
Changes with Angie 1.11.4                                        25 Mar 2026

    *) Security: TLS handshake with a client in the stream module might
       succeed despite OCSP rejecting the client certificate
       (CVE-2026-28755); the fix was ported from nginx 1.29.7.

    *) Security: a buffer overflow might occur in the DAV module while
       handling a COPY or MOVE request in a "location" with the "alias"
       directive, allowing an attacker to modify the source or destination
       path outside of the document root directory (CVE-2026-27654); the fix
       was ported from nginx 1.29.7.

    *) Security: processing of a specially crafted file by the MP4 module
       might cause a worker process crash, or might have potential other
       impact (CVE-2026-32647); the fix was ported from nginx 1.29.7.

    *) Security: processing of a specially crafted file by the MP4 module on
       32-bit platforms might cause a worker process crash, or might have
       potential other impact (CVE-2026-27784); the fix was ported from
       nginx 1.29.7.

    *) Security: when the Mail proxy module was used, an attacker using PTR
       DNS records could inject data in authentication HTTP requests, as
       well as in the XCLIENT command in the SMTP connection to the proxied
       server (CVE-2026-28753); the fix was ported from nginx 1.29.7.

    *) Security: if the CRAM-MD5 or APOP authentication methods were used in
       the Mail proxy module and authentication retry was enabled, then a
       worker process could crash (CVE-2026-27651); the fix was ported from
       nginx 1.29.7.

    *) Bugfix: rare system errors before the connection to the proxied
       server might affect the peer status correctness in HTTP and stream
       modules; they might also lead to the crash of a worker process in a
       stream module; the bug had appeared in 1.9.1.

    *) Bugfix: in configurations where the "proxy_http_version 3" and
       "proxy_set_header Host .." directives were inherited from the "http"
       block, outgoing HTTP/3 requests might be sent without the "Host"
       header.


Changes with Angie 1.11.3                                        06 Feb 2026

    *) Security: an attacker in a man-in-the-middle (MITM) position before a
       proxied server using HTTPS, given conditions beyond the attacker's
       control, could inject plaintext data into the response before the TLS
       handshake begins (CVE-2026-1642); the fix was ported from nginx
       1.29.5.


Changes with Angie 1.11.2                                        15 Jan 2026

    *) Bugfix: if BPF was disabled, HTTP/3 requests might fail with an error
       "[alert] sendmsg() failed (90: Message too large) while sending
       frames"; the bug had appeared in 1.11.0.

    *) Bugfix: HTTP/3 requests were not accepted when listening on an IPv6
       wildcard address with BPF enabled; the bug had appeared in 1.11.0.

    *) Bugfix: when a domain name was specified in the "docker_endpoint"
       directive, connections to the Docker API and updates of the upstream
       server groups didn't occur.


Changes with Angie 1.11.1                                        30 Dec 2025

    *) Change: now, if only port without IP is specified (default value) in
       the "acme_http_port" directive and there are "server" blocks
       listening on that port, HTTP challenge handling for the port in ACME
       is working only on the IP addresses configured in the "listen"
       directives of these blocks; there will be no attempt to listen on all
       IP addresses, like it was before; this makes configuration more
       flexible and prevents the issue with updating from previous versions
       with configurations where there were only "server" blocks listening
       on port 80 and particular IP addresses.

    *) Bugfix: HTTP/2 requests were not counted in server zone statistics;
       the bug had appeared in 1.11.0.

    *) Bugfix: when an ACME client was disabled in the configuration and had
       no previously obtained certificate, a statistics API request for that
       client could crash a worker process.

    *) Bugfix: if the "$http_host" or "$cookie_*" variables were used as
       keys in the "status_zone" directive within the "server" block, HTTP/3
       requests might not be counted in this status zone.


Changes with Angie 1.11.0                                        24 Dec 2025

    *) Change: the "$http_host" variable in HTTP/3 requests is now
       initialized from the value of the ":authority" pseudo-header if the
       "Host" header was not passed, which is normal for clients;
       previously, differences from earlier protocol versions might cause
       issues in configurations with "$http_host".

    *) Change: if all HTTP servers in an upstream group are unavailable or
       returning an error, the own error page is now always returned instead
       of the response from the last server when receiving a status
       considered an error according to the "proxy_next_upstream" directive
       (and similar); this ensures consistent behavior in all cases.

