Author Topic: Update NGINX Stable v1.16.1 to latest NGINX Stable v1.18.0 for CWP & CWP PRO!  (Read 341 times)

0 Members and 1 Guest are viewing this topic.

Offline
**
Hi,

First of all i wish to congratulate all the programmers of both CWP (Control Web Panel) and CWP (Control Web Panel) PRO for the excellent work they do and for the excellent product they have created, truly excellent from all points of view.
Congratulations also for the new and beautiful official website of CWP and CWP PRO https://control-webpanel.com/

Having said that, i ask you to consider from your next CWP (Control Web Panel) and CWP (Control Web Panel) PRO release, updating NGINX Stable v1.16.1 to the latest version of NGINX Stable v1.18.0 which was released on 21 April 2020.

This is the official announce and / or news link for NGINX Stable v1.18.0: http://nginx.org/

This is the official download link page for NGINX Stable v1.18.0: http://nginx.org/en/download.html

This is the official changelog link for NGINX Stable v1.18.0: http://nginx.org/en/CHANGES-1.18

Among the changes made to Nginx 1.18 that follow the numerous development versions of Nginx 1.17 for example and just to mention a few there are:

- Variables support in more directives.

- Security work including a CVE fix for where an HTTP/2 client might cause excessive memory consumption and CPU Usage.

- A fix where Nginx might hog the CPU in certain conditions, among many other bug fixes.

- OpenSSL 0.9.8 or higher is now required.

Full changelog for NGINX Stable v1.18.0 (all changes in this list are included in NGINX Stable v1.18.0) :

Changes with nginx 1.18.0                                        21 Apr 2020

    *) 1.18.x stable branch.

Changes with nginx 1.17.10                                       14 Apr 2020

    *) Feature: the "auth_delay" directive.

Changes with nginx 1.17.9                                        03 Mar 2020

    *) Change: now nginx does not allow several "Host" request header lines.

    *) Bugfix: nginx ignored additional "Transfer-Encoding" request header
       lines.

    *) Bugfix: socket leak when using HTTP/2.

    *) Bugfix: a segmentation fault might occur in a worker process if OCSP
       stapling was used.

    *) Bugfix: in the ngx_http_mp4_module.

    *) Bugfix: nginx used status code 494 instead of 400 if errors with code
       494 were redirected with the "error_page" directive.

    *) Bugfix: socket leak when using subrequests in the njs module and the
       "aio" directive.

Changes with nginx 1.17.8                                        21 Jan 2020

    *) Feature: variables support in the "grpc_pass" directive.

    *) Bugfix: a timeout might occur while handling pipelined requests in an
       SSL connection; the bug had appeared in 1.17.5.

    *) Bugfix: in the "debug_points" directive when using HTTP/2.
       Thanks to Daniil Bondarev.

Changes with nginx 1.17.7                                        24 Dec 2019

    *) Bugfix: a segmentation fault might occur on start or during
       reconfiguration if the "rewrite" directive with an empty replacement
       string was used in the configuration.

    *) Bugfix: a segmentation fault might occur in a worker process if the
       "break" directive was used with the "alias" directive or with the
       "proxy_pass" directive with a URI.

    *) Bugfix: the "Location" response header line might contain garbage if
       the request URI was rewritten to the one containing a null character.

    *) Bugfix: requests with bodies were handled incorrectly when returning
       redirections with the "error_page" directive; the bug had appeared in
       0.7.12.

    *) Bugfix: socket leak when using HTTP/2.

    *) Bugfix: a timeout might occur while handling pipelined requests in an
       SSL connection; the bug had appeared in 1.17.5.

    *) Bugfix: in the ngx_http_dav_module.

Changes with nginx 1.17.6                                        19 Nov 2019

    *) Feature: the $proxy_protocol_server_addr and
       $proxy_protocol_server_port variables.

    *) Feature: the "limit_conn_dry_run" directive.

    *) Feature: the $limit_req_status and $limit_conn_status variables.

Changes with nginx 1.17.5                                        22 Oct 2019

    *) Feature: now nginx uses ioctl(FIONREAD), if available, to avoid
       reading from a fast connection for a long time.

