<!-- review: finished -->

<a id="pro-changes"></a>

# Angie PRO Version History

## 2026

<a id="angie-pro-1-11-5"></a>

### Angie PRO 1.11.5

Release date: 15.05.2026.

<a id="security-pro-1-11-5"></a>

#### Security

- When the [rewrite](https://en.angie.software//angie/docs/configuration/modules/http/http_rewrite.md#id4) directive with an unnamed capture (e.g.,
  `$1`, `$2`) and a replacement string containing `?` was followed by a
  [rewrite](https://en.angie.software//angie/docs/configuration/modules/http/http_rewrite.md#id4), [if](https://en.angie.software//angie/docs/configuration/modules/http/http_rewrite.md#if), or [set](https://en.angie.software//angie/docs/configuration/modules/http/http_rewrite.md#set) directive, an attacker, given conditions
  beyond the attacker's control, could cause a worker process crash
  and, on systems without address space layout randomization, arbitrary
  code execution
  ([CVE-2026-42945](https://nvd.nist.gov/vuln/detail/CVE-2026-42945));
  the fix was ported from nginx 1.31.0.
- When using the [ssl_ocsp](https://en.angie.software//angie/docs/configuration/modules/http/http_ssl.md#ssl-ocsp) directive, a use of previously
  freed memory could occur while processing DNS server responses,
  allowing an attacker to corrupt the worker process memory or cause
  its crash
  ([CVE-2026-40701](https://nvd.nist.gov/vuln/detail/CVE-2026-40701));
  the fix was ported from nginx 1.31.0.
- When using HTTP/3, an attacker could spoof the IP address
  and thereby bypass restrictions or authorization in some
  configurations
  ([CVE-2026-40460](https://nvd.nist.gov/vuln/detail/CVE-2026-40460));
  the fix was ported from nginx 1.31.0.
- When [scgi_pass](https://en.angie.software//angie/docs/configuration/modules/http/http_scgi.md#scgi-pass) or [uwsgi_pass](https://en.angie.software//angie/docs/configuration/modules/http/http_uwsgi.md#uwsgi-pass) was configured, an
  attacker in a man-in-the-middle (MITM) position, controlling
  responses from a proxied server, could cause excessive memory
  allocation or an over-read of data, leading to the disclosure of
  worker process memory to the client or a process crash
  ([CVE-2026-42946](https://nvd.nist.gov/vuln/detail/CVE-2026-42946));
  the fix was ported from nginx 1.31.0.
- When processing a specially crafted response with UTF-8
  decoding via the [charset_map](https://en.angie.software//angie/docs/configuration/modules/http/http_charset.md#charset-map) directive, an out-of-bounds read could
  occur in the worker process, allowing an attacker, given conditions
  beyond the attacker's control, to send limited worker process memory
  contents to the client or cause process crash
  ([CVE-2026-42934](https://nvd.nist.gov/vuln/detail/CVE-2026-42934));
  the fix was ported from nginx 1.31.0.

<a id="packages-pro-1-11-5"></a>

#### Packages

- Updated:
  - [angie-pro-module-auth-totp](https://en.angie.software//angie/docs/installation/external-modules/auth-totp.md#external-auth-totp), to version 1.2.0
  - [angie-pro-module-cache-purge](https://en.angie.software//angie/docs/installation/external-modules/cache-purge.md#external-cache-purge), to version 3.0.2
  - [angie-pro-module-keyval](https://en.angie.software//angie/docs/installation/external-modules/keyval.md#external-keyval), to version 0.4.0
  - [angie-pro-module-njs](https://en.angie.software//angie/docs/installation/external-modules/njs.md#external-njs), to version 0.9.8
  - [angie-pro-module-opentracing](https://en.angie.software//angie/docs/installation/external-modules/opentracing.md#external-opentracing), to version v0.46.0
- Switched source of [angie-pro-module-dav-ext](https://en.angie.software//angie/docs/installation/external-modules/dav-ext.md#external-dav-ext) to
  [mid1221213/nginx-dav-ext-module](https://github.com/mid1221213/nginx-dav-ext-module) v4.0.1.
- Switched source of [angie-pro-module-vod](https://en.angie.software//angie/docs/installation/external-modules/vod.md#external-vod) to
  [dio-az/nginx-vod-module](https://github.com/dio-az/nginx-vod-module) v1.7.1.

<a id="angie-pro-1-11-4"></a>

### Angie PRO 1.11.4

Release date: 25.03.2026.

<a id="security-pro-1-11-4"></a>

#### Security

- TLS handshake with a client in the [stream](https://en.angie.software//angie/docs/configuration/modules/index.md#modules-stream) module might
  succeed despite OCSP rejecting the client certificate
  ([CVE-2026-28755](https://nvd.nist.gov/vuln/detail/CVE-2026-28755));
  the fix was ported from nginx 1.29.7.
- A buffer overflow might occur in the DAV module while
  handling a COPY or MOVE request in a `location` with the [alias](https://en.angie.software//angie/docs/configuration/modules/http/index.md#alias)
  directive, allowing an attacker to modify the source or destination
  path outside of the document root directory
  ([CVE-2026-27654](https://nvd.nist.gov/vuln/detail/CVE-2026-27654));
  the fix was ported from nginx 1.29.7.
- Processing of a specially crafted file by the MP4 module on
  32-bit platforms might cause a worker process crash, or might have
  potential other impact
  ([CVE-2026-27784](https://nvd.nist.gov/vuln/detail/CVE-2026-27784));
  the fix was ported from nginx 1.29.7.
- Processing of a specially crafted file by the MP4 module
  might cause a worker process crash, or might have potential other
  impact
  ([CVE-2026-32647](https://nvd.nist.gov/vuln/detail/CVE-2026-32647));
  the fix was ported from nginx 1.29.7.
- If the CRAM-MD5 or APOP authentication methods were used in
  the [Mail](https://en.angie.software//angie/docs/configuration/modules/index.md#modules-mail) proxy module and authentication retry was enabled,
  then a worker process could crash
  ([CVE-2026-27651](https://nvd.nist.gov/vuln/detail/CVE-2026-27651));
  the fix was ported from nginx 1.29.7.
- When the [Mail](https://en.angie.software//angie/docs/configuration/modules/index.md#modules-mail) proxy module was used, an attacker using PTR
  DNS records could inject data in authentication HTTP requests, as
  well as in the XCLIENT command in the SMTP connection to the proxied
  server
  ([CVE-2026-28753](https://nvd.nist.gov/vuln/detail/CVE-2026-28753));
  the fix was ported from nginx 1.29.7.

<a id="bugfixes-pro-1-11-4"></a>

#### Bugfixes

- Rare system errors before the connection to the proxied
  server might affect the peer status correctness in [HTTP](https://en.angie.software//angie/docs/configuration/modules/index.md#modules-http)
  and [stream](https://en.angie.software//angie/docs/configuration/modules/index.md#modules-stream) modules; they might also lead to the crash
  of a worker process in a [stream](https://en.angie.software//angie/docs/configuration/modules/index.md#modules-stream) module;
  the bug had appeared in 1.9.1.
- In configurations where the [proxy_http_version](https://en.angie.software//angie/docs/configuration/modules/http/http_proxy.md#proxy-http-version) `3` and
  [proxy_set_header](https://en.angie.software//angie/docs/configuration/modules/http/http_proxy.md#proxy-set-header) `Host ..` directives were inherited from the
  `http` block, outgoing HTTP/3 requests might be sent without the
  `Host` header.

<a id="packages-pro-1-11-4"></a>

#### Packages

- Updated:
  - [angie-pro-module-auth-jwt](https://en.angie.software//angie/docs/installation/external-modules/auth-jwt.md#external-auth-jwt), to version 0.11.0
  - [angie-pro-module-cache-purge](https://en.angie.software//angie/docs/installation/external-modules/cache-purge.md#external-cache-purge), to version 2.5.6
  - [angie-pro-module-cgi](https://en.angie.software//angie/docs/installation/external-modules/cgi.md#external-cgi), to version v0.15
  - [angie-pro-module-njs](https://en.angie.software//angie/docs/installation/external-modules/njs.md#external-njs), to version 0.9.6
  - [angie-pro-module-opentracing](https://en.angie.software//angie/docs/installation/external-modules/opentracing.md#external-opentracing), to version v0.43.0

<a id="angie-pro-1-11-3"></a>

### Angie PRO 1.11.3

Release date: 06.02.2026.

<a id="security-pro-1-11-3"></a>

#### Security

- An attacker in a man-in-the-middle (MITM) position before a proxied server
  using TLS, given conditions beyond the attacker's control, could inject
  plaintext data into the response before the TLS handshake begins
  ([CVE-2026-1642](https://nvd.nist.gov/vuln/detail/CVE-2026-1642));
  the fix was ported from nginx 1.29.5.

<a id="packages-pro-1-11-3"></a>

#### Packages

- Updated:
  - [angie-pro-module-jwt](https://en.angie.software//angie/docs/installation/external-modules/jwt.md#external-jwt), to version 3.4.4

<a id="angie-pro-1-11-2"></a>

### Angie PRO 1.11.2

Release date: 15.01.2026.

<a id="bugfixes-pro-1-11-2"></a>

#### Bugfixes

- If BPF was disabled, HTTP/3 requests might fail with an error
  `[alert] sendmsg() failed (90: Message too large) while sending frames`;
  the bug had appeared in 1.11.0.
- HTTP/3 requests were not accepted when listening on an IPv6
  wildcard address with BPF enabled;
  the bug had appeared in 1.11.0.
- When a domain name was specified in the [docker_endpoint](https://en.angie.software//angie/docs/configuration/modules/http/http_docker.md#docker-endpoint) directive,
  connections to the Docker API and updates of the upstream server
  groups didn't occur.

<a id="packages-pro-1-11-2"></a>

#### Packages

- Updated:
  - [angie-pro-module-cache-purge](https://en.angie.software//angie/docs/installation/external-modules/cache-purge.md#external-cache-purge) to version 2.5.5

02.02.2026

- Updated:
  - [angie-pro-module-njs](https://en.angie.software//angie/docs/installation/external-modules/njs.md#external-njs), to version 0.9.5

## 2025

<a id="angie-pro-1-11-1"></a>

### Angie PRO 1.11.1

Release date: 30.12.2025.

<a id="changes-1-11-2"></a>

#### Changes

- Now, if only port without IP is specified (default value) in
  the [acme_http_port](https://en.angie.software//angie/docs/configuration/modules/http/http_acme.md#acme-http-port) directive and there are
  `server` blocks listening on that port, HTTP challenge handling
  for the port in ACME is working only on the IP addresses configured in
  the [listen](https://en.angie.software//angie/docs/configuration/modules/http/index.md#listen) directives of these blocks; there will be no attempt
  to listen on all IP addresses, like it was before; this makes
  configuration more flexible and prevents the issue with updating from
  previous versions with configurations where there were only
  `server` blocks listening on port `80` and particular IP
  addresses.

<a id="bugfixes-1-11-2-1"></a>

#### Bugfixes

- HTTP/2 requests were not counted in server zone statistics;
  the bug had appeared in 1.11.0.
- When an ACME client was disabled in the configuration and had
  no previously obtained certificate, a statistics API request for that
  client could crash a worker process.
- If the `$http_host` or `$cookie_*` variables were used as
  keys in the [status_zone](https://en.angie.software//angie/docs/configuration/modules/http/index.md#status-zone) directive within the `server`
  block, HTTP/3 requests might not be counted in this status zone.

<a id="packages-1-11-3-1"></a>

#### Packages

- Updated:
  - [angie-pro-module-vts](https://en.angie.software//angie/docs/installation/external-modules/vts.md#external-vts), to version v0.2.5

<a id="angie-pro-1-11-0"></a>

### Angie PRO 1.11.0

Release date: 24.12.2025.

