1 2Changes with Unit 1.24.0 27 May 2021 3 4 *) Change: PHP added to the default MIME type list. 5 6 *) Feature: arbitrary configuration of TLS connections via OpenSSL 7 commands. 8 9 *) Feature: the ability to limit static file serving by MIME types. 10 11 *) Feature: support for chrooting, rejecting symlinks, and rejecting 12 mount point traversal on a per-request basis when serving static 13 files. 14 15 *) Feature: a loader for automatically overriding the "http" and 16 "websocket" modules in Node.js. 17 18 *) Feature: multiple "targets" in Python applications. 19 20 *) Feature: compatibility with Ruby 3.0. 21 22 *) Bugfix: the router process could crash while closing a TLS 23 connection. 24 25 *) Bugfix: a segmentation fault might have occurred in the PHP module if 26 fastcgi_finish_request() was used with the "auto_globals_jit" option 27 enabled. 28 29 30Changes with Unit 1.23.0 25 Mar 2021 31 32 *) Feature: support for multiple certificate bundles on a listener via 33 the Server Name Indication (SNI) TLS extension. 34 35 *) Feature: "--mandir" ./configure option to specify the directory for 36 man page installation. 37 38 *) Bugfix: the router process could crash on premature TLS connection 39 close; the bug had appeared in 1.17.0. 40 41 *) Bugfix: a connection leak occurred on premature TLS connection close; 42 the bug had appeared in 1.6. 43 44 *) Bugfix: a descriptor and memory leak occurred in the router process 45 when processing small WebSocket frames from a client; the bug had 46 appeared in 1.19.0. 47 48 *) Bugfix: a descriptor leak occurred in the router process when 49 removing or reconfiguring an application; the bug had appeared in 50 1.19.0. 51 52 *) Bugfix: persistent storage of certificates might've not worked with 53 some filesystems in Linux, and all uploaded certificate bundles were 54 forgotten after restart. 55 56 *) Bugfix: the controller process could crash while requesting 57 information about a certificate with a non-DNS SAN entry. 58 59 *) Bugfix: the controller process could crash on manipulations with a 60 certificate containing a SAN and no standard name attributes in 61 subject or issuer. 62 63 *) Bugfix: the Ruby module didn't respect the user locale for defaults 64 in the Encoding class. 65 66 *) Bugfix: the PHP 5 module failed to build with thread safety enabled; 67 the bug had appeared in 1.22.0. 68 69 70Changes with Unit 1.22.0 04 Feb 2021 71 72 *) Feature: the ServerRequest and ServerResponse objects of Node.js 73 module are now compliant with Stream API. 74 75 *) Feature: support for specifying multiple directories in the "path" 76 option of Python apps. 77 78 *) Bugfix: a memory leak occurred in the router process when serving 79 files larger than 128K; the bug had appeared in 1.13.0. 80 81 *) Bugfix: apps could stop processing new requests under high load; the 82 bug had appeared in 1.19.0. 83 84 *) Bugfix: app processes could terminate unexpectedly under high load; 85 the bug had appeared in 1.19.0. 86 87 *) Bugfix: invalid HTTP responses were generated for some unusual status 88 codes. 89 90 *) Bugfix: the PHP_AUTH_USER, PHP_AUTH_PW, and PHP_AUTH_DIGEST server 91 variables were missing in the PHP module. 92 93 *) Bugfix: the router process could crash with multithreaded apps under 94 high load. 95 96 *) Bugfix: Ruby apps with multithreading configured could crash on start 97 under load. 98 99 *) Bugfix: mount points weren't unmounted when the "mount" namespace 100 isolation was used; the bug had appeared in 1.21.0. 101 102 *) Bugfix: the router process could crash while removing or 103 reconfiguring an app that used WebSocket. 104 105 *) Bugfix: a memory leak occurring in the router process when removing 106 or reconfiguring an application; the bug had appeared in 1.19.0. 107 108 109Changes with Unit 1.21.0 19 Nov 2020 110 111 *) Change: procfs is mounted by default for all languages when "rootfs" 112 isolation is used. 113 114 *) Change: any characters valid according to RFC 7230 are now allowed in 115 HTTP header field names. 116 117 *) Change: HTTP header fields with underscores ("_") are now discarded 118 from requests by default. 119 120 *) Feature: optional multithreaded request processing for Java, Python, 121 Perl, and Ruby apps. 122 123 *) Feature: regular expressions in route matching patterns. 