1 2Changes with Unit 1.21.0 19 Nov 2020 3 4 *) Change: procfs is mounted by default for all languages when "rootfs" 5 isolation is used. 6 7 *) Change: any characters valid according to RFC 7230 are now allowed in 8 HTTP header field names. 9 10 *) Change: HTTP header fields with underscores ("_") are now discarded 11 from requests by default. 12 13 *) Feature: optional multithreaded request processing for Java, Python, 14 Perl, and Ruby apps. 15 16 *) Feature: regular expressions in route matching patterns. 17 18 *) Feature: compatibility with Python 3.9. 19 20 *) Feature: the Python module now supports ASGI 2.0 legacy applications. 21 22 *) Feature: the "protocol" option in Python applications aids choice 23 between ASGI and WSGI. 24 25 *) Feature: the fastcgi_finish_request() PHP function that finalizes 26 request processing and continues code execution without holding onto 27 the client connection. 28 29 *) Feature: the "discard_unsafe_fields" HTTP option that enables 30 discarding request header fields with irregular (but still valid) 31 characters in the field name. 32 33 *) Feature: the "procfs" and "tmpfs" automount isolation options to 34 disable automatic mounting of eponymous filesystems. 35 36 *) Bugfix: the router process could crash when running Go applications 37 under high load; the bug had appeared in 1.19.0. 38 39 *) Bugfix: some language dependencies could remain mounted after using 40 "rootfs" isolation. 41 42 *) Bugfix: various compatibility issues in Java applications. 43 44 *) Bugfix: the Java module built with the musl C library couldn't run 45 applications that use "rootfs" isolation. 46 47 48Changes with Unit 1.20.0 08 Oct 2020 49 50 *) Change: the PHP module is now initialized before chrooting; this 51 enables loading all extensions from the host system. 52 53 *) Change: AVIF and APNG image formats added to the default MIME type 54 list. 55 56 *) Change: functional tests migrated to the pytest framework. 57 58 *) Feature: the Python module now fully supports applications that use 59 the ASGI 3.0 server interface. 60 61 *) Feature: the Python module now has a built-in WebSocket server 62 implementation for applications, compatible with the HTTP & WebSocket 63 ASGI Message Format 2.1 specification. 64 65 *) Feature: automatic mounting of an isolated "/tmp" file system into 66 chrooted application environments. 67 68 *) Feature: the $host variable contains a normalized "Host" request 69 value. 70 71 *) Feature: the "callable" option sets Python application callable 72 names. 73 74 *) Feature: compatibility with PHP 8 RC 1. Thanks to Remi Collet. 75 76 *) Feature: the "automount" option in the "isolation" object allows to 77 turn off the automatic mounting of language module dependencies. 78 79 *) Bugfix: "pass"-ing requests to upstreams from a route was broken; the 80 bug had appeared in 1.19.0. Thanks to 洪志道 (Hong Zhi Dao) for 81 discovering and fixing it. 82 83 *) Bugfix: the router process could crash during reconfiguration. 84 85 *) Bugfix: a memory leak occurring in the router process; the bug had 86 appeared in 1.18.0. 87 88 *) Bugfix: the "!" (non-empty) pattern was matched incorrectly; the bug 89 had appeared in 1.19.0. 90 91 *) Bugfix: fixed building on platforms without sendfile() support, 92 notably NetBSD; the bug had appeared in 1.16.0. 93 94 95Changes with Unit 1.19.0 13 Aug 2020 96 97 *) Feature: reworked IPC between the router process and the applications 98 to lower latencies, increase performance, and improve scalability. 99 100 *) Feature: support for an arbitrary number of wildcards in route 101 matching patterns. 102 103 *) Feature: chunked transfer encoding in proxy responses. 104 105 *) Feature: basic variables support in the "pass" option. 106 107 *) Feature: compatibility with PHP 8 Beta 1. Thanks to Remi Collet. 108 109 *) Bugfix: the router process could crash while passing requests to an 110 application under high load. 111 112 *) Bugfix: a number of language modules failed to build on some systems; 113 the bug had appeared in 1.18.0. 114 115 *) Bugfix: time in error log messages from PHP applications could lag. 116 117 *) Bugfix: reconfiguration requests could hang if an application had 118 failed to start; the bug had appeared in 1.18.0. 119 120 *) Bugfix: memory leak during reconfiguration. 