    *) Change: the "REQUEST_METHOD" parameter in the "fastcgi.conf",
       "fastcgi_params", "uwsgi_params", and "scgi_params" configuration
       files now is set via the "$upstream_request_method" variable, which
       takes the value GET for HEAD requests when caching is configured;
       this prevents an issue where a HEAD request could previously result
       in storing an empty response, which would then be served for GET
       requests, since the request method is not a part of the cache key in
       common configurations.

    *) Change: the maximum response size from the ACME server is now limited
       by the new "acme_max_response_size" directive instead of the
       "max_cert_size=" parameter of the "acme_client" directive; the
       default value is enough for most cases, but if a certificate update
       ends up with the "[error] too big subrequest response while sending
       to client" error message, its value should be increased.

    *) Change: the default value of the "variables_hash_max_size" directive
       in the HTTP module was increased to 2048 in order to reduce
       possibility of a warning about suboptimal hash build due to new
       variables added during the recent years: "[warn] could not build
       optimal variables_hash, you should increase either
       variables_hash_max_size: 1024 or variables_hash_bucket_size: 64;
       ignoring variables_hash_bucket_size".

    *) Feature: the new Metrics module enabling arbitrary, real‑time HTTP
       metrics collection with fully configurable aggregation methods
       (counters, histograms, moving averages, etc.); it allows tracking any
       request‑processing data at any stage, grouped by custom keys, and
       exposes the metrics via the "/status/http/metric_zones/" API section
       (including Prometheus support), providing a powerful built‑in
       analytics tool for the entire HTTP traffic.

    *) Feature: support for ALPN validation for ACME, enabled by specifying
       "alpn" in the "challenge" parameter of the "acme_client" directive;
       allows to request multi-domain certificates while keeping only the
       HTTPS port open.

    *) Feature: information on ACME clients and certificate requesting
       procedure in the "/status/http/acme_clients/" section of the
       statistics API (with Prometheus support).

    *) Feature: added support for Encrypted Client Hello (ECH) in HTTP and
       stream SSL modules; the new "ssl_encrypted_hello_key" directive
       specifies the file with the private key; the "$ssl_encrypted_hello"
       variable contains information about ECH usage.
       Thanks to Maxim Dounin (freenginx).

    *) Feature: conversion of the image format using the "convert" parameter
       for the "image_filter" directive.

    *) Feature: support for AVIF and HEIC formats in the Image Filter
       module.

    *) Feature: support for PROXY protocol V2 with upstream server
       connections in the stream module and the ability to set arbitrary TLV
       values using the "proxy_protocol_tlv" directive which allows a string
       with variables.

    *) Feature: the "$upstream_request_method" variable that contains the
       upstream request method, which can be different from the client
       request method when caching is enabled or the "proxy_method" is set;
       this helps avoid the common configuration issue where a cached empty
       HEAD response is served for GET requests, as well as avoid caching
       HEAD and GET responses separately.

    *) Feature: removed the need to define a separate "server" block with a
       "listen 80" directive for ACME HTTP challenges; the listening port
       can be customized using the new "acme_http_port" directive if
       necessary.

    *) Feature: ability to count the number of items in lists and objects
       when exporting Prometheus metrics; paths ending with a trailing slash
       now return the count of items in the corresponding API collection.

    *) Feature: the "$sent_body" variable containing the response body of a
       subrequest or external request by client module.

    *) Feature: XOAUTH2 and OAUTHBEARER authentication mechanisms support in
       the mail proxy module.
       Thanks to Rob Mueller and Maxim Dounin (freenginx).

    *) Feature: the "route" parameter of the "sticky" directive may now
       include arbitrary strings with any number of variables.

    *) Feature: in the ACME module, the approximate size of a renewed
       certificate is now calculated automatically, eliminating the need to
       increase the "max_cert_size" parameter of the "acme_client" directive
       when issuing a certificate with a very large number of domains; the
       parameter is retained for cases where manual configuration is still
       required.

    *) Feature: the "$upstream_cache_key" variable that contains the cache
       key being used.
       Thanks to Kirill A. Korinsky and Maxim Dounin (freenginx).

    *) Feature: support for building with AWS-LC SSL library.
       Thanks to Piotr Sikora (piotr at aviatrix.com).

