path: root/CHANGES

Changes with Unit 1.20.0                                         08 Oct 2020

    *) Change: the PHP module is now initialized before chrooting; this
       enables loading all extensions from the host system.

    *) Change: AVIF and APNG image formats added to the default MIME type
       list.

    *) Change: functional tests migrated to the pytest framework.

    *) Feature: the Python module now fully supports applications that use
       the ASGI 3.0 server interface.

    *) Feature: the Python module now has a built-in WebSocket server
       implementation for applications, compatible with the HTTP & WebSocket
       ASGI Message Format 2.1 specification.

    *) Feature: automatic mounting of an isolated "/tmp" file system into
       chrooted application environments.

    *) Feature: the $host variable contains a normalized "Host" request
       value.

    *) Feature: the "callable" option sets Python application callable
       names.

    *) Feature: compatibility with PHP 8 RC 1. Thanks to Remi Collet.

    *) Feature: the "automount" option in the "isolation" object allows to
       turn off the automatic mounting of language module dependencies.

    *) Bugfix: "pass"-ing requests to upstreams from a route was broken; the
       bug had appeared in 1.19.0. Thanks to 洪志道 (Hong Zhi Dao) for
       discovering and fixing it.

    *) Bugfix: the router process could crash during reconfiguration.

    *) Bugfix: a memory leak occurring in the router process; the bug had
       appeared in 1.18.0.

    *) Bugfix: the "!" (non-empty) pattern was matched incorrectly; the bug
       had appeared in 1.19.0.

    *) Bugfix: fixed building on platforms without sendfile() support,
       notably NetBSD; the bug had appeared in 1.16.0.


Changes with Unit 1.19.0                                         13 Aug 2020

    *) Feature: reworked IPC between the router process and the applications
       to lower latencies, increase performance, and improve scalability.

    *) Feature: support for an arbitrary number of wildcards in route
       matching patterns.

    *) Feature: chunked transfer encoding in proxy responses.

    *) Feature: basic variables support in the "pass" option.

    *) Feature: compatibility with PHP 8 Beta 1. Thanks to Remi Collet.

    *) Bugfix: the router process could crash while passing requests to an
       application under high load.

    *) Bugfix: a number of language modules failed to build on some systems;
       the bug had appeared in 1.18.0.

    *) Bugfix: time in error log messages from PHP applications could lag.

    *) Bugfix: reconfiguration requests could hang if an application had
       failed to start; the bug had appeared in 1.18.0.

    *) Bugfix: memory leak during reconfiguration.

    *) Bugfix: the daemon didn't start without language modules; the bug had
       appeared in 1.18.0.

    *) Bugfix: the router process could crash at exit.

    *) Bugfix: Node.js applications could crash at exit.

    *) Bugfix: the Ruby module could be linked against a wrong library
       version.


Changes with Unit 1.18.0                                         28 May 2020

    *) Feature: the "rootfs" isolation option for changing root filesystem
       for an application.

    *) Feature: multiple "targets" in PHP applications.

    *) Feature: support for percent-encoding in the "uri" and "arguments"
       matching options and in the "pass" option.


Changes with Unit 1.17.0                                         16 Apr 2020

    *) Feature: a "return" action with optional "location" for immediate
       responses and external redirection.

    *) Feature: fractional weights support for upstream servers.

    *) Bugfix: accidental 502 "Bad Gateway" errors might have occurred in
       applications under high load.

    *) Bugfix: memory leak in the router; the bug had appeared in 1.13.0.

    *) Bugfix: segmentation fault might have occurred in the router process
       when reaching open connections limit.

    *) Bugfix: "close() failed (9: Bad file descriptor)" alerts might have
       appeared in the log while processing large request bodies; the bug
       had appeared in 1.16.0.

    *) Bugfix: existing application processes didn't reopen the log file.

    *) Bugfix: incompatibility with some Node.js applications.

    *) Bugfix: broken build on DragonFly BSD; the bug had appeared in
       1.16.0.


Changes with Unit 1.16.0                                         12 Mar 2020

    *) Feature: basic load-balancing support with round-robin.

    *) Feature: a "fallback" option that performs an alternative action if a
       request can't be served from the "share" directory.

    *) Feature: reduced memory consumption by dumping large request bodies
       to disk.

    *) Feature: stripping UTF-8 BOM and JavaScript-style comments from
       uploaded JSON.

    *) Bugfix: negative address matching in router might work improperly in
       combination with non-negative patterns.

