Announcing OpenResty 1.31.1.1 – Latest Release Now Available!

[Junlong Li]

On behalf of the OpenResty team,  I am happy to announce the new formal release, 1.31.1.1, of the OpenResty web platform based on NGINX and LuaJIT.

Download this version here.

The (portable) source code distribution and the pre-built binary Linux packages for Ubuntu, Debian, Fedora, CentOS, RHEL, OpenSUSE, Amazon Linux are provided on this Download page.

Version highlights

Nginx core

• upgraded from nginx 1.29.2 to 1.31.1.

OpenSSL

• upgraded from version 3.5.5 to 3.5.6.

upgraded lua-nginx-module to v0.10.31

• feature: add ffi ngx_http_lua_ffi_socket_tcp_get_ssl_pointer() and ffi ngx_http_lua_ffi_socket_tcp_get_ssl_ctx(). Thanks lijunlong for the patch.
• feature: add new API: tcpsock:getsslsession. Thanks lijunlong for the patch.
• feature: add ngx_http_lua_ffi_get_upstream_ssl_pointer. Thanks lijunlong for the patch.
• feature: add precontent_by_lua directives. Thanks Hanada for the patch.
• feature: add server random and master key fetch api. Thanks xiangwei for the patch.
• feature: add socket options keepintvl and keepcnt for tcp. Thanks lijunlong for the patch.
• feature: proxy_ssl_verify_by_lua* directives. Thanks willmafh for the patch.
• feature: support custom trusted CA store for cosocket TLS handshake. (#2495) Thanks Walker Zhao for the patch.
• bugfix: add dump in nginx -T. Thanks Y.Horie for the patch.
• bugfix: clear wait timer in ngx_http_lua_pipe_proc_wait_cleanup to prevent SIGSEGV on QUIC connection close. Thanks Jun Ouyang for the patch.
• bugfix: fix the compatibility issue for freenginx. Thanks Y.Horie for the patch.
• bugfix: fixed typo in config. Thanks xuruidong for the patch.
• bugfix: prevent NULL dereference in SSL cache by ensuring old_cycle is set. Thanks Jun Ouyang for the patch.
• bugfix: prevent SIGSEGV in event timer rbtree during worker shutdown. Thanks Gabriel Clima for the patch.
• bugfix: prevent use-after-free crash in ngx_http_lua_pipe by ensuring connections are closed before pool destruction in quic connection close path. Thanks Jun Ouyang for the patch.
• bugfix: prevent uthread crash by checking coroutine reference before deletion. Thanks Jun Ouyang for the patch.
• change: allow table for multiple values in ngx.header['WWW-Authenticate']. Thanks BotoX for the patch.
• optimize: add compatibility for freenginx. Thanks Sergey A. Osokin for the patch.
• optimize: add upstream server information to the error log of cosocket. Thanks lijunlong for the patch.
• test: fix flaky test at boringssl environment. Thanks Jun Ouyang for the patch.
• test: add dnsmasq in ci to avoid flaky test. Thanks Y.Horie for the patch.
• doc: fix unencoded characters with ngx.escape_uri. Thanks Y.Horie for the patch.
• doc: fixed typo. Thanks leslie for the patch.
• doc: typo fixes and delete incorrect statements. Thanks willmafh for the patch.
• doc: update copyright. Thanks lijunlong for the patch.
• doc: update context for ngx.req.http_version and ngx.req.raw_header to include log_by_lua. Thanks kurt for the patch.

