Web servers
Apache logo

2.4.25

20 Dec 2016
Nginx logo

1.10.2

18 Oct 2016
Recent versions on your page

Add code to your page to track the latest versions of software:

<a href="http://www.recentversions.com"><img src="http://recentversions.com/­widget/web-servers" alt="recentversions.com" /> </a>
Latest releases

Apache 2.4.17 has been released

  • mod_http2: added donated HTTP/2 implementation via core module. Similar configuration options to mod_ssl. [Stefan Eissing]
  • mod_proxy: don't recyle backend announced "Connection: close" connections to avoid reusing it should the close be effective after some new request is ready to be sent. [Yann Ylavic]
  • mod_substitute: Allow to configure the patterns merge order with the new SubstituteInheritBefore on|off directive. PR 57641 [Marc.Stern , Yann Ylavic, William Rowe]
  • mod_proxy: Fix ProxySourceAddress binding failure with AH00938. PR 56687. [Arne de Bruijn
  • mod_ssl: Support compilation against libssl built with OPENSSL_NO_SSL3, and change the compiled-in default for SSL[Proxy]Protocol to "all -SSLv3", in accordance with RFC 7568. PR 58349, PR 57120. [Kaspar Brand]
  • mod_ssl: append :!aNULL:!eNULL:!EXP to the cipher string settings, instead of prepending !aNULL:!eNULL:!EXP: (as was the case in 2.4.7 and later). Enables support for configuring the SUITEB* cipher strings introduced in OpenSSL 1.0.2. PR 58213. [Kaspar Brand]
  • mod_ssl: Add support for extracting the msUPN and dnsSRV forms of subjectAltName entries of type "otherName" into SSL_{CLIENT,SERVER}_SAN_OTHER_{msUPN,dnsSRV}_n environment variables. Addresses PR 58020. [Jan Pazdziora , Kaspar Brand]
  • mod_logio: Fix logging of %^FB (time to first byte) on the first request on an SSL connection. PR 58454. [Konstantin J. Chernov ]
  • mod_cache: r->err_headers_out is not merged into r->headers when mod_cache is enabled and the response is cached for the first time. [Edward Lu]
  • mod_slotmem_shm: Fix slots/SHM files names on restart for systems that can't create new (clear) slots while previous children gracefully stopping still use the old ones (e.g. Windows, OS2). mod_proxy_balancer failed to restart whenever the number of configured balancers/members changed during restart. PR 58024. [Yann Ylavic]
  • core/util_script: make REDIRECT_URL a full URL. PR 57785. [Nick Kew]
  • MPMs: Support SO_REUSEPORT to create multiple duplicated listener records for scalability. [Yingqi Lu , Jeff Trawick, Jim Jagielski, Yann Ylavic]
  • mod_proxy: Fix a race condition that caused a failed worker to be retried before the retry period is over. [Ruediger Pluem]
  • mod_autoindex: Allow autoindexes when neither mod_dir nor mod_mime are loaded. [Eric Covener]
  • mod_rewrite: Allow cookies set by mod_rewrite to contain ':' by accepting ';' as an alternate separator. PR47241. [ , Eric Covener]
  • apxs: Add HTTPD_VERSION and HTTPD_MMN to the variables available with apxs -q. PR58202. [Daniel Shahaf ]
  • mod_rewrite: Avoid a crash when lacking correct DB access permissions when using RewriteMap with MapType dbd or fastdbd. [Christophe Jaillet]
  • mod_authz_dbd: Avoid a crash when lacking correct DB access permissions. PR 57868. [Jose Kahan , Yann Ylavic]
  • mod_socache_memcache: Add the 'MemcacheConnTTL' directive to control how long to keep idle connections with the memcache server(s). Change default value from 600 usec (!) to 15 sec. PR 58091 [Christophe Jaillet]
  • mod_dir: Prevent the internal identifier "httpd/unix-directory" from appearing as a Content-Type response header when requests for a directory are rewritten by mod_rewrite. [Eric Covener]

