summaryrefslogtreecommitdiffhomepage
path: root/CHANGES
blob: 5398910e8035f2a1a6fdd65a12d8c6b805ed9018 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334

Changes with Unit 1.8.0                                          01 Mar 2019

    *) Change: now three numbers are always used for versioning: major,
       minor, and patch versions.

    *) Change: now QUERY_STRING is always defined even if the request does
       not include the query component.

    *) Feature: basic internal request routing by Host, URI, and method.

    *) Feature: experimental support for Java Servlet Containers.

    *) Bugfix: segmentation fault might have occurred in the router process.

    *) Bugfix: various potential memory leaks.

    *) Bugfix: TLS connections might have stalled.

    *) Bugfix: some Perl applications might have failed to send the response
       body.

    *) Bugfix: some compilers with specific flags might have produced
       non-functioning builds; the bug had appeared in 1.5.

    *) Bugfix: Node.js package had wrong version number when installed from
       sources.


Changes with Unit 1.7.1                                          07 Feb 2019

    *) Security: a heap memory buffer overflow might have been caused in the
       router process by a specially crafted request, potentially resulting
       in a segmentation fault or other unspecified behavior
       (CVE-2019-7401).

    *) Bugfix: install of Go module failed without prior building of Unit
       daemon; the bug had appeared in 1.7.


Changes with Unit 1.7                                            20 Dec 2018

    *) Change: now rpath is set in Ruby module only if the library was not
       found in default search paths; this allows to meet packaging
       restrictions on some systems.

    *) Bugfix: "disable_functions" and "disable_classes" PHP options set via
       Control API did not work.

    *) Bugfix: Promises on request data in Node.js were not triggered.

    *) Bugfix: various compatibility issues with Node.js applications.

    *) Bugfix: a segmentation fault occurred in Node.js module if
       application tried to read request body after request.end() was
       called.

    *) Bugfix: a segmentation fault occurred in Node.js module if
       application attempted to send header twice.

    *) Bugfix: names of response header fields in Node.js module were
       erroneously treated as case-sensitive.

    *) Bugfix: uncatched exceptions in Node.js were not logged.

    *) Bugfix: global install of Node.js module from sources was broken on
       some systems; the bug had appeared in 1.6.

    *) Bugfix: traceback for exceptions during initialization of Python
       applications might not be logged.

    *) Bugfix: PHP module build failed if PHP interpreter was built with
       thread safety enabled.


Changes with Unit 1.6                                            15 Nov 2018

    *) Change: "make install" now installs Node.js module as well if it was
       configured.

    *) Feature: "--local" ./configure option to install Node.js module
       locally.

    *) Bugfix: Node.js module might have crashed due to broken reference
       counting.

    *) Bugfix: asynchronous operations in Node.js might not have worked.

    *) Bugfix: various compatibility issues with Node.js applications.

    *) Bugfix: "freed pointer is out of pool" alerts might have appeared in
       log.

    *) Bugfix: module discovery did not work on 64-bit big-endian systems
       like IBM/S390x.


Changes with Unit 1.5                                            25 Oct 2018

    *) Change: the "type" of application object for Go was changed to
       "external".

    *) Feature: initial version of Node.js package with basic HTTP
       request-response support.

    *) Feature: compatibility with LibreSSL.

    *) Feature: --libdir and --incdir ./configure options to install libunit
       headers and static library.

    *) Bugfix: connection might be closed prematurely while sending
       response; the bug had appeared in 1.3.

    *) Bugfix: application processes might have stopped handling requests,
       producing "last message send failed: Resource temporarily
       unavailable" alerts in log; the bug had appeared in 1.4.

    *) Bugfix: Go applications did not work when Unit was built with musl C
       library.


Changes with Unit 1.4                                            20 Sep 2018

    *) Change: the control API maps the configuration object only at
       "/config/".

    *) Feature: TLS support for client connections.

    *) Feature: TLS certificates storage control API.

    *) Feature: Unit library (libunit) to streamline language module
       integration.

    *) Feature: "408 Request Timeout" responses while closing HTTP
       keep-alive connections.

    *) Feature: improvements in OpenBSD support. Thanks to David Carlier.

    *) Bugfix: a segmentation fault might have occurred after
       reconfiguration.

    *) Bugfix: building on systems with non-default locale might be broken.

    *) Bugfix: "header_read_timeout" might not work properly.

    *) Bugfix: header fields values with non-ASCII bytes might be handled
       incorrectly in Python 3 module.


Changes with Unit 1.3                                            13 Jul 2018

    *) Change: UTF-8 characters are now allowed in request header field
       values.

    *) Feature: configuration of the request body size limit.