upgraded stream-lua-nginx-module to v0.0.19

• feature: add ffi api ngx_stream_lua_ffi_socket_tcp_getfd. Thanks lijunlong for the patch.
• feature: add ffi functions ngx_stream_lua_ffi_socket_tcp_get_ssl_pointer() and ngx_stream_lua_ffi_socket_tcp_get_ssl_ctx(). Thanks lijunlong for the patch.
• feature: add new API: tcpsock:get_ssl_session. Thanks lijunlong for the patch.
• feature: add ngx_stream_lua_ffi_get_upstream_ssl_pointer. Thanks lijunlong for the patch.
• feature: add reuseport for binding local port for udp cosocket. Thanks lijunlong for the patch.
• feature: add socket options keepintvl and keepcnt for tcp. Thanks lijunlong for the patch.
• feature: implement serversslhandshake method on downstream sockets (#392). Thanks Rob Mueller for the patch.
• feature: proxy_ssl_certificate_by_lua directives. Thanks willmafh for the patch.
• feature: support custom trusted CA store for cosocket TLS handshake. (#401) Thanks Walker Zhao for the patch.
• optimize: add compatibility for freenginx. Thanks Sergey A. Osokin for the patch.
• optimize: add upstream server information to the error log of cosocket. Thanks lijunlong for the patch.
• bugfix: didn't close cosocket when nginx shutdown timer has been triggered. Thanks lijunlong for the patch.
• bugfix: prevent uthread crash by checking coroutine reference before deletion. Thanks Jun Ouyang for the patch.
• bugfix: suppress clang warning. Thanks lijunlong for the patch.

upgraded lua-resty-core to v0.1.34rc2

• feature: add fetch server random and master key lua api. Thanks mengxiangwei for the patch.
• feature: add new API: tcpsock:getsslsession. Thanks lijunlong for the patch.
• feature: add precontent_by_lua directives. Thanks Hanada for the patch.
• feature: add socket options keepintvl and keepcnt for tcp. Thanks lijunlong for the patch.
• feature: add sock:getsslpointer() and sock:getsslctx(). Thanks lijunlong for the patch.
• feature: add ssl.get_upstream_ssl_pointer. Thanks lijunlong for the patch.
• feature: add tcpsock.getfd() for stream subsystem. Thanks lijunlong for the patch.
• feature: add tcpsock:settrustedstore() for per-handshake trusted CAs. Thanks Walker Zhao for the patch.
• feature: proxy_ssl_certificate_by_lua directives. Thanks willmafh for the patch.
• feature: support tcpsock:settrustedstore() for stream subsystem. Thanks Walker Zhao for the patch.
• feature: update versions of ngx-lua and stream-ngx-lua. Thanks lijunlong for the patch.
• optimize: more detail error message when loading wrong lua-nginx-module. Thanks lijunlong for the patch.
• bugfix: failed to load socket.lua when building without ssl. Thanks lijunlong for the patch.
• bugfix: fixed typo. Thanks lijunlong for the patch.
• doc: update copyright. Thanks lijunlong for the patch.
• style: typo fixes. Thanks Chrono for the patch.