Apache logo

Apache 2.4.16 has been released

  • http: Fix LimitRequestBody checks when there is no more bytes to read. [Michael Kaufmann ]
  • mod_alias: Revert expression parser support for Alias, ScriptAlias and Redirect due to a regression (introduced in 2.4.13, not released).
  • mod_reqtimeout: Don't let pipelining checks and keep-alive times interfere with the timeouts computed for subsequent requests. PR 56729. [Eric Covener, Yann Ylavic]
  • core: Avoid a possible truncation of the faulty header included in the HTML response when LimitRequestFieldSize is reached. [Yann Ylavic]
  • mod_ldap: In some case, LDAP_NO_SUCH_ATTRIBUTE could be returned instead of an error during a compare operation. [Eric Covener]

Apache logo

Nginx 1.7.12 has been released

  • Feature: now the "tcp_nodelay" directive works with backend SSL
  • connections.
  • Feature: now thread pools can be used to read cache file headers.
  • Bugfix: in the "proxy_request_buffering" directive.
  • Bugfix: a segmentation fault might occur in a worker process when
  • using thread pools on Linux.
  • Bugfix: in error handling when using the "ssl_stapling" directive.
  • Thanks to Filipe da Silva.
  • Bugfix: in the ngx_http_spdy_module.

Nginx logo

Nginx 1.7.11 has been released

  • Change: the "sendfile" parameter of the "aio" directive is
  • deprecated; now nginx automatically uses AIO to pre-load data for
  • sendfile if both "aio" and "sendfile" directives are used.
  • Feature: experimental thread pools support.
  • Feature: the "proxy_request_buffering", "fastcgi_request_buffering",
  • "scgi_request_buffering", and "uwsgi_request_buffering" directives.
  • Feature: request body filters experimental API.
  • Feature: client SSL certificates support in mail proxy.
  • Thanks to Sven Peter, Franck Levionnois, and Filipe Da Silva.
  • Feature: startup speedup when using the "hash ... consistent"
  • directive in the upstream block.
  • Thanks to Wai Keen Woon.
  • Feature: debug logging into a cyclic memory buffer.
  • Bugfix: in hash table handling.
  • Thanks to Chris West.
  • Bugfix: in the "proxy_cache_revalidate" directive.
  • Bugfix: SSL connections might hang if deferred accept or the
  • "proxy_protocol" parameter of the "listen" directive were used.
  • Thanks to James Hamlin.
  • Bugfix: the $upstream_response_time variable might contain a wrong
  • value if the "image_filter" directive was used.
  • Bugfix: in integer overflow handling.
  • Thanks to RĂ©gis Leroy.
  • Bugfix: it was not possible to enable SSLv3 with LibreSSL.
  • Bugfix: the "ignoring stale global SSL error ... called a function
  • you should not call" alerts appeared in logs when using LibreSSL.
  • Bugfix: certificates specified by the "ssl_client_certificate" and
  • "ssl_trusted_certificate" directives were inadvertently used to
  • automatically construct certificate chains.

Nginx logo

Nginx 1.7.10 has been released

  • Feature: the "use_temp_path" parameter of the "proxy_cache_path",
  • "fastcgi_cache_path", "scgi_cache_path", and "uwsgi_cache_path"
  • directives.
  • Feature: the $upstream_header_time variable.
  • Workaround: now on disk overflow nginx tries to write error logs once
  • a second only.
  • Bugfix: the "try_files" directive did not ignore normal files while
  • testing directories.
  • Thanks to Damien Tournoud.
  • Bugfix: alerts "sendfile() failed" if the "sendfile" directive was
  • used on OS X; the bug had appeared in 1.7.8.
  • Bugfix: alerts "sem_post() failed" might appear in logs.
  • Bugfix: nginx could not be built with musl libc.
  • Thanks to James Taylor.
  • Bugfix: nginx could not be built on Tru64 UNIX.
  • Thanks to Goetz T. Fischer.