121 122 *) Bugfix: the daemon didn't start without language modules; the bug had 123 appeared in 1.18.0. 124 125 *) Bugfix: the router process could crash at exit. 126 127 *) Bugfix: Node.js applications could crash at exit. 128 129 *) Bugfix: the Ruby module could be linked against a wrong library 130 version. 131 132 133Changes with Unit 1.18.0 28 May 2020 134 135 *) Feature: the "rootfs" isolation option for changing root filesystem 136 for an application. 137 138 *) Feature: multiple "targets" in PHP applications. 139 140 *) Feature: support for percent-encoding in the "uri" and "arguments" 141 matching options and in the "pass" option. 142 143 144Changes with Unit 1.17.0 16 Apr 2020 145 146 *) Feature: a "return" action with optional "location" for immediate 147 responses and external redirection. 148 149 *) Feature: fractional weights support for upstream servers. 150 151 *) Bugfix: accidental 502 "Bad Gateway" errors might have occurred in 152 applications under high load. 153 154 *) Bugfix: memory leak in the router; the bug had appeared in 1.13.0. 155 156 *) Bugfix: segmentation fault might have occurred in the router process 157 when reaching open connections limit. 158 159 *) Bugfix: "close() failed (9: Bad file descriptor)" alerts might have 160 appeared in the log while processing large request bodies; the bug 161 had appeared in 1.16.0. 162 163 *) Bugfix: existing application processes didn't reopen the log file. 164 165 *) Bugfix: incompatibility with some Node.js applications. 166 167 *) Bugfix: broken build on DragonFly BSD; the bug had appeared in 168 1.16.0. 169 170 171Changes with Unit 1.16.0 12 Mar 2020 172 173 *) Feature: basic load-balancing support with round-robin. 174 175 *) Feature: a "fallback" option that performs an alternative action if a 176 request can't be served from the "share" directory. 177 178 *) Feature: reduced memory consumption by dumping large request bodies 179 to disk. 180 181 *) Feature: stripping UTF-8 BOM and JavaScript-style comments from 182 uploaded JSON. 183 184 *) Bugfix: negative address matching in router might work improperly in 185 combination with non-negative patterns. 186 187 *) Bugfix: Java Spring applications failed to run; the bug had appeared 188 in 1.10.0. 189 190 *) Bugfix: PHP 7.4 was broken if it was built with thread safety 191 enabled. 192 193 *) Bugfix: compatibility issues with some Python applications. 194 195 196Changes with Unit 1.15.0 06 Feb 2020 197 198 *) Change: extensions of dynamically requested PHP scripts were 199 restricted to ".php". 200 201 *) Feature: compatibility with Ruby 2.7. 202 203 *) Bugfix: segmentation fault might have occurred in the router process 204 with multiple application processes under load; the bug had appeared 205 in 1.14.0. 206 207 *) Bugfix: receiving request body over TLS connection might have 208 stalled. 209 210 211Changes with Unit 1.14.0 26 Dec 2019 212 213 *) Change: the Go package import name changed to "unit.nginx.org/go". 214 215 *) Change: Go package now links to libunit instead of including library 216 sources. 217 218 *) Feature: ability to change user and group for isolated applications 219 when Unit daemon runs as an unprivileged user. 220 221 *) Feature: request routing by source and destination addresses and 222 ports. 223 224 *) Bugfix: memory bloat on large responses. 225 226 227Changes with Unit 1.13.0 14 Nov 2019 228 229 *) Feature: basic support for HTTP reverse proxying. 230 231 *) Feature: compatibility with Python 3.8. 232 233 *) Bugfix: memory leak in Python application processes when the close 234 handler was used. 235 236 *) Bugfix: threads in Python applications might not work correctly. 237 238 *) Bugfix: Ruby on Rails applications might not work on Ruby 2.6. 239 240 *) Bugfix: backtraces for uncaught exceptions in Python 3 might be 241 logged with significant delays. 242 243 *) Bugfix: explicit setting a namespaces isolation option to false might 244 have enabled it. 245 246 247Changes with Unit 1.12.0 03 Oct 2019 248 249 *) Feature: compatibility with PHP 7.4. 250 251 *) Bugfix: descriptors leak on process creation; the bug had appeared in 252 1.11.0. 253 254 *) Bugfix: TLS connection might be closed prematurely while sending 255 response. 256 257 *) Bugfix: segmentation fault might have occurred if an irregular file 258 was requested. 