<a id="changes-1-11-1-1"></a>

#### Changes

- The `$http_host` variable in HTTP/3 requests is now
  initialized from the value of the `:authority` pseudo-header if the
  `Host` header was not passed, which is normal for clients;
  previously, differences from earlier protocol versions might cause
  issues in configurations with `$http_host`.
- If all HTTP servers in an `upstream` group are unavailable or
  returning an error, the own error page is now always returned instead
  of the response from the last server when receiving a status
  considered an error according to the
  [proxy_next_upstream](https://en.angie.software//angie/docs/configuration/modules/http/http_proxy.md#proxy-next-upstream) directive
  (and similar); this ensures consistent behavior in all cases.
- The `REQUEST_METHOD` parameter in `fastcgi.conf`,
  `fastcgi_params`, `uwsgi_params`, and `scgi_params`
  configuration files now is set via the `$upstream_request_method` variable, which
  takes the value `GET` for `HEAD` requests when caching is configured;
  this prevents an issue where a `HEAD` request could previously result
  in storing an empty response, which would then be served for `GET`
  requests, since the request method is not a part of the cache key in
  common configurations.
- The maximum response size from the ACME server is now limited
  by the [acme_max_response_size](https://en.angie.software//angie/docs/configuration/modules/http/http_acme.md#acme-max-response-size) directive instead of the
  `max_cert_size=` parameter of the [acme_client](https://en.angie.software//angie/docs/configuration/modules/http/http_acme.md#acme-client) directive; the
  default value is enough for most cases, but if a certificate update
  ends up with the `[error] too big subrequest response while sending
  to client` error message, its value should be increased.
- The default value of the [variables_hash_max_size](https://en.angie.software//angie/docs/configuration/modules/http/index.md#variables-hash-max-size) directive
  in the HTTP module was increased to `2048` in order to reduce
  possibility of a warning about suboptimal hash build due to new
  variables added during the recent years: `[warn] could not build
  optimal variables_hash, you should increase either
  variables_hash_max_size: 1024 or variables_hash_bucket_size: 64;
  ignoring variables_hash_bucket_size`.

<a id="features-1-11-1"></a>

#### Features

- The new [Metric](https://en.angie.software//angie/docs/configuration/modules/http/http_metric.md#http-metric) module enabling arbitrary, real‑time HTTP
  metrics collection with fully configurable aggregation methods
  (counters, histograms, moving averages, etc.); it allows tracking any
  request‑processing data at any stage, grouped by custom keys, and
  exposes the metrics via the `/status/http/metric_zones/` API section
  (including Prometheus support), providing a powerful built‑in
  analytics tool for the entire HTTP traffic.
- Support for ALPN validation for ACME, enabled by specifying
  `alpn` in the `challenge` parameter of the
  [acme_client](https://en.angie.software//angie/docs/configuration/modules/http/http_acme.md#acme-client) directive;
  allows to request multi-domain certificates while keeping only the
  HTTPS port open.
- Information on ACME clients and certificate requesting
  procedure in the `/status/http/acme_clients/` section of the
  statistics API (with Prometheus support).
- Added support for Encrypted Client Hello (ECH) in HTTP and
  stream SSL modules; the new [ssl_encrypted_hello_key](https://en.angie.software//angie/docs/configuration/modules/http/http_ssl.md#ssl-encrypted-hello-key) directive
  specifies the file with the private key; the `$ssl_encrypted_hello`
  variable contains information about ECH usage.
  Thanks to Maxim Dounin (freenginx).
- Conversion of the image format using the `convert` parameter
  for the [image_filter](https://en.angie.software//angie/docs/configuration/modules/http/http_image_filter.md#id1) directive.
- Support for AVIF and HEIC formats in the Image Filter
  module.
- Support for PROXY protocol V2 with upstream server
  connections in the stream module and the ability to set arbitrary TLV
  values using the [proxy_protocol_tlv](https://en.angie.software//angie/docs/configuration/modules/stream/stream_proxy.md#s-proxy-protocol-tlv) directive which allows a string
  with variables.
- The `$upstream_request_method` variable that contains the
  upstream request method, which can be different from the client
  request method when caching is enabled or the
  [proxy_method](https://en.angie.software//angie/docs/configuration/modules/http/http_proxy.md#proxy-method) is set;
  this helps avoid the common configuration issue where a cached empty
  `HEAD` response is served for `GET` requests, as well as avoid caching
  `HEAD` and `GET` responses separately.
- The [sticky](https://en.angie.software//angie/docs/configuration/modules/stream/stream_upstream.md#s-u-sticky) mode, in which sessions are stored only on a
  remote server and always requested from it, is also now available in
  the `stream` module; previously, it was available only in HTTP.
- In the [sticky](https://en.angie.software//angie/docs/configuration/modules/stream/stream_upstream.md#s-u-sticky) session mode with a remote store, the response
  body is now also processed; this allows extraction of binding
  information also from the body of external storage response and not
  only from header fields.
- Removed the need to define a separate `server` block with a
  `listen 80` directive for ACME HTTP challenges; the listening port
  can be customized using the [acme_http_port](https://en.angie.software//angie/docs/configuration/modules/http/http_acme.md#acme-http-port) directive if
  necessary.
- Ability to count the number of items in lists and objects
  when exporting Prometheus metrics; paths ending with a trailing slash
  now return the count of items in the corresponding API collection.
- The `$sent_body` variable containing the response body of a
  subrequest or external request by client module.
- XOAUTH2 and OAUTHBEARER authentication mechanisms support in
  the mail proxy module.
  Thanks to Rob Mueller and Maxim Dounin (freenginx).
- The `route` parameter of the [sticky](https://en.angie.software//angie/docs/configuration/modules/http/http_upstream.md#u-sticky) directive may now
  include arbitrary strings with any number of variables.
- In the ACME module, the approximate size of a renewed
  certificate is now calculated automatically, eliminating the need to
  increase the `max_cert_size` parameter of the
  [acme_client](https://en.angie.software//angie/docs/configuration/modules/http/http_acme.md#acme-client) directive
  when issuing a certificate with a very large number of domains; the
  parameter is retained for cases where manual configuration is still
  required.
- Information about the license and limitations in the
  `/status/angie/license` section of the API.
- The `$upstream_cache_key` variable that contains the cache
  key being used.
  Thanks to Kirill A. Korinsky and Maxim Dounin (freenginx).
- All functionality of nginx 1.29.3 except the
  `add_header_inherit` and `add_trailer_inherit` directives, which are
  omitted due to their poor design.

<a id="bugfixes-1-11-1-1"></a>

#### Bugfixes

- Reload and binary upgrade procedures are now working
  correctly with HTTP/3 connections; connections are properly routed to
  all existing processes using the BPF module.
- If all servers in an `upstream` group were unavailable or
  returning an error, then receiving an erroneous response from the
  last one might be considered a success despite the
  [proxy_next_upstream](https://en.angie.software//angie/docs/configuration/modules/http/http_proxy.md#proxy-next-upstream) directive settings.
- If path in the [try_files](https://en.angie.software//angie/docs/configuration/modules/http/index.md#try-files) directive was shorter than a
  prefix in the relevant `location` block, then using a
  [proxy_pass](https://en.angie.software//angie/docs/configuration/modules/http/http_proxy.md#proxy-pass) with a URI could crash a worker process; the fix was ported from
  nginx 1.29.4.
- If an ACME client was not referenced in a `stream` block via
  any `acme` directive, using any of the corresponding
  `$acme_cert_*` variables in that block would cause the configuration to be rejected
  with an `unknown variable` error; the bug had appeared in 1.10.3.
- If preserving of the cache index to a file was configured,
  the configuration test during operation might end with errors
  `[alert] mmap() failed (17: File exists)` and `[alert] munmap()
  failed (22: Invalid argument)`.
- The [proxy_method](https://en.angie.software//angie/docs/configuration/modules/http/http_proxy.md#proxy-method) directive was ignored if
  `proxy_cache_convert_head on` was triggered.
- The duration of the time-out specified by the `fail_timeout`
  option of the `server` directive within an `upstream` block was
  actually one second longer.
- Loading modules built for open-source Angie version could
  cause issues and crashes due to ABI incompatibility; now such
  incorrect configurations are prohibited with a relevant error
  message.

<a id="packages-1-11-1-1"></a>

#### Packages

- Updated:
  - [angie-pro-module-echo](https://en.angie.software//angie/docs/installation/external-modules/echo.md#external-echo), to version v0.64

<a id="angie-pro-1-10-3"></a>

### Angie PRO 1.10.3

Release date: 13.11.2025.

<a id="security-2-1-1-1-1-1"></a>

#### Security

- Processing of a specially crafted login/password when using
  the `none` authentication method in the SMTP module might cause
  worker process memory disclosure to the authentication server
  ([CVE-2025-53859](https://nvd.nist.gov/vuln/detail/CVE-2025-53859)); the fix was ported from nginx 1.29.1.

<a id="bugfixes-1-1-1-1-1-1-1-1"></a>

#### Bugfixes

- When the `renew_on_load` option of the [acme_client](https://en.angie.software//angie/docs/configuration/modules/http/http_acme.md#acme-client)
  directive was used, a previously obtained certificate would not be
  loaded if it existed. This could limit functionality until the
  certificate renewal was completed. If the certificate did not exist,
  attempts to obtain a new one would fail with the error `[alert]
  lseek() failed (9: Bad file descriptor)`.
- If an [ACME client](https://en.angie.software//angie/docs/configuration/modules/http/http_acme.md#id1) was referenced in the `stream` block but
  not the `http` block, it was disabled with the warning `[warn] ACME
  client ... is defined but not used` and would never fetch a
  certificate.
- If all [acme_client](https://en.angie.software//angie/docs/configuration/modules/http/http_acme.md#acme-client) directives had the `enabled=off`
  parameter and the relevant `$acme_cert_*` variables were used in the
  configuration, Angie would not start, reporting the error `[emerg]
  unknown acme_cert_* variable`.
- If the [ACME client](https://en.angie.software//angie/docs/configuration/modules/http/http_acme.md#id1) was used in the `stream` block that came
  before an `http` block, then Angie did not start, reporting the error
  `[emerg] ACME client .. is not defined but referenced`.
- Some `client` block configurations might cause worker
  processes to crash when using variables that refer to an incoming
  connection missing in this case.
- Servers added by the [Docker module](https://en.angie.software//angie/docs/configuration/modules/http/http_docker.md#http-docker) to upstream groups were
  not monitored by active probes.
- The `send=` parameter of the [upstream_probe (PRO)](https://en.angie.software//angie/docs/configuration/modules/stream/stream_upstream_probe.md#s-u-upstream-probe) directive in
  the stream module worked incorrectly for UDP probes when a file path
  was specified: instead of file content, the path was sent.
- If the `learn` option of the [sticky](https://en.angie.software//angie/docs/configuration/modules/stream/stream_upstream.md#s-u-sticky) directive was used and
  the configuration was reloaded, the `timeout=` parameter might not
  work until at least one new session was created.

<a id="packages-1-1-1-1-1-1-1-1"></a>

#### Packages

- Updated:
  - [angie-pro-module-cache-purge](https://en.angie.software//angie/docs/installation/external-modules/cache-purge.md#external-cache-purge), to version 2.5.4
  - [angie-pro-module-cgi](https://en.angie.software//angie/docs/installation/external-modules/cgi.md#external-cgi), to version v0.14.1
  - [angie-pro-module-lua](https://en.angie.software//angie/docs/installation/external-modules/lua.md#external-lua), to version 0.10.29
  - [angie-pro-module-njs](https://en.angie.software//angie/docs/installation/external-modules/njs.md#external-njs), to version 0.9.4

---

<a id="angie-pro-1-10-2"></a>

### Angie PRO 1.10.2

Release date: 21.08.2025.