    *) Bugfix: Java Spring applications failed to run; the bug had appeared
       in 1.10.0.

    *) Bugfix: PHP 7.4 was broken if it was built with thread safety
       enabled.

    *) Bugfix: compatibility issues with some Python applications.


Changes with Unit 1.15.0                                         06 Feb 2020

    *) Change: extensions of dynamically requested PHP scripts were
       restricted to ".php".

    *) Feature: compatibility with Ruby 2.7.

    *) Bugfix: segmentation fault might have occurred in the router process
       with multiple application processes under load; the bug had appeared
       in 1.14.0.

    *) Bugfix: receiving request body over TLS connection might have
       stalled.


Changes with Unit 1.14.0                                         26 Dec 2019

    *) Change: the Go package import name changed to "unit.nginx.org/go".

    *) Change: Go package now links to libunit instead of including library
       sources.

    *) Feature: ability to change user and group for isolated applications
       when Unit daemon runs as an unprivileged user.

    *) Feature: request routing by source and destination addresses and
       ports.

    *) Bugfix: memory bloat on large responses.


Changes with Unit 1.13.0                                         14 Nov 2019

    *) Feature: basic support for HTTP reverse proxying.

    *) Feature: compatibility with Python 3.8.

    *) Bugfix: memory leak in Python application processes when the close
       handler was used.

    *) Bugfix: threads in Python applications might not work correctly.

    *) Bugfix: Ruby on Rails applications might not work on Ruby 2.6.

    *) Bugfix: backtraces for uncaught exceptions in Python 3 might be
       logged with significant delays.

    *) Bugfix: explicit setting a namespaces isolation option to false might
       have enabled it.


Changes with Unit 1.12.0                                         03 Oct 2019

    *) Feature: compatibility with PHP 7.4.

    *) Bugfix: descriptors leak on process creation; the bug had appeared in
       1.11.0.

    *) Bugfix: TLS connection might be closed prematurely while sending
       response.

    *) Bugfix: segmentation fault might have occurred if an irregular file
       was requested.


Changes with Unit 1.11.0                                         19 Sep 2019

    *) Feature: basic support for serving static files.

    *) Feature: isolation of application processes with Linux namespaces.

    *) Feature: built-in WebSocket server implementation for Java Servlet
       Containers.

    *) Feature: direct addressing of API configuration options containing
       slashes "/" using URI encoding (%2F).

    *) Bugfix: segmentation fault might have occurred in Go applications
       under high load.

    *) Bugfix: WebSocket support was broken if Unit was built with some
       linkers other than GNU ld (e.g. gold or LLD).


Changes with Unit 1.10.0                                         22 Aug 2019

    *) Change: matching of cookies in routes made case sensitive.

    *) Change: decreased log level of common errors when clients close
       connections.

    *) Change: removed the Perl module's "--include=" ./configure option.

    *) Feature: built-in WebSocket server implementation for Node.js module.

    *) Feature: splitting PATH_INFO from request URI in PHP module.

    *) Feature: request routing by scheme (HTTP or HTTPS).

    *) Feature: support for multipart requests body in Java module.

    *) Feature: improved API compatibility with Node.js 11.10 or later.

    *) Bugfix: reconfiguration failed if "listeners" or "applications"
       objects were missing.

    *) Bugfix: applying a large configuration might have failed.


Changes with Unit 1.9.0                                          30 May 2019

    *) Feature: request routing by arguments, headers, and cookies.

    *) Feature: route matching patterns allow a wildcard in the middle.

    *) Feature: POST operation for appending elements to arrays in
       configuration.

    *) Feature: support for changing credentials using CAP_SETUID and
       CAP_SETGID capabilities on Linux without running main process as
       privileged user.

    *) Bugfix: memory leak in the router process might have happened when a
       client prematurely closed the connection.

    *) Bugfix: applying a large configuration might have failed.

    *) Bugfix: PUT and DELETE operations on array elements in configuration
       did not work.

    *) Bugfix: request schema in applications did not reflect TLS
       connections.

    *) Bugfix: restored compatibility with Node.js applications that use
       ServerResponse._implicitHeader() function; the bug had appeared in
       1.7.

    *) Bugfix: various compatibility issues with Node.js applications.


Changes with Unit 1.8.0                                          01 Mar 2019

    *) Change: now three numbers are always used for versioning: major,
       minor, and patch versions.

    *) Change: now QUERY_STRING is always defined even if the request does
       not include the query component.

