| CARVIEW |
Select Language
HTTP/2 200
date: Mon, 28 Jul 2025 04:11:15 GMT
content-type: text/html; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, X-Requested-With,Accept-Encoding, Accept, X-Requested-With
etag: W/"62cfb8d3448dbea3044dccfd92862a64"
cache-control: max-age=0, private, must-revalidate
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com release-assets.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com copilotprodattachments.blob.core.windows.net/github-production-copilot-attachments/ github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/
server: github.com
content-encoding: gzip
accept-ranges: bytes
set-cookie: _gh_sess=Z4a%2BsCuUTRJ3oe4l9ADP%2FdyaWl4%2FgHls6orZC%2BPjSXxSs0aM5yd4d4lTwOINfp%2FAoRmwtyGVLb2OYV0kSEt0BhyBqBicDIhcaINrNXxoh1yWzaHAcG8b4vp5EuelyNKp%2Fc26HdlBarSDxRcxC%2FIxSbrJSvp9IqlRa1S1TZY9DBEUIGt9dMHXY2GeYgGnXfWnP7vgg0Ncb%2FwbH4bYZ8zPFppWuCwBM%2FbQg%2BU1EZjLfrp0FkgmECHza9jrg7YF0AEn8mzsZoMQCz%2F4axqj0jyJUg%3D%3D--BcPzh7Bw1Q3R9lHu--u3bN%2Fu6q9NIiAckzBZYrpQ%3D%3D; Path=/; HttpOnly; Secure; SameSite=Lax
set-cookie: _octo=GH1.1.136308000.1753675875; Path=/; Domain=github.com; Expires=Tue, 28 Jul 2026 04:11:15 GMT; Secure; SameSite=Lax
set-cookie: logged_in=no; Path=/; Domain=github.com; Expires=Tue, 28 Jul 2026 04:11:15 GMT; HttpOnly; Secure; SameSite=Lax
x-github-request-id: 922C:1AFF47:1357ADA:19B4BD1:6886F863
Release release-1.28.0 Β· nginx/nginx Β· GitHub
Loading
Skip to content
Navigation Menu
{{ message }}
-
Notifications
You must be signed in to change notification settings - Fork 7.4k
release-1.28.0
Compare
nginx-1.28.0 stable version has been released, incorporating new features and bug fixes from the 1.27.x mainline branch β including memory usage and CPU usage optimizations in complex SSL configurations, automatic reβresolution of hostnames in upstream groups, performance enhancements in QUIC, OCSP validation of client SSL certificates and OCSP stapling support in the stream module, variables support in the proxy_limit_rate, fastcgi_limit_rate, scgi_limit_rate, and uwsgi_limit_rate directives, the proxy_pass_trailers directive, and more.
Below is a release summary generated by GitHub.