124 125 *) Feature: compatibility with Python 3.9. 126 127 *) Feature: the Python module now supports ASGI 2.0 legacy applications. 128 129 *) Feature: the "protocol" option in Python applications aids choice 130 between ASGI and WSGI. 131 132 *) Feature: the fastcgi_finish_request() PHP function that finalizes 133 request processing and continues code execution without holding onto 134 the client connection. 135 136 *) Feature: the "discard_unsafe_fields" HTTP option that enables 137 discarding request header fields with irregular (but still valid) 138 characters in the field name. 139 140 *) Feature: the "procfs" and "tmpfs" automount isolation options to 141 disable automatic mounting of eponymous filesystems. 142 143 *) Bugfix: the router process could crash when running Go applications 144 under high load; the bug had appeared in 1.19.0. 145 146 *) Bugfix: some language dependencies could remain mounted after using 147 "rootfs" isolation. 148 149 *) Bugfix: various compatibility issues in Java applications. 150 151 *) Bugfix: the Java module built with the musl C library couldn't run 152 applications that use "rootfs" isolation. 153 154 155Changes with Unit 1.20.0 08 Oct 2020 156 157 *) Change: the PHP module is now initialized before chrooting; this 158 enables loading all extensions from the host system. 159 160 *) Change: AVIF and APNG image formats added to the default MIME type 161 list. 162 163 *) Change: functional tests migrated to the pytest framework. 164 165 *) Feature: the Python module now fully supports applications that use 166 the ASGI 3.0 server interface. 167 168 *) Feature: the Python module now has a built-in WebSocket server 169 implementation for applications, compatible with the HTTP & WebSocket 170 ASGI Message Format 2.1 specification. 171 172 *) Feature: automatic mounting of an isolated "/tmp" file system into 173 chrooted application environments. 174 175 *) Feature: the $host variable contains a normalized "Host" request 176 value. 177 178 *) Feature: the "callable" option sets Python application callable 179 names. 180 181 *) Feature: compatibility with PHP 8 RC 1. Thanks to Remi Collet. 182 183 *) Feature: the "automount" option in the "isolation" object allows to 184 turn off the automatic mounting of language module dependencies. 185 186 *) Bugfix: "pass"-ing requests to upstreams from a route was broken; the 187 bug had appeared in 1.19.0. Thanks to 洪志道 (Hong Zhi Dao) for 188 discovering and fixing it. 189 190 *) Bugfix: the router process could crash during reconfiguration. 191 192 *) Bugfix: a memory leak occurring in the router process; the bug had 193 appeared in 1.18.0. 194 195 *) Bugfix: the "!" (non-empty) pattern was matched incorrectly; the bug 196 had appeared in 1.19.0. 197 198 *) Bugfix: fixed building on platforms without sendfile() support, 199 notably NetBSD; the bug had appeared in 1.16.0. 200 201 202Changes with Unit 1.19.0 13 Aug 2020 203 204 *) Feature: reworked IPC between the router process and the applications 205 to lower latencies, increase performance, and improve scalability. 206 207 *) Feature: support for an arbitrary number of wildcards in route 208 matching patterns. 209 210 *) Feature: chunked transfer encoding in proxy responses. 211 212 *) Feature: basic variables support in the "pass" option. 213 214 *) Feature: compatibility with PHP 8 Beta 1. Thanks to Remi Collet. 215 216 *) Bugfix: the router process could crash while passing requests to an 217 application under high load. 218 219 *) Bugfix: a number of language modules failed to build on some systems; 220 the bug had appeared in 1.18.0. 221 222 *) Bugfix: time in error log messages from PHP applications could lag. 223 224 *) Bugfix: reconfiguration requests could hang if an application had 225 failed to start; the bug had appeared in 1.18.0. 226 227 *) Bugfix: memory leak during reconfiguration. 228 229 *) Bugfix: the daemon didn't start without language modules; the bug had 230 appeared in 1.18.0. 231 232 *) Bugfix: the router process could crash at exit. 233 234 *) Bugfix: Node.js applications could crash at exit. 235 236 *) Bugfix: the Ruby module could be linked against a wrong library 237 version. 