    *) Feature: basic internal request routing by Host, URI, and method.

    *) Feature: experimental support for Java Servlet Containers.

    *) Bugfix: segmentation fault might have occurred in the router process.

    *) Bugfix: various potential memory leaks.

    *) Bugfix: TLS connections might have stalled.

    *) Bugfix: some Perl applications might have failed to send the response
       body.

    *) Bugfix: some compilers with specific flags might have produced
       non-functioning builds; the bug had appeared in 1.5.

    *) Bugfix: Node.js package had wrong version number when installed from
       sources.


Changes with Unit 1.7.1                                          07 Feb 2019

    *) Security: a heap memory buffer overflow might have been caused in the
       router process by a specially crafted request, potentially resulting
       in a segmentation fault or other unspecified behavior
       (CVE-2019-7401).

    *) Bugfix: install of Go module failed without prior building of Unit
       daemon; the bug had appeared in 1.7.


Changes with Unit 1.7                                            20 Dec 2018

    *) Change: now rpath is set in Ruby module only if the library was not
       found in default search paths; this allows to meet packaging
       restrictions on some systems.

    *) Bugfix: "disable_functions" and "disable_classes" PHP options set via
       Control API did not work.

    *) Bugfix: Promises on request data in Node.js were not triggered.

    *) Bugfix: various compatibility issues with Node.js applications.

    *) Bugfix: a segmentation fault occurred in Node.js module if
       application tried to read request body after request.end() was
       called.

    *) Bugfix: a segmentation fault occurred in Node.js module if
       application attempted to send header twice.

    *) Bugfix: names of response header fields in Node.js module were
       erroneously treated as case-sensitive.

    *) Bugfix: uncatched exceptions in Node.js were not logged.

    *) Bugfix: global install of Node.js module from sources was broken on
       some systems; the bug had appeared in 1.6.

    *) Bugfix: traceback for exceptions during initialization of Python
       applications might not be logged.

    *) Bugfix: PHP module build failed if PHP interpreter was built with
       thread safety enabled.


Changes with Unit 1.6                                            15 Nov 2018

    *) Change: "make install" now installs Node.js module as well if it was
       configured.

    *) Feature: "--local" ./configure option to install Node.js module
       locally.

    *) Bugfix: Node.js module might have crashed due to broken reference
       counting.

    *) Bugfix: asynchronous operations in Node.js might not have worked.

    *) Bugfix: various compatibility issues with Node.js applications.

    *) Bugfix: "freed pointer is out of pool" alerts might have appeared in
       log.

    *) Bugfix: module discovery did not work on 64-bit big-endian systems
       like IBM/S390x.


Changes with Unit 1.5                                            25 Oct 2018

    *) Change: the "type" of application object for Go was changed to
       "external".

    *) Feature: initial version of Node.js package with basic HTTP
       request-response support.

    *) Feature: compatibility with LibreSSL.

    *) Feature: --libdir and --incdir ./configure options to install libunit
       headers and static library.

    *) Bugfix: connection might be closed prematurely while sending
       response; the bug had appeared in 1.3.

    *) Bugfix: application processes might have stopped handling requests,
       producing "last message send failed: Resource temporarily
       unavailable" alerts in log; the bug had appeared in 1.4.

    *) Bugfix: Go applications did not work when Unit was built with musl C
       library.


Changes with Unit 1.4                                            20 Sep 2018

    *) Change: the control API maps the configuration object only at
       "/config/".

    *) Feature: TLS support for client connections.

    *) Feature: TLS certificates storage control API.

    *) Feature: Unit library (libunit) to streamline language module
       integration.

    *) Feature: "408 Request Timeout" responses while closing HTTP
       keep-alive connections.

    *) Feature: improvements in OpenBSD support. Thanks to David Carlier.

    *) Bugfix: a segmentation fault might have occurred after
       reconfiguration.

    *) Bugfix: building on systems with non-default locale might be broken.

    *) Bugfix: "header_read_timeout" might not work properly.

    *) Bugfix: header fields values with non-ASCII bytes might be handled
       incorrectly in Python 3 module.


Changes with Unit 1.3                                            13 Jul 2018

    *) Change: UTF-8 characters are now allowed in request header field
       values.

    *) Feature: configuration of the request body size limit.

    *) Feature: configuration of various HTTP connection timeouts.

    *) Feature: Ruby module now automatically uses Bundler where possible.

    *) Feature: http.Flusher interface in Go module.

    *) Bugfix: various issues in HTTP connection errors handling.

