Hi folks,
I've just kicked out a new release candidate, OpenResty 1.13.6.2 RC1,
for the community to test out:
https://openresty.org/download/openresty-1.13.6.2rc1.tar.gz
PGP for this source tar ball:
https://openresty.org/download/openresty-1.13.6.2rc1.tar.gz.asc
Win64 version:
https://openresty.org/download/openresty-1.13.6.2rc1-win64.zip
PGP for the Win64 zip file:
https://openresty.org/download/openresty-1.13.6.2rc1-win64.zip.asc
Win32 version:
https://openresty.org/download/openresty-1.13.6.2rc1-win32.zip
PGP for the Win32 zip file:
https://openresty.org/download/openresty-1.13.6.2rc1-win32.zip.asc
Special thanks go to all our developers and contributors!
The highlights of this release are:
1. We now have full official support for the OpenSSL 1.1.0 series (the
last tested version is OpenSSL 1.1.0h).
2. We now provide official 64-bit Windows native binary packages for OpenResty.
3. We now provide a new table.clone() builtin Lua API function in our
bundled version of LuaJIT, which can also be JIT compiled.
4. We now provide UDP downstream cosocket API in our ngx_stream_lua
module. Now the community can build high performance UDP server
applications with Lua atop OpenResty.
5. New flush_all() method added to our lua-resty-lrucache Lua library.
6. Our resty command-line utility's startup/exit time is significantly
reduced on *NIX systems. Now it takes only ~10ms to run a hello world
program on a mid-2015 Macbook Pro.
7. We now avoid running Lua VM instances in NGINX's helper processes
and privileged agent processes to reduce memory footprint in those
processes.
8. New raw_client_addr() function added to the ngx.ssl Lua module.
9. New ngx.base64 module added to lua-resty-core with new Lua API
functions encode_base64url() and decode_base64url().
10. Various time-related Lua APIs provided by ngx_lua are not
re-implemented via LuaJIT FFI in lua-resty-core so that they can be
JIT compiled and run much faster.
11. New lua_add_variable config directive provided by the
ngx_stream_lua module so that we can define new NGINX variables for
the stream subsystem.
12. New add_header() Lua API has been added to the new ngx.resp Lua
module to mimic NGINX's standard add_header directive on the Lua land.
13. Support for the optional "init_ttl" argument in shdict:incr()
method so that when the key is missing we can add a default TTL value
of our own.
14. Added the "local=on" and "local=/path/to/resolv.conf" options to
the standard "resolver" config directive. This can enable the use of
system-level nameserver configurations of /etc/resolv.conf, for
example, in nginx's own nonblocking DNS resolver.
Complete change logs since the last (formal) release, 1.13.6.1:
* win64: distributing official 64-bit Windows binary packages for
OpenResty using the MSYS2/MinGW toolchain.
* win32: now we build our official 32-bit Windows binary packages
for OpenResty using the MSYS2/MinGW toolchain.
* win32: upgraded pcre to 8.42 and openssl to 1.1.0h.
* optimize: now the openresty build system ("./configure")
automatically patches the resty command-line utility to use its
own nginx binary so that it does not have to compute it at
runtime (which is a bit expensive). this saves about 10ms (from
for total 20ms to 10ms) for resty's startup time, as measured on
a mid-2015 MBP. That's 50% reduction in total startup time! Yay!
* win32/win64: enabled ngx_stream_ssl_preread_module in our binary
builds.
* bugfix: ./configure: relative paths in --add-dynamic-module=PATH
option did not work. thanks catatsuy for the patch.
* feature: added a patch for the nginx core to add the
"local=on" and "local=/path/to/resolv.conf" options to the
standard "resolver"
config directive. This can enable the use of system-level
nameserver configurations of /etc/resolv.conf, for example, in
nginx's own nonblocking DNS resolver. thanks Datong Sun for the
patch.
* feature: added the "socket_cloexec" patch to ensure most of the
nginx connections could be closed before child process
terminates. thanks spacewander for the patch.
* feature: added patches to the nginx core to make sure
ngx_stream_ssl_preread_module will not skip the rest of the
preread phase when SNI server name parsing was successful.
thanks Datong Sun for the patch.
* feature: ./configure: updated the stream subsystem related
options from nginx 1.13.6. thanks hy05190134 for the patch.
* feature: added the SSL "sess_set_get_cb" yielding support patch
for OpenSSL 1.1.0d and beyond. thanks spacewander for the patch.
* feature: applied the "init_cycle_pool_release" patch to nginx
1.13.6+ cores to make it valgrind or asan clean.