238 239 240Changes with Unit 1.18.0 28 May 2020 241 242 *) Feature: the "rootfs" isolation option for changing root filesystem 243 for an application. 244 245 *) Feature: multiple "targets" in PHP applications. 246 247 *) Feature: support for percent-encoding in the "uri" and "arguments" 248 matching options and in the "pass" option. 249 250 251Changes with Unit 1.17.0 16 Apr 2020 252 253 *) Feature: a "return" action with optional "location" for immediate 254 responses and external redirection. 255 256 *) Feature: fractional weights support for upstream servers. 257 258 *) Bugfix: accidental 502 "Bad Gateway" errors might have occurred in 259 applications under high load. 260 261 *) Bugfix: memory leak in the router; the bug had appeared in 1.13.0. 262 263 *) Bugfix: segmentation fault might have occurred in the router process 264 when reaching open connections limit. 265 266 *) Bugfix: "close() failed (9: Bad file descriptor)" alerts might have 267 appeared in the log while processing large request bodies; the bug 268 had appeared in 1.16.0. 269 270 *) Bugfix: existing application processes didn't reopen the log file. 271 272 *) Bugfix: incompatibility with some Node.js applications. 273 274 *) Bugfix: broken build on DragonFly BSD; the bug had appeared in 275 1.16.0. 276 277 278Changes with Unit 1.16.0 12 Mar 2020 279 280 *) Feature: basic load-balancing support with round-robin. 281 282 *) Feature: a "fallback" option that performs an alternative action if a 283 request can't be served from the "share" directory. 284 285 *) Feature: reduced memory consumption by dumping large request bodies 286 to disk. 287 288 *) Feature: stripping UTF-8 BOM and JavaScript-style comments from 289 uploaded JSON. 290 291 *) Bugfix: negative address matching in router might work improperly in 292 combination with non-negative patterns. 293 294 *) Bugfix: Java Spring applications failed to run; the bug had appeared 295 in 1.10.0. 296 297 *) Bugfix: PHP 7.4 was broken if it was built with thread safety 298 enabled. 299 300 *) Bugfix: compatibility issues with some Python applications. 301 302 303Changes with Unit 1.15.0 06 Feb 2020 304 305 *) Change: extensions of dynamically requested PHP scripts were 306 restricted to ".php". 307 308 *) Feature: compatibility with Ruby 2.7. 309 310 *) Bugfix: segmentation fault might have occurred in the router process 311 with multiple application processes under load; the bug had appeared 312 in 1.14.0. 313 314 *) Bugfix: receiving request body over TLS connection might have 315 stalled. 316 317 318Changes with Unit 1.14.0 26 Dec 2019 319 320 *) Change: the Go package import name changed to "unit.nginx.org/go". 321 322 *) Change: Go package now links to libunit instead of including library 323 sources. 324 325 *) Feature: ability to change user and group for isolated applications 326 when Unit daemon runs as an unprivileged user. 327 328 *) Feature: request routing by source and destination addresses and 329 ports. 330 331 *) Bugfix: memory bloat on large responses. 332 333 334Changes with Unit 1.13.0 14 Nov 2019 335 336 *) Feature: basic support for HTTP reverse proxying. 337 338 *) Feature: compatibility with Python 3.8. 339 340 *) Bugfix: memory leak in Python application processes when the close 341 handler was used. 342 343 *) Bugfix: threads in Python applications might not work correctly. 344 345 *) Bugfix: Ruby on Rails applications might not work on Ruby 2.6. 346 347 *) Bugfix: backtraces for uncaught exceptions in Python 3 might be 348 logged with significant delays. 349 350 *) Bugfix: explicit setting a namespaces isolation option to false might 351 have enabled it. 352 353 354Changes with Unit 1.12.0 03 Oct 2019 355 356 *) Feature: compatibility with PHP 7.4. 357 358 *) Bugfix: descriptors leak on process creation; the bug had appeared in 359 1.11.0. 360 361 *) Bugfix: TLS connection might be closed prematurely while sending 362 response. 363 364 *) Bugfix: segmentation fault might have occurred if an irregular file 365 was requested. 366 367 368Changes with Unit 1.11.0 19 Sep 2019 369 370 *) Feature: basic support for serving static files. 371 372 *) Feature: isolation of application processes with Linux namespaces. 