Nginx logo

Nginx 1.7.9 has been released

  • Feature: variables support in the "proxy_cache", "fastcgi_cache",
  • "scgi_cache", and "uwsgi_cache" directives.
  • Feature: variables support in the "expires" directive.
  • Feature: loading of secret keys from hardware tokens with OpenSSL
  • engines.
  • Thanks to Dmitrii Pichulin.
  • Feature: the "autoindex_format" directive.
  • Bugfix: cache revalidation is now only used for responses with 200
  • and 206 status codes.
  • Thanks to Piotr Sikora.
  • Bugfix: the "TE" client request header line was passed to backends
  • while proxying.
  • Bugfix: the "proxy_pass", "fastcgi_pass", "scgi_pass", and
  • "uwsgi_pass" directives might not work correctly inside the "if" and
  • "limit_except" blocks.
  • Bugfix: the "proxy_store" directive with the "on" parameter was
  • ignored if the "proxy_store" directive with an explicitly specified
  • file path was used on a previous level.
  • Bugfix: nginx could not be built with BoringSSL.
  • Thanks to Lukas Tribus.

Nginx logo

Nginx 1.7.8 has been released

  • Change: now the "If-Modified-Since", "If-Range", etc. client request
  • header lines are passed to a backend while caching if nginx knows in
  • advance that the response will not be cached (e.g., when using
  • proxy_cache_min_uses).
  • Change: now after proxy_cache_lock_timeout nginx sends a request to a
  • backend with caching disabled; the new directives
  • "proxy_cache_lock_age", "fastcgi_cache_lock_age",
  • "scgi_cache_lock_age", and "uwsgi_cache_lock_age" specify a time
  • after which the lock will be released and another attempt to cache a
  • response will be made.
  • Change: the "log_format" directive can now be used only at http
  • level.
  • Feature: the "proxy_ssl_certificate", "proxy_ssl_certificate_key",
  • "proxy_ssl_password_file", "uwsgi_ssl_certificate",
  • "uwsgi_ssl_certificate_key", and "uwsgi_ssl_password_file"
  • directives.
  • Thanks to Piotr Sikora.
  • Feature: it is now possible to switch to a named location using
  • "X-Accel-Redirect".
  • Thanks to Toshikuni Fukaya.
  • Feature: now the "tcp_nodelay" directive works with SPDY connections.
  • Feature: new directives in vim syntax highliting scripts.
  • Thanks to Peter Wu.
  • Bugfix: nginx ignored the "s-maxage" value in the "Cache-Control"
  • backend response header line.
  • Thanks to Piotr Sikora.
  • Bugfix: in the ngx_http_spdy_module.
  • Thanks to Piotr Sikora.
  • Bugfix: in the "ssl_password_file" directive when using OpenSSL
  • 0.9.8zc, 1.0.0o, 1.0.1j.
  • Bugfix: alerts "header already sent" appeared in logs if the
  • "post_action" directive was used; the bug had appeared in 1.5.4.
  • Bugfix: alerts "the http output chain is empty" might appear in logs
  • if the "postpone_output 0" directive was used with SSI includes.
  • Bugfix: in the "proxy_cache_lock" directive with SSI subrequests.
  • Thanks to Yichun Zhang.

Nginx logo

Nginx 1.7.7 has been released

  • Change: now nginx takes into account the "Vary" header line in a
  • backend response while caching.
  • Feature: the "proxy_force_ranges", "fastcgi_force_ranges",
  • "scgi_force_ranges", and "uwsgi_force_ranges" directives.
  • Feature: the "proxy_limit_rate", "fastcgi_limit_rate",
  • "scgi_limit_rate", and "uwsgi_limit_rate" directives.
  • Feature: the "Vary" parameter of the "proxy_ignore_headers",
  • "fastcgi_ignore_headers", "scgi_ignore_headers", and
  • "uwsgi_ignore_headers" directives.
  • Bugfix: the last part of a response received from a backend with
  • unbufferred proxy might not be sent to a client if "gzip" or "gunzip"
  • directives were used.
  • Bugfix: in the "proxy_cache_revalidate" directive.
  • Thanks to Piotr Sikora.
  • Bugfix: in error handling.
  • Thanks to Yichun Zhang and Daniil Bondarev.
  • Bugfix: in the "proxy_next_upstream_tries" and
  • "proxy_next_upstream_timeout" directives.
  • Thanks to Feng Gu.
  • Bugfix: nginx/Windows could not be built with MinGW-w64 gcc.
  • Thanks to Kouhei Sutou.