upgraded luajit2 to v2.1-20260415

• Add ffi.abi("dualnum"). Thanks Mike Pall for the patch.
• Allow mcode allocations outside of the jump range to the support code. Thanks Mike Pall for the patch.
• ARM64: Enable unaligned accesses if indicated by the toolchain. Thanks Mike Pall for the patch.
• ARM64: Fix disassembly of >2GB branch targets. Thanks Mike Pall for the patch.
• ARM64: Fix disassembly of certain sub-word-size loads/stores. Thanks Mike Pall for the patch.
• ARM64: More fixes for ARM BTI. Thanks Mike Pall for the patch.
• Avoid recording interference due to invocation of VM hooks. Thanks Mike Pall for the patch.
• Avoid use of subnormals for internal registry keys. Thanks Mike Pall for the patch.
• Back out MSVC LJ_CONSTF declaration. Thanks Mike Pall for the patch.
• bcsave.lua: add ppc64 and ppc64le mappings. Thanks Piotr Kubaj for the patch.
• bugfix: failed to build with LUA_USE_TRACE_LOGS defined. Thanks lijunlong for the patch.
• DUALNUM: Add missing type conversion for FORI slots. Thanks Mike Pall for the patch.
• DUALNUM: Fix narrowing of unary minus. Thanks Mike Pall for the patch.
• DUALNUM: Fix recording of loops broken by previous change. Thanks Mike Pall for the patch.
• DUALNUM: Improve/fix edge cases of unary minus. Thanks Mike Pall for the patch.
• ELF/Mach-O: Force default visibility for public API functions. Thanks Mike Pall for the patch.
• FFI: Avoid dangling cts->L. Thanks Mike Pall for the patch.
• FFI: Fix constructor index resolution in JIT compiler. Thanks Mike Pall for the patch.
• FFI: Fix pointer difference operation on 64 bit platforms. Thanks Mike Pall for the patch.
• FFI: Shrink container of packed bitfield. Thanks Mike Pall for the patch.
• Fix compiler warning. Thanks Mike Pall for the patch.
• Fix edge cases when generating IR for string.byte/sub/find. Thanks Mike Pall for the patch.
• Fix edge cases when recording string.byte/sub. Thanks Mike Pall for the patch.
• Fix G->jit_base relocation on stack resize. Thanks Mike Pall for the patch.
• Fix minilua undefined behavior in bit.tohex. Thanks Mike Pall for the patch.
• Fix MSVC LJ_CONSTF declaration. Thanks Mike Pall for the patch.
• Fix string.format for limited precision FP conversions. Thanks Mike Pall for the patch.
• Fix VM event error handling for finalizers. Thanks Mike Pall for the patch.
• Ignore PDB files for git. Thanks Mike Pall for the patch.
• Implement double-to-integer conversions for s390x (#256). Thanks Ilya Leoshkevich for the patch.
• macOS: Change Mach-O object file layout required by XCode 15.0. Thanks Mike Pall for the patch.
• MIPS64: Avoid unaligned load in lj_vm_exit_interp. Thanks Mike Pall for the patch.
• PPC: Fix soft-float lj_num2u64(). Thanks Mike Pall for the patch.
• Prevent false positive sanitizer warning in unpack(). Thanks Mike Pall for the patch.
• Prevent recording of loops with -0 step or NaN values. Thanks Mike Pall for the patch.
• Prevent snapshot purge while recording a function header. Thanks Mike Pall for the patch.
• Remove compiler flag for FP conversions. Now unnecessary. Thanks Mike Pall for the patch.
• Remove pointless GCC/MSVC const function attributes. Thanks Mike Pall for the patch.
• Run VM events and finalizers in separate state. Thanks Mike Pall for the patch.
• s390x: simplify ceil/floor code (#246). Thanks J. Neuschäfer for the patch.
• Unify Lua number to FFI integer conversions. Thanks Mike Pall for the patch.
• x64/!LJ_GC64: The allocation limit is required for a no-JIT build, too. Thanks Mike Pall for the patch.
• x86/x64: Backport fix for math.min()/math.max() argument check. Thanks Mike Pall for the patch.

upgraded ngx_postgres to v1.1

• bugfix: recover postgres peer data when wrapped by another module. Thanks lijunlong for the patch.

lua-rds-parser

• added a .gitattributes file to correct GitHub's language tag. Thanks Yichun Zhang (agentzh) for the patch.
• feature: added travis-ci support. Thanks Ilya Shipitsin for the patch.
• made the README more pretty. Thanks Yichun Zhang (agentzh) for the patch.

upgraded xss-nginx-module to v0.07

• bugfix: fixed #22 module already loaded. Thanks lijunlong for the patch.
• feature: add dynamic build support. Thanks Su Yang for the patch.

upgraded lua-resty-mysql to v0.30

• feature: add support for ed25519. Thanks lijunlong for the patch.

form-input-nginx-module

• doc: nginx compatibility as far as 1.9.15. Thanks Yichun Zhang (agentzh) for the patch.

lua-resty-lock

• doc: correct package status in README.markdown. Thanks jumper047 for the patch.