373 374 *) Feature: built-in WebSocket server implementation for Java Servlet 375 Containers. 376 377 *) Feature: direct addressing of API configuration options containing 378 slashes "/" using URI encoding (%2F). 379 380 *) Bugfix: segmentation fault might have occurred in Go applications 381 under high load. 382 383 *) Bugfix: WebSocket support was broken if Unit was built with some 384 linkers other than GNU ld (e.g. gold or LLD). 385 386 387Changes with Unit 1.10.0 22 Aug 2019 388 389 *) Change: matching of cookies in routes made case sensitive. 390 391 *) Change: decreased log level of common errors when clients close 392 connections. 393 394 *) Change: removed the Perl module's "--include=" ./configure option. 395 396 *) Feature: built-in WebSocket server implementation for Node.js module. 397 398 *) Feature: splitting PATH_INFO from request URI in PHP module. 399 400 *) Feature: request routing by scheme (HTTP or HTTPS). 401 402 *) Feature: support for multipart requests body in Java module. 403 404 *) Feature: improved API compatibility with Node.js 11.10 or later. 405 406 *) Bugfix: reconfiguration failed if "listeners" or "applications" 407 objects were missing. 408 409 *) Bugfix: applying a large configuration might have failed. 410 411 412Changes with Unit 1.9.0 30 May 2019 413 414 *) Feature: request routing by arguments, headers, and cookies. 415 416 *) Feature: route matching patterns allow a wildcard in the middle. 417 418 *) Feature: POST operation for appending elements to arrays in 419 configuration. 420 421 *) Feature: support for changing credentials using CAP_SETUID and 422 CAP_SETGID capabilities on Linux without running main process as 423 privileged user. 424 425 *) Bugfix: memory leak in the router process might have happened when a 426 client prematurely closed the connection. 427 428 *) Bugfix: applying a large configuration might have failed. 429 430 *) Bugfix: PUT and DELETE operations on array elements in configuration 431 did not work. 432 433 *) Bugfix: request schema in applications did not reflect TLS 434 connections. 435 436 *) Bugfix: restored compatibility with Node.js applications that use 437 ServerResponse._implicitHeader() function; the bug had appeared in 438 1.7. 439 440 *) Bugfix: various compatibility issues with Node.js applications. 441 442 443Changes with Unit 1.8.0 01 Mar 2019 444 445 *) Change: now three numbers are always used for versioning: major, 446 minor, and patch versions. 447 448 *) Change: now QUERY_STRING is always defined even if the request does 449 not include the query component. 450 451 *) Feature: basic internal request routing by Host, URI, and method. 452 453 *) Feature: experimental support for Java Servlet Containers. 454 455 *) Bugfix: segmentation fault might have occurred in the router process. 456 457 *) Bugfix: various potential memory leaks. 458 459 *) Bugfix: TLS connections might have stalled. 460 461 *) Bugfix: some Perl applications might have failed to send the response 462 body. 463 464 *) Bugfix: some compilers with specific flags might have produced 465 non-functioning builds; the bug had appeared in 1.5. 466 467 *) Bugfix: Node.js package had wrong version number when installed from 468 sources. 469 470 471Changes with Unit 1.7.1 07 Feb 2019 472 473 *) Security: a heap memory buffer overflow might have been caused in the 474 router process by a specially crafted request, potentially resulting 475 in a segmentation fault or other unspecified behavior 476 (CVE-2019-7401). 477 478 *) Bugfix: install of Go module failed without prior building of Unit 479 daemon; the bug had appeared in 1.7. 480 481 482Changes with Unit 1.7 20 Dec 2018 483 484 *) Change: now rpath is set in Ruby module only if the library was not 485 found in default search paths; this allows to meet packaging 486 restrictions on some systems. 487 488 *) Bugfix: "disable_functions" and "disable_classes" PHP options set via 489 Control API did not work. 490 491 *) Bugfix: Promises on request data in Node.js were not triggered. 492 493 *) Bugfix: various compatibility issues with Node.js applications. 494 495 *) Bugfix: a segmentation fault occurred in Node.js module if 496 application tried to read request body after request.end() was 497 called. 