    *) Feature: the new Makefile target "test" executing the test suite.

    *) Feature: all functionality of nginx 1.29.3 except the
       "add_header_inherit" and "add_trailer_inherit" directives, which are
       omitted due to their poor design.

    *) Bugfix: reload and binary upgrade procedures are now working
       correctly with HTTP/3 connections; connections are properly routed to
       all existing processes using the BPF module.

    *) Bugfix: if all servers in an upstream group were unavailable or
       returning an error, then receiving an erroneous response from the
       last one might be considered a success despite the
       "proxy_next_upstream" directive settings.

    *) Bugfix: if path in the "try_files" directive was shorter than a
       prefix in the relevant "location" block, then using a "proxy_pass"
       with a URI could crash a worker process; the fix was ported from
       nginx 1.29.4.

    *) Bugfix: if an ACME client was not referenced in a "stream" block via
       any "acme" directive, using any of the corresponding "$acme_cert_*"
       variables in that block would cause the configuration to be rejected
       with an "unknown variable" error; the bug had appeared in 1.10.3.

    *) Bugfix: if preserving of the cache index to a file was configured,
       the configuration test during operation might end with errors
       "[alert] mmap() failed (17: File exists)" and "[alert] munmap()
       failed (22: Invalid argument)".

    *) Bugfix: the "proxy_method" directive was ignored if
       "proxy_cache_convert_head on" was triggered.

    *) Bugfix: the duration of the time-out specified by the "fail_timeout"
       option of the "server" directive within an "upstream" block was
       actually one second longer.

    *) Bugfix: Angie could not be built on NetBSD 10.0.
       Thanks to Maxim Dounin (freenginx).

    *) Bugfix: loading modules built for Angie PRO could cause issues and
       crashes due to ABI incompatibility; now such incorrect configurations
       are prohibited with a relevant error message.


Changes with Angie 1.10.3                                        13 Nov 2025

    *) Security: processing of a specially crafted login/password when using
       the "none" authentication method in the SMTP module might cause
       worker process memory disclosure to the authentication server
       (CVE-2025-53859); the fix was ported from nginx 1.29.1.

    *) Bugfix: when the "renew_on_load" option of the "acme_client"
       directive was used, a previously obtained certificate would not be
       loaded if it existed. This could limit functionality until the
       certificate renewal was completed. If the certificate did not exist,
       attempts to obtain a new one would fail with the error "[alert]
       lseek() failed (9: Bad file descriptor)".

    *) Bugfix: if an ACME client was referenced in the "stream" block but
       not the "http" block, it was disabled with the warning "[warn] ACME
       client ... is defined but not used" and would never fetch a
       certificate.

    *) Bugfix: if all "acme_client" directives had the "enabled=off"
       parameter and the relevant "$acme_cert_*" variables were used in the
       configuration, Angie would not run, reporting the error "[emerg]
       unknown acme_cert_* variable".

    *) Bugfix: if the ACME client was used in the "stream" block that came
       before an "http" block, then Angie did not run, reporting the error
       "[emerg] ACME client .. is not defined but referenced".

    *) Bugfix: some "client" block configurations might cause worker
       processes to crash when using variables that refer to an incoming
       connection missing in this case.


Changes with Angie 1.10.2                                        21 Aug 2025

    *) Bugfix: proxy module settings in the "http" block could break
       functionality of modules that use the "client" block for outgoing
       requests; the bug had appeared in 1.10.0.

    *) Bugfix: enabling "proxy_ignore_client_abort" together with modules
       that use the "client" block for outgoing requests could lead to
       worker process crashes; the bug had appeared in 1.10.0.

    *) Bugfix: if a single server was pre-configured in an upstream group,
       servers added via the Docker API might not be included in load
       balancing.

    *) Bugfix: if the only server in an upstream group was added via the
       Docker API, it might be excluded from load balancing when detected to
       be unavailable.


Changes with Angie 1.10.1                                        17 Jul 2025

    *) Change: directives specified in the "client" block can now only be
       inherited by explicitly declared "location" blocks within that block,
       so they don't affect the configuration of other modules that
       implicitly use the "client" block for outgoing requests.

    *) Feature: support for multiple "client" blocks allows common settings
       for different "location" blocks to be grouped within each block,
       which mitigates configuration duplication.

