWRR: limited the number of virtual peers during initialization by @jizhuozhi in #1717 #1722
• Bugfix: compiling error in ngx_debug_pool module by @zjd87 in #1642
• Bugfix: wrong resetting upstream flags in #T_NGX_HTTP_UPSTREAM_RANDOM by @chobits in #1660
• Bugfix: dyups: deleted wrong upstream check dynamic peers by @shuiuii in #1648
• Bugfix: dyups: compilation error without upstream check module by @chobits in #1662
• Bugfix: dyups: unlocking behavior by @harry-xm in #1664
• Bugfix: dyups: optimized mutex by @zjd87 in #1691
• Bugfix: r->limit_rate does't work if limit_rate_set variable is not set by @bullerdu in #1652
• Bugfix: fixed dynamic_resolver_port.t: cannot listen on dns server port by @chobits in #1677
• Bugfix: stream sni: segfault that addr_conf->default_server is NULL by @chobits in #1685
• Bugfix: stream sni: renamed NGX_STREAM_SNI macro to T_NGX_STREAM_SNI by @harry-xm in #1689
• Bugfix: stream sni: fixed segfault with multi stream server blocks by @nandsky in #1701
• Bugfix: supported dynamic build for ngx_http_upstream_session_sticky_module by @harry-xm in #1544
• Bugfix: SSL: disabled T_NGX_HAVE_DTLS when building with boringssl by @nandsky in #1695
• Bugfix: compliation error when missing /etc/resolv.conf file by @nandsky in #1698
• Bugfix: dynamic resolve: fixed multiple retries for one server by @chobits in #1712
• Bugfix: fixed memory leak of ssl session reuse in dyups and session sticky module by @chobits in #1708
• Bugfix: docs: improved grammar by @harry-xm in #1726
• Bugfix: docs: fixed outdated http_concat module installation documentation by @brlin-tw in #1559
• Bugfix: docs: updated dyups module documentation by @zaozaoniao in #1672
• Bugfix: docs: fixed typo in dyups module documentation by @harry-xm in #1680
• Bugfix: tests: fixed test cases by @chobits in #1669 #1706 #1703 #1711 #1702 #1696 #1676
• Bugfix: tests: fixed test cases in tests/nginx-tests/nginx-tests/ by @nandsky in #1693
• github workflow: ci.yml: added first ci workflow and tengine test cases by @u5surf in #1665 #1675 #1673
• github workflow: ci.yml: enabled more test cases by @chobits in #1684
• github workflow: ci.yml: added tengine test cases using test-nginx lib by @chobits in #1686
• github workflow: ci-arm64.yml: added workflow for Linux ARM64 by @martin-g in #1699 #1705
• github workflow: test-nginx-core.yml: tested nginx core with nginx-tests cases by @chobits in #1721

New Contributors

• @shuiuii made their first contribution in #1648
• @harry-xm made their first contribution in #1664
• @u5surf made their first contribution in #1665
• @jizhuozhi made their first contribution in #1668
• @bullerdu made their first contribution in #1652
• @zaozaoniao made their first contribution in #1672
• @taomaree made their first contribution in #1687
• @martin-g made their first contribution in #1699
• @jiuzhoucui made their first contribution in #1719

Details

• pull requests.

Tengine-2.3.4

Security

• Fixed 1-byte memory overwrite in resolver (CVE-2021-23017)

Feature

• Added new module ngx_openssl_ntls to support NTLS protocol(TLCP and GM/T 0024-2014)

Changes

Changes with Tengine 2.3.4                                         18 Oct 2022

    *) Feature: added new module ngx_openssl_ntls to support NTLS protocol
       (dongbeiouba)

    *) Change: updated SSL library from BabaSSL to Tongsuo in the
       ngx_openssl_ntls module (wa5i)

    *) Bugfix: fixed CVE-2021-23017 (chobits)

    *) Bugfix: fixed deadlock in the upstream check module with "zone"
       directive configured in upstream block (zjd87)

    *) Bugfix：fixed compilation in the upstream check module (RocFang)

    *) Bugfix: fixed compilation error in the dubbo module (MengqiWu)

For more details , see these pull requests.

Tengine-2.3.3

New features

• Tengine supports DTLSv1 and DTLSv1.2.

• Prometheus format and additional json properties was added to ngx_http_upstream_check_module.

• dubbo_pass directive can use the variables.