259 260 261Changes with Unit 1.11.0 19 Sep 2019 262 263 *) Feature: basic support for serving static files. 264 265 *) Feature: isolation of application processes with Linux namespaces. 266 267 *) Feature: built-in WebSocket server implementation for Java Servlet 268 Containers. 269 270 *) Feature: direct addressing of API configuration options containing 271 slashes "/" using URI encoding (%2F). 272 273 *) Bugfix: segmentation fault might have occurred in Go applications 274 under high load. 275 276 *) Bugfix: WebSocket support was broken if Unit was built with some 277 linkers other than GNU ld (e.g. gold or LLD). 278 279 280Changes with Unit 1.10.0 22 Aug 2019 281 282 *) Change: matching of cookies in routes made case sensitive. 283 284 *) Change: decreased log level of common errors when clients close 285 connections. 286 287 *) Change: removed the Perl module's "--include=" ./configure option. 288 289 *) Feature: built-in WebSocket server implementation for Node.js module. 290 291 *) Feature: splitting PATH_INFO from request URI in PHP module. 292 293 *) Feature: request routing by scheme (HTTP or HTTPS). 294 295 *) Feature: support for multipart requests body in Java module. 296 297 *) Feature: improved API compatibility with Node.js 11.10 or later. 298 299 *) Bugfix: reconfiguration failed if "listeners" or "applications" 300 objects were missing. 301 302 *) Bugfix: applying a large configuration might have failed. 303 304 305Changes with Unit 1.9.0 30 May 2019 306 307 *) Feature: request routing by arguments, headers, and cookies. 308 309 *) Feature: route matching patterns allow a wildcard in the middle. 310 311 *) Feature: POST operation for appending elements to arrays in 312 configuration. 313 314 *) Feature: support for changing credentials using CAP_SETUID and 315 CAP_SETGID capabilities on Linux without running main process as 316 privileged user. 317 318 *) Bugfix: memory leak in the router process might have happened when a 319 client prematurely closed the connection. 320 321 *) Bugfix: applying a large configuration might have failed. 322 323 *) Bugfix: PUT and DELETE operations on array elements in configuration 324 did not work. 325 326 *) Bugfix: request schema in applications did not reflect TLS 327 connections. 328 329 *) Bugfix: restored compatibility with Node.js applications that use 330 ServerResponse._implicitHeader() function; the bug had appeared in 331 1.7. 332 333 *) Bugfix: various compatibility issues with Node.js applications. 334 335 336Changes with Unit 1.8.0 01 Mar 2019 337 338 *) Change: now three numbers are always used for versioning: major, 339 minor, and patch versions. 340 341 *) Change: now QUERY_STRING is always defined even if the request does 342 not include the query component. 343 344 *) Feature: basic internal request routing by Host, URI, and method. 345 346 *) Feature: experimental support for Java Servlet Containers. 347 348 *) Bugfix: segmentation fault might have occurred in the router process. 349 350 *) Bugfix: various potential memory leaks. 351 352 *) Bugfix: TLS connections might have stalled. 353 354 *) Bugfix: some Perl applications might have failed to send the response 355 body. 356 357 *) Bugfix: some compilers with specific flags might have produced 358 non-functioning builds; the bug had appeared in 1.5. 359 360 *) Bugfix: Node.js package had wrong version number when installed from 361 sources. 362 363 364Changes with Unit 1.7.1 07 Feb 2019 365 366 *) Security: a heap memory buffer overflow might have been caused in the 367 router process by a specially crafted request, potentially resulting 368 in a segmentation fault or other unspecified behavior 369 (CVE-2019-7401). 370 371 *) Bugfix: install of Go module failed without prior building of Unit 372 daemon; the bug had appeared in 1.7. 373 374 375Changes with Unit 1.7 20 Dec 2018 376 377 *) Change: now rpath is set in Ruby module only if the library was not 378 found in default search paths; this allows to meet packaging 379 restrictions on some systems. 380 381 *) Bugfix: "disable_functions" and "disable_classes" PHP options set via 382 Control API did not work. 383 384 *) Bugfix: Promises on request data in Node.js were not triggered. 385 386 *) Bugfix: various compatibility issues with Node.js applications. 