    *) Bugfix: when the "reuseport" parameter was used in the "listen"
       directive, all connections to the specified address and port were
       handled by a single worker process; the bug had appeared in 1.10.0.

    *) Bugfix: an HTTP/3 handshake with an upstream server might fail with
       OpenSSL library version 3.5.0 or later if the QUIC protocol "retry"
       mode was active on the server.

    *) Bugfix: building the HTTP/2 and HTTP/3 modules using GCC 15 resulted
       in an error.

    *) Bugfix: building with the -O3 flag could result in an error when
       using GCC.


Changes with Angie 1.10.0                                        03 Jul 2025

    *) Feature: automatic retrieval and dynamic updating of proxied server
       groups based on Docker (or Podman) container labels, configured with
       the "docker_endpoint" directive; this enables real-time monitoring of
       container start and stop times via the specified Docker API endpoint,
       as well as the addition or removal of their addresses from an
       "upstream" group according to their labels, without the need for a
       configuration reload.

    *) Feature: support for automatic certificate acquisition in the stream
       module through the use of the ACME protocol, managed using the "acme"
       directive, along with variables named "$acme_cert_*" and
       "$acme_cert_key_*".

    *) Feature: support for handling Multipath TCP (MPTCP) connections with
       the "multipath" parameter of the "listen" directive.
       Thanks to Maxim Dounin (freenginx), Maxime Dourov, and Anthony
       Doeraene.

    *) Feature: the "client" block that allows to specify additional
       configuration for the internal HTTP requests issued by various
       modules.

    *) Feature: all functionality of nginx 1.27.5, including CUBIC
       congestion control in QUIC connections.


Changes with Angie 1.9.1                                         29 May 2025

    *) Feature: support for IP addresses along with port numbers in the
       "acme_dns_port" directive; both IPv4 and IPv6 are allowed.

    *) Bugfix: using both a wildcard domain and matching third-level domains
       in "server_name" directives could cause the ACME server to fail when
       issuing a certificate for these domains under a single ACME client.

    *) Bugfix: in the stream module, after a successful connection to the
       proxied server during a passive check, its status in the statistics
       API was erroneously displayed as "unavailable" until the session
       ended.

    *) Bugfix: HTTP/3 requests might stall and time-out; the fix was ported
       from nginx 1.29.0.

    *) Bugfix: an early error while establishing an HTTP/3 connection to a
       proxied server could cause a worker process to crash.

    *) Bugfix: when proxying via the HTTP/3 protocol, the number of active
       connections in the statistics could be displayed incorrectly.


Changes with Angie 1.9.0                                         11 Apr 2025

    *) Feature: the ability to specify a file in the "proxy_cache_path"
       directive, where the contents of the shared memory zone with the
       cache index will be saved between server startups; it eliminates the
       need to load up the cache after restart and allows to bring the
       server back online almost immediately.

    *) Feature: support of TLS 1.3 Early Data (0-RTT) in the "stream" module
       using the "ssl_early_data" directive.

    *) Feature: new "busy" state for upstream peers in the statistics API,
       indicating that a peer has reached the limit configured by the
       "max_conns" option.

    *) Feature: the "uri=" parameter in the "acme_hook" directive that
       allows to redefine the hook request URI and supports variables.

    *) Feature: the "renew_on_load" parameter of the "acme_client" directive
       allowing to force renew a certificate on config load.

    *) Feature: build time is now displayed via the "build_time" field of
       the "/status/angie" statistics API object and in the output of the
       "-V" command-line option.

    *) Feature: all functionality of nginx 1.27.4 except the
       "keepalive_min_timeout" directive (a similar feature has existed
       since version 1.8.0).

    *) Change: the "enabled=off" parameter in the "acme_client" directive
       now disables only certificate renewal for the given client while
       preserving all other functionality; the key and certificate (if
       available) can be accessed via the $acme_cert_* variables, while the
       use of $acme_hook_* variables and the "acme" directives doesn't cause
       errors.

    *) Change: the "no valid domain name defined for ACME client" error is
       now issued only if no valid (i.e. ACME-compliant) domain name is
       found in the "server" block that references an ACME client using the
       "acme" directive.

    *) Bugfix: if built with NTLS support, inheritance of the
       "proxy_ssl_certificate" and "proxy_ssl_certificate_key" directives
       with variables did not work properly.


