summaryrefslogtreecommitdiffhomepage
path: root/CHANGES
blob: 0f558c6f2d7a26463174b927b5f0e108149b6b33 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707

Changes with Unit 1.22.0                                         04 Feb 2021

    *) Feature: the ServerRequest and ServerResponse objects of Node.js
       module are now compliant with Stream API.

    *) Feature: support for specifying multiple directories in the "path"
       option of Python apps.

    *) Bugfix: a memory leak occurred in the router process when serving
       files larger than 128K; the bug had appeared in 1.13.0.

    *) Bugfix: apps could stop processing new requests under high load; the
       bug had appeared in 1.19.0.

    *) Bugfix: app processes could terminate unexpectedly under high load;
       the bug had appeared in 1.19.0.

    *) Bugfix: invalid HTTP responses were generated for some unusual status
       codes.

    *) Bugfix: the PHP_AUTH_USER, PHP_AUTH_PW, and PHP_AUTH_DIGEST server
       variables were missing in the PHP module.

    *) Bugfix: the router process could crash with multithreaded apps under
       high load.

    *) Bugfix: Ruby apps with multithreading configured could crash on start
       under load.

    *) Bugfix: mount points weren't unmounted when the "mount" namespace
       isolation was used; the bug had appeared in 1.21.0.

    *) Bugfix: the router process could crash while removing or
       reconfiguring an app that used WebSocket.

    *) Bugfix: a memory leak occurring in the router process when removing
       or reconfiguring an application; the bug had appeared in 1.19.0.


Changes with Unit 1.21.0                                         19 Nov 2020

    *) Change: procfs is mounted by default for all languages when "rootfs"
       isolation is used.

    *) Change: any characters valid according to RFC 7230 are now allowed in
       HTTP header field names.

    *) Change: HTTP header fields with underscores ("_") are now discarded
       from requests by default.

    *) Feature: optional multithreaded request processing for Java, Python,
       Perl, and Ruby apps.

    *) Feature: regular expressions in route matching patterns.

    *) Feature: compatibility with Python 3.9.

    *) Feature: the Python module now supports ASGI 2.0 legacy applications.

    *) Feature: the "protocol" option in Python applications aids choice
       between ASGI and WSGI.

    *) Feature: the fastcgi_finish_request() PHP function that finalizes
       request processing and continues code execution without holding onto
       the client connection.

    *) Feature: the "discard_unsafe_fields" HTTP option that enables
       discarding request header fields with irregular (but still valid)
       characters in the field name.

    *) Feature: the "procfs" and "tmpfs" automount isolation options to
       disable automatic mounting of eponymous filesystems.

    *) Bugfix: the router process could crash when running Go applications
       under high load; the bug had appeared in 1.19.0.

    *) Bugfix: some language dependencies could remain mounted after using
       "rootfs" isolation.

    *) Bugfix: various compatibility issues in Java applications.

    *) Bugfix: the Java module built with the musl C library couldn't run
       applications that use "rootfs" isolation.


Changes with Unit 1.20.0                                         08 Oct 2020

    *) Change: the PHP module is now initialized before chrooting; this
       enables loading all extensions from the host system.

    *) Change: AVIF and APNG image formats added to the default MIME type
       list.

    *) Change: functional tests migrated to the pytest framework.

    *) Feature: the Python module now fully supports applications that use
       the ASGI 3.0 server interface.

    *) Feature: the Python module now has a built-in WebSocket server
       implementation for applications, compatible with the HTTP & WebSocket
       ASGI Message Format 2.1 specification.

    *) Feature: automatic mounting of an isolated "/tmp" file system into
       chrooted application environments.

    *) Feature: the $host variable contains a normalized "Host" request
       value.

    *) Feature: the "callable" option sets Python application callable
       names.

    *) Feature: compatibility with PHP 8 RC 1. Thanks to Remi Collet.

    *) Feature: the "automount" option in the "isolation" object allows to
       turn off the automatic mounting of language module dependencies.

    *) Bugfix: "pass"-ing requests to upstreams from a route was broken; the
       bug had appeared in 1.19.0. Thanks to 洪志道 (Hong Zhi Dao) for
       discovering and fixing it.

