
Changes with Angie 1.6.2                                         16 Aug 2024

    *) Security: processing a specially crafted mp4 file with the
       ngx_http_mp4_module could cause a worker process crash
       (CVE-2024-7347); the fix was ported from nginx 1.27.1.


Changes with Angie 1.6.1                                         08 Aug 2024

    *) Feature: a new "passed" counter in the API statistics of the "stream"
       module's "status_zone" directive tracks connections passed to other
       sockets using "pass" directives.

    *) Bugfix: when using virtual servers or the "pass" directives in the
       "stream" module, connections could be accounted incorrectly in the
       statistics API.

    *) Bugfix: worker processes could crash on configurations with 5 ACME
       clients or more; the bug had appeared in 1.6.0.

    *) Bugfix: handling cached responses with the "X-Accel-Redirect" header
       could crash the worker process.
       Thanks to Maxim Dounin (freenginx) and JiÅÃ­ SetniÄka.


Changes with Angie 1.6.0                                         28 Jun 2024

    *) Feature: the "sticky" directive and related options in the "stream"
       module's "upstream" block, which allow to configure sticky sessions
       mode where all connections in the session are routed to the same
       server.

    *) Feature: extraction of Cookie values from RDP connections using the
       "rdp_preread" directive in the "stream" module into "$rdp_cookie" and
       "$rdp_cookie_NAME" variables, which allows to log and stick RDP
       client sessions to particular servers while load balancing.

    *) Feature: support for multiple "acme" directives in a "server" block,
       which allows to configure obtaining two types of certificates at once
       for that virtual server.

    *) Feature: command line options "-m" and "-M" to list built-in and
       loaded modules.

    *) Feature: support for BoringSSL in the ACME module.

    *) Feature: all functionality of nginx 1.27.0, including support for
       virtual servers in the "stream" module and the "pass" directive,
       which allows to pass accepted connections for handling to another
       listening sockets, including HTTP and Mail modules.

    *) Bugfix: certificate request via the ACME protocol could result in
       error on some configurations with a log message like "[alert]
       getsockname() failed (9: Bad file descriptor)".

    *) Bugfix: certificate request with large number of domain names via the
       ACME protocol could result in error with a log message like "[error]
       JSON parser error".

    *) Bugfix: ACME clients in configurations with multiple "error_log"
       directives could log messages to irrelevant logs.


Changes with Angie 1.5.2                                         31 May 2024

    *) Security: when using HTTP/3, processing of a specially crafted QUIC
       session could cause a worker process crash, worker process memory
       disclosure on systems with MTU larger than 4096 bytes, or have other
       impact (CVE-2024-32760, CVE-2024-31079, CVE-2024-35200,
       CVE-2024-34161); the fix has been ported from nginx 1.26.1.


Changes with Angie 1.5.1                                         16 May 2024

    *) Change: now ACME clients do not discard previously stored
       certificates that were expired or issued for a different domain list,
       but use them while renewing.

    *) Bugfix: the "proxy_next_upstream" mechanism did not work correctly
       when using the "resolve" option of the "server" directive in the
       "upstream" block if the number of resolved IP addresses differed from
       the number of specified servers.

    *) Bugfix: while requesting a certificate via the ACME protocol, a
       segmentation fault could occur in a worker process.

    *) Bugfix: the "slow_start" mechanism did not work when proxying TCP
       connections in the "stream" module.

    *) Bugfix: HTTP/3 requests could result in an error if received as TLS
       1.3 early data; the bug had appeared in 1.4.0.

    *) Bugfix: HTTP/3 connection could be prematurely closed while using
       0-RTT in QUIC.

    *) Bugfix: when reading a request body from a fast connection, reading
       for a long time was possible.
       Thanks to Maxim Dounin (freenginx).