Nginx logo

Nginx 1.7.6 has been released

  • Change: the deprecated "limit_zone" directive is not supported
  • anymore.
  • Feature: the "limit_conn_zone" and "limit_req_zone" directives now
  • can be used with combinations of multiple variables.
  • Bugfix: request body might be transmitted incorrectly when retrying a
  • FastCGI request to the next upstream server.
  • Bugfix: in logging to syslog.

Nginx logo

Nginx 1.7.5 has been released

  • Security: it was possible to reuse SSL sessions in unrelated contexts
  • if a shared SSL session cache or the same TLS session ticket key was
  • used for multiple "server" blocks (CVE-2014-3616).
  • Thanks to Antoine Delignat-Lavaud.
  • Change: now the "stub_status" directive does not require a parameter.
  • Feature: the "always" parameter of the "add_header" directive.
  • Feature: the "proxy_next_upstream_tries",
  • "proxy_next_upstream_timeout", "fastcgi_next_upstream_tries",
  • "fastcgi_next_upstream_timeout", "memcached_next_upstream_tries",
  • "memcached_next_upstream_timeout", "scgi_next_upstream_tries",
  • "scgi_next_upstream_timeout", "uwsgi_next_upstream_tries", and
  • "uwsgi_next_upstream_timeout" directives.
  • Bugfix: in the "if" parameter of the "access_log" directive.
  • Bugfix: in the ngx_http_perl_module.
  • Thanks to Piotr Sikora.
  • Bugfix: the "listen" directive of the mail proxy module did not allow
  • to specify more than two parameters.
  • Bugfix: the "sub_filter" directive did not work with a string to
  • replace consisting of a single character.
  • Bugfix: requests might hang if resolver was used and a timeout
  • occurred during a DNS request.
  • Bugfix: in the ngx_http_spdy_module when using with AIO.
  • Bugfix: a segmentation fault might occur in a worker process if the
  • "set" directive was used to change the "$http_...", "$sent_http_...",
  • or "$upstream_http_..." variables.
  • Bugfix: in memory allocation error handling.
  • Thanks to Markus Linnala and Feng Gu.

Nginx logo

Nginx 1.7.4 has been released

  • Security: pipelined commands were not discarded after STARTTLS
  • command in SMTP proxy (CVE-2014-3556); the bug had appeared in 1.5.6.
  • Thanks to Chris Boulton.
  • Change: URI escaping now uses uppercase hexadecimal digits.
  • Thanks to Piotr Sikora.
  • Feature: now nginx can be build with BoringSSL and LibreSSL.
  • Thanks to Piotr Sikora.
  • Bugfix: requests might hang if resolver was used and a DNS server
  • returned a malformed response; the bug had appeared in 1.5.8.
  • Bugfix: in the ngx_http_spdy_module.
  • Thanks to Piotr Sikora.
  • Bugfix: the $uri variable might contain garbage when returning errors
  • with code 400.
  • Thanks to Sergey Bobrov.
  • Bugfix: in error handling in the "proxy_store" directive and the
  • ngx_http_dav_module.
  • Thanks to Feng Gu.
  • Bugfix: a segmentation fault might occur if logging of errors to
  • syslog was used; the bug had appeared in 1.7.1.
  • Bugfix: the $geoip_latitude, $geoip_longitude, $geoip_dma_code, and
  • $geoip_area_code variables might not work.
  • Thanks to Yichun Zhang.
  • Bugfix: in memory allocation error handling.
  • Thanks to Tatsuhiko Kubo and Piotr Sikora.

Nginx logo