Changes with Angie 1.8.3                                         02 Apr 2025

    *) Bugfix: the "status_zone" statistics in the HTTP module's "server"
       block could be miscalculated if requests within the same connection
       belonged to different statistics zones, or if an error occurred
       during early request processing; the bug had appeared in 1.8.2.


Changes with Angie 1.8.2                                         13 Feb 2025

    *) Security: insufficient validation while handling virtual servers with
       TLSv1.3 SNI allowed to reuse SSL sessions in a different virtual
       server and thus bypass client SSL certificate verification
       (CVE-2025-23419); the fix was ported from nginx 1.27.4.

    *) Bugfix: API requests to retrieve statistic values from an individual
       zone, which was set via variables, could cause a worker process to
       enter an infinite loop.

    *) Bugfix: HTTP/3 requests were not counted in zone statistics; the bug
       had appeared in 1.8.0.

    *) Bugfix: TLS handshakes using QUIC protocol were not counted in SSL
       statistics.

    *) Bugfix: certificate renewal via the ACME protocol could fail for
       server names prefixed with a dot in the "server_name" directive.


Changes with Angie 1.8.1                                         28 Dec 2024

    *) Bugfix: using the "status_zone" directive in the "server" block of
       the HTTP module caused excessive logging of empty requests in
       "access_log" on TLS handshakes; the bug had appeared in 1.8.0.

    *) Bugfix: decoding errors in HTTP/3 stream could cause worker process
       crash when closing QUIC connection; the fix was ported from nginx
       1.27.4.

    *) Bugfix: sending QUIC protocol version negotiation packets could cause
       an infinite packet exchange loop; the fix was ported from nginx
       1.27.4.

    *) Bugfix: using DNS-challenge without hooks in the ACME module could
       cause a worker process crash in some configurations.


Changes with Angie 1.8.0                                         19 Dec 2024

    *) Change: when gracefully shutting down old worker processes,
       keep-alive connections are now closed only after the timeout
       specified by the "lingering_timeout" directive has expired; this
       behaviour allows to avoid possible client errors when receiving
       replies at that moment.
       Thanks to Maxim Dounin (freenginx).

    *) Change: disabled caching of the "stream" module variables
       "$ssl_server_name", "$ssl_server_cert_type", "$ssl_preread_protocol",
       and "$ssl_preread_server_name", which allows to get actual values
       when using virtual servers.

    *) Feature: support of "DNS-01" challenges by handling DNS queries from
       the ACME server, which allows to automatically request certificates
       of any types, including wildcard ones.

    *) Feature: hooks system in the ACME module, configurable using the
       "acme_hook" directive, which allows handling of domain name
       challenges using an external application to provide integration with
       various services and DNS hosting providers.

    *) Feature: the ACME module logs some additional information: why
       exactly the certificate is being renewed, full domain name list,
       client's account ID, long periods of inactivity (e.g. pollings), and
       the domain name being challenged; this information simplifies
       troubleshooting and allows to specify the CAA DNS record.

    *) Feature: the "account_key" parameter of the "acme_client" directive,
       which allows to reuse an existing key for the ACME server account
       instead of auto-generating a new one.

    *) Feature: support for variables in the "status_zone" directives in the
       stream and HTTP modules allows to dynamically account statistics
       within several zones in a single "location" or "server" block; in
       particular, it's especially useful when a single "server" block is
       handling multiple virtual hosts.

    *) Feature: GZip HTTP compression module compatibility with the zlib-ng
       versions 2.2.0 and above, which could previously cause "[alert] gzip
       filter failed to use preallocated memory" messages in the error log.

    *) Feature: the "max_headers" directive that limits the number of HTTP
       request header fields to better protect against DoS attacks.
       Thanks to Maxim Dounin (freenginx) and Maksim Yevmenkin.

    *) Feature: the "http3_max_table_capacity" and
       "proxy_http3_max_table_capacity" directives to configure the HTTP/3
       dynamic header compression table limits.

    *) Feature: cross-compilation support - the build system can now use a
       wrapper script to run autotests, which enables to prepare a build
       without running test programs directly on the target platform.

    *) Feature: all functionality of nginx 1.27.3.

    *) Bugfix: HTTP/3 clients could time out when using 0-RTT; the fix was
       ported from nginx 1.27.4.

