Nginx 1.29.4 has been released with several interesting features and fixes. One key change allows for smoother HTTP/2 communication between servers, while also adding support for Encrypted ClientHello (ECH) to boost privacy. For server administrators, the update provides helpful tweaks, such as displaying the 'built by' information when checking versions and supporting PCRE 10.47 in regular expressions. The release also addresses various security patches, fixes potential crashes and memory mishaps, and updates underlying support files for a smoother community experience.

Nginx 1.29.4 released

A new version of nginx, specifically 1.29.4 for the mainline code, has come out recently. It's not just another routine update; there are some genuinely interesting features and fixes included.

One big change is about HTTP/2 itself. Previously, connections to backend servers were somewhat rigid. Now, with this version, those HTTP/2 chats can actually communicate more directly and smoothly with the backends they're linked to – which likely makes things faster for everyone involved. And on the security front, there's support for Encrypted ClientHello (ECH). This encrypts that first handshake message between you and a server, boosting privacy right from the start.

For folks managing their servers day-to-day, there are some helpful tweaks too. When you run the standard nginx -V command to check versions, it will now show exactly who compiled the code on your system (the 'built by' info). That might help pinpoint things faster if something goes wrong later. And for those using regular expressions in nginx configurations, PCRE 10.47 is now supported.

Looking at security patches: we've got fixes to make HTTP/2 connections even safer against certain tricky issues with empty buffers or hostname stuff. There are also some interface changes related to the SSL setup that handle client hello messages differently; this patch covers those bases better. An important fix for building nginx using BoringSSL, which broke at a specific commit (38a701d), has been applied.

This latest nginx release helps avoid crashes and other problems, too. It fixes potential memory mishaps when changing URIs while something is being served via the proxy engine, preventing segfaults in those situations. Similarly, it addresses an issue with Quic where a handshake failure could crash things.

Beyond specific features and bug squashes, some underlying support files have been updated to keep everything running smoothly for the community. And if you're not set up for ECH specifically, there's now less warning chatter from nginx about that, probably just cleaner messages overall.

Finally, just a couple more smallish updates: chunked transfer encoding (used when sending data in pieces) no longer allows plain text newlines alone (bare LF), which helps prevent some potential server-side headaches. And the improved HTTP/2 features aren't stuck only with incoming connections; they now help with connections outgoing from nginx too, which is useful for proxying stuff across your network.

Release Nginx release-1.29.4

nginx-1.29.4 mainline version has been released, featuring HTTP/2 to backend and Encrypted ClientHello. See official CHANGES on nginx.org. Below is a release summary generated by GitHub. What's Cha...

Release release-1.29.4 · nginx/nginx