OpenResty 1.9.15.1 released

Hi folks,

I am happy to announce the new formal release, 1.9.15.1, of the
OpenResty web platform based on NGINX and LuaJIT:

https://openresty.org/en/download.html

Both the (portable) source code distribution and the Win32 binary
distribution are provided on this Download page.

The highlights of this release are:

  1. New NGINX 1.9.15 core.

  2. LuaJIT now supports (almost) the full 2GB address space for its
    GC-managed memory per VM instance on x86_64 (as compared to the
    previous 1GB memory limit on x86_64).

  3. the new restydoc command-line utility. Ensure you have added
    /bin to your PATH
    environment, as in

    export PATH=/usr/local/openresty/bin:$PATH

assuming your are using the default OpenResty prefix
(/usr/local/openresty). Then you can try the following commands from
your terminal:

restydoc -s listen

restydoc -s content_by_lua

restydoc resty.lrucache

restydoc -s ngx.re.match ngx_lua

restydoc ngx_proxy

restydoc ngx_stream_proxy

restydoc -s '$request_uri'

Hopefully you’ll have fun with this tool :slight_smile:

Special thanks go to all our developers and contributors!

Complete list of changes since the last (formal) release, 1.9.7.5:

  • upgraded the Nginx core to 1.9.15.

  • bugfix: applied the patch for nginx security advisory
    (CVE-2016-4450) to the nginx 1.9.15 core.

  • feature: added restydoc documentation indexes for the official
    nginx core and most of the official openresty components.

  • upgraded ngx_lua to 0.10.5.

    • bugfix: use of ssl_certificate_by_lua* in the “http {}”
      scope could lead to process crashes. thanks Andreas Lubbe
      for the report.

    • bugfix: ngx.print(“”) did not trigger response header
      sending.

    • feature: linux x64: now we try limiting the growth of the
      data segment of the nginx processes to preserve as much
      lowest address space for LuaJIT as possible. thanks Shuxin
      Yang for the help.

    • bugfix: init_worker_by_lua* did not honor “http {}”
      top-level configurations like lua_ssl_verify_depth and
      lua_ssl_trusted_certificate. thanks Vladimir Shaykovskiy for
      the report.

    • bugfix: ngx.exit() could not be used in the context of
      balancer_by_lua* when lua-resty-core was used.

    • bugfix: *_by_lua_block: fixed Lua long bracket parsing at
      buffer boundaries. thanks Maxim Ivanov and Tom Thorogood for
      the report.

    • bugfix: ngx.req.append_body() might enter infinite loops
      when ngx.req.init_body() has not specified a buffer size and
      the request header “Content-Length” is 0 (or
      client_body_buffer_size is configured to 0). thanks Hai for
      the report and Dejiang Zhu for the patch.

    • bugfix: ngx.re.match: the 5th argument hid the 4th one.
      thanks iorichina for the report and rako9000 for the
      original patch.

    • bugfix: ngx.worker.id() should return “nil” in non-worker
      processes like nginx’s cache managers. thanks Weixie Cui for
      the patch.

    • bugfix: fixed a memory leak in cert_pem_to_der(), caught by
      valgrind.

    • bugfix: ignore unexpected closing long-brackets in
      *_by_lua_block directives. thanks Thibault Charbonnier for
      the patch.

    • bugfix: changing peers in balancer_by_lua* might lead to
      stale values of $upstream_addr.

    • bugfix: clear errors in ngx.ssl and ngx.ocsp functions to
      avoid flooding nginx error logs. thanks Hamish for the
      original patch.

    • bugfix: tcpsock:sslhandshake() did not correctly check
      argument count. thanks Ilya Shipitsin for the report.

    • bugfix: tcpsock:sslhandshake() accepts up to 5 arguments now
      (including the object itself).

    • bugfix: assignment to ngx.status might not affect subsequent
      ngx.status reads when error_page had already taken place.
      thanks wangwei4514 for the report.

    • refactor: refactored the implementation of the ngx.semaphore
      API. thanks Weixie Cui for the patch.

    • doc: typo fixes from Christos Trochalakis.

  • upgraded lua-resty-core to 0.1.6.

    • feature: implemented ngx.worker.id() and ngx.worker.count()
      with FFI. thanks Yuansheng Wang for the patch.

    • bugfix: Lua’s tail-call optimization might unexpectedly make
      ngx.semaphore objects get garbage-collected prematurely even
      when there’re still waiters. this could happen when
      lua_check_client_abort is enabled. thanks Dejiang Zhu for
      the patch.