Changes with Tengine 2.3.3

Changes with Tengine 2.3.3                                         25 Mar 2021

    *) Feature: tengine supports DTLSv1 and DTLSv1.2. (mrpre)
    *) Feature: prometheus format and additional json properties was added to 
       ngx_http_upstream_check_module. (dkrutsko)
    *) Feature: the "dubbo_pass" directive can use the variables. (spacewander)
    *) Change: all features of nginx-1.18.0 are inherited, i.e.,  
       it is 100% compatible with nginx. (lianglli)
    *) Change: dingtalk user group was added to README. (cnmade)
    *) Change: format document of the mod_dubbo. (spacewander)
    *) Bugfix: int32 values are not decoded properly in the mod_dubbo. (spacewander)
    *) Bugfix: a segmentation fault might occur in a worker process when decoding 
       a dubbo payload with integer value in the mod_dubbo. (spacewander) 
    *) Bugfix: memory leak in ngx_http_lua_module with debug log. (hawkxiang)
    *) Bugfix: fake request was not freed in the ngx_multi_upstream_module. (spacewander)
    *) Bugfix: shared memory mutex in the ngx_http_upstream_check_module. (scriptkids)
    *) Bugfix: redundant upstream health check was removed in the 
       ngx_http_upstream_check_module. (scriptkids)
    *) Bugfix: duplicate log_ctx was deleted in the ngx_multi_upstream_module. (spacewander)
    *) Bugfix: tengine hogged CPU during reading message in the ngx_http_upstream_dyups_module 
       and when upstream check was used. (zjd87)
    *) Bugfix: ngx_http_upstream_vnswrr_module did not support "dynamic_resolve" directive. (wangfakang)
    *) Bugfix: "limit_req_zone" directive were used in multiple variables. (wangfakang)
    *) Bugfix ix: a segmentation fault might occur in a master process. (wangfakang)
    *) Bugfix: memory leak when rewrite string contains ASCII 0 character. (hongxiaolong)
    *) Bugfix: variable hex_str was not used in the mod_dubbo. (Weiliang-Li)
    *) Bugfix: keep-alive request did not transferred complete caused the 400 response. (fishgege)

Tengine-2.3.2

Security

• Fixed vulnerabilities in its HTTP/2 module (CVE-2019-9511, CVE-2019-9513, CVE-2019-9516).

New features

• dubbo_pass module support the back-end HTTP to Dubbo protocol.

• VNSWRR algorithm for upstream module. It is an efficient load balancing algorithm that is smooth, decentralized, and high-performance compared to Nginx's official SWRR algorithm.

• dynamic_resolve module support IPv6.

Changes with Tengine 2.3.2

Changes with Tengine 2.3.2                                         20 Aug 2019

    *) Security: fixed CVE-2019-9511, CVE-2019-9513 and CVE-2019-9516. (wangfakang)
    *) Feature: added dubbo_pass directive to support the back-end HTTP to Dubbo protocol. (MenqqiWu)
    *) Feature: added vnswrr algorithm for upstream module. (wangfakang)
    *) Feature: support IPv6 for dynamic_resolve module. (wangfakang)
    *) Change: support dynamic build and add some debug log for proxy_connect module. (chobits)
    *) Change: updated the code from Nginx-1.17.3 version. (wangfakang)
    *) Change: updated the health_check module document. (zhangqx2010)
    *) Change: updated README document. (Lin-Buo-Ren)
    *) Bugfix: fixed JSON format for health_check module. (IYism)
    *) Bugfix: ensured 'init_worker_by_lua*' does not mutate another NGINX module's main_conf. (wangfakang)
    *) Bugfix: fixed compilation error of dyups module compiled with a higher version of OpenSSL. (wangfakang)	

Tengine-2.3.1

Change List

Changes with Tengine 2.3.1                                         18 Jun 2019

*) Feature: add $ssl_handshake_time variable for stream ssl module (mrpre)
*) Feature: support websocket check of upstream check module (mrpre)
*) Change: random index logical for round robin (wangfakang)
*) Change: update http lua module to v0.10.14 (mrpre)
*) Change: update dyups to master branch of yzprofile/dyups (chobits)
*) Change: update core to Nginx-1.16.0 (MenqqiWu)
*) Change: support dynamic module for reqstatus (chobits)
*) Change: support dynamic build for upstream dynamic module (wangfakang)
*) Change: support dynamic build for trim module (wangfakang)
*) Change: support dynamic build for footer module (wangfakang)
*) Change: support dynamic build for user_agent module (wangfakang)
*) Change: support dynamic build for concat module (mathieu-aubin)
*) Fix: server version strings in http2 and stream response headers (AstroProfundis)
*) Fix: "-m" option to show dynamic module (wangfakang)
*) Fix：parameter number check for limit_req directive (wangfakang)
*) Fix: fixed compilation error on macOS for reqstatus (chobits)