<a id="bugfixes-2-1-1-1-1-1-1"></a>

#### Bugfixes

- Proxy module settings in the `http` block could break
  functionality of modules that use the `client` block for outgoing
  requests; the bug had appeared in 1.10.0.
- Enabling [proxy_ignore_client_abort](https://en.angie.software//angie/docs/configuration/modules/http/http_proxy.md#proxy-ignore-client-abort) together with modules
  that use the `client` block for outgoing requests could lead to
  worker process crashes; the bug had appeared in 1.10.0.
- If a single server was pre-configured in an upstream group,
  servers added via the [Docker API](https://en.angie.software//angie/docs/configuration/modules/http/http_docker.md#http-docker) might not be included in load
  balancing.
- If the only server in an upstream group was added via the
  [Docker API](https://en.angie.software//angie/docs/configuration/modules/http/http_docker.md#http-docker), it might be excluded from load balancing when detected to
  be unavailable.

<a id="packages-2-1-1-1-1-1-1"></a>

#### Packages

- Dynamic modules added:
  - [angie-pro-module-auth-totp](https://en.angie.software//angie/docs/installation/external-modules/auth-totp.md#external-auth-totp)
  - [angie-pro-module-combined-upstreams](https://en.angie.software//angie/docs/installation/external-modules/combined-upstreams.md#external-combined-upstreams)
- Updated:
  - [angie-pro-module-opentracing](https://en.angie.software//angie/docs/installation/external-modules/opentracing.md#external-opentracing), to version 0.41.0

---

<a id="angie-pro-1-10-1"></a>

### Angie PRO 1.10.1

Release date: 17.07.2025.

<a id="changes-1-1-1-1-1-1"></a>

#### Changes

- Directives specified in the `client` block can now only be inherited by
  explicitly declared `location` blocks within that block, so they don't
  affect the configuration of other modules that implicitly use the
  `client` block for outgoing requests.

<a id="features-3-1-1-1-1-1-1-1"></a>

#### Features

- Support for multiple `client` blocks allows common settings for
  different `location` blocks to be grouped within each block, which
  mitigates configuration duplication.

<a id="bugfixes-2-1-1-1-1-1"></a>

#### Bugfixes

- When the `reuseport` parameter was used in the `listen` directive,
  all connections to the specified address and port were handled by a single
  worker process; the bug had appeared in version 1.10.0.
- Accessing special `$stream_*` variables outside of the `stream`
  sticky session request context caused a worker process crash.
- An HTTP/3 handshake with an upstream server might fail with OpenSSL library
  version 3.5.0 or later if the QUIC protocol `retry` mode was active on
  the server.

---

<a id="angie-pro-1-10-0"></a>

### Angie PRO 1.10.0

Release date: 03.07.2025.

<a id="features-3-1-1-1-1-1-1"></a>

#### Features

- Automatic retrieval and dynamic updating of proxied server groups based on
  Docker (or Podman) container labels, configured using the
  [docker_endpoint](https://en.angie.software//angie/docs/configuration/modules/http/http_docker.md#docker-endpoint) directive. This enables real-time monitoring of
  container start and stop events via the specified Docker API endpoint,
  and allows their addresses to be added to or removed from the `upstream`
  list according to the specified labels, without requiring a configuration reload.
- Support for automatic TLS certificate acquisition via the ACME protocol in the
  `stream` module, configured using the [acme](https://en.angie.software//angie/docs/configuration/modules/stream/stream_acme.md#s-acme) directive and variables
  like [$acme_cert_\*](https://en.angie.software//angie/docs/configuration/modules/stream/stream_acme.md#v-s-acme-cert-name) and
  [$acme_cert_key_\*](https://en.angie.software//angie/docs/configuration/modules/stream/stream_acme.md#v-s-acme-cert-key-name).
- Binding of `stream` sessions for a group of proxied servers with an HTTP
  request to external storage, configurable via the [sticky](https://en.angie.software//angie/docs/configuration/modules/stream/stream_upstream.md#s-u-sticky) directive
  in `learn` mode with parameters `remote_action`,
  `remote_result`, and `remote_uri`. This enables client session persistence
  to load-balanced servers in clustered environments where a group of load balancers
  shares common storage and routes client requests within a session to the same
  server, regardless of which balancer receives the request.
- The new `norefresh` parameter for the `sticky` directive
  (in `learn` mode) disables automatic session renewal on use.
- New session mode for [sticky](https://en.angie.software//angie/docs/configuration/modules/http/http_upstream.md#u-sticky), in which sessions are stored only
  on a remote server and are always retrieved from it. Caching of remote server
  responses can be flexibly configured in the proxy module.
- Ability to keep backup `stream` servers active even after the main server
  group becomes available again, using the `backup_switch permanent[=timeout]`
  directive in the [upstream](https://en.angie.software//angie/docs/configuration/modules/stream/stream_upstream.md#s-u-upstream) block.
- Support for accepting connections via the MPTCP protocol using the `multipath`
  parameter in the [listen](https://en.angie.software//angie/docs/configuration/modules/http/index.md#listen) directive.
  Thanks to Maxim Dounin (freenginx), Maxime Dourov, and Anthony Doeraene.
- New [client](https://en.angie.software//angie/docs/configuration/modules/http/index.md#client) block for specifying additional configuration for
  internal HTTP requests initiated by various modules.
- Includes all features from [nginx 1.27.5](https://nginx.org/en/CHANGES),
  including CUBIC congestion control for QUIC connections.

<a id="bugfixes-2-1-1-1-1"></a>

#### Bugfixes

- For upstream servers in `drain` mode, the downtime counter in the
  statistics API did not stop after the server became available again according to
  passive health checks.

<a id="packages-2-1-1-1-1-1"></a>

#### Packages

- Updated:
  - [angie-pro-console-light](https://en.angie.software//angie/docs/installation/pro_packages.md#install-console-light-pro), to version 1.8.0
  - [angie-pro-module-cgi](https://en.angie.software//angie/docs/installation/external-modules/cgi.md#external-cgi), to version 0.13
  - [angie-pro-module-otel](https://en.angie.software//angie/docs/installation/external-modules/otel.md#external-otel), to version 0.1.2

14.07.2025

- Updated:
  - [angie-pro-module-headers-more](https://en.angie.software//angie/docs/installation/external-modules/headers-more.md#external-headers-more), to version v0.39
  - [angie-pro-module-njs](https://en.angie.software//angie/docs/installation/external-modules/njs.md#external-njs),
    [angie-pro-module-njs-light](https://en.angie.software//angie/docs/installation/external-modules/njs.md#external-njs), to version 0.9.1

---

<a id="angie-pro-1-9-1"></a>

### Angie PRO 1.9.1

Release date: 29.05.2025.

<a id="features-3-1-1-1-1-1"></a>

#### Features

- Support for IP addresses along with port numbers in the [acme_dns_port](https://en.angie.software//angie/docs/configuration/modules/http/http_acme.md#acme-dns-port)
  directive; both IPv4 and IPv6 are allowed.

<a id="bugfixes-2-1-1-1"></a>

#### Bugfixes

- Using both a wildcard domain and matching third-level domains in
  [server_name](https://en.angie.software//angie/docs/configuration/modules/http/index.md#server-name) directives could cause the ACME server to fail when issuing
  a certificate for these domains under a single ACME client.
- In the `stream` module, after a successful connection to the proxied
  server during a passive check, its status in the statistics API was
  erroneously displayed as `unavailable` until the session ended.
- The downtime counter in the statistics API might have stopped or been
  incorrectly reset while the proxied server in the `stream` module was in
  the `unhealthy` state.
- HTTP/3 requests might stall and time out; the fix was ported from nginx
  1.29.0.
- An early error while establishing an HTTP/3 connection to a proxied server
  could cause a worker process to crash.
- When proxying via the HTTP/3 protocol, the number of active connections
  in the statistics could be displayed incorrectly.
- When the proxied server in `drain` mode became unavailable, the attempt
  to connect to another server, according to the [proxy_next_upstream](https://en.angie.software//angie/docs/configuration/modules/http/http_proxy.md#proxy-next-upstream) and
  similar directives, might not have occurred.

<a id="packages-2-1-1-1-1"></a>

#### Packages

- Dynamic modules added:
  - [angie-pro-module-njs-light](https://en.angie.software//angie/docs/installation/external-modules/njs.md#external-njs)
- Updated:
  - [angie-pro-module-auth-spnego](https://en.angie.software//angie/docs/installation/external-modules/auth-spnego.md#external-auth-spnego), to version 1.1.3
  - [angie-pro-module-cgi](https://en.angie.software//angie/docs/installation/external-modules/cgi.md#external-cgi), to version 0.12.1
  - [angie-pro-module-modsecurity](https://en.angie.software//angie/docs/installation/external-modules/modsecurity.md#external-modsec), to version 1.0.4
  - [angie-pro-module-njs](https://en.angie.software//angie/docs/installation/external-modules/njs.md#external-njs), to version 0.9.0
  - [angie-pro-module-opentracing](https://en.angie.software//angie/docs/installation/external-modules/opentracing.md#external-opentracing), to version 0.40.0

---

<a id="angie-pro-1-9-0"></a>

### Angie PRO 1.9.0

Release date: 11.04.2025.

<a id="features-3-1-1-1-1"></a>

#### Features

- The ability to specify a file in the [proxy_cache_path](https://en.angie.software//angie/docs/configuration/modules/http/http_proxy.md#proxy-cache-path) directive, where
  the contents of the shared memory zone with the cache index will be saved
  between server startups; this eliminates the need to reload the cache after a
  restart and allows the server to come back online almost immediately.
- Using the [backup_switch permanent[=timeout]](https://en.angie.software//angie/docs/configuration/modules/http/http_upstream.md#u-backup-switch) directive
  in the `upstream` block of the HTTP module allows a group of backup
  servers to remain active when the main group servers become accessible again.
- Support of TLS 1.3 Early Data (0-RTT) in the `stream` module using the
  [ssl_early_data](https://en.angie.software//angie/docs/configuration/modules/stream/stream_ssl.md#s-ssl-early-data) directive.
- New `busy` state for upstream peers in the statistics API, indicating
  that a peer has reached the limit configured by the `max_conns` option.
- The `uri=` parameter in the [acme_hook](https://en.angie.software//angie/docs/configuration/modules/http/http_acme.md#acme-hook) directive allows redefining
  the hook request URI and supports variables.
- The `renew_on_load` parameter of the [acme_client](https://en.angie.software//angie/docs/configuration/modules/http/http_acme.md#acme-client) directive allows
  forcing certificate renewal on config load.
- Build time is now displayed via the `build_time` field of the
  `/status/angie` statistics API object and in the output of the
  `-V` command-line option.
- All functionality of [nginx 1.27.4](https://nginx.org/en/CHANGES), except
  for the `keepalive_min_timeout` directive (a similar feature has existed
  since version 1.8.0).

<a id="changes-2-1-1-1-1-1-1"></a>

#### Changes

- The `enabled=off` parameter in the [acme_client](https://en.angie.software//angie/docs/configuration/modules/http/http_acme.md#acme-client) directive now
  disables only certificate renewal for the given client while preserving all
  other functionality; the key and certificate (if available) can be accessed
  via the `$acme_cert_*` variables, while the use of `$acme_hook_*`
  variables and the `acme` directives doesn't cause errors.
- The `no valid domain name defined for ACME client` error is now issued
  only if no valid (i.e., ACME-compliant) domain name is found in the
  `server` block that references an ACME client using the `acme`
  directive.