498 499 *) Bugfix: a segmentation fault occurred in Node.js module if 500 application attempted to send header twice. 501 502 *) Bugfix: names of response header fields in Node.js module were 503 erroneously treated as case-sensitive. 504 505 *) Bugfix: uncatched exceptions in Node.js were not logged. 506 507 *) Bugfix: global install of Node.js module from sources was broken on 508 some systems; the bug had appeared in 1.6. 509 510 *) Bugfix: traceback for exceptions during initialization of Python 511 applications might not be logged. 512 513 *) Bugfix: PHP module build failed if PHP interpreter was built with 514 thread safety enabled. 515 516 517Changes with Unit 1.6 15 Nov 2018 518 519 *) Change: "make install" now installs Node.js module as well if it was 520 configured. 521 522 *) Feature: "--local" ./configure option to install Node.js module 523 locally. 524 525 *) Bugfix: Node.js module might have crashed due to broken reference 526 counting. 527 528 *) Bugfix: asynchronous operations in Node.js might not have worked. 529 530 *) Bugfix: various compatibility issues with Node.js applications. 531 532 *) Bugfix: "freed pointer is out of pool" alerts might have appeared in 533 log. 534 535 *) Bugfix: module discovery did not work on 64-bit big-endian systems 536 like IBM/S390x. 537 538 539Changes with Unit 1.5 25 Oct 2018 540 541 *) Change: the "type" of application object for Go was changed to 542 "external". 543 544 *) Feature: initial version of Node.js package with basic HTTP 545 request-response support. 546 547 *) Feature: compatibility with LibreSSL. 548 549 *) Feature: --libdir and --incdir ./configure options to install libunit 550 headers and static library. 551 552 *) Bugfix: connection might be closed prematurely while sending 553 response; the bug had appeared in 1.3. 554 555 *) Bugfix: application processes might have stopped handling requests, 556 producing "last message send failed: Resource temporarily 557 unavailable" alerts in log; the bug had appeared in 1.4. 558 559 *) Bugfix: Go applications did not work when Unit was built with musl C 560 library. 561 562 563Changes with Unit 1.4 20 Sep 2018 564 565 *) Change: the control API maps the configuration object only at 566 "/config/". 567 568 *) Feature: TLS support for client connections. 569 570 *) Feature: TLS certificates storage control API. 571 572 *) Feature: Unit library (libunit) to streamline language module 573 integration. 574 575 *) Feature: "408 Request Timeout" responses while closing HTTP 576 keep-alive connections. 577 578 *) Feature: improvements in OpenBSD support. Thanks to David Carlier. 579 580 *) Bugfix: a segmentation fault might have occurred after 581 reconfiguration. 582 583 *) Bugfix: building on systems with non-default locale might be broken. 584 585 *) Bugfix: "header_read_timeout" might not work properly. 586 587 *) Bugfix: header fields values with non-ASCII bytes might be handled 588 incorrectly in Python 3 module. 589 590 591Changes with Unit 1.3 13 Jul 2018 592 593 *) Change: UTF-8 characters are now allowed in request header field 594 values. 595 596 *) Feature: configuration of the request body size limit. 597 598 *) Feature: configuration of various HTTP connection timeouts. 599 600 *) Feature: Ruby module now automatically uses Bundler where possible. 601 602 *) Feature: http.Flusher interface in Go module. 603 604 *) Bugfix: various issues in HTTP connection errors handling. 605 606 *) Bugfix: requests with body data might be handled incorrectly in PHP 607 module. 608 609 *) Bugfix: individual PHP configuration options specified via control 610 API were reset to previous values after the first request in 611 application process. 612 613 614Changes with Unit 1.2 07 Jun 2018 615 616 *) Feature: configuration of environment variables for application 617 processes. 618 619 *) Feature: customization of php.ini path. 620 621 *) Feature: setting of individual PHP configuration options. 622 623 *) Feature: configuration of execution arguments for Go applications. 624 625 *) Bugfix: keep-alive connections might hang after reconfiguration. 