    *) Bugfix: the router process could crash during reconfiguration.

    *) Bugfix: a memory leak occurring in the router process; the bug had
       appeared in 1.18.0.

    *) Bugfix: the "!" (non-empty) pattern was matched incorrectly; the bug
       had appeared in 1.19.0.

    *) Bugfix: fixed building on platforms without sendfile() support,
       notably NetBSD; the bug had appeared in 1.16.0.


Changes with Unit 1.19.0                                         13 Aug 2020

    *) Feature: reworked IPC between the router process and the applications
       to lower latencies, increase performance, and improve scalability.

    *) Feature: support for an arbitrary number of wildcards in route
       matching patterns.

    *) Feature: chunked transfer encoding in proxy responses.

    *) Feature: basic variables support in the "pass" option.

    *) Feature: compatibility with PHP 8 Beta 1. Thanks to Remi Collet.

    *) Bugfix: the router process could crash while passing requests to an
       application under high load.

    *) Bugfix: a number of language modules failed to build on some systems;
       the bug had appeared in 1.18.0.

    *) Bugfix: time in error log messages from PHP applications could lag.

    *) Bugfix: reconfiguration requests could hang if an application had
       failed to start; the bug had appeared in 1.18.0.

    *) Bugfix: memory leak during reconfiguration.

    *) Bugfix: the daemon didn't start without language modules; the bug had
       appeared in 1.18.0.

    *) Bugfix: the router process could crash at exit.

    *) Bugfix: Node.js applications could crash at exit.

    *) Bugfix: the Ruby module could be linked against a wrong library
       version.


Changes with Unit 1.18.0                                         28 May 2020

    *) Feature: the "rootfs" isolation option for changing root filesystem
       for an application.

    *) Feature: multiple "targets" in PHP applications.

    *) Feature: support for percent-encoding in the "uri" and "arguments"
       matching options and in the "pass" option.


Changes with Unit 1.17.0                                         16 Apr 2020

    *) Feature: a "return" action with optional "location" for immediate
       responses and external redirection.

    *) Feature: fractional weights support for upstream servers.

    *) Bugfix: accidental 502 "Bad Gateway" errors might have occurred in
       applications under high load.

    *) Bugfix: memory leak in the router; the bug had appeared in 1.13.0.

    *) Bugfix: segmentation fault might have occurred in the router process
       when reaching open connections limit.

    *) Bugfix: "close() failed (9: Bad file descriptor)" alerts might have
       appeared in the log while processing large request bodies; the bug
       had appeared in 1.16.0.

    *) Bugfix: existing application processes didn't reopen the log file.

    *) Bugfix: incompatibility with some Node.js applications.

    *) Bugfix: broken build on DragonFly BSD; the bug had appeared in
       1.16.0.


Changes with Unit 1.16.0                                         12 Mar 2020

    *) Feature: basic load-balancing support with round-robin.

    *) Feature: a "fallback" option that performs an alternative action if a
       request can't be served from the "share" directory.

    *) Feature: reduced memory consumption by dumping large request bodies
       to disk.

    *) Feature: stripping UTF-8 BOM and JavaScript-style comments from
       uploaded JSON.

    *) Bugfix: negative address matching in router might work improperly in
       combination with non-negative patterns.

    *) Bugfix: Java Spring applications failed to run; the bug had appeared
       in 1.10.0.

    *) Bugfix: PHP 7.4 was broken if it was built with thread safety
       enabled.

    *) Bugfix: compatibility issues with some Python applications.


Changes with Unit 1.15.0                                         06 Feb 2020

    *) Change: extensions of dynamically requested PHP scripts were
       restricted to ".php".

    *) Feature: compatibility with Ruby 2.7.

    *) Bugfix: segmentation fault might have occurred in the router process
       with multiple application processes under load; the bug had appeared
       in 1.14.0.

    *) Bugfix: receiving request body over TLS connection might have
       stalled.


Changes with Unit 1.14.0                                         26 Dec 2019

    *) Change: the Go package import name changed to "unit.nginx.org/go".

    *) Change: Go package now links to libunit instead of including library
       sources.

