Release Date : 2021-09-28
Base OSS Version : 1.21.3
Feature Release
- JWT authentication:
- support for signed and then encrypted Nested JWT with the
nestedparameter of the auth_jwt_type directive - additional conditions for JWT validation can be specified with the auth_jwt_require directive
- the $jwt_payload variable that returns either enclosed JWS token for Nested JWT, or JSON with claims for JWE
- now it is possible to have multiple auth_jwt_key_file and auth_jwt_key_request directives within the same context
- asymmetric RSA-OAEP cryptographic algorithms for JWE
- support for signed and then encrypted Nested JWT with the
- API version 7: HTTP status code statistics are now collected per-code, in addition to aggregation per-class, for upstreams, server zones, and location zones
- Stream health checks: introduced the persistent parameter in the health_check directive that enables persistence of mandatory health check status during configuration reload
- TCP Fast Open support with the
fastopenparameter of the listen directive in the stream module - Mail proxy:
- the number of errors before closing the connection can be specified with the max_errors directive to mitigate against ALPACA attack
- support for POP3 and IMAP pipelining
- the
Auth-SSL-ProtocolandAuth-SSL-Cipherheader lines are now passed to the mail proxy authentication server
- Security hardening of HTTP request parsing. NGINX Plus will return an error if:
- spaces or control characters are found in the request line, header names, or the
Hostrequest header line - the
CONNECTmethod is used - both
Content-LengthandTransfer-Encodingheader lines are present in the request
- spaces or control characters are found in the request line, header names, or the
- Request body filters API now permits buffering of the data being processed.
- Support for dynamic SSL certificate loading for http, grpc, and uwsgi backends
NGINX Plus R25 is supported on:
- Alpine Linux 3.11, 3.12, 3.13, 3.14
- Amazon Linux 2 LTS
- CentOS 7.4+, 8.0+
- Debian 10, 11
- FreeBSD 12.1+, 13
- Oracle Linux 7.4+
- RHEL 7.4+, 8.0+
- SUSE Linux Enterprise Server 12 SP5, 15 SP2
- Ubuntu 18.04 LTS, 20.04 LTS
Notes:
- Alpine 3.14 is new in this release
- Alpine 3.10 is no longer supported
- Amazon Linux (2018.03+) is no longer supported
- Debian 11 is new in this release
- FreeBSD 11.4+ is no longer supported
- Ubuntu 16.04 is no longer supported