Changes with Angie 1.5.0                                         27 Mar 2024

    *) Feature: basic support for automatically obtaining and updating
       certificates using the ACME protocol, configurable with the
       "acme_client" and "acme" directives, as well as variables of the form
       "$acme_cert_*" and "$acme_cert_key_*".

    *) Feature: configuration of automatic redirection, which adds trailing
       slashes to request URIs, with the "auto_redirect" directive.

    *) Feature: output statistics metrics with dates in Epoch format instead
       of ISO 8601 for use in Prometheus and optionally in the JSON API with
       the "?date=epoch" request argument.

    *) Feature: new "recovering" state for upstream peers in the statistics
       API, indicating that a peer is slowly starting up after a failure, as
       suggested by the "slow_start" option.

    *) Feature: now the "-V" switch also shows the relevant version of
       nginx, which is useful for compatibility with third-party utilities,
       certbot in particular.
       Thanks to AdvTechnoKing.

    *) Feature: all functionality of nginx 1.25.4.

    *) Bugfix: if the SSL session reuse mechanism "proxy_ssl_session_reuse"
       was used and the list of proxied servers was dynamically updated, a
       leak could occur in the shared memory zone configured for the
       corresponding "upstream" block.


Changes with Angie 1.4.1                                         15 Feb 2024

    *) Security: when using HTTP/3, a segmentation error may have occured in
       a worker process while processing a specially crafted QUIC session
       (CVE-2024-24989); note that Angie as of 1.4.0 is already not
       vulnerable to CVE-2024-24990.


Changes with Angie 1.4.0                                         12 Dec 2023

    *) Feature: support for establishing HTTP/3 connections to upstream
       servers in the HTTP proxy module while allowing clients to use
       arbitrary HTTP versions. Configuration is done with the
       "proxy_http_version" directive and a set of "proxy_quic_" and
       "proxy_http3_" directives.

    *) Feature: a mechanism for smoothly bringing the proxied server online
       after a failure using the "slow_start" option of the "server"
       directive in the "upstream" block.

    *) Feature: "mqtt_preread" directive in the "stream" module, which
       allows extracting the username and client id from the CONNECT packet
       of the MQTT protocol into the $mqtt_preread_username and
       $mqtt_preread_clientid variables.

    *) Feature: limiting the response rate of MP4 files transmission to the
       client proportionally to the bitrate using the "mp4_limit_rate" and
       "mp4_limit_rate_after" directives, which reduces the bandwidth load.

    *) Feature: all functionality of nginx 1.25.3.

    *) Bugfix: if a proxied server was the only one in a group, it could be
       incorrectly reported as "unavailable" in the statistics API even
       after recovery.


Changes with Angie 1.3.2                                         23 Nov 2023

    *) Bugfix: possible incorrect values of metrics in Prometheus output
       that used variables other than $p8s_value for their values; in
       practice the issue could occur with
       "angie_http_upstreams_peers_state" and
       "angie_stream_upstreams_peers_state" from the standard
       "prometheus_all.conf" template.

    *) Bugfix: some connection attempts to upstream servers might not have
       been properly accounted for in the statistics API if they failed
       immediately; the bug had appeared in 1.3.0.


Changes with Angie 1.3.1                                         18 Oct 2023

    *) Security: added extra limitations to HTTP/2 stream handling for
       better protection against the DoS attack known as "HTTP/2 Rapid
       Reset" (CVE-2023-44487).


Changes with Angie 1.3.0                                         19 Sep 2023

    *) Feature: ability to specify multiple match patterns in the "location"
       directive, which allows to combine several "location" blocks with
       similar settings and therefore simplify configuration by reducing
       duplication.

    *) Feature: export of varied statistics metrics in Prometheus format
       with flexible template configuration using the new "prometheus" and
       "prometheus_template" directives.

    *) Feature: detailed information and metrics for groups of stream
       upstream servers in the statistics interface provided by the "api"
       directive.