    *) Feature: ability to change user and group for isolated applications
       when Unit daemon runs as an unprivileged user.

    *) Feature: request routing by source and destination addresses and
       ports.

    *) Bugfix: memory bloat on large responses.


Changes with Unit 1.13.0                                         14 Nov 2019

    *) Feature: basic support for HTTP reverse proxying.

    *) Feature: compatibility with Python 3.8.

    *) Bugfix: memory leak in Python application processes when the close
       handler was used.

    *) Bugfix: threads in Python applications might not work correctly.

    *) Bugfix: Ruby on Rails applications might not work on Ruby 2.6.

    *) Bugfix: backtraces for uncaught exceptions in Python 3 might be
       logged with significant delays.

    *) Bugfix: explicit setting a namespaces isolation option to false might
       have enabled it.


Changes with Unit 1.12.0                                         03 Oct 2019

    *) Feature: compatibility with PHP 7.4.

    *) Bugfix: descriptors leak on process creation; the bug had appeared in
       1.11.0.

    *) Bugfix: TLS connection might be closed prematurely while sending
       response.

    *) Bugfix: segmentation fault might have occurred if an irregular file
       was requested.


Changes with Unit 1.11.0                                         19 Sep 2019

    *) Feature: basic support for serving static files.

    *) Feature: isolation of application processes with Linux namespaces.

    *) Feature: built-in WebSocket server implementation for Java Servlet
       Containers.

    *) Feature: direct addressing of API configuration options containing
       slashes "/" using URI encoding (%2F).

    *) Bugfix: segmentation fault might have occurred in Go applications
       under high load.

    *) Bugfix: WebSocket support was broken if Unit was built with some
       linkers other than GNU ld (e.g. gold or LLD).


Changes with Unit 1.10.0                                         22 Aug 2019

    *) Change: matching of cookies in routes made case sensitive.

    *) Change: decreased log level of common errors when clients close
       connections.

    *) Change: removed the Perl module's "--include=" ./configure option.

    *) Feature: built-in WebSocket server implementation for Node.js module.

    *) Feature: splitting PATH_INFO from request URI in PHP module.

    *) Feature: request routing by scheme (HTTP or HTTPS).

    *) Feature: support for multipart requests body in Java module.

    *) Feature: improved API compatibility with Node.js 11.10 or later.

    *) Bugfix: reconfiguration failed if "listeners" or "applications"
       objects were missing.

    *) Bugfix: applying a large configuration might have failed.


Changes with Unit 1.9.0                                          30 May 2019

    *) Feature: request routing by arguments, headers, and cookies.

    *) Feature: route matching patterns allow a wildcard in the middle.

    *) Feature: POST operation for appending elements to arrays in
       configuration.

    *) Feature: support for changing credentials using CAP_SETUID and
       CAP_SETGID capabilities on Linux without running main process as
       privileged user.

    *) Bugfix: memory leak in the router process might have happened when a
       client prematurely closed the connection.

    *) Bugfix: applying a large configuration might have failed.

    *) Bugfix: PUT and DELETE operations on array elements in configuration
       did not work.

    *) Bugfix: request schema in applications did not reflect TLS
       connections.

    *) Bugfix: restored compatibility with Node.js applications that use
       ServerResponse._implicitHeader() function; the bug had appeared in
       1.7.

    *) Bugfix: various compatibility issues with Node.js applications.


Changes with Unit 1.8.0                                          01 Mar 2019

    *) Change: now three numbers are always used for versioning: major,
       minor, and patch versions.

    *) Change: now QUERY_STRING is always defined even if the request does
       not include the query component.

    *) Feature: basic internal request routing by Host, URI, and method.

    *) Feature: experimental support for Java Servlet Containers.

    *) Bugfix: segmentation fault might have occurred in the router process.

    *) Bugfix: various potential memory leaks.

    *) Bugfix: TLS connections might have stalled.

    *) Bugfix: some Perl applications might have failed to send the response
       body.

    *) Bugfix: some compilers with specific flags might have produced
       non-functioning builds; the bug had appeared in 1.5.

    *) Bugfix: Node.js package had wrong version number when installed from
       sources.


