- Updated to 1.29.4
* https://nginx.org/en/CHANGES
* Added the ngx_http_proxy_module supports HTTP/2.
* Added Encrypted ClientHello TLS extension support when using
OpenSSL ECH feature branch; the "ssl_ech_file" directive.
* Changed validation of host and port in the request line, "Host"
header field, and ":authority" pseudo-header field has been changed
to follow RFC 3986.
* Changed now a single LF used as a line terminator in a chunked
request or response body is considered an error.
* Fixed when using HTTP/3 with OpenSSL 3.5.1 or newer a segmentation
fault might occur in a worker process; the bug had appeared in 1.29.1.
* Fixed a segmentation fault might occur in a worker process if the
"try_files" directive and "proxy_pass" with a URI were used.
OBS-URL: https://build.opensuse.org/request/show/1321886
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/nginx?expand=0&rev=106
* https://nginx.org/en/CHANGES
* Added the ngx_http_proxy_module supports HTTP/2.
* Added Encrypted ClientHello TLS extension support when using
OpenSSL ECH feature branch; the "ssl_ech_file" directive.
* Changed validation of host and port in the request line, "Host"
header field, and ":authority" pseudo-header field has been changed
to follow RFC 3986.
* Changed now a single LF used as a line terminator in a chunked
request or response body is considered an error.
* Fixed when using HTTP/3 with OpenSSL 3.5.1 or newer a segmentation
fault might occur in a worker process; the bug had appeared in 1.29.1.
* Fixed a segmentation fault might occur in a worker process if the
"try_files" directive and "proxy_pass" with a URI were used.
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=302
* Changed nginx-conf.patch file.
* https://nginx.org/en/CHANGES
* Added the "add_header_inherit" and "add_trailer_inherit" directives.
* Added the $request_port and $is_request_port variables.
* Added the $ssl_sigalg and $ssl_client_sigalg variables.
* Added the "volatile" parameter of the "geo" directive.
* Added now certificate compression is available with BoringSSL.
* Fixed now certificate compression is disabled with OCSP stapling.
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=300
- Updated to 1.29.2
* Changed nginx-conf.patch file.
* https://nginx.org/en/CHANGES
* Fixed now the "ssl_protocols" directive works in a virtual server
different from the default server when using OpenSSL 1.1.1 or newer.
* Fixed SSL handshake always failed when using TLSv1.3 with OpenSSL
and client certificates and resuming a session with a different SNI
value; the bug had appeared in 1.27.4.
* Fixed the "ignoring stale global SSL error" alerts might appear in
logs when using QUIC and the "ssl_reject_handshake" directive; the
bug had appeared in 1.29.0.
* Fixed in delta-seconds processing in the "Cache-Control" backend
response header line.
* Fixed an XCLIENT command didn't use the xtext encoding.
* Fixed in SSL certificate caching during reconfiguration.
OBS-URL: https://build.opensuse.org/request/show/1309712
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/nginx?expand=0&rev=104
* Changed nginx-conf.patch file.
* https://nginx.org/en/CHANGES
* Fixed now the "ssl_protocols" directive works in a virtual server
different from the default server when using OpenSSL 1.1.1 or newer.
* Fixed SSL handshake always failed when using TLSv1.3 with OpenSSL
and client certificates and resuming a session with a different SNI
value; the bug had appeared in 1.27.4.
* Fixed the "ignoring stale global SSL error" alerts might appear in
logs when using QUIC and the "ssl_reject_handshake" directive; the
bug had appeared in 1.29.0.
* Fixed in delta-seconds processing in the "Cache-Control" backend
response header line.
* Fixed an XCLIENT command didn't use the xtext encoding.
* Fixed in SSL certificate caching during reconfiguration.
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=298
- Updated to 1.29.1
* https://nginx.org/en/CHANGES
* Fixed processing of a specially crafted login/password when using
the "none" authentication method in the ngx_mail_smtp_module might
cause worker process memory disclosure to the authentication server
(CVE-2025-53859).
* Changed TLSv1.3 certificate compression is disabled by default.
* Added the "ssl_certificate_compression" directive.
* Added support for 0-RTT in QUIC when using OpenSSL 3.5.1 or newer.
* Fixed the 103 response might be buffered when using HTTP/2 and the
"early_hints" directive.
* Fixed in handling "Host" and ":authority" header lines with equal
values when using HTTP/2; the bug had appeared in 1.17.9.
* Fixed in handling "Host" header lines with a port when using HTTP/3.