* bugfix: we incorrectly removed the existing Makefile even for
"./configure --help". thanks spacewander for the patch.
* feature: added information about OpenResty's commercial support
in the default index.html page.
* upgraded resty-cli to 0.21.
* resty: got rid of prerequisite perl modules to improve
startup time. Startup time has been significantly reduced on
*NIX systems. No improvment on Win32 though. On my mid-2015
MBP, the "resty -e "print(1)"" command's total time can drop
from ~36ms to ~10ms. *bugfix: when the signal is received
but the child process is already gone, resty incorrectly
returned non-zero return code and output "No such process"
error. thanks Datong Sun for the patch.
* upgraded opm to 0.0.5.
* bugfix: opm get: curl via HTTP proxies would complain about
"bad response status line received". The first "Connection
established" response might not come with any response
header entries at all.
* upgraded ngx_lua to 0.10.13.
* feature: ngx.req.get_post_args(), ngx.req.get_uri_args(),
ngx.req.get_headers(), ngx.resp.get_headers(), and
ngx.decode_args() now would return an error string,
"truncated", when the input exceeds the
"max_args"/"max_headers" limits.
* feature: added support for the OpenSSL 1.1.0 serires. thanks
Alessandro Ghedini for the original patch and the subsequent
polishment work from Dejiang Zhu and spacewander.
* feature: added the "init_ttl" argument to the pure C
function for the shdict:incr() API. thanks Thibault
Charbonnier for the patch.
* feature: added support for the 308 status code in
ngx.redirect(). thanks Mikhail Senin for the patch.
* feature: ssl: support enabling TLSv1.3 via the
lua_ssl_protocols config directive. thanks Alessandro
Ghedini for the patch.
* feature: "ngx_http_lua_ffi_set_resp_header()": now add an
override flag argument to control whether to override
existing resp headers. this feature is required by the new
ngx.resp module's "add_header()" Lua API (in
lua-resty-core). thanks spacewander for the patch.
* feature: allowed sending boolean and nil values in
cosockets. thanks spacewander for the patch.
* feature: api.h: exposed the "ngx_http_lua_ffi_str_t" C data
type for other Nginx C modules.
* feature: logged the tcp cosocket's remote end address when
tcpsock:connect() times out and "lua_socket_log_errors" is
on. This feature makes debug connect timeout errors easier,
since domain name may map to different ip address in
different time. thanks spacewander for the patch.
* bugfix: ngx.resp.get_headers(): the "max_headers" limit did
not cover builtin headers.
* bugfix: "ngx_http_lua_ffi_ssl_set_serialized_session()":
avoided memory leak when calling it repeatly.
* bugfix: we now throw a Lua exception when
ngx.location.capture* Lua API is used inside an HTTP2
request since it is known to lead to hanging.
* bugfix: nginx rewrite directive may initiate internal
redirects without clearing any module ctx and
rewrite_by_lua* handlers might think it was re-entered and
thus it might lead to request hang. thanks twistedfall for
the report.
* bugfix: avoided sharing the same code object for identical
Lua inlined code chunks in different phases due to chunk
name conflicts. thanks yandongxiao for the report and
spacewander for the patch.
* bugfix: ngx.req.raw_header(): the first part of the header
would be discarded when using single LF as delimiter and the
number of headers is large enough. thanks tokers for the
patch.
* bugfix: pure C API for ngx.var assignment: we failed to
output the error message length. this might lead to error
buffer overreads. thanks Ka-Hing Cheung for the patch.
* bugfix: the upper bound of port ranges should be 65535
instead of 65536. thanks spacewander for the patch.
* bugfix: we did not always free up all connections when
cleaning up socket pools. thanks spacewander for the patch.
* bugfix: use of lua-resty-core's ngx.re API in init_by_lua*
might lead to memory issues during nginx HUP reload when no
lua_shared_dict directives are used and the regex cache is
enabled.
* change: switched to "SSL_version()" calls from
"TLS1_get_version()". "TLS1_get_version" is a simple wrapper
for "SSL_version" that returns 0 when used with DTLS.
However, it was removed from BoringSSL in 2015 so instead
use "SSL_version" directly. Note: BoringSSL is never an
officially supported target for this module.
"ngx_http_lua_ffi_ssl_get_tls1_version" can never be reached
with DTLS so the behaviour is the same. thanks Tom Thorogood
for the patch.
* optimize: switched exptime argument type to 'long' in the
shdict FFI API to mitigate potential overflows. thanks
Thibault Charbonnier for the patch.