What's Changed
- Hg to git transition by @arut in #112
- Added Code of Conduct by @Maryna-f5 in #105
- Added security policy by @Maryna-f5 in #108
- Added contributing guidelines by @Maryna-f5 in #107
- Added templates by @Maryna-f5 in #117
- Added CI based on GitHub Actions. by @thresheek in #114
- Update Typo in win-utf by @shaikhyaser in #123
- Proxy: proxy_pass_trailers directive. by @pluknet in #153
- SSL: optional ssl_client_certificate for ssl_verify_client. by @praveen-li in #143
- Added new primary README.md file. by @mtbChef in #165
- fix typo of bpf makefile debug option by @tzssangglass in #141
- SSL object cache by @pluknet in #140
- release-1.27.2 by @pluknet in #235
- Version bump. by @pluknet in #242
- Quic: prevent invalid stream frame retransmissions by @nandsky in #230
- Adding missing files from recent pcre2 library by @thierryba in #248
- Security: Update SECURITY.md by @jzebor-at-f5 in #254
- SSL: disabled TLSv1 and TLSv1.1 by default. by @pluknet in #252
- Upstream: re-resolvable servers by @bavshin-f5 in #208
- SSL: fixed MSVC compilation after ebd18ec. by @arut in #312
- "set by ngx_pcalloc" comments update by @pluknet in #247
- GitHub: Fix link to Contributing Guidelines by @callahad in #129
- Core: change TCP keepalive from ms to seconds on DragonFly BSD by @panjf2000 in #258
- SSL: error message default in object caching API. by @pluknet in #333
- Issue #330 missing double quote. by @nmentz in #339
- Mp4 stsc atom fixes by @arut in #345
- TLS default protocol versions fixup. by @pluknet in #327
- QUIC: prevented BIO leak in case of error. by @arut in #348
- Upstream: disallow empty path in proxy_store and friends. by @pluknet in #344
- QUIC: constant initialization by @pluknet in #243
- Allowed square brackets with portless IPv6 address. by @arut in #318
- Mail: handling of CAPABILITY in the LOGIN IMAP command. by @pluknet in #276
- nginx-1.27.3-RELEASE by @pluknet in #356
- Version bump. by @arut in #361
- QUIC: fixed client request timeout in 0-RTT scenarios. by @nandsky in #353
- Updated security policy to clarify experimental features by @jzebor-at-f5 in #404
- QUIC: ignore version negotiation packets. by @arut in #411
- QUIC: fixed accessing a released stream. by @arut in #413
- Year 2025. by @arut in #433
- Gzip: compatibility with recent zlib-ng 2.2.x versions. by @pluknet in #403
- On range failure, log expected range. by @aractnido in #346
- SSL cache part 2 by @pluknet in #287
- Upstream: fix NGX_COMPAT build without NGX_HTTP_SSL after 454ad0e. by @p-pautov in #463
- QUIC: added missing casts in iov_base assignments. by @bavshin-f5 in #479
- Configure: fixed --with-libatomic=DIR with recent libatomic_ops. by @pluknet in #460
- Misc: moved documentation in release tarballs. by @pluknet in #377
- Added "keepalive_min_timeout" directive. by @arut in #456
- SNI: added restriction for TLSv1.3 cross-SNI session resumption. by @pluknet in #493
- nginx-1.27.4-RELEASE by @pluknet in #494
- Version bump. by @pluknet in #530
- Core: fix build without libcrypt by @orgads in #514
- Configure: MSVC compatibility with PCRE2 10.45. by @thierryba in #527
- Add gitignore file. by @orgads in #518
- Fixed request counting with subrequests in case of error. by @pluknet in #515
- SSL: workaround for saving big sessions from upstream servers by @pluknet in #536
- Slice filter: improved memory allocation error handling. by @pluknet in #552
- Charset filter: improved validation of charset_map with utf-8. by @pluknet in #553
- Upstream: fixed passwords support for dynamic certificates. by @pluknet in #528
- SSL: external groups support in $ssl_curve and $ssl_curves. by @pluknet in #609
- CUBIC congestion control in QUIC by @arut in #443
- nginx-1.27.5-RELEASE by @pluknet in #625
- stable-1.28 by @pluknet in #647
New Contributors
- @Maryna-f5 made their first contribution in #105
- @thresheek made their first contribution in #114
- @shaikhyaser made their first contribution in #123
- @praveen-li made their first contribution in #143
- @tzssangglass made their first contribution in #141
- @thierryba made their first contribution in #248
- @jzebor-at-f5 made their first contribution in #254
- @callahad made their first contribution in #129
- @panjf2000 made their first contribution in #258
- @nmentz made their first contribution in #339
- @aractnido made their first contribution in #346
- @p-pautov made their first contribution in #463
- @orgads made their first contribution in #514
Full Changelog: release-1.26.3...release-1.28.0
Contributors
callahad, arut, and 16 other contributors
Assets 6
36 people reacted
You canβt perform that action at this time.