    *) Feature: configuration of various HTTP connection timeouts.

    *) Feature: Ruby module now automatically uses Bundler where possible.

    *) Feature: http.Flusher interface in Go module.

    *) Bugfix: various issues in HTTP connection errors handling.

    *) Bugfix: requests with body data might be handled incorrectly in PHP
       module.

    *) Bugfix: individual PHP configuration options specified via control
       API were reset to previous values after the first request in
       application process.


Changes with Unit 1.2                                            07 Jun 2018

    *) Feature: configuration of environment variables for application
       processes.

    *) Feature: customization of php.ini path.

    *) Feature: setting of individual PHP configuration options.

    *) Feature: configuration of execution arguments for Go applications.

    *) Bugfix: keep-alive connections might hang after reconfiguration.


Changes with Unit 1.1                                            26 Apr 2018

    *) Bugfix: Python applications that use the write() callable did not
       work.

    *) Bugfix: virtual environments created with Python 3.3 or above might
       not have worked.

    *) Bugfix: the request.Read() function in Go applications did not
       produce EOF when the whole body was read.

    *) Bugfix: a segmentation fault might have occurred while access log
       reopening.

    *) Bugfix: in parsing of IPv6 control socket addresses.

    *) Bugfix: loading of application modules was broken on OpenBSD.

    *) Bugfix: a segmentation fault might have occurred when there were two
       modules with the same type and version; the bug had appeared in 1.0.

    *) Bugfix: alerts "freed pointer points to non-freeble page" might have
       appeared in log on 32-bit platforms.


Changes with Unit 1.0                                            12 Apr 2018

    *) Change: configuration object moved into "/config/" path.

    *) Feature: basic access logging.

    *) Bugfix: 503 error occurred if Go application did not write response
       header or body.

    *) Bugfix: Ruby applications that use encoding conversions might not
       have worked.

    *) Bugfix: various stability issues.


Changes with Unit 0.7                                            22 Mar 2018

    *) Feature: Ruby application module.

    *) Bugfix: in discovering modules.

    *) Bugfix: various race conditions on reconfiguration and during
       shutting down.

    *) Bugfix: tabs and trailing spaces were not allowed in header fields
       values.

    *) Bugfix: a segmentation fault occurred in Python module if
       start_response() was called outside of WSGI callable.

    *) Bugfix: a segmentation fault might have occurred in PHP module if
       there was an error while initialization.


Changes with Unit 0.6                                            09 Feb 2018

    *) Bugfix: the main process died when the "type" application option
       contained version; the bug had appeared in 0.5.


Changes with Unit 0.5                                            08 Feb 2018

    *) Change: the "workers" application option was removed, the "processes"
       application option should be used instead.

    *) Feature: the "processes" application option with prefork and dynamic
       process management support.

    *) Feature: Perl application module.

    *) Bugfix: in reading client request body; the bug had appeared in 0.3.

    *) Bugfix: some Python applications might not have worked due to missing
       "wsgi.errors" environ variable.

    *) Bugfix: HTTP chunked responses might be encoded incorrectly on 32-bit
       platforms.

    *) Bugfix: infinite looping in HTTP parser.

    *) Bugfix: segmentation fault in router.


Changes with Unit 0.4                                            15 Jan 2018

    *) Feature: compatibility with DragonFly BSD.

    *) Feature: "configure php --lib-static" option.

    *) Bugfix: HTTP request body was not passed to application; the bug had
       appeared in 0.3.

    *) Bugfix: HTTP large header buffers allocation and deallocation fixed;
       the bug had appeared in 0.3.

    *) Bugfix: some PHP applications might not have worked with relative
       "root" path.


Changes with Unit 0.3                                            28 Dec 2017

    *) Change: the Go package name changed to "nginx/unit".

    *) Change: in the "limits.timeout" application option: application start
       time and time in queue now are not accounted.

    *) Feature: the "limits.requests" application option.

    *) Feature: application request processing latency optimization.

    *) Feature: HTTP keep-alive connections support.

    *) Feature: the "home" Python virtual environment configuration option.

    *) Feature: Python atexit hook support.

    *) Feature: various Go package improvements.

    *) Bugfix: various crashes fixed.


Changes with Unit 0.2                                            19 Oct 2017

    *) Feature: configuration persistence.

    *) Feature: improved handling of configuration errors.

    *) Feature: application "timeout" property.

    *) Bugfix: POST request for PHP were handled incorrectly.

    *) Bugfix: the router exited abnormally if all listeners had been
       deleted.

    *) Bugfix: the router crashed under load.

    *) Bugfix: memory leak in the router.


Changes with Unit 0.1                                            06 Sep 2017

    *) First public release.