* Fixed in the "none" parameter of the "smtp_auth" directive.
OBS-URL: https://build.opensuse.org/request/show/1299344
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/nginx?expand=0&rev=103
* https://nginx.org/en/CHANGES
* Fixed processing of a specially crafted login/password when using
the "none" authentication method in the ngx_mail_smtp_module might
cause worker process memory disclosure to the authentication server
(CVE-2025-53859).
* Changed TLSv1.3 certificate compression is disabled by default.
* Added the "ssl_certificate_compression" directive.
* Added support for 0-RTT in QUIC when using OpenSSL 3.5.1 or newer.
* Fixed the 103 response might be buffered when using HTTP/2 and the
"early_hints" directive.
* Fixed in handling "Host" and ":authority" header lines with equal
values when using HTTP/2; the bug had appeared in 1.17.9.
* Fixed in handling "Host" header lines with a port when using HTTP/3.
* Fixed in the "none" parameter of the "smtp_auth" directive.
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=296
- Updated to 1.29.0
* https://nginx.org/en/CHANGES
* Added support for response code 103 from proxy and gRPC backends;
the "early_hints" directive.
* Added loading of secret keys from hardware tokens with OpenSSL provider.
* Changed the logging level of SSL errors in a QUIC handshake has been
changed from "error" to "crit" for critical errors, and to "info" for
the rest; the logging level of unsupported QUIC transport parameters
has been lowered from "info" to "debug".
* Disabled OpenSSL 3.5 QUIC API support by default.
OBS-URL: https://build.opensuse.org/request/show/1288818
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/nginx?expand=0&rev=101
* https://nginx.org/en/CHANGES
* Added support for response code 103 from proxy and gRPC backends;
the "early_hints" directive.
* Added loading of secret keys from hardware tokens with OpenSSL provider.
* Changed the logging level of SSL errors in a QUIC handshake has been
changed from "error" to "crit" for critical errors, and to "info" for
the rest; the logging level of unsupported QUIC transport parameters
has been lowered from "info" to "debug".
* Disabled OpenSSL 3.5 QUIC API support by default.
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=291
* https://nginx.org/en/CHANGES
* Changed the maximum size limit for SSL sessions cached in shared
memory has been raised to 8192.
* Fixed in the "grpc_ssl_password_file", "proxy_ssl_password_file",
and "uwsgi_ssl_password_file" directives when loading SSL certificates
and encrypted keys from variables; the bug had appeared in 1.23.1.
* Fixed in the $ssl_curve and $ssl_curves variables when using pluggable
curves in OpenSSL.
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=285
- Changed URL's from nginx.org to github.com .
- Updated to 1.27.4
* https://nginx.org/en/CHANGES
* Fixed insufficient check in virtual servers handling with TLSv1.3
SNI allowed to reuse SSL sessions in a different virtual server, to
bypass client SSL certificates verification (CVE-2025-23419).
* Added the "ssl_object_cache_inheritable", "ssl_certificate_cache",
"proxy_ssl_certificate_cache", "grpc_ssl_certificate_cache", and
"uwsgi_ssl_certificate_cache", "keepalive_min_timeout" directives.
* Fixed nginx could not build libatomic library using the library
sources if the --with-libatomic=DIR option was used.
OBS-URL: https://build.opensuse.org/request/show/1243543
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/nginx?expand=0&rev=95
- Updated to 1.27.4
* https://nginx.org/en/CHANGES
* Fixed insufficient check in virtual servers handling with TLSv1.3
SNI allowed to reuse SSL sessions in a different virtual server, to
bypass client SSL certificates verification (CVE-2025-23419).
* Added the "ssl_object_cache_inheritable", "ssl_certificate_cache",
"proxy_ssl_certificate_cache", "grpc_ssl_certificate_cache", and
"uwsgi_ssl_certificate_cache", "keepalive_min_timeout" directives.
* Fixed nginx could not build libatomic library using the library
sources if the --with-libatomic=DIR option was used.
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=278
- Updated to 1.27.3
* https://github.com/nginx/nginx/releases/tag/release-1.27.3
* Added the "server" directive in the "upstream" block supports the "resolve" parameter.
* Added the "resolver" and "resolver_timeout" directives in the "upstream" block.
* Added SmarterMail specific mode support for IMAP LOGIN with
untagged CAPABILITY response in the mail proxy module.
* Changed TLSv1 and TLSv1.1 protocols are disabled by default.
