Change8

release-1.30.0

📦 nginxView on GitHub →
16 features🐛 36 fixes1 deprecations🔧 17 symbols

Summary

Nginx version 1.30.0 stable is released, bringing significant new features like Early Hints, ECH, and sticky sessions, alongside numerous bug fixes across QUIC, HTTP/2, and SSL modules.

Migration Steps

  1. When using QUIC, note that support for the OpenSSL 3.5 QUIC API is disabled by default (it can be enabled/configured).
  2. If using SSL/TLS features relying on client hello callbacks, be aware that the interface of ngx_ssl_set_client_hello_callback() has changed.
  3. If you rely on the legacy charset directive, you may need to re-add it as it was removed from the default config example.

✨ New Features

  • Support for Early Hints (103 status code).
  • Support for HTTP/2 to backend connections.
  • Support for Encrypted ClientHello (ECH).
  • Sticky sessions support for upstreams.
  • Multipath TCP support.
  • Default proxy HTTP version set to HTTP/1.1 with keep-alive enabled (since 1.29.7).
  • Support loading SSL keys via OSSL_STORE.
  • Added support for TCP keepalive parameters on macOS.
  • HTTP/3: indexed field line encoding for "103 Early Hints".
  • Certificate compression support.
  • Added $ssl_sigalg and $ssl_client_sigalg variables.
  • Geo module added support for the "volatile" parameter.
  • Added inheritance control for add_header and add_trailer directives.
  • HTTP CONNECT infrastructure added.
  • Added support for pcre 10.47.
  • Range filter now has a reasonable limit on multiple ranges.

🐛 Bug Fixes

  • QUIC: silenced unknown/reserved transport param "info" messages.
  • Fixed -Wunterminated-string-initialization with gcc15.
  • HTTP/3: fixed NGX_HTTP_V3_VARLEN_INT_LEN value.
  • Win32: couple of platform detection fixes.
  • QUIC: fixed a typo.
  • OpenSSL build fixes with various no-opt.
  • QUIC: fixed sending acknowledgments with limited congestion window.
  • QUIC: fixed handling of OpenSSL 3.5 QUIC API usage.
  • Upstream: fixed reinit request with gRPC and Early Hints.
  • PCRE license fix for win32 zip.
  • QUIC: adjusted OpenSSL 3.5 QUIC API feature test.
  • OPENSSL_VERSION_NUMBER fix for OpenSSL 3.0.
  • kqueue build fixes.
  • HTTP/3: limited prefixed integers encoded length.
  • HTTP/3: fixed handling :authority and Host with port.
  • HTTP/2: fixed flushing early hints.
  • HTTP/2 fixes for ":authority" vs "Host".
  • Auth basic: fixed file descriptor leak on memory allocation error.
  • smtp module fixes.
  • Fixed inaccurate index directive error report.
  • Upstream: overflow detection in Cache-Control delta-seconds.
  • Mail: xtext encoding (RFC 3461) in XCLIENT LOGIN.
  • SSL: fixed "key values mismatch" with object cache inheritance.
  • SSL: support for compressed server certificates with BoringSSL.
  • Upstream: reset local address in case of error.
  • OCSP: fixed invalid type for the 'ssl_ocsp' directive.
  • Fixed compilation warnings on Windows after c93a0c48af87.
  • Modules compatibility: increased compat section size.
  • SSL: fixed build with BoringSSL, broken by 38a701d88.
  • HTTP/2: extended guard for NULL buffer and zero length.
  • Proxy: fixed segfault in URI change (issue #983).
  • SSL: avoid warning when ECH is not configured and not supported.
  • Disabled bare LF in chunked transfer encoding.
  • Quic: fixed segfault on handshake failure.
  • SSL: logging level of the "ech_required" TLS alert.
  • Win32: fixed C4319 warning with MSVC x86.

Affected Symbols

ngx_http_upstream_modulengx_http_core_modulengx_ssl_set_client_hello_callback()charset directivengx_http_proxy_modulengx_http_auth_basic_modulengx_mail_smtp_modulengx_http_index_modulengx_http_geo_moduleadd_header directiveadd_trailer directivengx_http_ocsp_modulengx_http_upstream_cache_modulengx_mail_modulengx_http_ssl_module$ssl_sigalg$ssl_client_sigalg

⚡ Deprecations

  • Removed legacy charset directive from default config example.
nginx release-1.30.0 - Change8