Tengine-2.3.0

Backward incompatible changes

Note that this version is slightly not backwards compatible, some tengine features have been replaced by nginx. Check the following list:

1. Deprecated Tengine slice module, --with-http_slice_module configure option now works for nginx slice module. Use --add-module=modules/ngx_http_slice_module for original tengine slice module.
2. Removed Tengine DSO feature, use nginx dynamic modules feature instead.
3. Removed Tengine reuse_port directive in event {} block, use listen .. reuseport; directive instead.
4. Put all Tengine's modules to the modules directory. Use --add-module=modules/<tengine_module_name> to compile.
5. Changed Tengine reqstatus feature. The request counting logic for limit_req is consistent with the Nginx official. Now requests with all empty variable in limit_req_zone are not accounted. Original tengine does not account requests with any empty variable.

New features

• New module ngx_http_proxy_connect_module, it supports the CONNECT HTTP method for forward proxy.
• http2 switch adds http2 directive to enable or disable http2 in the server block.
• Support server_name in Stream modlue, now multiple virtual server blocks could be configured on the same port.
• Enhanced limit_req_zone rate=$<nginx_variable> parameter of limit_req module, you can set the limit rate per a request.

Changes with Tengine 2.3.0

Changes with Tengine 2.3.0                                         25 MAR 2019

    *) Feature: added proxy_connect module support for the CONNECT
       HTTP method. (chobits)
    *) Feature: added server_name directive for Stream module. (mrpre)
    *) Feature: added req_status_lazy directive for reqstat module. (taoyuanyuan)
    *) Feature: added http2 directive to enable or disable http2
       in the server block. (jinjiu)
    *) Feature: added $ssl_handshake_time variable used for monitoring
       SSL handshake time. (jinjiu)
    *) Feature: added support of variable of limit_req_zone
       parameter rate. (Alaaask)
    *) Change: updated debug_pool module for Nginx 1.15.9. (chobits)
    *) Change: updated documents for reuse_port, dso, limit_req
       directive changes. (chobits, wangfakang)
    *) Change: merged the official limit_req logic. Now will ignore statistics
       when all variable values are empty. (chobits)
    *) Change: the reuse_port, dso, slice directive has been removed and
       use the official features of Nginx. (wangfakang)
    *) Change: updated and modify the official 1.15.9 test cases.
       (chobits, wangfakang)
    *) Change: put all Tengine's modules into the modules directory
       which reduces the intrusion of Nginx's core module. (chobits, wangfakang)
    *) Change: updated the code from Nginx-1.15.9 version,
       Stream, gRPC etc. (chobits, wangfakang)
    *) Change: updated the Lua module to v0.10.14rc4. (wangfakang)
    *) Change: updated the dyups document. (lf1029698952)
    *) Change: changes of the core code are all guarded by macros.
       (chobits, wangfakang, fankeke, hongxiaolong, imkeeper)
    *) Change: rollback  accpte_filter feature. (wangfakang)
    *) Bugfix: fixed compilation error of dyups module compiled
       with a higher version of OpenSSL. (wangfakang)
    *) Bugfix: fixed init_number initialization for dyups. (FengXingYuXin)
    *) Bugfix: fixed the rollback log process that may cause logs
       to be written to a rolled-up file when reloaded. (MengqiWu)
    *) Bugfix: fixed coredump of referring null pointer
       for ssl_verify_client_exception. (chobits)
    *) Bugfix: fixed coredump caused by upgrading core code
       in dyups and session_sticky modules. (wangfakang)
    *) Bugfix: fixed compilation error of limit_req, http2 module. (hongxiaolong)
    *) Bugfix: fixed removes the Unix domain socket file
       when pipe proc close listen socket. (wangfakang)
    *) Bugfix: fixed compatibility for --with-openssl
       and --with-openssl-async. (mrpre)
    *) Bugfix: fixed bug that function ngx_http_top_intput_body_filter
       is removed mistakenly. (chobits)
    *) Bugfix: fixed reuse_port and accept_mutex conflict. (innomentats)
    *) Bugfix: fixed tengine build failure when compiled with
       gcc7 compiler. (wangfakang)

Tengine-2.2.3

BUGFIX

• Security: fixed CVE-2018-16843, CVE-2018-16844 and CVE-2018-16845. (chobits)

• import from nginx official:

    *) Security: when using HTTP/2 a client might cause excessive memory
       consumption (CVE-2018-16843) and CPU usage (CVE-2018-16844).

    *) Security: processing of a specially crafted mp4 file with the
       ngx_http_mp4_module might result in worker process memory disclosure
       (CVE-2018-16845).