* Changed IPv6 address in square brackets and no port can be specified in the
"proxy_bind", "fastcgi_bind", "grpc_bind", "memcached_bind", "scgi_bind",
and "uwsgi_bind" directives, and as client address in ngx_http_realip_module.
* Fixed ngx_http_mp4_module and "proxy_store" directive.
OBS-URL: https://build.opensuse.org/request/show/1226763
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/nginx?expand=0&rev=94
* https://github.com/nginx/nginx/releases/tag/release-1.27.3
* Added the "server" directive in the "upstream" block supports the "resolve" parameter.
* Added the "resolver" and "resolver_timeout" directives in the "upstream" block.
* Added SmarterMail specific mode support for IMAP LOGIN with
untagged CAPABILITY response in the mail proxy module.
* Changed TLSv1 and TLSv1.1 protocols are disabled by default.
* Changed IPv6 address in square brackets and no port can be specified in the
"proxy_bind", "fastcgi_bind", "grpc_bind", "memcached_bind", "scgi_bind",
and "uwsgi_bind" directives, and as client address in ngx_http_realip_module.
* Fixed ngx_http_mp4_module and "proxy_store" directive.
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=276
- Updated to 1.27.2
* https://nginx.org/en/CHANGES
* Added SSL certificates, secret keys, and CRLs are now cached on start
or during reconfiguration.
* Added client certificate validation with OCSP in the stream module.
* Added OCSP stapling support in the stream module.
* Added the "proxy_pass_trailers" directive in the ngx_http_proxy_module.
* Added the "ssl_client_certificate" directive now supports certificates
with auxiliary information.
* Changed now the "ssl_client_certificate" directive is not required
for client SSL certificates verification.
OBS-URL: https://build.opensuse.org/request/show/1205364
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/nginx?expand=0&rev=93
* https://nginx.org/en/CHANGES
* Added SSL certificates, secret keys, and CRLs are now cached on start
or during reconfiguration.
* Added client certificate validation with OCSP in the stream module.
* Added OCSP stapling support in the stream module.
* Added the "proxy_pass_trailers" directive in the ngx_http_proxy_module.
* Added the "ssl_client_certificate" directive now supports certificates
with auxiliary information.
* Changed now the "ssl_client_certificate" directive is not required
for client SSL certificates verification.
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=274
- Renamed nginx-1.6.1-default_config.patch to nginx-conf.patch.
- Renamed nginx-1.2.4-perl_vendor_install.patch to nginx-perl.patch.
- Used atosetup -p1 macro and replaced editor from perl to sed.
- Added %check section with gpg signature source verification.
- Updated to 1.27.1
* https://nginx.org/en/CHANGES
* Fixed crash in ngx_http_mp4_module via specially crafted mp4 file (CVE-2024-7347).
* Now the stream module handler is not mandatory.
* Fixed new HTTP/2 connections might ignore graceful shutdown of old worker processes.
OBS-URL: https://build.opensuse.org/request/show/1194200
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/nginx?expand=0&rev=91
- Renamed nginx-1.2.4-perl_vendor_install.patch to nginx-perl.patch.
- Used atosetup -p1 macro and replaced editor from perl to sed.
- Added %check section with gpg signature source verification.
- Updated to 1.27.1
* https://nginx.org/en/CHANGES
* Fixed crash in ngx_http_mp4_module via specially crafted mp4 file (CVE-2024-7347).
* Now the stream module handler is not mandatory.
* Fixed new HTTP/2 connections might ignore graceful shutdown of old worker processes.
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=270
- Renamed nginx-1.2.4-perl_vendor_install.patch to nginx-perl.patch.
- Used atosetup -p1 macro and replaced editor from perl to sed.
- Added %check section with gpg signature source_verification.
- Updated to 1.27.1
* https://nginx.org/en/CHANGES
* Fixed crash in ngx_http_mp4_module via specially crafted mp4 file (CVE-2024-7347).
* Now the stream module handler is not mandatory.
* Fixed new HTTP/2 connections might ignore graceful shutdown of old worker processes.
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=269
- Renamed nginx-1.2.4-perl_vendor_install.patch to nginx-perl.patch.
- Used atosetup -p1 macro and replaced editor from perl to sed.
- Updated to 1.27.1
* https://nginx.org/en/CHANGES
* Fixed crash in ngx_http_mp4_module via specially crafted mp4 file (CVE-2024-7347).
* Now the stream module handler is not mandatory.
* Fixed new HTTP/2 connections might ignore graceful shutdown of old worker processes.
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=268