    *) Bugfix: proxying with HTTP/3 using variables in the "proxy_pass"
       directive and without specifying an "upstream" block could crash the
       worker process.

    *) Bugfix: HTTP/3 upstreams using dynamic table could lead to worker
       process crash if used with cache.

    *) Bugfix: some SSL handshakes could be not counted in statistics for
       the "stream" module.

    *) Bugfix: HTTP/3 proxy settings specified in "http" or "server" level
       might be ignored.

    *) Bugfix: the "proxy_ssl_certificate" directive didn't work when
       proxying via HTTP/3 with NTLS support enabled.


Changes with Angie 1.7.0                                         19 Sep 2024

    *) Change: updated descriptions of HTTP status codes in conformance with
       RFC 9110.
       Thanks to Maxim Dounin (freenginx) and Michiel W. Beijen.

    *) Change: a maximum of one empty line is now allowed before an HTTP
       request to better protect against DoS attacks.
       Thanks to Maxim Dounin (freenginx).

    *) Change: HTTP/1.x header field names without a colon at the end are
       now prohibited; such invalid header fields from a client or a proxied
       server will now cause an error response.
       Thanks to Maxim Dounin (freenginx) and Maksim Yevmenkin.

    *) Change: when reading a request body using HTTP/1.1 chunked transfer
       encoding, the total size of ignored chunk extensions and trailer
       header fields is now limited by the "client_max_body_size" directive
       to better protect against DoS attacks.
       Thanks to Maxim Dounin (freenginx) and Bartek Nowotarski.

    *) Change: the MIME type in the "mime.types" configuration file has been
       changed to "image/bmp" for the "bmp" extension and
       "application/vnd.rar" for the "rar" extension; set to
       "application/vnd.debian.binary-package" for the "deb" and "udeb"
       extensions.
       Thanks to Yuriy Izorkin.

    *) Feature: forced closing all the connections to a proxied server when
       it's removed from the group can be configured via the
       "proxy_connection_drop", "grpc_connection_drop",
       "fastcgi_connection_drop", "scgi_connection_drop", and
       "uwsgi_connection_drop" directives.

    *) Feature: counters of sent DNS query types in the resolver statistics
       API, which is collected with the "status_zone" parameter of the
       "resolver" directive.

    *) Feature: the "$ssl_server_cert_type" variable that contains the type
       of selected certificate for a received TLS-connection.

    *) Feature: disabling creation of the PID file with the "off" parameter
       of the "pid" directive, which might be beneficial with immutable
       images and direct control by a service manager.
       Thanks to Maxim Dounin (freenginx).

    *) Feature: creation of the PID file made atomic via an intermediate
       temporary file, which removes a moment when the file is already in
       the directory but still empty, and allows external programs to handle
       it more easily and reliably.

    *) Feature: now, during reconfiguration, no attempt is made to recreate
       the PID file if the name in the "pid" directive has changed but
       points to the same file via symlinks; in particular, it allows
       avoiding issues on systems that migrate from "/var/run/angie.pid" to
       "/run/angie.pid".
       Thanks to Maxim Dounin (freenginx).

    *) Feature: syslog logging errors are now reported no more than once per
       second; this helps avoid flooding the logs with such messages when
       the syslog server is down or overloaded.
       Thanks to Maxim Dounin (freenginx).

    *) Feature: in the Mail proxy module, the maximum number of commands
       during authentication, configured with the "max_commands" directive,
       is limited to better protect against DoS attacks.
       Thanks to Maxim Dounin (freenginx).

    *) Feature: the "--feature-cache" option of the ./configure script to
       cache its results for optimization when building multiple modules or
       cross-compiling.

    *) Feature: all functionality of nginx 1.27.1.

    *) Bugfix: "PID file ... not readable (yet?) after start" and "Failed to
       parse PID from file..." errors might appear when starting with
       systemd.
       Thanks to Maxim Dounin (freenginx).


Changes with Angie 1.6.2                                         16 Aug 2024

    *) Security: processing a specially crafted file with the MP4 module
       could cause a worker process crash (CVE-2024-7347); the fix was
       ported from nginx 1.27.1.


Changes with Angie 1.6.1                                         08 Aug 2024

    *) Feature: a new "passed" counter in the API statistics of the "stream"
       module's "status_zone" directive tracks connections passed to other
       sockets using "pass" directives.