    *) Bugfix: incomplete escaped characters at the end of the request URI
       were ignored.

    *) Bugfix: "/." and "/.." at the end of the request URI were not
       normalized.

    *) Bugfix: in the "merge_slashes" directive.

    *) Bugfix: in the "ignore_invalid_headers" directive.
       Thanks to Alan Kemp.

    *) Bugfix: nginx could not be built with MinGW-w64 gcc 8.1 or newer.

Changes with nginx 1.17.4                                        24 Sep 2019

    *) Change: better detection of incorrect client behavior in HTTP/2.

    *) Change: in handling of not fully read client request body when
       returning errors in HTTP/2.

    *) Bugfix: the "worker_shutdown_timeout" directive might not work when
       using HTTP/2.

    *) Bugfix: a segmentation fault might occur in a worker process when
       using HTTP/2 and the "proxy_request_buffering" directive.

    *) Bugfix: the ECONNABORTED error log level was "crit" instead of
       "error" on Windows when using SSL.

    *) Bugfix: nginx ignored extra data when using chunked transfer
       encoding.

    *) Bugfix: nginx always returned the 500 error if the "return" directive
       was used and an error occurred during reading client request body.

    *) Bugfix: in memory allocation error handling.

Changes with nginx 1.17.3                                        13 Aug 2019

    *) Security: when using HTTP/2 a client might cause excessive memory
       consumption and CPU usage (CVE-2019-9511, CVE-2019-9513,
       CVE-2019-9516).

    *) Bugfix: "zero size buf" alerts might appear in logs when using
       gzipping; the bug had appeared in 1.17.2.

    *) Bugfix: a segmentation fault might occur in a worker process if the
       "resolver" directive was used in SMTP proxy.

Changes with nginx 1.17.2                                        23 Jul 2019

    *) Change: minimum supported zlib version is 1.2.0.4.
       Thanks to Ilya Leoshkevich.

    *) Change: the $r->internal_redirect() embedded perl method now expects
       escaped URIs.

    *) Feature: it is now possible to switch to a named location using the
       $r->internal_redirect() embedded perl method.

    *) Bugfix: in error handling in embedded perl.

    *) Bugfix: a segmentation fault might occur on start or during
       reconfiguration if hash bucket size larger than 64 kilobytes was used
       in the configuration.

    *) Bugfix: nginx might hog CPU during unbuffered proxying and when
       proxying WebSocket connections if the select, poll, or /dev/poll
       methods were used.

    *) Bugfix: in the ngx_http_xslt_filter_module.

    *) Bugfix: in the ngx_http_ssi_filter_module.

Changes with nginx 1.17.1                                        25 Jun 2019

    *) Feature: the "limit_req_dry_run" directive.

    *) Feature: when using the "hash" directive inside the "upstream" block
       an empty hash key now triggers round-robin balancing.
       Thanks to Niklas Keller.

    *) Bugfix: a segmentation fault might occur in a worker process if
       caching was used along with the "image_filter" directive, and errors
       with code 415 were redirected with the "error_page" directive; the
       bug had appeared in 1.11.10.

    *) Bugfix: a segmentation fault might occur in a worker process if
       embedded perl was used; the bug had appeared in 1.7.3.

Changes with nginx 1.17.0                                        21 May 2019

    *) Feature: variables support in the "limit_rate" and "limit_rate_after"
       directives.

    *) Feature: variables support in the "proxy_upload_rate" and
       "proxy_download_rate" directives in the stream module.

    *) Change: minimum supported OpenSSL version is 0.9.8.

    *) Change: now the postpone filter is always built.

    *) Bugfix: the "include" directive did not work inside the "if" and
       "limit_except" blocks.

    *) Bugfix: in byte ranges processing.

I know you are always very busy developing CWP but i hope you can consider this suggestion of mine which i believe would be appreciated by all users of CWP (Control Web Panel) and CWP (Control Web Panel) PRO !

Thanks in advance for the support.
« Last Edit: May 10, 2020, 09:50:38 AM by Automata »


Stay hungry, stay foolish.