387 388 *) Bugfix: a segmentation fault occurred in Node.js module if 389 application tried to read request body after request.end() was 390 called. 391 392 *) Bugfix: a segmentation fault occurred in Node.js module if 393 application attempted to send header twice. 394 395 *) Bugfix: names of response header fields in Node.js module were 396 erroneously treated as case-sensitive. 397 398 *) Bugfix: uncatched exceptions in Node.js were not logged. 399 400 *) Bugfix: global install of Node.js module from sources was broken on 401 some systems; the bug had appeared in 1.6. 402 403 *) Bugfix: traceback for exceptions during initialization of Python 404 applications might not be logged. 405 406 *) Bugfix: PHP module build failed if PHP interpreter was built with 407 thread safety enabled. 408 409 410Changes with Unit 1.6 15 Nov 2018 411 412 *) Change: "make install" now installs Node.js module as well if it was 413 configured. 414 415 *) Feature: "--local" ./configure option to install Node.js module 416 locally. 417 418 *) Bugfix: Node.js module might have crashed due to broken reference 419 counting. 420 421 *) Bugfix: asynchronous operations in Node.js might not have worked. 422 423 *) Bugfix: various compatibility issues with Node.js applications. 424 425 *) Bugfix: "freed pointer is out of pool" alerts might have appeared in 426 log. 427 428 *) Bugfix: module discovery did not work on 64-bit big-endian systems 429 like IBM/S390x. 430 431 432Changes with Unit 1.5 25 Oct 2018 433 434 *) Change: the "type" of application object for Go was changed to 435 "external". 436 437 *) Feature: initial version of Node.js package with basic HTTP 438 request-response support. 439 440 *) Feature: compatibility with LibreSSL. 441 442 *) Feature: --libdir and --incdir ./configure options to install libunit 443 headers and static library. 444 445 *) Bugfix: connection might be closed prematurely while sending 446 response; the bug had appeared in 1.3. 447 448 *) Bugfix: application processes might have stopped handling requests, 449 producing "last message send failed: Resource temporarily 450 unavailable" alerts in log; the bug had appeared in 1.4. 451 452 *) Bugfix: Go applications did not work when Unit was built with musl C 453 library. 454 455 456Changes with Unit 1.4 20 Sep 2018 457 458 *) Change: the control API maps the configuration object only at 459 "/config/". 460 461 *) Feature: TLS support for client connections. 462 463 *) Feature: TLS certificates storage control API. 464 465 *) Feature: Unit library (libunit) to streamline language module 466 integration. 467 468 *) Feature: "408 Request Timeout" responses while closing HTTP 469 keep-alive connections. 470 471 *) Feature: improvements in OpenBSD support. Thanks to David Carlier. 472 473 *) Bugfix: a segmentation fault might have occurred after 474 reconfiguration. 475 476 *) Bugfix: building on systems with non-default locale might be broken. 477 478 *) Bugfix: "header_read_timeout" might not work properly. 479 480 *) Bugfix: header fields values with non-ASCII bytes might be handled 481 incorrectly in Python 3 module. 482 483 484Changes with Unit 1.3 13 Jul 2018 485 486 *) Change: UTF-8 characters are now allowed in request header field 487 values. 488 489 *) Feature: configuration of the request body size limit. 490 491 *) Feature: configuration of various HTTP connection timeouts. 492 493 *) Feature: Ruby module now automatically uses Bundler where possible. 494 495 *) Feature: http.Flusher interface in Go module. 496 497 *) Bugfix: various issues in HTTP connection errors handling. 498 499 *) Bugfix: requests with body data might be handled incorrectly in PHP 500 module. 501 502 *) Bugfix: individual PHP configuration options specified via control 503 API were reset to previous values after the first request in 504 application process. 505 506 507Changes with Unit 1.2 07 Jun 2018 508 509 *) Feature: configuration of environment variables for application 510 processes. 511 512 *) Feature: customization of php.ini path. 513 514 *) Feature: setting of individual PHP configuration options. 515 516 *) Feature: configuration of execution arguments for Go applications. 517 518 *) Bugfix: keep-alive connections might hang after reconfiguration. 