<a id="bugfixes-2-1-1"></a>

#### Bugfixes

- If built with NTLS support, inheritance of the `proxy_ssl_certificate`
  and `proxy_ssl_certificate_key` directives with variables did not work
  properly.

<a id="packages-2-1-1-1"></a>

#### Packages

- Updated:
  - [angie-pro-module-cgi](https://en.angie.software//angie/docs/installation/external-modules/cgi.md#external-cgi), to version 0.11.1
  - [angie-pro-module-njs](https://en.angie.software//angie/docs/installation/external-modules/njs.md#external-njs), to version 0.8.10

---

<a id="angie-pro-1-8-3"></a>

### Angie PRO 1.8.3

Release date: 02.04.2025.

<a id="bugfixes-2-1"></a>

#### Bugfixes

- The [status_zone](https://en.angie.software//angie/docs/configuration/modules/http/index.md#status-zone) statistics in the HTTP module's [server](https://en.angie.software//angie/docs/configuration/modules/http/index.md#server) block could be
  miscalculated if requests within the same connection belonged to different
  statistics zones, or if an error occurred during early request processing; the
  bug had appeared in 1.8.2.

<a id="packages-2-1-1"></a>

#### Packages

- Updated:
  - [angie-pro-console-light](https://en.angie.software//angie/docs/installation/pro_packages.md#install-console-light-pro), to version 1.7.0
  - [angie-pro-module-cgi](https://en.angie.software//angie/docs/installation/external-modules/cgi.md#external-cgi), to version 57f660bb2c6ef6e4b75c65406080d0236860ca08
  - [angie-pro-module-jwt](https://en.angie.software//angie/docs/installation/external-modules/jwt.md#external-jwt), to version v3.4.3
  - [angie-pro-module-ndk](https://en.angie.software//angie/docs/installation/external-modules/ndk.md#external-ndk), to version v0.3.4
  - [angie-pro-module-opentracing](https://en.angie.software//angie/docs/installation/external-modules/opentracing.md#external-opentracing), to version v0.39.0
  - [angie-pro-module-vts](https://en.angie.software//angie/docs/installation/external-modules/vts.md#external-vts), to version v0.2.4

04.04.2025

- Updated:
  - [angie-pro-console-light](https://en.angie.software//angie/docs/installation/pro_packages.md#install-console-light-pro), to version 1.7.1

07.04.2025

- Updated:
  - [angie-pro-console-light](https://en.angie.software//angie/docs/installation/pro_packages.md#install-console-light-pro), to version 1.7.2

<a id="angie-pro-1-8-2"></a>

### Angie PRO 1.8.2

Release date: 13.02.2025.

<a id="security-2-1-1-1-1"></a>

#### Security

- Insufficient validation while handling virtual servers with TLSv1.3 SNI
  allowed SSL sessions to be reused in a different virtual server,
  bypassing client SSL certificate verification ([CVE-2025-23419](https://www.cve.org/CVERecord?id=CVE-2025-23419));
  the fix was ported from nginx 1.27.4.

<a id="bugfixes-2"></a>

#### Bugfixes

- Active probes configured with the [upstream_probe (PRO)](https://en.angie.software//angie/docs/configuration/modules/stream/stream_upstream_probe.md#s-u-upstream-probe) directive
  in the `stream` module could cause a worker process to crash.
- API requests to retrieve statistic values from an individual zone,
  which was set via variables,
  could cause a worker process to enter an infinite loop.
- HTTP/3 requests were not counted in zone statistics;
  the bug had appeared in 1.8.0.
- TLS handshakes using QUIC protocol were not counted in SSL statistics.
- Certificate renewal via the [ACME protocol](https://en.angie.software//angie/docs/configuration/modules/http/http_acme.md#id1) could fail
  for server names prefixed with a dot in the [server_name](https://en.angie.software//angie/docs/configuration/modules/http/index.md#server-name) directive.

<a id="packages-2-1"></a>

#### Packages

- Dynamic modules added:
  - [angie-pro-module-auth-pam](https://github.com/sto/ngx_http_auth_pam_module)
  - [angie-pro-module-cgi](https://github.com/pjincz/nginx-cgi)

---

## 2024

<a id="angie-pro-1-8-1"></a>

### Angie PRO 1.8.1

Release date: 28.12.2024.

#### Bugfixes

- Using the [status_zone](https://en.angie.software//angie/docs/configuration/modules/http/index.md#status-zone) directive in the `server` block of the
  HTTP module caused excessive logging of empty requests in [access_log](https://en.angie.software//angie/docs/configuration/modules/http/http_log.md#access-log) on
  TLS handshakes; the bug had appeared in 1.8.0.
- Decoding errors in HTTP/3 stream could cause a worker process crash when
  closing a QUIC connection; the fix was ported from nginx 1.27.4.
- Sending QUIC protocol version negotiation packets could cause an infinite
  packet exchange loop; the fix was ported from nginx 1.27.4.
- Using DNS-challenge without hooks in the [ACME module](https://en.angie.software//angie/docs/configuration/modules/http/http_acme.md#http-acme) could
  cause a worker process crash in some configurations.

<a id="packages-2"></a>

#### Packages

- Updated:
  - [angie-pro-module-auth-jwt](https://en.angie.software//angie/docs/installation/external-modules/auth-jwt.md#external-auth-jwt), to version 0.9.0

23.01.2025

- Updated:
  - [angie-pro-console-light](https://en.angie.software//angie/docs/installation/pro_packages.md#install-console-light-pro), to version 1.6.0

27.01.2025

- Dynamic modules added:
  - [angie-pro-module-unbrotli](https://github.com/clyfish/ngx_unbrotli)
- Updated:
  - [angie-pro-console-light](https://en.angie.software//angie/docs/installation/pro_packages.md#install-console-light-pro), to version 1.6.1
  - [angie-pro-module-auth-spnego](https://en.angie.software//angie/docs/installation/external-modules/auth-spnego.md#external-auth-spnego), to version v1.1.2
  - [angie-pro-module-headers-more](https://en.angie.software//angie/docs/installation/external-modules/headers-more.md#external-headers-more), to version v0.38
  - [angie-pro-module-lua](https://en.angie.software//angie/docs/installation/external-modules/lua.md#external-lua), to version 0.10.28
  - [angie-pro-module-njs](https://en.angie.software//angie/docs/installation/external-modules/njs.md#external-njs), to version 0.8.9
  - [angie-pro-module-vts](https://en.angie.software//angie/docs/installation/external-modules/vts.md#external-vts), to version v0.2.3
  - [angie-pro-module-wasm](https://en.angie.software//angie/docs/configuration/modules/wasm/index.md#wasm-core), to version v0.2-beta2

---

<a id="angie-pro-1-8-0"></a>

### Angie PRO 1.8.0

Release date: 19.12.2024.

<a id="features-3-1-1-1"></a>

#### Features

- HTTP session binding for a group of proxied servers with a request to external
  storage, configurable by the [sticky](https://en.angie.software//angie/docs/configuration/modules/http/http_upstream.md#u-sticky) directive in the `learn`
  mode using the `remote_action` and `remote_result` parameters;
  this allows to configure binding of client sessions to balanced servers in
  cluster mode, when a group of balancers is unified by shared storage and
  directs client requests within one session to the same server regardless of
  which balancer they hit.
- Support of `DNS-01` challenges by handling DNS queries from the ACME
  server, which allows to automatically request certificates of any types,
  including wildcard ones.
- Hooks system in the ACME module, configurable using the [acme_hook](https://en.angie.software//angie/docs/configuration/modules/http/http_acme.md#acme-hook)
  directive, which allows handling of domain name challenges using an external
  application to provide integration with various services and DNS hosting
  providers.
- The ACME module logs some additional information: why exactly the certificate
  is being renewed, full domain name list, client's account ID, long periods of
  inactivity (e.g. pollings), and the domain name being challenged; this
  information simplifies troubleshooting and allows to specify the CAA DNS
  record.
- The `account_key` parameter of the [acme_client](https://en.angie.software//angie/docs/configuration/modules/http/http_acme.md#acme-client) directive, which
  allows to reuse an existing key for the ACME server account instead of
  auto-generating a new one.
- Support for variables in the [status_zone](https://en.angie.software//angie/docs/configuration/modules/http/index.md#status-zone) directives in the stream and
  HTTP modules allows to dynamically account statistics within several zones in
  a single `location` or `server` block; in particular, it's
  especially useful when a single `server` block is handling multiple
  virtual hosts.
- GZip HTTP compression module compatibility with the `zlib-ng` versions
  2.2.0 and above, which could previously cause `[alert] gzip filter
  failed to use preallocated memory` messages in the error log.
- The [max_headers](https://en.angie.software//angie/docs/configuration/modules/http/index.md#max-headers) directive that limits the number of HTTP request header
  fields to better protect against DoS attacks. Thanks to Maxim Dounin
  (freenginx) and Maksim Yevmenkin.
- The [http3_max_table_capacity](https://en.angie.software//angie/docs/configuration/modules/http/http_v3.md#http3-max-table-capacity) and [proxy_http3_max_table_capacity](https://en.angie.software//angie/docs/configuration/modules/http/http_proxy.md#proxy-http3-max-table-capacity)
  directives to configure the HTTP/3 dynamic header compression table limits.
- Cross-compilation support - the build system can now use a wrapper script to
  run autotests, which enables to prepare a build without running test programs
  directly on the target platform.
- All functionality of [nginx 1.27.3](https://nginx.org/en/CHANGES).

#### Bugfixes

- HTTP/3 clients could time out when using `0-RTT`; the bug was inherited
  from nginx in version 1.7.0.
- Proxying with HTTP/3 using variables in the [proxy_pass](https://en.angie.software//angie/docs/configuration/modules/http/http_proxy.md#proxy-pass) directive and
  without specifying an `upstream` block could crash the worker process.
- HTTP/3 upstreams using dynamic table could lead to worker process crash if
  used with cache.
- Some SSL handshakes could be not counted in statistics for the `stream`
  module.
- HTTP/3 proxy settings specified in `http` or `server` level might
  be ignored.
- The [proxy_ssl_certificate](https://en.angie.software//angie/docs/configuration/modules/http/http_proxy.md#proxy-ssl-certificate) directive didn't work when proxying via
  HTTP/3 with NTLS support enabled.

<a id="changes-2-1-1-1-1-1"></a>

#### Changes

- When gracefully shutting down old worker processes, keep-alive connections are
  now closed only after the timeout specified by the [lingering_timeout](https://en.angie.software//angie/docs/configuration/modules/http/index.md#lingering-timeout)
  directive has expired; this behaviour allows to avoid possible client errors
  when receiving replies at that moment. Thanks to Maxim Dounin (freenginx).
- Disabled caching of the `stream` module variables
  [$ssl_server_name](https://en.angie.software//angie/docs/configuration/modules/http/http_ssl.md#v-ssl-server-name), [$ssl_server_cert_type](https://en.angie.software//angie/docs/configuration/modules/http/http_ssl.md#v-ssl-server-cert-type),
  [$ssl_preread_protocol](https://en.angie.software//angie/docs/configuration/modules/stream/stream_ssl_preread.md#v-ssl-preread-protocol), and [$ssl_preread_server_name](https://en.angie.software//angie/docs/configuration/modules/stream/stream_ssl_preread.md#v-ssl-preread-server-name), which
  allows to get actual values when using virtual servers.

