nginx 1.18.0 has been released, which is the latest stable version after the 1.16 series.
1.18.0 joined 1.17.x mainline branch, new features and bug fixes, including limit_req and limit_conn in the dry run mode, limit_rate , limit_rate_after and grpc_pass instruction support for variables, as well as support auth_delay directives.
The auth_delay directive is located in the ngx_http_core_module module, and its usage is as follows:
Syntax: auth_delay time; Default value: auth_delay 0s; Context: http, server, location
Delay the processing of unauthorized requests with a 401 response status code to prevent timing attacks caused by restricted access due to passwords, sub-request results, or JWT.
Some other changes:
- Security improvements, mainly to fix issues that may cause excessive memory consumption and increased CPU usage for HTTP / 2 clients
- Fix the problem that nginx may take too much CPU in some cases, and many other bug fixes
- OpenSSL 0.9.8 or higher is required
nginx 1.18.0 download address: http://nginx.org/en/download.html
According to nginx's strategy for releasing new versions, "stable" refers to features and update frequency, which has nothing to do with software quality . The stable branch never receives new features during its life cycle, and usually only receives one or two updates to fix serious errors. In addition, the stable version usually forks from the latest mainline version.
Therefore, nginx 1.18.0 forks from the latest mainline version 1.17.10 , which inherits all bugfixes, new features, and other changes from 1.17.x in the past year.