Changes with Unit 1.7.1                                          07 Feb 2019

    *) Security: a heap memory buffer overflow might have been caused in the
       router process by a specially crafted request, potentially resulting
       in a segmentation fault or other unspecified behavior
       (CVE-2019-7401).

    *) Bugfix: install of Go module failed without prior building of Unit
       daemon; the bug had appeared in 1.7.


Changes with Unit 1.7                                            20 Dec 2018

    *) Change: now rpath is set in Ruby module only if the library was not
       found in default search paths; this allows to meet packaging
       restrictions on some systems.

    *) Bugfix: "disable_functions" and "disable_classes" PHP options set via
       Control API did not work.

    *) Bugfix: Promises on request data in Node.js were not triggered.

    *) Bugfix: various compatibility issues with Node.js applications.

    *) Bugfix: a segmentation fault occurred in Node.js module if
       application tried to read request body after request.end() was
       called.

    *) Bugfix: a segmentation fault occurred in Node.js module if
       application attempted to send header twice.

    *) Bugfix: names of response header fields in Node.js module were
       erroneously treated as case-sensitive.

    *) Bugfix: uncatched exceptions in Node.js were not logged.

    *) Bugfix: global install of Node.js module from sources was broken on
       some systems; the bug had appeared in 1.6.

    *) Bugfix: traceback for exceptions during initialization of Python
       applications might not be logged.

    *) Bugfix: PHP module build failed if PHP interpreter was built with
       thread safety enabled.


Changes with Unit 1.6                                            15 Nov 2018

    *) Change: "make install" now installs Node.js module as well if it was
       configured.

    *) Feature: "--local" ./configure option to install Node.js module
       locally.

    *) Bugfix: Node.js module might have crashed due to broken reference
       counting.

    *) Bugfix: asynchronous operations in Node.js might not have worked.

    *) Bugfix: various compatibility issues with Node.js applications.

    *) Bugfix: "freed pointer is out of pool" alerts might have appeared in
       log.

    *) Bugfix: module discovery did not work on 64-bit big-endian systems
       like IBM/S390x.


Changes with Unit 1.5                                            25 Oct 2018

    *) Change: the "type" of application object for Go was changed to
       "external".

    *) Feature: initial version of Node.js package with basic HTTP
       request-response support.

    *) Feature: compatibility with LibreSSL.

    *) Feature: --libdir and --incdir ./configure options to install libunit
       headers and static library.

    *) Bugfix: connection might be closed prematurely while sending
       response; the bug had appeared in 1.3.

    *) Bugfix: application processes might have stopped handling requests,
       producing "last message send failed: Resource temporarily
       unavailable" alerts in log; the bug had appeared in 1.4.

    *) Bugfix: Go applications did not work when Unit was built with musl C
       library.


Changes with Unit 1.4                                            20 Sep 2018

    *) Change: the control API maps the configuration object only at
       "/config/".

    *) Feature: TLS support for client connections.

    *) Feature: TLS certificates storage control API.

    *) Feature: Unit library (libunit) to streamline language module
       integration.

    *) Feature: "408 Request Timeout" responses while closing HTTP
       keep-alive connections.

    *) Feature: improvements in OpenBSD support. Thanks to David Carlier.

    *) Bugfix: a segmentation fault might have occurred after
       reconfiguration.

    *) Bugfix: building on systems with non-default locale might be broken.

    *) Bugfix: "header_read_timeout" might not work properly.

    *) Bugfix: header fields values with non-ASCII bytes might be handled
       incorrectly in Python 3 module.


Changes with Unit 1.3                                            13 Jul 2018

    *) Change: UTF-8 characters are now allowed in request header field
       values.

    *) Feature: configuration of the request body size limit.

    *) Feature: configuration of various HTTP connection timeouts.

    *) Feature: Ruby module now automatically uses Bundler where possible.

    *) Feature: http.Flusher interface in Go module.

    *) Bugfix: various issues in HTTP connection errors handling.

    *) Bugfix: requests with body data might be handled incorrectly in PHP
       module.

    *) Bugfix: individual PHP configuration options specified via control
       API were reset to previous values after the first request in
       application process.


Changes with Unit 1.2                                            07 Jun 2018

    *) Feature: configuration of environment variables for application
       processes.