upgraded echo-nginx-module to v0.64

• doc: update the release date and version in README.md. Thanks lijunlong for the patch.
• optimize: add compatibility for freenginx. Thanks lijunlong for the patch.

redis2-nginx-module

• doc: updated the nginx compatibility list. Thanks Yichun Zhang (agentzh) for the patch.
• doc: update README.markdown. Thanks Steve for the patch.
• travis: clone the lua-resty-core and lua-resty-lrucache repositories. Thanks Thibault Charbonnier for the patch.

lua-resty-websocket

• doc: fix typo in comments. Thanks harry-xm for the patch.

upgraded lua-upstream-nginx-module to v0.08

• bugfix: acquire rlock and wlock when needed. Thanks Aleksandr Tuliakov for the patch.
• dev: make sure we pass tests with nginx 1.13.6. Thanks Yichun Zhang (agentzh) for the patch.
• doc: get_upstreams() actually get implicit upstream created by proxy_pass, but doc said that was excluded. Thanks silence2014 for the patch.
• doc: small typo fixes in the docs for get_servers. Thanks chronolaw for the patch.
• doc: updated get_servers return value. Thanks Peter Zhu for the patch.
• travis: added nginx 1.13.6 to the test matrix. Thanks Yichun Zhang (agentzh) for the patch.
• travis: fixed build. Thanks Yichun Zhang (agentzh) for the patch.

upgraded lua-resty-upstream-healthcheck to v0.09

• optimize: update peers in case of using resolve directive. Thanks Aleksandr Tuliakov for the patch.

upgraded lua-resty-string to v0.17

• feature: add AES-256-CTR binding and reuse buffers. Thanks ^_^ for the patch.

upgraded lua-cjson to v2.1.0.17

• bugfix: fix truncation of decoded numbers outside lua_Integer's range (#116). Thanks James McCoy for the patch.
• feature: add option to allow comments in decode. Thanks skewb1k for the patch.
• feature: add option to indent encoded output. Thanks skewb1k for the patch.
• bugfix: warning for explicit pointer to int conversion. Thanks Deyan Dobromirov for the patch.
• optimize: rename cjson.decode_allow_comments to cjson.decode_allow_comment. Thanks lijunlong for the patch.

lua-resty-shell

• doc: add a description of the default value of the max_size parameter. Thanks lijunlong for the patch.
• README.md: add info about default timeout (#21). Thanks Jeffrey 'jf' Lim for the patch.

headers-more-nginx-module

• doc: fix syntax by adding a semicolon in README. Thanks Baba Boota for the patch.
• doc: update copyright. Thanks lijunlong for the patch.
• doc: update latest compatible nginx version. Thanks lijunlong for the patch.

set-misc-nginx-module

• doc: several typo fixes in README.markdown. Thanks willmafh for the patch.

upgraded drizzle-nginx-module to v0.1.13

• bugfix: stash peer data in module ctx to survive upstream wrappers. (#52) Thanks lijunlong for the patch.

Full Change logs

Complete change logs since the last (formal) release can be browsed in the page Change Log for 1.31.1.x.

Testing

We have run extensive testing on our Amazon EC2 test cluster and ensured that all the components (including the Nginx core) play well together. The latest test report can always be found here:

https://qa.openresty.org/

We also always run our OpenResty Edge commercial software based on the latest open source version of OpenResty in our own global CDN network (dubbed "mini CDN") powering our openresty.org and openresty.com websites. See https://openresty.com/ for more details.

Community Support

See the Community Page https://openresty.org/en/community.html. Commercial technical support and real-time noninvasive online monitoring and profiling solution is provided through the official OpenResty XRay product: https://openresty.com/en/xray/

Feedback

Feedback on this release is more than welcome. Feel free to create new GitHub issues ( https://github.com/openresty/openresty/issues ) or send emails to one of our mailing lists ( https://openresty.org/en/community.html#mailing-lists ).