519 520 521Changes with Unit 1.1 26 Apr 2018 522 523 *) Bugfix: Python applications that use the write() callable did not 524 work. 525 526 *) Bugfix: virtual environments created with Python 3.3 or above might 527 not have worked. 528 529 *) Bugfix: the request.Read() function in Go applications did not 530 produce EOF when the whole body was read. 531 532 *) Bugfix: a segmentation fault might have occurred while access log 533 reopening. 534 535 *) Bugfix: in parsing of IPv6 control socket addresses. 536 537 *) Bugfix: loading of application modules was broken on OpenBSD. 538 539 *) Bugfix: a segmentation fault might have occurred when there were two 540 modules with the same type and version; the bug had appeared in 1.0. 541 542 *) Bugfix: alerts "freed pointer points to non-freeble page" might have 543 appeared in log on 32-bit platforms. 544 545 546Changes with Unit 1.0 12 Apr 2018 547 548 *) Change: configuration object moved into "/config/" path. 549 550 *) Feature: basic access logging. 551 552 *) Bugfix: 503 error occurred if Go application did not write response 553 header or body. 554 555 *) Bugfix: Ruby applications that use encoding conversions might not 556 have worked. 557 558 *) Bugfix: various stability issues. 559 560 561Changes with Unit 0.7 22 Mar 2018 562 563 *) Feature: Ruby application module. 564 565 *) Bugfix: in discovering modules. 566 567 *) Bugfix: various race conditions on reconfiguration and during 568 shutting down. 569 570 *) Bugfix: tabs and trailing spaces were not allowed in header fields 571 values. 572 573 *) Bugfix: a segmentation fault occurred in Python module if 574 start_response() was called outside of WSGI callable. 575 576 *) Bugfix: a segmentation fault might have occurred in PHP module if 577 there was an error while initialization. 578 579 580Changes with Unit 0.6 09 Feb 2018 581 582 *) Bugfix: the main process died when the "type" application option 583 contained version; the bug had appeared in 0.5. 584 585 586Changes with Unit 0.5 08 Feb 2018 587 588 *) Change: the "workers" application option was removed, the "processes" 589 application option should be used instead. 590 591 *) Feature: the "processes" application option with prefork and dynamic 592 process management support. 593 594 *) Feature: Perl application module. 595 596 *) Bugfix: in reading client request body; the bug had appeared in 0.3. 597 598 *) Bugfix: some Python applications might not have worked due to missing 599 "wsgi.errors" environ variable. 600 601 *) Bugfix: HTTP chunked responses might be encoded incorrectly on 32-bit 602 platforms. 603 604 *) Bugfix: infinite looping in HTTP parser. 605 606 *) Bugfix: segmentation fault in router. 607 608 609Changes with Unit 0.4 15 Jan 2018 610 611 *) Feature: compatibility with DragonFly BSD. 612 613 *) Feature: "configure php --lib-static" option. 614 615 *) Bugfix: HTTP request body was not passed to application; the bug had 616 appeared in 0.3. 617 618 *) Bugfix: HTTP large header buffers allocation and deallocation fixed; 619 the bug had appeared in 0.3. 620 621 *) Bugfix: some PHP applications might not have worked with relative 622 "root" path. 623 624 625Changes with Unit 0.3 28 Dec 2017 626 627 *) Change: the Go package name changed to "nginx/unit". 628 629 *) Change: in the "limits.timeout" application option: application start 630 time and time in queue now are not accounted. 631 632 *) Feature: the "limits.requests" application option. 633 634 *) Feature: application request processing latency optimization. 635 636 *) Feature: HTTP keep-alive connections support. 637 638 *) Feature: the "home" Python virtual environment configuration option. 639 640 *) Feature: Python atexit hook support. 641 642 *) Feature: various Go package improvements. 643 644 *) Bugfix: various crashes fixed. 645 646 647Changes with Unit 0.2 19 Oct 2017 648 649 *) Feature: configuration persistence. 650 651 *) Feature: improved handling of configuration errors. 652 653 *) Feature: application "timeout" property. 654 655 *) Bugfix: POST request for PHP were handled incorrectly. 656 657 *) Bugfix: the router exited abnormally if all listeners had been 658 deleted. 659 660 *) Bugfix: the router crashed under load. 661 662 *) Bugfix: memory leak in the router. 663 664 665Changes with Unit 0.1 06 Sep 2017 666 667 *) First public release. 668 669