    *) Feature: the "resolve" option of the "server" directive in the
       "stream" moduleâs "upstream" block that allows to monitor changes to
       the list of IP addresses corresponding to a domain name, and
       automatically update it without the need of reloading configuration.

    *) Feature: the "service" option of the "server" directive in the
       "stream" moduleâs "upstream" block that allows to retrieve lists of
       addresses from DNS SRV records, with basic priority support.

    *) Feature: access to the contents of configuration files used by the
       current generation of worker processes via the interface provided by
       the "api" directive with the "api_config_files" directive enabled.

    *) Feature: display of the configuration generation number in process
       titles, which allows to monitor the success of configuration reloads
       and the number of previous worker process generations using the "ps"
       utility.

    *) Feature: all functionality of nginx 1.25.2.

    *) Bugfix: compilation failed when ./configure options
       "--without-http_upstream_zone_module" or
       "--without-stream_upstream_zone_module" were used; the bug had
       appeared in 1.2.0.

    *) Change: now appname "angie" is used when loading the OpenSSL
       configuration.


Changes with Angie 1.2.0                                         30 May 2023

    *) Feature: the "sticky" directive and related options in the HTTP
       module "upstream" block, that allow to configure sticky sessions
       mode, where all requests of the session are routed to the same
       server.

    *) Feature: the $upstream_sticky_status variable, that takes either
       "NEW", "HIT" or "MISS" values depending on success of requesting
       related upstream server with sticky sessions enabled.

    *) Feature: support for NTLS in the HTTP and stream modules using
       TongSuo TLS library, that can be enabled via the "--with-ntls" build
       time option and configured with the "ssl_ntls" and "proxy_ssl_ntls"
       corresponding directives.

    *) Feature: in the HTTP and stream proxy-modules ability to specify
       multiple certificates with different types (RSA and ECDSA) and
       corresponding keys, using the "proxy_ssl_certificate" and
       "proxy_ssl_certificate_key" directives.

    *) Feature: display of version and build name in the "master" process
       title, which allows to get this information about a running server
       instance using the "ps" utility.

    *) Feature: ability to compress "207 Multi-Status" responses by the gzip
       module.
       Thanks to DBotThePony.

    *) Feature: all functionality of nginx 1.25.0, including HTTP/3 support.


Changes with Angie 1.1.0                                         24 Jan 2023

    *) Feature: the "resolve" option of the "server" directive in the HTTP
       module "upstream" block, that allows to monitor changes to the list
       of IP addresses corresponding to a domain name, and automatically
       update it without the need of reloading configuration.

    *) Feature: the "service" option of the "server" directive in the HTTP
       module "upstream" block, that allows to retrieve lists of addresses
       from DNS SRV records, with basic priority support.

    *) Feature: detailed information and metrics for the groups of HTTP
       upstream servers in the statistics interface provided by the "api"
       directive.

    *) Feature: autoindex uses natural sorting order for directory listings.

    *) Feature: all functionality of nginx 1.23.3.

    *) Bugfix: compilation failed due to false warning when using GCC 9 or
       older with the -O2 or higher optimization.


Changes with Angie 1.0.0                                         27 Oct 2022

    *) Feature: the "api" directive, that provides HTTP RESTful interface
       for accessing in JSON format basic information about a web server
       instance, as well as metrics of client connections, shared memory
       zones, DNS queries, HTTP requests, HTTP responses cache, TCP/UDP
       sessions of "stream" module, and zones of "limit_conn/limit_req"
       modules.

    *) Feature: the "status_zone" directive in "http" module for specifying
       zone to collect request metrics in "server" and "location" contexts.

    *) Feature: the "status_zone" directive in "stream" module for
       specifying zone to collect TCP/UDP session metrics.

    *) Feature: the "status_zone" parameter of the "resolver" directive for
       specifying zone to collect metrics on DNS queries.

    *) Feature: the $angie_version variable with version of Angie.

    *) Feature: all functionality of nginx 1.23.2.