#### Packages

- Dynamic modules added:
  - [angie-pro-module-http-auth-radius](https://github.com/ten0s/ngx_http_auth_radius_module)
- Updated:
  - [angie-pro-module-auth-jwt](https://en.angie.software//angie/docs/installation/external-modules/auth-jwt.md#external-auth-jwt), to version 0.8.0
  - [angie-pro-module-jwt](https://en.angie.software//angie/docs/installation/external-modules/jwt.md#external-jwt), to version 3.4.2
  - [angie-pro-module-njs](https://en.angie.software//angie/docs/installation/external-modules/njs.md#external-njs), to version 0.8.8
  - [angie-pro-module-opentracing](https://en.angie.software//angie/docs/installation/external-modules/opentracing.md#external-opentracing), to version 0.38.0
  - [angie-pro-module-wasm](https://en.angie.software//angie/docs/configuration/modules/wasm/index.md#wasm-core), to version 0.1-beta5

---

<a id="angie-pro-1-7-0"></a>

### Angie PRO 1.7.0

Release date: 19.09.2024.

<a id="features-3-1-1"></a>

#### Features

- Forced closing all the connections to a proxied server when it's removed from
  the group; it can be configured via the [proxy_connection_drop](https://en.angie.software//angie/docs/configuration/modules/http/http_proxy.md#proxy-connection-drop),
  [grpc_connection_drop](https://en.angie.software//angie/docs/configuration/modules/http/http_grpc.md#grpc-connection-drop), [fastcgi_connection_drop](https://en.angie.software//angie/docs/configuration/modules/http/http_fastcgi.md#fastcgi-connection-drop),
  [scgi_connection_drop](https://en.angie.software//angie/docs/configuration/modules/http/http_scgi.md#scgi-connection-drop), and [uwsgi_connection_drop](https://en.angie.software//angie/docs/configuration/modules/http/http_uwsgi.md#uwsgi-connection-drop) directives,
  which value can be overridden locally with the `connection_drop`
  argument of an [API request](https://en.angie.software//angie/docs/configuration/modules/http/http_api.md#api-config-methods) for server removal.
- Counters of sent DNS query types in the resolver statistics API, which is
  collected with the `status_zone` parameter of the [resolver](https://en.angie.software//angie/docs/configuration/modules/http/index.md#resolver)
  directive.
- The [feedback (PRO)](https://en.angie.software//angie/docs/configuration/modules/stream/stream_upstream.md#s-u-feedback) load balancing now can be used in the `stream`
  module; it distributes TCP/UDP sessions based on a specified variable, which
  can be obtained from proxied upstream servers or periodic requests to external
  services. This allows dynamic load balancing depending on arbitrary metrics of
  proxied servers, such as resource consumption, CPU/memory utilization, and
  queue length.
- The `last_byte` option of the [feedback (PRO)](https://en.angie.software//angie/docs/configuration/modules/http/http_upstream.md#u-feedback) directive, which allows
  processing upstream server feedback after the entire response is received,
  rather than only the header.
- The [feedback (PRO)](https://en.angie.software//angie/docs/configuration/modules/http/http_upstream.md#u-feedback) load balancing method now accepts
  floating-point numbers as the variable value.
- The `account` parameter of the [least_time (PRO)](https://en.angie.software//angie/docs/configuration/modules/http/http_upstream.md#u-least-time) directive, which
  enables using a variable to specify which requests are considered for
  `least_time` balancing, including considering only [upstream_probe (PRO)](https://en.angie.software//angie/docs/configuration/modules/http/http_upstream_probe.md#u-upstream-probe)
  requests.
- The `factor` parameter of the [least_time (PRO)](https://en.angie.software//angie/docs/configuration/modules/http/http_upstream.md#u-least-time) directive, which
  allows to specify an adjustable smoothing factor for the `least_time`
  balancer and overrides the value of the [response_time_factor (PRO)](https://en.angie.software//angie/docs/configuration/modules/http/http_upstream.md#u-response-time-factor) used
  for statistics collection.
- A `drain` mode that switches the proxied stream server to a new
  `draining` state, when only requests bound using the [sticky](https://en.angie.software//angie/docs/configuration/modules/stream/stream_upstream.md#s-u-sticky)
  module are sent to the server.
- The [$ssl_server_cert_type](https://en.angie.software//angie/docs/configuration/modules/http/http_ssl.md#v-ssl-server-cert-type) variable that contains the type of selected
  certificate for a received TLS-connection.
- Disabling creation of the PID file with the `off` parameter of the
  [pid](https://en.angie.software//angie/docs/configuration/modules/core.md#pid) directive, which might be beneficial with immutable images and
  direct control by a service manager. Thanks to Maxim Dounin (freenginx).
- Creation of the PID file made atomic via an intermediate temporary file, which
  removes a moment when the file is already in the directory but still empty,
  and allows external programs to handle it more easily and reliably.
- Now, during reconfiguration, no attempt is made to recreate the PID file if
  the name in the [pid](https://en.angie.software//angie/docs/configuration/modules/core.md#pid) directive has changed but points to the same file
  via symlinks; in particular, it allows avoiding issues on systems that migrate
  from `/var/run/angie.pid` to `/run/angie.pid`. Thanks to Maxim
  Dounin (freenginx).
- [Syslog logging](https://en.angie.software//angie/docs/configuration/processing.md#syslog-logging) errors are now reported no more than
  once per second; this helps avoid flooding the logs with such messages when
  the syslog server is down or overloaded. Thanks to Maxim Dounin (freenginx).
- In the Mail proxy module, the maximum number of commands during
  authentication, configured with the [max_commands](https://en.angie.software//angie/docs/configuration/modules/mail/index.md#max-commands) directive, is limited
  to better protect against DoS attacks. Thanks to Maxim Dounin (freenginx).
- The [--feature-cache](https://en.angie.software//angie/docs/installation/sourcebuild.md#configure) option of the
  **./configure** script to cache its results for optimization when
  building multiple modules or cross-compiling.
- All functionality of [nginx 1.27.1](https://nginx.org/en/CHANGES).

#### Bugfixes

- The wait timeout of a queued request configured by the [queue (PRO)](https://en.angie.software//angie/docs/configuration/modules/http/http_upstream.md#u-queue)
  directive could crash the worker process.
- `PID file ... not readable (yet?) after start` and `Failed to
  parse PID from file...` errors might appear when starting with
  **systemd**. Thanks to Maxim Dounin (freenginx).

<a id="changes-2-1-1-1-1"></a>

#### Changes

- Updated descriptions of HTTP status codes in conformance with RFC 9110. Thanks
  to Maxim Dounin (freenginx) and Michiel W. Beijen.
- A maximum of one empty line is now allowed before an HTTP request to better
  protect against DoS attacks. Thanks to Maxim Dounin (freenginx).
- HTTP/1.x header field names without a colon at the end are now prohibited;
  such invalid header fields from a client or a proxied server will now cause an
  error response. Thanks to Maxim Dounin (freenginx) and Maksim Yevmenkin.
- When reading a request body using HTTP/1.1 chunked transfer encoding, the
  total size of ignored chunk extensions and trailer header fields is now
  limited by the [client_max_body_size](https://en.angie.software//angie/docs/configuration/modules/http/index.md#client-max-body-size) directive to better protect against
  DoS attacks. Thanks to Maxim Dounin (freenginx) and Bartek Nowotarski.
- The MIME type in the `mime.types` configuration file has been changed to
  `image/bmp` for the `bmp` extension and
  `application/vnd.rar` for the `rar` extension; set to
  `application/vnd.debian.binary-package` for the `deb` and
  `udeb` extensions. Thanks to Yuriy Izorkin.

#### Packages

- Updated:
  - [angie-pro-module-opentracing](https://en.angie.software//angie/docs/installation/external-modules/opentracing.md#external-opentracing), to version 0.36.0
  - [angie-pro-module-lua](https://en.angie.software//angie/docs/installation/external-modules/lua.md#external-lua), to version 0.10.27

24.10.2024

- Added packages for [SberLinux](https://en.angie.software//angie/docs/installation/pro_packages.md#install-yum-pro).

---

<a id="angie-pro-1-6-2"></a>

### Angie PRO 1.6.2

Release date: 16.08.2024.

<a id="security-2-1-1-1"></a>

#### Security

- Processing a specially crafted MP4 file with the
  [ngx_http_mp4_module](https://en.angie.software//angie/docs/configuration/modules/http/http_mp4.md#http-mp4)
  could cause a worker process crash
  ([CVE-2024-7347](https://nvd.nist.gov/vuln/detail/CVE-2024-7347));
  the fix was ported from nginx 1.27.1.

---

<a id="angie-pro-1-6-1"></a>

### Angie PRO 1.6.1

Release date: 08.08.2024.

<a id="features-3-1"></a>

#### Features

- A new `passed` counter in the
  [API statistics](https://en.angie.software//angie/docs/configuration/modules/http/http_api.md#api-status-stream-server-zones) zone
  configured by the [status_zone](https://en.angie.software//angie/docs/configuration/modules/stream/index.md#s-status-zone) directive
  of the [stream](https://en.angie.software//angie/docs/configuration/modules/index.md#modules-stream) module
  tracks connections passed to other listening sockets
  using [pass](https://en.angie.software//angie/docs/configuration/modules/stream/stream_pass.md#s-pass) directives.

#### Bugfixes

- When using virtual servers or the [pass](https://en.angie.software//angie/docs/configuration/modules/stream/stream_pass.md#s-pass) directive in the
  [stream](https://en.angie.software//angie/docs/configuration/modules/index.md#modules-stream) module,
  connections could be accounted incorrectly in the statistics API.
- Worker processes could crash on configurations with 5 or more ACME
  clients; the bug had appeared in 1.6.0.
- Handling cached responses with the `X-Accel-Redirect` header
  could crash the worker process.
  Thanks to Maxim Dounin (freenginx) and Jiří Setnička.

#### Packages

- Updated:
  - [angie-pro-console-light](https://en.angie.software//angie/docs/installation/pro_packages.md#install-console-light-pro), to version 1.4.0
  - [angie-pro-module-opentracing](https://en.angie.software//angie/docs/installation/external-modules/opentracing.md#external-opentracing), to version 0.35.3
  - [angie-pro-module-zstd](https://en.angie.software//angie/docs/installation/external-modules/zstd.md#external-zstd), to revision `f4ba115`

---

<a id="angie-pro-1-6-0"></a>

### Angie PRO 1.6.0

Release date: 28.06.2024.