    *) Bugfix: when using virtual servers or the "pass" directives in the
       "stream" module, connections could be accounted incorrectly in the
       statistics API.

    *) Bugfix: worker processes could crash on configurations with 5 ACME
       clients or more; the bug had appeared in 1.6.0.

    *) Bugfix: handling cached responses with the "X-Accel-Redirect" header
       could crash the worker process.
       Thanks to Maxim Dounin (freenginx) and Jiří Setnička.


Changes with Angie 1.6.0                                         28 Jun 2024

    *) Feature: the "sticky" directive and related options in the "stream"
       module's "upstream" block, which allow to configure sticky sessions
       mode where all connections in the session are routed to the same
       server.

    *) Feature: extraction of Cookie values from RDP connections using the
       "rdp_preread" directive in the "stream" module into "$rdp_cookie" and
       "$rdp_cookie_NAME" variables, which allows to log and stick RDP
       client sessions to particular servers while load balancing.

    *) Feature: support for multiple "acme" directives in a "server" block,
       which allows to configure obtaining two types of certificates at once
       for that virtual server.

    *) Feature: command line options "-m" and "-M" to list built-in and
       loaded modules.

    *) Feature: support for BoringSSL in the ACME module.

    *) Feature: all functionality of nginx 1.27.0, including support for
       virtual servers in the "stream" module and the "pass" directive,
       which allows to pass accepted connections for handling to another
       listening sockets, including HTTP and Mail modules.

    *) Bugfix: certificate request via the ACME protocol could result in
       error on some configurations with a log message like "[alert]
       getsockname() failed (9: Bad file descriptor)".

    *) Bugfix: certificate request with large number of domain names via the
       ACME protocol could result in error with a log message like "[error]
       JSON parser error".

    *) Bugfix: ACME clients in configurations with multiple "error_log"
       directives could log messages to irrelevant logs.


Changes with Angie 1.5.2                                         31 May 2024

    *) Security: when using HTTP/3, processing of a specially crafted QUIC
       session could cause a worker process crash, worker process memory
       disclosure on systems with MTU larger than 4096 bytes, or have other
       impact (CVE-2024-32760, CVE-2024-31079, CVE-2024-35200,
       CVE-2024-34161); the fix has been ported from nginx 1.26.1.


Changes with Angie 1.5.1                                         16 May 2024

    *) Change: now ACME clients do not discard previously stored
       certificates that were expired or issued for a different domain list,
       but use them while renewing.

    *) Bugfix: the "proxy_next_upstream" mechanism did not work correctly
       when using the "resolve" option of the "server" directive in the
       "upstream" block if the number of resolved IP addresses differed from
       the number of specified servers.

    *) Bugfix: while requesting a certificate via the ACME protocol, a
       segmentation fault could occur in a worker process.

    *) Bugfix: the "slow_start" mechanism did not work when proxying TCP
       connections in the "stream" module.

    *) Bugfix: HTTP/3 requests could result in an error if received as TLS
       1.3 early data; the bug had appeared in 1.4.0.

    *) Bugfix: HTTP/3 connection could be prematurely closed while using
       0-RTT in QUIC.

    *) Bugfix: when reading a request body from a fast connection, reading
       for a long time was possible.
       Thanks to Maxim Dounin (freenginx).


Changes with Angie 1.5.0                                         27 Mar 2024

    *) Feature: basic support for automatically obtaining and updating
       certificates using the ACME protocol, configurable with the
       "acme_client" and "acme" directives, as well as variables of the form
       "$acme_cert_*" and "$acme_cert_key_*".

    *) Feature: configuration of automatic redirection, which adds trailing
       slashes to request URIs, with the "auto_redirect" directive.

    *) Feature: output statistics metrics with dates in Epoch format instead
       of ISO 8601 for use in Prometheus and optionally in the JSON API with
       the "?date=epoch" request argument.

    *) Feature: new "recovering" state for upstream peers in the statistics
       API, indicating that a peer is slowly starting up after a failure, as
       suggested by the "slow_start" option.

    *) Feature: now the "-V" switch also shows the relevant version of
       nginx, which is useful for compatibility with third-party utilities,
       certbot in particular.
       Thanks to AdvTechnoKing.

    *) Feature: all functionality of nginx 1.25.4.