    *) Bugfix: requests with body data might be handled incorrectly in PHP
       module.

    *) Bugfix: individual PHP configuration options specified via control
       API were reset to previous values after the first request in
       application process.


Changes with Unit 1.2                                            07 Jun 2018

    *) Feature: configuration of environment variables for application
       processes.

    *) Feature: customization of php.ini path.

    *) Feature: setting of individual PHP configuration options.

    *) Feature: configuration of execution arguments for Go applications.

    *) Bugfix: keep-alive connections might hang after reconfiguration.


Changes with Unit 1.1                                            26 Apr 2018

    *) Bugfix: Python applications that use the write() callable did not
       work.

    *) Bugfix: virtual environments created with Python 3.3 or above might
       not have worked.

    *) Bugfix: the request.Read() function in Go applications did not
       produce EOF when the whole body was read.

    *) Bugfix: a segmentation fault might have occurred while access log
       reopening.

    *) Bugfix: in parsing of IPv6 control socket addresses.

    *) Bugfix: loading of application modules was broken on OpenBSD.

    *) Bugfix: a segmentation fault might have occurred when there were two
       modules with the same type and version; the bug had appeared in 1.0.

    *) Bugfix: alerts "freed pointer points to non-freeble page" might have
       appeared in log on 32-bit platforms.


Changes with Unit 1.0                                            12 Apr 2018

    *) Change: configuration object moved into "/config/" path.

    *) Feature: basic access logging.

    *) Bugfix: 503 error occurred if Go application did not write response
       header or body.

    *) Bugfix: Ruby applications that use encoding conversions might not
       have worked.

    *) Bugfix: various stability issues.


Changes with Unit 0.7                                            22 Mar 2018

    *) Feature: Ruby application module.

    *) Bugfix: in discovering modules.

    *) Bugfix: various race conditions on reconfiguration and during
       shutting down.

    *) Bugfix: tabs and trailing spaces were not allowed in header fields
       values.

    *) Bugfix: a segmentation fault occurred in Python module if
       start_response() was called outside of WSGI callable.

    *) Bugfix: a segmentation fault might have occurred in PHP module if
       there was an error while initialization.


Changes with Unit 0.6                                            09 Feb 2018

    *) Bugfix: the main process died when the "type" application option
       contained version; the bug had appeared in 0.5.


Changes with Unit 0.5                                            08 Feb 2018

    *) Change: the "workers" application option was removed, the "processes"
       application option should be used instead.

    *) Feature: the "processes" application option with prefork and dynamic
       process management support.

    *) Feature: Perl application module.

    *) Bugfix: in reading client request body; the bug had appeared in 0.3.

    *) Bugfix: some Python applications might not have worked due to missing
       "wsgi.errors" environ variable.

    *) Bugfix: HTTP chunked responses might be encoded incorrectly on 32-bit
       platforms.

    *) Bugfix: infinite looping in HTTP parser.

    *) Bugfix: segmentation fault in router.


Changes with Unit 0.4                                            15 Jan 2018

    *) Feature: compatibility with DragonFly BSD.

    *) Feature: "configure php --lib-static" option.

    *) Bugfix: HTTP request body was not passed to application; the bug had
       appeared in 0.3.

    *) Bugfix: HTTP large header buffers allocation and deallocation fixed;
       the bug had appeared in 0.3.

    *) Bugfix: some PHP applications might not have worked with relative
       "root" path.


Changes with Unit 0.3                                            28 Dec 2017

    *) Change: the Go package name changed to "nginx/unit".

    *) Change: in the "limits.timeout" application option: application start
       time and time in queue now are not accounted.

    *) Feature: the "limits.requests" application option.

    *) Feature: application request processing latency optimization.

    *) Feature: HTTP keep-alive connections support.

    *) Feature: the "home" Python virtual environment configuration option.

    *) Feature: Python atexit hook support.

    *) Feature: various Go package improvements.

    *) Bugfix: various crashes fixed.


Changes with Unit 0.2                                            19 Oct 2017

    *) Feature: configuration persistence.

    *) Feature: improved handling of configuration errors.

    *) Feature: application "timeout" property.

    *) Bugfix: POST request for PHP were handled incorrectly.

    *) Bugfix: the router exited abnormally if all listeners had been
       deleted.

    *) Bugfix: the router crashed under load.

    *) Bugfix: memory leak in the router.


Changes with Unit 0.1                                            06 Sep 2017

    *) First public release.