Published The release of the main branch nginx 1.29.8, in which the development of new features continues. The parallel supported stable branch 1.28.x contains only changes related to the elimination of serious bugs and vulnerabilities. In the future, based on the main branch 1.29.x, a stable branch 1.30 will be formed. The project code is written in C and distributed under the BSD license.
In new release:
- Added directive max_headers, which limits the maximum number of HTTP headers in a request. If the limit is exceeded, error 400 (Bad Request) is returned. The feature has been moved from FreeNginx.
- Compatibility with the OpenSSL 4.0 library is ensured, which is at the alpha testing stage.
- Allowed to use masks in the “include” directive specified inside the block “geo”.
- Fixed a bug in processing HTTP responses with code 103 (Early Hints) returned by the proxied backend.
- Fixed non-setting of the $request_port and $is_request_port variables in subqueries.
Additionally, you can note the publication of the release of the project FreeNginx 1.29.8, which develops a fork of Nginx. The fork is being developed by Maxim Dunin, one of the key Nginx developers. FreeNginx is positioned as a non-profit project that provides development of the Nginx code base without corporate intervention. FreeNginx code continues to be released under the BSD license. The new version provides compatibility with OpenSSL 4.0. Fixed a buffer overflow (CVE-2026-27654) in the ngx_http_dav_module