* optimize: avoided the string copy in
"ngx_http_lua_ffi_req_get_method_name()".
* optimize: corrected the initial table size of req socket
objects. thanks spacewander for the patch.
* optimize: destroy the Lua VM and avoid running any
init_worker_by_lua* code inside cache helper processes.
thanks spacewander for the patch.
* doc: fixed an error message typo in "set_der_priv_key()".
thanks Tom Thorogood for the patch.
* doc: mentioned that OpenResty includes its own version of
LuaJIT which is specifically optmized and enhanced for
OpenResty.
* doc: some typo fixes from hongliang.
* doc: setting ngx.header.HEADER no longer throws out an
exception when the header is already sent out; it now just
logs an error message. thanks yandongxiao for the patch.
* doc: typo fixes from yandongxiao.
* doc: typo fixes from tan jinhua.
* doc: fixed a typo in a code comment. thanks Alex Zhang for
the patch.
* upgraded lua-resty-core to 0.1.15.
* feature: implemented ngx.resp module and its function
add_header(). The ngx.resp module's "add_header" works like
the "add_header" Nginx directive. Unlike the
"ngx.header.HEADER=" API, this method appends new header to
the old one instead of overriding any existing ones. Unlike
the "add_header" directive, this method overrides the
builtin header instead of appending to it. thanks
spacewander for the patch.
* feature: the FFI version of the ngx.req.get_uri_args() and
ngx.req.get_headers() API functions now would return an
error string, "truncated", when the input exceeds the
"max_args"/"max_headers" limits.
* bugfix: ngx.re: fixed a "split()" corner case when
successtive separator characters are at the end of the
subject string.
* bugfix: shdict: switched exptime argument type to 'long' to
mitigate potential overflows.
* bugfix: ngx.ssl.session: avoided memory leaks when calling
set_serialized_session repeatly. thanks spacewander for the
patch.
* optimize: avoided an extra string copy in
ngx.req.get_method(). thanks spacewander for the patch.
* change: replaced "return error()" with "error()" to avoid
stack unwinding upon Lua exceptions. this should give much
better Lua backtrace for the errors. thanks spacewander for
the patch.
* bugfix: ngx.re: fixed a split() edge-case when using control
characters in the regex. thanks Thibault Charbonnier for the
patch.
* feature: shdict:incr(): added the "init_ttl" argument to set
the ttl of values when they are first created via the "init"
argument. thanks Thibault Charbonnier for the patch.
* feature: re-implemented the remaining time related Lua APIs
with FFI (like ngx.update_time, ngx.http_time,
ngx.parse_http_time, and etc.). thanks spacewander for the
patch.
* feature: ngx.errlog: added the raw_log() API function to
allow the building of custom logging facilities. thanks
Thibault Charbonnier for the patch.
* feature: added new API function "get_master_pid()" to the
ngx.process module. thanks chronolaw for the patch.
* doc: typo fixes from chronolaw.
* feature: added new resty.core.phase module to include the
pure FFI version of the ngx.get_phase() API. thanks Robert
Paprocki for the patch.
* feature: added new ngx.base64 Lua module with the functions
encode_base64url() and decode_base64url(). thanks Datong Sn
for the patch.
* bugfix: resty.core.var: ngx.var.VAR assignment might
over-read the error msg buffer. thanks Ka-Hing Cheung for
the patch.
* optimize: use plain text string.find calls when we mean it.
* feature: ngx.ssl: added new raw_client_addr() Lua API
function. thanks 王军伟 for the patch.
* upgraded lua-cjson to 2.1.0.6.
* optimize: improved forward-compatibility with older versions
of Lua/LuaJIT. thanks Thibault Charbonnier for the patch.
* bugfix: fixed the C compiler warning "SO C90 forbids mixed
declarations and code" on older operating systems.
* feature: set "cjson.array_mt" on decoded JSON arrays. this
can be turned on via
"cjson.decode_array_with_array_mt(true)". off by default for
backward compatibility. thanks Thibault Charbonnier for the
patch.
* feature: added new cjson.array_mt metatable to allow
enforcing JSON array encoding. thanks Thibault Charbonnier
for the patch.
* bugfix: fixed a -Wsign-compare compiler warning. thanks
gnought for the patch.
* upgraded lua-resty-lrucache to 0.08.
* feature: added new method flush_all() to flush all the data
in an existing cache object. thanks yang.yang for the patch.
* upgraded lua-resty-dns to 0.21.
* refactor: cleaned up some variable names and locals. thanks
Thijs Schreijer for the patch.
