The main branch of nginx has been updated to version 1.29.4, with a continued focus on developing new features. The stable branch 1.28.x, on the other hand, is dedicated to resolving critical bugs and vulnerabilities. A future stable branch, 1.30, will be based on the main branch 1.29.x. The project is coded in C and distributed under the BSD license.
In the new release of nginx:
- The ngx_http_proxy module now supports the HTTP/2 protocol, allowing users to utilize HTTP/2 when accessing backends.
- Support for the TLS extension ECH (Encrypted ClientHello) has been added, further building on the ESNI (Encrypted Server Name Indication) extension. ECH encrypts the entire TLS ClientHello message, including parameter information for TLS sessions such as the requested domain name. This differs from ESNI by encrypting the complete message to prevent leaks through fields that ESNI does not cover, like the PSK (Pre-Shared Key) field. Enabling ECH requires specifying the “ssl_ech_file” directive in the ECHConfig configuration file in PEM format. Support is available when using OpenSSL with ECH builds.
- Rules for checking the host and port in the request body, the “Host” header, and the “:authority” pseudo-header have been aligned with the requirements of RFC 3986.
- Specifying a single newline character as a terminating sequence in chunked requests or in the response body will now be treated as an error.
- A crash issue when using HTTP/3 with the OpenSSL 3.5.1+ library has been resolved.
- Fixed a crash that occurred when specifying try_files and proxy_pass directives with a URI simultaneously.
You can find more information and download the new release here.
/Reports, release notes, official announcements.