<a id="features-3"></a>

#### Features

- HTTP request balancing based on the value of a specified variable
  which can be obtained from proxied servers
  or periodic polling of external services,
  configured using the [feedback](https://en.angie.software//angie/docs/configuration/modules/http/http_upstream.md#u-feedback) directive
  in the [upstream](https://en.angie.software//angie/docs/configuration/modules/http/http_upstream.md#u-upstream) block;
  this allows, in particular, to dynamically redistribute the load
  depending on arbitrary metrics of the proxied server:
  consumption of various resources, CPU/memory utilization, queue length, etc.
- The [sticky](https://en.angie.software//angie/docs/configuration/modules/stream/stream_upstream.md#s-u-sticky) directive and related settings
  in the [upstream](https://en.angie.software//angie/docs/configuration/modules/stream/stream_upstream.md#s-u-upstream) block of the [stream](https://en.angie.software//angie/docs/configuration/modules/index.md#modules-stream) module,
  which allow configuring session persistence mode
  where all connections within a session are routed to the same server.
- Extraction of Cookie values from RDP connections using the
  [rdp_preread](https://en.angie.software//angie/docs/configuration/modules/stream/stream_rdp_preread.md#s-rdp-preread) directive of the [stream](https://en.angie.software//angie/docs/configuration/modules/index.md#modules-stream) module
  into [$rdp_cookie](https://en.angie.software//angie/docs/configuration/modules/stream/stream_rdp_preread.md#v-rdp-cookie) and [$rdp_cookie_NAME](https://en.angie.software//angie/docs/configuration/modules/stream/stream_rdp_preread.md#id3) variables,
  which allows logging and binding RDP client sessions to the same servers
  when load balancing.
- The `persistent` option
  of the [upstream_probe](https://en.angie.software//angie/docs/configuration/modules/http/http_upstream_probe.md#u-upstream-probe) directive,
  which allows avoiding waiting for `essential` probes to pass
  after configuration reload for previously healthy servers.
- Support for multiple [acme](https://en.angie.software//angie/docs/configuration/modules/http/http_acme.md#id1) directives
  in a single [server](https://en.angie.software//angie/docs/configuration/modules/http/index.md#server) block,
  which allows configuring obtaining both types of certificates at once
  within that virtual server.
- Command line options `-m` and `-M`
  to display a list of built-in and loaded modules.
- The [$upstream_probe](https://en.angie.software//angie/docs/configuration/modules/http/http_upstream_probe.md#v-upstream-probe) variable
  that contains the name of the current active probe
  issued by [upstream_probe](https://en.angie.software//angie/docs/configuration/modules/http/http_upstream_probe.md#u-upstream-probe).
- Support for [BoringSSL](https://www.chromium.org/Home/chromium-security/boringssl/)
  in the [ACME](https://en.angie.software//angie/docs/configuration/modules/http/http_acme.md#http-acme) module.
- All functionality of [nginx 1.27.0](https://nginx.org/en/CHANGES),
  including support for virtual servers in the [stream](https://en.angie.software//angie/docs/configuration/modules/index.md#modules-stream) module
  and the `pass` directive,
  which allows passing accepted connections for handling to other listening sockets,
  including [HTTP](https://en.angie.software//angie/docs/configuration/modules/index.md#modules-http) and [Mail](https://en.angie.software//angie/docs/configuration/modules/index.md#modules-mail) modules.

#### Bugfixes

- Active [upstream_probe](https://en.angie.software//angie/docs/configuration/modules/http/http_upstream_probe.md#u-upstream-probe) probes might not have worked
  on some configurations while logging error messages like
  `[alert] getsockname() failed (9: Bad file descriptor)`.
- Certificate request via the ACME protocol could fail
  on some configurations with a log message like
  `[alert] getsockname() failed (9: Bad file descriptor)`.
- Certificate request with a large number of domain names via the
  ACME protocol could fail with a log message like
  `[error] JSON parser error`.
- ACME clients in configurations
  with multiple [error_log](https://en.angie.software//angie/docs/configuration/modules/core.md#error-log) directives
  could output messages to incorrect logs.

#### Packages

- Updated:
  - [angie-pro-module-auth-jwt](https://en.angie.software//angie/docs/installation/external-modules/auth-jwt.md#external-auth-jwt), to version 0.7.0
  - [angie-pro-module-auth-ldap](https://en.angie.software//angie/docs/installation/external-modules/auth-ldap.md#external-ldap), to revision `241200e`
  - [angie-pro-module-jwt](https://en.angie.software//angie/docs/installation/external-modules/jwt.md#external-jwt), to version 3.4.1
  - [angie-pro-module-keyval](https://en.angie.software//angie/docs/installation/external-modules/keyval.md#external-keyval), to version 0.3.0
  - [angie-pro-module-lua](https://en.angie.software//angie/docs/installation/external-modules/lua.md#external-lua):
    `stream_lua_module`, to revision `bea8a0c`
  - [angie-pro-module-njs](https://en.angie.software//angie/docs/installation/external-modules/njs.md#external-njs), to version 0.8.5

---

<a id="angie-pro-1-5-2"></a>

### Angie PRO 1.5.2

Release date: 03.06.2024.

<a id="security-2-1-1"></a>

#### Security

- When using HTTP/3, processing a specially crafted QUIC
  session could cause a worker process crash, worker process memory
  disclosure on systems with MTU larger than 4096 bytes, or have other
  impact ([CVE-2024-32760](https://nvd.nist.gov/vuln/detail/CVE-2024-32760),
  [CVE-2024-31079](https://nvd.nist.gov/vuln/detail/CVE-2024-31079),
  [CVE-2024-35200](https://nvd.nist.gov/vuln/detail/CVE-2024-35200),
  [CVE-2024-34161](https://nvd.nist.gov/vuln/detail/CVE-2024-34161));
  the fix was ported from nginx 1.26.1.

#### Packages

- Updated:
  - [angie-pro-module-opentracing](https://en.angie.software//angie/docs/installation/external-modules/opentracing.md#external-opentracing), to version 0.35.2

---

<a id="angie-pro-1-5-1"></a>

### Angie PRO 1.5.1

Release date: 16.05.2024.

#### Bugfixes

- The `proxy_next_upstream` mechanism did not work correctly when editing
  a group of proxied servers via the API, and when using the [resolve](https://en.angie.software//angie/docs/configuration/modules/stream/stream_upstream.md#s-reresolve) option of the `server` directive in the
  `upstream` block if the number of
  resolved IP addresses differed from the number of specified servers.
- While requesting a certificate via the ACME protocol, a
  segmentation fault could occur in a worker process.
- The [sticky](https://en.angie.software//angie/docs/configuration/modules/http/http_upstream.md#u-sticky) directive in the `learn` mode could work
  incorrectly with different numbers of `lookup` and `create`
  variables.
- The [slow_start](https://en.angie.software//angie/docs/configuration/modules/stream/stream_upstream.md#s-slow-start) mechanism did not work when proxying TCP
  connections in the [stream](https://en.angie.software//angie/docs/configuration/modules/index.md#modules-stream) module.
- HTTP/3 requests could fail if received as TLS
  1.3 early data; the bug had appeared in 1.4.0.
- HTTP/3 connection could be prematurely closed while using
  0-RTT in QUIC.
- When reading a request body from a fast connection, reading
  for a long time was possible. Thanks to Maxim Dounin (freenginx).

<a id="changes-2-1-1-1"></a>

#### Changes

- Now ACME clients do not discard previously stored
  certificates if they are expired or issued for a different domain list,
  but use them while renewal is in progress.

#### Packages

27.05.2024

- Added packages for [Alpine](https://en.angie.software//angie/docs/installation/pro_packages.md#install-alpine-pro) 3.20.

---

<a id="angie-pro-1-5-0"></a>

### Angie PRO 1.5.0

Release date: 27.03.2024.

#### Features

- Initial support for automatically obtaining and updating certificates using the
  [ACME protocol](https://en.angie.software//angie/docs/configuration/modules/http/http_acme.md#http-acme), configurable with the
  [acme_client](https://en.angie.software//angie/docs/configuration/modules/http/http_acme.md#acme-client) and [acme](https://en.angie.software//angie/docs/configuration/modules/http/http_acme.md#id1) directives, as well as variables of the
  form [$acme_cert_=](https://en.angie.software//angie/docs/configuration/modules/http/http_acme.md#v-acme-cert-name) and [$acme_cert_key_=](https://en.angie.software//angie/docs/configuration/modules/http/http_acme.md#v-acme-cert-key-name).
- A `drain` mode that switches the proxied HTTP server to a new
  `draining` state, where only requests bound using the [sticky](https://en.angie.software//angie/docs/configuration/modules/http/http_upstream.md#u-sticky) module are sent to the server.
- Configuration of automatic redirection that adds trailing
  slashes to request URIs using the [auto_redirect](https://en.angie.software//angie/docs/configuration/modules/http/index.md#auto-redirect) directive.
- Output of date-containing [metrics](https://en.angie.software//angie/docs/configuration/modules/http/http_api.md#metrics) in Unix timestamp format
  instead of ISO 8601 for use in Prometheus, and also in the JSON API when requested
  with the `?date-epoch` argument.
- Now the `-V` option also shows the relevant version of nginx, which is
  useful for compatibility with third-party utilities, **certbot** in
  particular. Thanks to [AdvTechnoKing](https://github.com/webserver-llc/angie/commit/eb914d43aa6a2231d7321c808cb4180abb013ca0).
- All functionality of [nginx 1.25.4](https://nginx.org/en/CHANGES).

#### Bugfixes

- If the SSL session reuse mechanism ([proxy_ssl_session_reuse](https://en.angie.software//angie/docs/configuration/modules/http/http_proxy.md#proxy-ssl-session-reuse)) was used,
  then when dynamically updating the list of proxied servers, a leak could occur
  in the shared memory zone (`zone`) configured for the corresponding `upstream` block.

#### Packages

- Added packages for [FreeBSD 13](https://en.angie.software//angie/docs/installation/pro_packages.md#install-freebsd-pro) (arm64),
  [RED OS 8](https://en.angie.software//angie/docs/installation/pro_packages.md#install-yum-pro) (x86-64).
- Dynamic modules added:
  - [angie-pro-module-otel](https://github.com/nginxinc/nginx-otel)
- Updated:
  - [angie-pro-module-opentracing](https://en.angie.software//angie/docs/installation/external-modules/opentracing.md#external-opentracing), to version 0.34.0

28.03.2024

- Updated:
  - [angie-pro-console-light](https://en.angie.software//angie/docs/installation/pro_packages.md#pro-packages), to version 1.3.0

16.04.2024

- Dynamic modules added:
  - [angie-pro-module-zstd](https://github.com/tokers/zstd-nginx-module)
- Updated:
  - [angie-pro-module-njs](https://en.angie.software//angie/docs/installation/external-modules/njs.md#external-njs), to version 0.8.4

25.04.2024

- Dynamic modules added:
  - angie-pro-module-vts: includes
    [module-vts](https://github.com/vozlt/nginx-module-vts),
    [module-sts](https://github.com/vozlt/nginx-module-sts),
    [module-stream-sts](https://github.com/vozlt/nginx-module-stream-sts)

---

<a id="angie-pro-1-4-1"></a>

### Angie PRO 1.4.1

Release date: 15.02.2024.

<a id="security-2-1"></a>

#### Security

- When using HTTP/3, a segmentation error could have occurred in a worker process
  while processing a specially crafted QUIC session
  ([CVE-2024-24989](https://nvd.nist.gov/vuln/detail/CVE-2024-24989));
  note that Angie PRO as of 1.4.0 is not vulnerable to
  [CVE-2024-24990](https://nvd.nist.gov/vuln/detail/CVE-2024-24990).

#### Packages

- Dynamic modules added:
  - [angie-pro-module-dynamic-limit-req](https://github.com/limithit/ngx_dynamic_limit_req_module)
- Updated:
  - [angie-pro-module-njs](https://en.angie.software//angie/docs/installation/external-modules/njs.md#external-njs), to version 0.8.3
  - [angie-pro-module-vod](https://en.angie.software//angie/docs/installation/external-modules/vod.md#external-vod), to version 1.33

## 2023

<a id="angie-pro-1-4-0"></a>

### Angie PRO 1.4.0

Release date: 21.12.2023.