* bugfix: fixed issues with retrans not being honoured upon
connection failures. thanks Thijs Schreijer for the patch.
* feature: improved error reporting, making it more precise,
and returning errors of previous tries. thanks Thijs
Schreijer for the patch.
* bugfix: fix parsing state after SOA record. Correct parsing
of Additional Records failed due to a bad parsing state
after processing a SOA record in the Authorative nameservers
section. DNS response based on "dig @ns1.google.com SOA
google.com". thanks Peter Wu for the patch.
* bugfix: fix typo in SOA record field "minimum". Rename
"mininum" to "minimum", fixes issue in original feature
added with lua-resty-dns v0.19rc1.
* upgraded lua-resty-string to 0.11.
* feature: resty.aes: added compaibility with OpenSSL 1.1.0+.
thanks spacewander for the patch.
* upgraded ngx_stream_lua to 0.0.5.
* feature: we now have raw request downstream cosocket support
for scripting UDP servers. thanks Datong Sun for the patch.
* feature: added the preread handler postponing feature.
thanks Datong Sun for the patch.
* feature: added new config directive lua_add_variable to
allow adding changeable. thanks Datong Sun for the patch.
* upgraded ngx_set_misc to 0.32.
* bugfix: set_quote_pgsql_str: we did not escape the "$"
character. thanks Yuansheng Wang for the patch.
* refactor: made "ngx_http_pg_utf_islegal()" much better.
* bugfix: fixed the "-Wimplicit-fallthrough" warinings from
GCC 7. thanks Andrei Belov for the patch.
* upgraded ngx_redis2 to 0.15.
* bugfix: "ragel -G2" genreates C code which results in
"-Werror=implicit-fallthrough" compilation errors at least
with gcc 7.2. switched to "ragel -T1" instaed.
* upgraded ngx_memc to 0.19
* bugfix: "ragel -G2" genreates C code which results in
"-Werror=implicit-fallthrough" compilation errors at least
with gcc 7.2. switched to "ragel -T1" instaed.
* upgraded ngx_encrypted_session to 0.08.
* feature: added support for OpenSSL 1.1.0. thanks spacewander
for the patch.
* upgraded ngx_rds_csv to 0.09.
* bugfix: fixed the "-Werror=implicit-fallthrough" compilation
errors at least with gcc 7.2.
* upgraded ngx_drizzle to 0.1.11.
* bugfix: fixed the "-Werror=implicit-fallthrough" compilation
errors at least with gcc 7.2.
* upgraded ngx_xss to 0.06.
* bugfix: "ragel -G2" genreates C code which results in
"-Werror=implicit-fallthrough" compilation errors at least
with gcc 7.2. switched to "ragel -T1" instaed.
* bugfix: fixed errors and warnings with C compilers without
variadic macro support.
* upgraded LuaJIT to 2.1-20180419:
https://github.com/openresty/luajit2/tags
* feature: implemented new API function "jit.prngstate()" for
reading or setting the current PRNG state number used in the
JIT compiler.
* feature: implemented the table.clone() builtin Lua API. This
change only support shallow clone. e.g
local tab_clone = require "table.clone" local x = {x=12,
y={5, 6, 7}} local y = tab_clone(x) -- ... use y here ...
We observed 7% over-all speedup in the edgelang-fan
compiler's compiling speed whose Lua is generated by the
fanlang compiler. thanks Shuxin Yang for the patch and
OpenResty Inc. for sponsoring this work.
* imported Mike Pall's latest changes:
* DynASM/x86: Add BMI1 and BMI2 instructions.
* Fix rechaining of pseudo-resurrected string keys.
* Clear stack after "print_jit_status()" in CLI.
* Fix GCC 7 "-Wimplicit-fallthrough" warnings.
* FFI: Don't assert on "#1LL" (Lua 5.2 compatibility mode
only).
* MIPS64: Fix soft-float +-0.0 vs. +-0.0 comparison.
* Fix LuaJIT API docs for "LUAJIT_MODE_*".
* Fix ARMv8 (32 bit subset) detection.
* Fix "string.format("%c", 0)".
* Fix "IR_BUFPUT" assembly.
* MIPS64: Fix "xpcall()" error case.
* ARM64: Fix "xpcall()" error case.
* Fix saved bytecode encapsulated in ELF objects.
* MIPS64: Fix register allocation in assembly of HREF.
* ARM64: Fix assembly of HREFK.
* Fix FOLD rule for strength reduction of widening.
Feedback welcome!
Thanks!
Best regards,
Yichun