    • doc: ngx.semaphore: documented the “timeout” argument of
      “wait()” in more detail.

    • doc: typo fixes from Alessandro Ghedini.

    • doc: formatting fixes from ms2008.

  • upgraded lua-resty-redis to 0.24.

    • bugfix: added a “tostring()” call to avoid the “attempt to
      concatenate local ‘prefix’ (a nil value)” error in Lua
      function “_read_reply()”.

    • optimize: we now alway call “tostring()” upon args in Redis
      query methods.

    • optimize: reduced Lua string concatenations in redis query
      composition.

  • upgraded lua-resty-dns to 0.16.

    • bugfix: when the “AD” and “CD” bits are set in the DNS
      responses as per RFC 2065, they would erroneously be treated
      as a part of the error code (“RCODE”). thanks Celebi Lui for
      the report and patch.
  • upgraded lua-resty-memcached to 0.14.

    • optimize: reduced table.concat() calls while constructing
      memcached requests, which can lead to fewer Lua string
      creation operations.

    • bugfix: “get()” did not return server error responses.
      thanks Lorenz Bauer for the report.

    • bugfix: “gets()” did not return server error responses.
      thanks Lorenz Bauer for the report.

    • bugfix: “get()”: simplified the error messages so that the
      caller can check the error more easily.

    • feature: “set_timeout()” now returns the result of the
      operation. thanks Guanlan Dai for the report.

  • upgraded lua-resty-mysql to 0.16.

    • bugfix: “close()”: we did not send the “COM_QUIT” packet to
      the MySQL server. thanks Andreas Fischer for the report.

    • bugfix: fixed the Lua exception “attempt to concatenate
      field ‘state’ (a nil value)”. thanks heyuanlong for the
      report.

    • doc: typo fixes from Boris Nagaev.

  • upgraded resty-cli to 0.12.

    • feature: “resty”: multiple “-e” options, along with the file
      argument, are supported.

    • feature: added new command-line utility, restydoc, for
      viewing OpenResty/Nginx documentation on the terminal
      (inspired by Perl’s “perldoc” utility) via “groff” (used by
      “man” as well).

    • feature: added new command-line utility, md2pod.pl, for
      converting GitHub-flavored Markdown source to Perl’s POD
      format.

    • feature: added new command-line utility, restydoc-index, for
      generating the documentation indexes by scanning Markdown
      and POD document files in user-specified directories, which
      can be used by the restydoc tool.

    • feature: added new command-line utility, nginx-xml2pod, for
      converting NGINX’s official XML-formatted documentation to
      Perl’s POD format.

    • bugfix: “resty”: the “–valgrind” command-line option was
      broken.

  • upgraded lua-cjson to 2.1.0.4.

    • feature: added the “cjson.as_array” metamethod to enforce
      empty array encoding. thanks Thibault Charbonnier for the
      patch.

    • bugfix: fixed the 16 decimal number encoding assertion.
      thanks Thibault Charbonnier for the patch.

    • doc: added proper documentation for OpenResty’s fork of
      lua-cjson. thanks Thibault Charbonnier for the patch.

  • upgraded LuaJIT to v2.1-20160517:
    Tags · openresty/luajit2 · GitHub

    • imported Mike Pall’s latest changes:

      • Rollback due to “HREFK” + load fwd must restore
        guardemit state.

      • Always merge snapshots without instructions inbetween.

      • FFI: Parse “#line NN” and “#NN”.

      • MIPS: Switch to dual-number mode. Fix soft-float
        interpreter.

      • PS4: Switch default build to amalgamated and “LJ_GC64”
        mode.

      • MIPS: Add soft-float support to JIT compiler backend.

      • Don’t allocate unused 2nd result register in JIT
        compiler backend.

      • Use internal implementation for converting FP numbers to
        strings.

      • MIPS soft-float: Fix code generation for HREF.

      • ARM: Fix build problem with external frame unwinding.

      • Fix display of “NULL” (light)userdata in “-jdump”.

      • x64/LJ_GC64: Fix JIT glue code in interpreter.

      • x86: Detect “BMI2” instruction support.

      • x86: Generate “BMI2” shifts and rotates, if available.

      • MIPS: Fix use of ffgccheck delay slots in interpreter.

      • Windows/x64/LJ_GC64: Fix “math.frexp()” and
        “math.modf()”.

      • Cygwin: Allow cross-builds to non-Cygwin targets.

      • Fix recording of “select(n, …)” with off-trace
        varargs.

      • x86: Improve disassembly of BMI2 instructions.