626 627 628Changes with Unit 1.1 26 Apr 2018 629 630 *) Bugfix: Python applications that use the write() callable did not 631 work. 632 633 *) Bugfix: virtual environments created with Python 3.3 or above might 634 not have worked. 635 636 *) Bugfix: the request.Read() function in Go applications did not 637 produce EOF when the whole body was read. 638 639 *) Bugfix: a segmentation fault might have occurred while access log 640 reopening. 641 642 *) Bugfix: in parsing of IPv6 control socket addresses. 643 644 *) Bugfix: loading of application modules was broken on OpenBSD. 645 646 *) Bugfix: a segmentation fault might have occurred when there were two 647 modules with the same type and version; the bug had appeared in 1.0. 648 649 *) Bugfix: alerts "freed pointer points to non-freeble page" might have 650 appeared in log on 32-bit platforms. 651 652 653Changes with Unit 1.0 12 Apr 2018 654 655 *) Change: configuration object moved into "/config/" path. 656 657 *) Feature: basic access logging. 658 659 *) Bugfix: 503 error occurred if Go application did not write response 660 header or body. 661 662 *) Bugfix: Ruby applications that use encoding conversions might not 663 have worked. 664 665 *) Bugfix: various stability issues. 666 667 668Changes with Unit 0.7 22 Mar 2018 669 670 *) Feature: Ruby application module. 671 672 *) Bugfix: in discovering modules. 673 674 *) Bugfix: various race conditions on reconfiguration and during 675 shutting down. 676 677 *) Bugfix: tabs and trailing spaces were not allowed in header fields 678 values. 679 680 *) Bugfix: a segmentation fault occurred in Python module if 681 start_response() was called outside of WSGI callable. 682 683 *) Bugfix: a segmentation fault might have occurred in PHP module if 684 there was an error while initialization. 685 686 687Changes with Unit 0.6 09 Feb 2018 688 689 *) Bugfix: the main process died when the "type" application option 690 contained version; the bug had appeared in 0.5. 691 692 693Changes with Unit 0.5 08 Feb 2018 694 695 *) Change: the "workers" application option was removed, the "processes" 696 application option should be used instead. 697 698 *) Feature: the "processes" application option with prefork and dynamic 699 process management support. 700 701 *) Feature: Perl application module. 702 703 *) Bugfix: in reading client request body; the bug had appeared in 0.3. 704 705 *) Bugfix: some Python applications might not have worked due to missing 706 "wsgi.errors" environ variable. 707 708 *) Bugfix: HTTP chunked responses might be encoded incorrectly on 32-bit 709 platforms. 710 711 *) Bugfix: infinite looping in HTTP parser. 712 713 *) Bugfix: segmentation fault in router. 714 715 716Changes with Unit 0.4 15 Jan 2018 717 718 *) Feature: compatibility with DragonFly BSD. 719 720 *) Feature: "configure php --lib-static" option. 721 722 *) Bugfix: HTTP request body was not passed to application; the bug had 723 appeared in 0.3. 724 725 *) Bugfix: HTTP large header buffers allocation and deallocation fixed; 726 the bug had appeared in 0.3. 727 728 *) Bugfix: some PHP applications might not have worked with relative 729 "root" path. 730 731 732Changes with Unit 0.3 28 Dec 2017 733 734 *) Change: the Go package name changed to "nginx/unit". 735 736 *) Change: in the "limits.timeout" application option: application start 737 time and time in queue now are not accounted. 738 739 *) Feature: the "limits.requests" application option. 740 741 *) Feature: application request processing latency optimization. 742 743 *) Feature: HTTP keep-alive connections support. 744 745 *) Feature: the "home" Python virtual environment configuration option. 746 747 *) Feature: Python atexit hook support. 748 749 *) Feature: various Go package improvements. 750 751 *) Bugfix: various crashes fixed. 752 753 754Changes with Unit 0.2 19 Oct 2017 755 756 *) Feature: configuration persistence. 757 758 *) Feature: improved handling of configuration errors. 759 760 *) Feature: application "timeout" property. 761 762 *) Bugfix: POST request for PHP were handled incorrectly. 763 764 *) Bugfix: the router exited abnormally if all listeners had been 765 deleted. 766 767 *) Bugfix: the router crashed under load. 768 769 *) Bugfix: memory leak in the router. 770 771 772Changes with Unit 0.1 06 Sep 2017 773 774 *) First public release. 775 776