    *) Feature: customization of php.ini path.

    *) Feature: setting of individual PHP configuration options.

    *) Feature: configuration of execution arguments for Go applications.

    *) Bugfix: keep-alive connections might hang after reconfiguration.


Changes with Unit 1.1                                            26 Apr 2018

    *) Bugfix: Python applications that use the write() callable did not
       work.

    *) Bugfix: virtual environments created with Python 3.3 or above might
       not have worked.

    *) Bugfix: the request.Read() function in Go applications did not
       produce EOF when the whole body was read.

    *) Bugfix: a segmentation fault might have occurred while access log
       reopening.

    *) Bugfix: in parsing of IPv6 control socket addresses.

    *) Bugfix: loading of application modules was broken on OpenBSD.

    *) Bugfix: a segmentation fault might have occurred when there were two
       modules with the same type and version; the bug had appeared in 1.0.

    *) Bugfix: alerts "freed pointer points to non-freeble page" might have
       appeared in log on 32-bit platforms.


Changes with Unit 1.0                                            12 Apr 2018

    *) Change: configuration object moved into "/config/" path.

    *) Feature: basic access logging.

    *) Bugfix: 503 error occurred if Go application did not write response
       header or body.

    *) Bugfix: Ruby applications that use encoding conversions might not
       have worked.

    *) Bugfix: various stability issues.


Changes with Unit 0.7                                            22 Mar 2018

    *) Feature: Ruby application module.

    *) Bugfix: in discovering modules.

    *) Bugfix: various race conditions on reconfiguration and during
       shutting down.

    *) Bugfix: tabs and trailing spaces were not allowed in header fields
       values.

    *) Bugfix: a segmentation fault occurred in Python module if
       start_response() was called outside of WSGI callable.

    *) Bugfix: a segmentation fault might have occurred in PHP module if
       there was an error while initialization.


Changes with Unit 0.6                                            09 Feb 2018

    *) Bugfix: the main process died when the "type" application option
       contained version; the bug had appeared in 0.5.


Changes with Unit 0.5                                            08 Feb 2018

    *) Change: the "workers" application option was removed, the "processes"
       application option should be used instead.

    *) Feature: the "processes" application option with prefork and dynamic
       process management support.

    *) Feature: Perl application module.

    *) Bugfix: in reading client request body; the bug had appeared in 0.3.

    *) Bugfix: some Python applications might not have worked due to missing
       "wsgi.errors" environ variable.

    *) Bugfix: HTTP chunked responses might be encoded incorrectly on 32-bit
       platforms.

    *) Bugfix: infinite looping in HTTP parser.

    *) Bugfix: segmentation fault in router.


Changes with Unit 0.4                                            15 Jan 2018

    *) Feature: compatibility with DragonFly BSD.

    *) Feature: "configure php --lib-static" option.

    *) Bugfix: HTTP request body was not passed to application; the bug had
       appeared in 0.3.

    *) Bugfix: HTTP large header buffers allocation and deallocation fixed;
       the bug had appeared in 0.3.

    *) Bugfix: some PHP applications might not have worked with relative
       "root" path.


Changes with Unit 0.3                                            28 Dec 2017

    *) Change: the Go package name changed to "nginx/unit".

    *) Change: in the "limits.timeout" application option: application start
       time and time in queue now are not accounted.

    *) Feature: the "limits.requests" application option.

    *) Feature: application request processing latency optimization.

    *) Feature: HTTP keep-alive connections support.

    *) Feature: the "home" Python virtual environment configuration option.

    *) Feature: Python atexit hook support.

    *) Feature: various Go package improvements.

    *) Bugfix: various crashes fixed.


Changes with Unit 0.2                                            19 Oct 2017

    *) Feature: configuration persistence.

    *) Feature: improved handling of configuration errors.

    *) Feature: application "timeout" property.

    *) Bugfix: POST request for PHP were handled incorrectly.

    *) Bugfix: the router exited abnormally if all listeners had been
       deleted.

    *) Bugfix: the router crashed under load.

    *) Bugfix: memory leak in the router.


Changes with Unit 0.1                                            06 Sep 2017

    *) First public release.