#### Features

- Support for establishing [HTTP/3](https://en.angie.software//angie/docs/configuration/modules/http/http_v3.md#http-v3) connections to upstream
  servers in the [HTTP proxy module](https://en.angie.software//angie/docs/configuration/modules/http/http_proxy.md#http-proxy) while allowing clients to
  use arbitrary HTTP versions. Configuration is done with the
  [proxy_http_version](https://en.angie.software//angie/docs/configuration/modules/http/http_proxy.md#proxy-http-version) directive and a set of `proxy_quic_` and
  `proxy_http3_` directives.
- The [upstream_probe (PRO)](https://en.angie.software//angie/docs/configuration/modules/stream/stream_upstream_probe.md#s-u-upstream-probe) directive to check the health of servers in the
  [stream](https://en.angie.software//angie/docs/configuration/modules/stream/stream_upstream.md#stream-upstream) module's `upstream` block by
  periodically creating test connections or sending datagrams.
- Additional `learn` mode of the [sticky](https://en.angie.software//angie/docs/configuration/modules/http/http_upstream.md#u-sticky) directive for
  binding sessions to proxied servers that allows discovering sessions and saving
  them in the server's shared memory.
- Waiting queue for requests that couldn't be load-balanced on the first try,
  configured using the [queue (PRO)](https://en.angie.software//angie/docs/configuration/modules/http/http_upstream.md#u-queue) directive in the [HTTP](https://en.angie.software//angie/docs/configuration/modules/http/http_upstream.md#http-upstream) module's `upstream` block.
- HTTP RESTful [JSON interface](https://en.angie.software//angie/docs/configuration/modules/http/http_api.md#api-config-stream-upstreams-servers) for
  reconfiguring, adding, or deleting servers in the [stream](https://en.angie.software//angie/docs/configuration/modules/stream/stream_upstream.md#stream-upstream) module's `upstream` blocks, and the [state](https://en.angie.software//angie/docs/configuration/modules/stream/stream_upstream.md#s-u-state) directive for persisting these changes.
- Load balancing by average time to establish a connection, receive the first or
  last byte of a response from proxied [stream upstream](https://en.angie.software//angie/docs/configuration/modules/stream/stream_upstream.md#stream-upstream)
  servers with an adjustable smoothing factor, using the [least_time (PRO)](https://en.angie.software//angie/docs/configuration/modules/stream/stream_upstream.md#s-u-least-time)
  and [response_time_factor (PRO)](https://en.angie.software//angie/docs/configuration/modules/stream/stream_upstream.md#s-u-response-time-factor) directives in the `upstream` block.
- Statistics of average time to establish a connection, receive the first and
  last byte of a response from proxied [stream upstream](https://en.angie.software//angie/docs/configuration/modules/stream/stream_upstream.md#stream-upstream)
  servers in the interface provided by the [api](https://en.angie.software//angie/docs/configuration/modules/http/http_api.md#a-api) directive, with
  the ability to adjust the smoothing factor via the
  [response_time_factor (PRO)](https://en.angie.software//angie/docs/configuration/modules/stream/stream_upstream.md#s-u-response-time-factor) directive of the `upstream` block.
- A mechanism for smoothly bringing a proxied server online after a failure
  using the `slow_start` option of the [server](https://en.angie.software//angie/docs/configuration/modules/http/http_upstream.md#u-server) directive
  in the `upstream` block.
- [mqtt_preread](https://en.angie.software//angie/docs/configuration/modules/stream/stream_mqtt_preread.md#s-mqtt-preread) directive in the [stream](https://en.angie.software//angie/docs/configuration/modules/stream/stream_mqtt_preread.md#stream-mqtt-preread)
  module, which allows extracting the username and client ID from the CONNECT
  packet of the MQTT protocol into the [$mqtt_preread_username](https://en.angie.software//angie/docs/configuration/modules/stream/stream_mqtt_preread.md#v-mqtt-preread-username) and [$mqtt_preread_clientid](https://en.angie.software//angie/docs/configuration/modules/stream/stream_mqtt_preread.md#v-mqtt-preread-clientid) variables.
- Limiting the response rate of MP4 file transmission to the client
  proportionally to the bitrate using the [mp4_limit_rate](https://en.angie.software//angie/docs/configuration/modules/http/http_mp4.md#mp4-limit-rate) and
  [mp4_limit_rate_after](https://en.angie.software//angie/docs/configuration/modules/http/http_mp4.md#mp4-limit-rate-after) directives, which reduces the bandwidth load.
- All functionality of [nginx 1.25.3](https://nginx.org/en/CHANGES).

#### Bugfixes

- If a proxied server was the only one in a group, it could be incorrectly
  reported as `unavailable` in the [statistics API](https://en.angie.software//angie/docs/configuration/modules/http/http_api.md#metrics) even
  after recovery.

<a id="changes-2-1-1"></a>

#### Changes

- Now the time a proxied server spends in the `checking` state is not
  counted as `downtime`.
- The standard [prometheus_all.conf](https://en.angie.software//angie/docs/configuration/modules/http/http_prometheus.md#prometheus-all) template includes all
  additional Prometheus metrics and possible `state` values of
  `upstream` peers that are only exposed by the PRO version.

#### Packages

- Packages for [Alpine](https://en.angie.software//angie/docs/installation/pro_packages.md#install-alpine-pro) 3.19.
- Updated:
  - [angie-pro-console-light](https://en.angie.software//angie/docs/installation/pro_packages.md#pro-packages), to version 1.2.0
  - [angie-pro-module-auth-jwt](https://en.angie.software//angie/docs/installation/external-modules/auth-jwt.md#external-auth-jwt), to version 0.4.0
  - [angie-pro-module-headers-more](https://en.angie.software//angie/docs/installation/external-modules/headers-more.md#external-headers-more), to version 0.36
  - [angie-pro-module-ndk](https://en.angie.software//angie/docs/installation/external-modules/ndk.md#external-ndk), to version 0.3.3
  - [angie-pro-module-opentracing](https://en.angie.software//angie/docs/installation/external-modules/opentracing.md#external-opentracing), to version 0.33.0

25.12.2023

- Updated:
  - [angie-pro-console-light](https://en.angie.software//angie/docs/installation/pro_packages.md#pro-packages), to version 1.2.1

22.01.2024

- Dynamic modules added:
  - [angie-pro-module-zip](https://github.com/evanmiller/mod_zip)
- Updated:
  - [angie-pro-module-auth-jwt](https://en.angie.software//angie/docs/installation/external-modules/auth-jwt.md#external-auth-jwt), to version 0.6.0
  - [angie-pro-module-headers-more](https://en.angie.software//angie/docs/installation/external-modules/headers-more.md#external-headers-more), to version 0.37
  - [angie-pro-module-lua](https://en.angie.software//angie/docs/installation/external-modules/lua.md#external-lua):
    `http_lua_module`, to version 0.10.26;
    `stream_lua_module`, to version 0.0.14

---

<a id="angie-pro-1-3-2"></a>

### Angie PRO 1.3.2

Release date: 23.11.2023.

#### Bugfixes

- Active [health probes](https://en.angie.software//angie/docs/configuration/modules/http/http_upstream_probe.md#u-upstream-probe) with the `essential` flag
  incorrectly handled the server's transition from `checking` to
  `unhealthy` when the initial check failed, resulting in user
  requests being routed to the faulty server.
- Possible incorrect values of metrics in [Prometheus](https://en.angie.software//angie/docs/configuration/modules/http/http_prometheus.md#id1) output
  that used variables other than `$p8s_value` for their values; in
  practice the issue could occur with `angie_http_upstreams_peers_state`
  and `angie_stream_upstreams_peers_state` from the standard
  `prometheus_all.conf` template.
- Some connection attempts to upstream servers might not have been properly
  accounted for in the [statistics API](https://en.angie.software//angie/docs/configuration/modules/http/http_api.md#a-api) if they failed immediately;
  the bug had appeared in 1.3.0.

#### Packages

04.12.2023

- Dynamic modules added:
  - [angie-pro-module-modsecurity](https://github.com/owasp-modsecurity/ModSecurity-nginx)

07.12.2023

- Updated:
  - [angie-pro-console-light](https://en.angie.software//angie/docs/installation/pro_packages.md#pro-packages), to version 1.1.1

12.12.2023

- Dynamic modules added:
  - [angie-pro-module-auth-ldap](https://github.com/kvspb/nginx-auth-ldap)
- Updated:
  - [angie-pro-module-auth-jwt](https://en.angie.software//angie/docs/installation/external-modules/auth-jwt.md#external-auth-jwt), to version 0.4.0
  - [angie-pro-module-headers-more](https://en.angie.software//angie/docs/installation/external-modules/headers-more.md#external-headers-more), to version 0.36
  - [angie-pro-module-ndk](https://en.angie.software//angie/docs/installation/external-modules/ndk.md#external-ndk), to version 0.3.3
  - [angie-pro-module-opentracing](https://en.angie.software//angie/docs/installation/external-modules/opentracing.md#external-opentracing), to version 0.33.0

---

<a id="angie-pro-1-3-1"></a>

### Angie PRO 1.3.1

Release date: 18.10.2023.

<a id="security-2"></a>

#### Security

- Added extra limitations to HTTP/2 stream handling for better protection
  against the DoS attack known as "HTTP/2 Rapid Reset" ([CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487)).

#### Packages

26.10.2023

- Dynamic modules added:
  - [angie-pro-module-opentracing](https://github.com/opentracing-contrib/nginx-opentracing/)

13.11.2023

- Dynamic modules added:
  - [angie-pro-module-testcookie](https://github.com/kyprizel/testcookie-nginx-module/)
- Updated:
  - [angie-pro-console-light](https://en.angie.software//angie/docs/installation/pro_packages.md#pro-packages), to version 1.1.0
  - [angie-pro-module-headers-more](https://en.angie.software//angie/docs/installation/external-modules/headers-more.md#external-headers-more), to version 0.35
  - [angie-pro-module-njs](https://en.angie.software//angie/docs/installation/external-modules/njs.md#external-njs), to version 0.8.2
  - [angie-pro-module-vod](https://en.angie.software//angie/docs/installation/external-modules/vod.md#external-vod), to version 1.32

---

<a id="angie-pro-1-3-0"></a>

### Angie PRO 1.3.0

Release date: 03.10.2023.

#### Features

- Ability to specify multiple match patterns in the `location` directive,
  which allows to [combine](https://en.angie.software//angie/docs/configuration/modules/http/index.md#combined-locations) several `location`
  blocks with similar settings and therefore simplify configuration by reducing
  duplication.
- Load balancing by average time to receive the response header or full response
  from proxied HTTP servers with an adjustable smoothing factor, using the
  [least_time (PRO)](https://en.angie.software//angie/docs/configuration/modules/http/http_upstream.md#u-least-time) and [response_time_factor (PRO)](https://en.angie.software//angie/docs/configuration/modules/http/http_upstream.md#u-response-time-factor) directives in the
  `upstream` block.
- Export of varied statistics metrics in Prometheus format with flexible
  template configuration using the new [prometheus](https://en.angie.software//angie/docs/configuration/modules/http/http_prometheus.md#id1) and
  [prometheus_template](https://en.angie.software//angie/docs/configuration/modules/http/http_prometheus.md#prometheus-template) directives.
- Statistics of average time to receive the response header and full response of
  proxied HTTP servers in the interface provided by the [api](https://en.angie.software//angie/docs/configuration/modules/http/http_api.md#a-api) directive,
  with the ability to adjust the average smoothing factor via the
  [response_time_factor (PRO)](https://en.angie.software//angie/docs/configuration/modules/http/http_upstream.md#u-response-time-factor) directive
  of the `upstream` block.
- Detailed information and [metrics](https://en.angie.software//angie/docs/configuration/modules/http/http_api.md#api-status-stream-upstreams) for
  groups of stream upstream servers in the statistics interface provided by the
  [api](https://en.angie.software//angie/docs/configuration/modules/http/http_api.md#a-api) directive.
- The [resolve](https://en.angie.software//angie/docs/configuration/modules/stream/stream_upstream.md#s-reresolve) option of the `server` directive in the
  [stream](https://en.angie.software//angie/docs/configuration/modules/stream/stream_upstream.md#stream-upstream) module's `upstream` block that allows to
  monitor changes to the list of IP addresses corresponding to a domain name,
  and automatically update it without the need of reloading configuration.
- The [service](https://en.angie.software//angie/docs/configuration/modules/stream/stream_upstream.md#s-reresolve) option of the `server` directive in the
  [stream](https://en.angie.software//angie/docs/configuration/modules/stream/stream_upstream.md#stream-upstream) module's `upstream` block that allows to
  retrieve lists of addresses from DNS SRV records, with basic priority support.
- Support for binding a client connection to a backend server connection using
  the [bind_conn (PRO)](https://en.angie.software//angie/docs/configuration/modules/http/http_upstream.md#u-bind-conn) directive in the [http](https://en.angie.software//angie/docs/configuration/modules/http/http_upstream.md#http-upstream) module's
  `upstream` blocks, particularly for proxying connections with NT LAN
  Manager (NTLM) authentication.
- Access to the contents of configuration files used by the current generation
  of worker processes via the interface provided
  by the [api](https://en.angie.software//angie/docs/configuration/modules/http/http_api.md#a-api) directive
  with the [api_config_files](https://en.angie.software//angie/docs/configuration/modules/http/http_api.md#a-api-config-files) directive enabled.
- Display of the [configuration generation](https://en.angie.software//angie/docs/configuration/runtime.md#control-config-change) number
  in process titles, which allows to monitor the success of configuration
  reloads and the number of previous worker process generations using the
  `ps` utility.
- All functionality of [nginx 1.25.2](https://nginx.org/en/CHANGES).