      • x64/LJ_GC64: Fix “BC_UCLO” check for fast-path.

      • MIPS: Fix “BC_ISNEXT” fallback path.

      • Rewrite memory block allocator.

        Use a mix of linear probing and pseudo-random probing.
        Workaround for 1GB “MAP_32BIT” limit on Linux/x64. Now
        2GB with “!LJ_GC64”. Enforce 128TB “LJ_GC64” limit for >
        47 bit memory layouts (ARM64).

      • x86/x64: Search for exit jumps with instruction length
        decoder.

      • Fix handling of non-numeric strings in arithmetic
        coercions.

      • Fix GCC 6 -Wmisleading-indentation warnings.

      • Constrain value range of “lj_ir_kptr()” to unsigned 32
        bit pointers.

  • upgraded ngx_srcache to 0.31.

    • bugfix: this module should not depend on builtin modules
      like ngx_http_ssi and ngx_http_addition to pull in the
      ngx_http_postpone module to function properly. thanks
      Dejiang Zhu for the original patch.

    • feature: this module can now be compiled as a dynamic module
      with NGINX 1.9.11+ via the “–with-dynamic-module=PATH”
      option of “./configure”. thanks Hiroaki Nakamura for the
      original patch.

    • bugfix: fixed errors and warnings with C compilers without
      variadic macro support.

    • doc: clarified what “0s” means for the default expiration
      time. thanks matlloyd for the patch.

    • doc: documented the memcached maximum key length and the
      set_md5 directive. thanks Jérémy Lal for the patch.

  • upgraded ngx_form_input to 0.12.

    • bugfix: avoided use of C global variables in configuration
      phase since it might cause problems in failed HUP reloads.

    • feature: this module can now be compiled as a dynamic module
      with NGINX 1.9.11+ via the “–with-dynamic-module=PATH”
      option of “./configure”.

  • upgraded ngx_devel_kit to 0.3.0.

    • feature: this module can now be compiled as a dynamic module
      with NGINX 1.9.11+ via the “–with-dynamic-module=PATH”
      option of “./configure”. thanks Andrei B. for the patch.

    • bugfix: compiler errors: comparison between signed and
      unsigned integer expressions. thanks Xiaochen Wang for the
      patch.

    • doc: added the new section “Modules using NDK”.

  • upgraded ngx_encrypted_session to 0.05.

    • feature: this module can now be compiled as a dynamic module
      with NGINX 1.9.11+ via the “–with-dynamic-module=PATH”
      option of “./configure”.
  • upgraded ngx_headers_more to 0.30.

    • feature: this module can now be compiled as a dynamic module
      with NGINX 1.9.11+ via the “–with-dynamic-module=PATH”
      option of “./configure”. thanks Sjir Bagmeijer for the
      original patch.
  • upgraded ngx_echo to 0.59.

    • feature: added support for nginx 1.9.11+ when no nginx
      builtin modules pull in the ngx_http_postpone module.

    • feature: this module can now be compiled as a dynamic module
      with NGINX 1.9.11+ via the “–with-dynamic-module=PATH”
      option of “./configure”.

    • bugfix: fixed warnings with C compilers without variadic
      macro support.

  • upgraded ngx_memc to 0.17.

    • feature: this module can now be compiled as a dynamic module
      with NGINX 1.9.11+ via the “–with-dynamic-module=PATH”
      option of “./configure”.

    • bugfix: fixed errors and warnings with C compilers without
      variadic macro support.

  • upgraded ngx_redis2 to 0.13.

    • feature: this module can now be compiled as a dynamic module
      with NGINX 1.9.11+ via the “–with-dynamic-module=PATH”
      option of “./configure”.

    • bugfix: fixed errors and warnings with C compilers without
      variadic macro support.

  • upgraded ngx_iconv to 0.14.

    • feature: this module can now be compiled as a dynamic module
      with NGINX 1.9.11+ via the “–with-dynamic-module=PATH”
      option of “./configure”.

The HTML version of the change log with lots of helpful hyper-links
can be browsed here:

https://openresty.org/en/changelog-1009015.html

OpenResty (aka. ngx_openresty) is a full-fledged web platform
by bundling the standard Nginx core, Lua/LuaJIT, lots of
3rd-party Nginx modules and Lua libraries, as well as most of their
external
dependencies. See OpenResty’s homepage for details:

https://openresty.org/

We have run extensive testing on our Amazon EC2 test cluster and
ensured that all the components (including the Nginx core) play well
together. The latest test report can always be found here:

https://qa.openresty.org/

Enjoy!
-agentzh