Release Date : 2021-09-28

Base OSS Version : 1.21.3

Feature Release

  • JWT authentication:
    • support for signed and then encrypted Nested JWT with the nested parameter of the auth_jwt_type directive
    • additional conditions for JWT validation can be specified with the auth_jwt_require directive
    • the $jwt_payload variable that returns either enclosed JWS token for Nested JWT, or JSON with claims for JWE
    • now it is possible to have multiple auth_jwt_key_file and auth_jwt_key_request directives within the same context
    • asymmetric RSA-OAEP cryptographic algorithms for JWE
  • API version 7: HTTP status code statistics are now collected per-code, in addition to aggregation per-class, for upstreams, server zones, and location zones
  • Stream health checks: introduced the persistent parameter in the health_check directive that enables persistence of mandatory health check status during configuration reload
  • TCP Fast Open support with the fastopen parameter of the listen directive in the stream module
  • Mail proxy:
    • the number of errors before closing the connection can be specified with the max_errors directive to mitigate against ALPACA attack
    • support for POP3 and IMAP pipelining
    • the Auth-SSL-Protocol and Auth-SSL-Cipher header lines are now passed to the mail proxy authentication server
  • Security hardening of HTTP request parsing. NGINX Plus will return an error if:
    • spaces or control characters are found in the request line, header names, or the Host request header line
    • the CONNECT method is used
    • both Content-Length and Transfer-Encoding header lines are present in the request
  • Request body filters API now permits buffering of the data being processed.
  • Support for dynamic SSL certificate loading for http, grpc, and uwsgi backends

NGINX Plus R25 is supported on:

  • Alpine Linux 3.11, 3.12, 3.13, 3.14
  • Amazon Linux 2 LTS
  • CentOS 7.4+, 8.0+
  • Debian 10, 11
  • FreeBSD 12.1+, 13
  • Oracle Linux 7.4+
  • RHEL 7.4+, 8.0+
  • SUSE Linux Enterprise Server 12 SP5, 15 SP2
  • Ubuntu 18.04 LTS, 20.04 LTS


  • Alpine 3.14 is new in this release
  • Alpine 3.10 is no longer supported
  • Amazon Linux (2018.03+) is no longer supported
  • Debian 11 is new in this release
  • FreeBSD 11.4+ is no longer supported
  • Ubuntu 16.04 is no longer supported