<a id="changes-2-1"></a>

#### Changes

- Now appname `angie` is used
  when loading the OpenSSL configuration.

#### Packages

- Updated:
  - [angie-pro-module-njs](https://en.angie.software//angie/docs/installation/external-modules/njs.md#external-njs), to version 0.8.1

---

<a id="angie-pro-1-2-0"></a>

### Angie PRO 1.2.0

Release date: 15.08.2023.

#### Features

- [HTTP RESTful JSON interface](https://en.angie.software//angie/docs/configuration/modules/http/http_api.md#api-config) for reconfiguring, adding, or
  deleting servers in the [HTTP](https://en.angie.software//angie/docs/configuration/modules/http/http_upstream.md#http-upstream) module's [upstream](https://en.angie.software//angie/docs/configuration/modules/http/http_upstream.md#u-upstream)
  blocks, and the [state](https://en.angie.software//angie/docs/configuration/modules/http/http_upstream.md#u-state) directive
  for persisting these changes.
- The [upstream_probe (PRO)](https://en.angie.software//angie/docs/configuration/modules/http/http_upstream_probe.md#u-upstream-probe) directive to check the health of servers in the
  [HTTP](https://en.angie.software//angie/docs/configuration/modules/http/http_upstream.md#http-upstream) module's [upstream](https://en.angie.software//angie/docs/configuration/modules/http/http_upstream.md#u-upstream) block by periodically
  sending probe requests.
- Support for cache sharding in the [HTTP](https://en.angie.software//angie/docs/configuration/modules/http/http_proxy.md#http-proxy) proxy module, which
  enables caching responses in different directories (drives) depending on an
  arbitrary response parameter, configured with variables in the new
  `path-` option of the [proxy_cache](https://en.angie.software//angie/docs/configuration/modules/http/http_proxy.md#proxy-cache) directive.
- Support for NTLS in the [HTTP](https://en.angie.software//angie/docs/configuration/modules/stream/stream_ssl.md#stream-ssl)
  modules when using the [TongSuo](https://github.com/Tongsuo-Project/Tongsuo)
  TLS library; the support can be enabled via the `‑‑with‑ntls` build time
  option and configured with the corresponding [ssl_ntls](https://en.angie.software//angie/docs/configuration/modules/http/http_ssl.md#ssl-ntls) and
  [proxy_ssl_ntls](https://en.angie.software//angie/docs/configuration/modules/http/http_proxy.md#proxy-ssl-ntls) directives.
- In the [HTTP](https://en.angie.software//angie/docs/configuration/modules/stream/stream_proxy.md#stream-proxy) proxy
  modules, the ability to specify multiple certificates with different types
  (RSA and ECDSA) and corresponding keys using the [proxy_ssl_certificate](https://en.angie.software//angie/docs/configuration/modules/http/http_proxy.md#proxy-ssl-certificate)
  and [proxy_ssl_certificate_key](https://en.angie.software//angie/docs/configuration/modules/http/http_proxy.md#proxy-ssl-certificate-key) directives.
- Display of version and build name in the `master` process title, which
  allows to get this information about a running server instance using the
  `ps` utility.
- The [gzip](https://en.angie.software//angie/docs/configuration/modules/http/http_gzip.md#http-gzip) module's ability to compress "207 Multi-Status"
  responses.  Thanks to [DBotThePony](https://github.com/webserver-llc/angie/pull/26).
- All functionality of [nginx 1.25.0](https://nginx.org/en/CHANGES),
  including [HTTP/3](https://en.angie.software//angie/docs/configuration/modules/http/http_v3.md#http-v3) support.

<a id="changes-2"></a>

#### Changes

- The [$upstream_sticky_status](https://en.angie.software//angie/docs/configuration/modules/http/http_upstream.md#v-upstream-sticky-status) variable values are now uppercase to be in
  line with the style of [$upstream_cache_status](https://en.angie.software//angie/docs/configuration/modules/http/http_upstream.md#v-upstream-cache-status) values.

#### Packages

- Dynamic modules added:
  - [angie-pro-module-enhanced-memcached](https://github.com/bpaquet/ngx_http_enhanced_memcached_module)
  - [angie-pro-module-eval](https://github.com/openresty/nginx-eval-module)

---

<a id="angie-pro-1-1-0-p1"></a>

### Angie PRO 1.1.0-p1

Release date: 01.03.2023.

#### Features

- The [sticky](https://en.angie.software//angie/docs/configuration/modules/http/http_upstream.md#u-sticky) directive and related options in the [HTTP](https://en.angie.software//angie/docs/configuration/modules/http/http_upstream.md#http-upstream) module's [upstream](https://en.angie.software//angie/docs/configuration/modules/http/http_upstream.md#u-upstream) block that allow to configure
  sticky sessions mode, where all requests of the session are routed to the same
  server.
- The [$upstream_sticky_status](https://en.angie.software//angie/docs/configuration/modules/http/http_upstream.md#v-upstream-sticky-status) variable that can be either `new`,
  `hit` or `miss` depending on the success of requesting the related
  upstream server with sticky sessions enabled.

---

<a id="angie-pro-1-1-0"></a>

### Angie PRO 1.1.0

Release date: 07.02.2023.

#### Features

- The [api](https://en.angie.software//angie/docs/configuration/modules/http/http_api.md#a-api) directive that provides HTTP RESTful interface for accessing
  in JSON or Prometheus formats basic information about a web server instance,
  as well as [metrics](https://en.angie.software//angie/docs/configuration/modules/http/http_api.md#metrics) of client connections, shared memory
  zones, DNS queries, HTTP requests, HTTP responses cache, TCP/UDP sessions of
  [stream](https://en.angie.software//angie/docs/configuration/modules/stream/index.md#stream-core) module, zones of [limit_conn](https://en.angie.software//angie/docs/configuration/modules/http/http_limit_conn.md#http-limit-conn)/[limit_req](https://en.angie.software//angie/docs/configuration/modules/http/http_limit_req.md#http-limit-req) modules, and groups of
  [HTTP upstream servers](https://en.angie.software//angie/docs/configuration/modules/http/http_upstream.md#http-upstream).
- The [resolve](https://en.angie.software//angie/docs/configuration/modules/http/http_upstream.md#reresolve) option of the [server](https://en.angie.software//angie/docs/configuration/modules/http/http_upstream.md#u-server)
  directive in the [HTTP](https://en.angie.software//angie/docs/configuration/modules/http/http_upstream.md#http-upstream) module's [upstream](https://en.angie.software//angie/docs/configuration/modules/http/http_upstream.md#u-upstream) block
  that allows to monitor changes to the list of IP addresses corresponding to a
  domain name, and automatically update it without the need of reloading
  configuration.
- The [service](https://en.angie.software//angie/docs/configuration/modules/http/http_upstream.md#reresolve) option of the [server](https://en.angie.software//angie/docs/configuration/modules/http/http_upstream.md#u-server)
  directive in the [HTTP](https://en.angie.software//angie/docs/configuration/modules/http/http_upstream.md#http-upstream) module's [upstream](https://en.angie.software//angie/docs/configuration/modules/http/http_upstream.md#u-upstream) block
  that allows to retrieve lists of addresses from DNS SRV records, with basic
  priority support.
- The [status_zone](https://en.angie.software//angie/docs/configuration/modules/http/index.md#status-zone) directive in [HTTP](https://en.angie.software//angie/docs/configuration/modules/http/index.md#http-core)
  module for specifying zone to collect request metrics in [server](https://en.angie.software//angie/docs/configuration/modules/http/index.md#server) and
  [location](https://en.angie.software//angie/docs/configuration/modules/http/index.md#location) contexts.
- The [status_zone](https://en.angie.software//angie/docs/configuration/modules/stream/index.md#s-status-zone) directive in [stream](https://en.angie.software//angie/docs/configuration/modules/stream/index.md#stream-core) module for specifying zone to collect TCP/UDP session metrics.
- The [status_zone](https://en.angie.software//angie/docs/configuration/modules/http/index.md#resolver-status) parameter of the [resolver](https://en.angie.software//angie/docs/configuration/modules/http/index.md#resolver)
  directive for specifying zone to collect metrics on DNS queries.
- [autoindex](https://en.angie.software//angie/docs/configuration/modules/http/http_autoindex.md#id1) uses natural sorting order for directory listings.
- Arbitrary configuration of the signature on default error pages and the
  `Server` response header field via the [server_tokens](https://en.angie.software//angie/docs/configuration/modules/http/index.md#server-tokens) directive.
- The [$angie_version](https://en.angie.software//angie/docs/configuration/modules/http/index.md#v-angie-version) variable with version of Angie.
- All functionality of [nginx 1.23.3](https://nginx.org/en/CHANGES).

#### Packages

07.04.2023

- Added packages for [ALT](https://en.angie.software//angie/docs/installation/pro_packages.md#install-alt-pro) Linux.

12.05.2023

- Added packages for [FreeBSD](https://en.angie.software//angie/docs/installation/pro_packages.md#install-freebsd-pro).
- Dynamic modules added:
  - [angie-pro-module-subs](https://github.com/yaoweibin/ngx_http_substitutions_filter_module)
  - [angie-pro-module-upload](https://github.com/fdintino/nginx-upload-module)
  - [angie-pro-module-vod](https://github.com/kaltura/nginx-vod-module)

26.05.2023

- Added packages for [Astra](https://en.angie.software//angie/docs/installation/pro_packages.md#install-astrase-pro) Linux Special Edition.

13.06.2023

- Added packages for [Debian 12 "Bookworm"](https://en.angie.software//angie/docs/installation/pro_packages.md#install-deb-pro) and
  [AlmaLinux](https://en.angie.software//angie/docs/installation/pro_packages.md#install-yum-pro).

12.07.2023

- Dynamic modules added:
  - [angie-pro-module-cache-purge](https://github.com/nginx-modules/ngx_cache_purge)
  - [angie-pro-module-echo](https://github.com/openresty/echo-nginx-module)
  - [angie-pro-module-keyval](https://github.com/kjdev/nginx-keyval)
  - [angie-pro-module-postgres](https://github.com/FRiCKLE/ngx_postgres)
- Updated:
  - [angie-pro-module-njs](https://en.angie.software//angie/docs/installation/external-modules/njs.md#external-njs), to version 0.8.0

31.07.2023

- Dynamic modules added:
  - [angie-pro-module-auth-jwt](https://github.com/kjdev/nginx-auth-jwt)