    *) Bugfix: if the SSL session reuse mechanism "proxy_ssl_session_reuse"
       was used and the list of proxied servers was dynamically updated, a
       leak could occur in the shared memory zone configured for the
       corresponding "upstream" block.


Changes with Angie 1.4.1                                         15 Feb 2024

    *) Security: when using HTTP/3, a segmentation error may have occured in
       a worker process while processing a specially crafted QUIC session
       (CVE-2024-24989); note that Angie as of 1.4.0 is already not
       vulnerable to CVE-2024-24990.


Changes with Angie 1.4.0                                         12 Dec 2023

    *) Feature: support for establishing HTTP/3 connections to upstream
       servers in the HTTP proxy module while allowing clients to use
       arbitrary HTTP versions. Configuration is done with the
       "proxy_http_version" directive and a set of "proxy_quic_" and
       "proxy_http3_" directives.

    *) Feature: a mechanism for smoothly bringing the proxied server online
       after a failure using the "slow_start" option of the "server"
       directive in the "upstream" block.

    *) Feature: "mqtt_preread" directive in the "stream" module, which
       allows extracting the username and client id from the CONNECT packet
       of the MQTT protocol into the $mqtt_preread_username and
       $mqtt_preread_clientid variables.

    *) Feature: limiting the response rate of MP4 files transmission to the
       client proportionally to the bitrate using the "mp4_limit_rate" and
       "mp4_limit_rate_after" directives, which reduces the bandwidth load.

    *) Feature: all functionality of nginx 1.25.3.

    *) Bugfix: if a proxied server was the only one in a group, it could be
       incorrectly reported as "unavailable" in the statistics API even
       after recovery.


Changes with Angie 1.3.2                                         23 Nov 2023

    *) Bugfix: possible incorrect values of metrics in Prometheus output
       that used variables other than $p8s_value for their values; in
       practice the issue could occur with
       "angie_http_upstreams_peers_state" and
       "angie_stream_upstreams_peers_state" from the standard
       "prometheus_all.conf" template.

    *) Bugfix: some connection attempts to upstream servers might not have
       been properly accounted for in the statistics API if they failed
       immediately; the bug had appeared in 1.3.0.


Changes with Angie 1.3.1                                         18 Oct 2023

    *) Security: added extra limitations to HTTP/2 stream handling for
       better protection against the DoS attack known as "HTTP/2 Rapid
       Reset" (CVE-2023-44487).


Changes with Angie 1.3.0                                         19 Sep 2023

    *) Feature: ability to specify multiple match patterns in the "location"
       directive, which allows to combine several "location" blocks with
       similar settings and therefore simplify configuration by reducing
       duplication.

    *) Feature: export of varied statistics metrics in Prometheus format
       with flexible template configuration using the new "prometheus" and
       "prometheus_template" directives.

    *) Feature: detailed information and metrics for groups of stream
       upstream servers in the statistics interface provided by the "api"
       directive.

    *) Feature: the "resolve" option of the "server" directive in the
       "stream" module’s "upstream" block that allows to monitor changes to
       the list of IP addresses corresponding to a domain name, and
       automatically update it without the need of reloading configuration.

    *) Feature: the "service" option of the "server" directive in the
       "stream" module’s "upstream" block that allows to retrieve lists of
       addresses from DNS SRV records, with basic priority support.

    *) Feature: access to the contents of configuration files used by the
       current generation of worker processes via the interface provided by
       the "api" directive with the "api_config_files" directive enabled.

    *) Feature: display of the configuration generation number in process
       titles, which allows to monitor the success of configuration reloads
       and the number of previous worker process generations using the "ps"
       utility.

    *) Feature: all functionality of nginx 1.25.2.

    *) Bugfix: compilation failed when ./configure options
       "--without-http_upstream_zone_module" or
       "--without-stream_upstream_zone_module" were used; the bug had
       appeared in 1.2.0.

    *) Change: now appname "angie" is used when loading the OpenSSL
       configuration.


Changes with Angie 1.2.0                                         30 May 2023

    *) Feature: the "sticky" directive and related options in the HTTP
       module "upstream" block, that allow to configure sticky sessions
       mode, where all requests of the session are routed to the same
       server.

    *) Feature: the $upstream_sticky_status variable, that takes either
       "NEW", "HIT" or "MISS" values depending on success of requesting
       related upstream server with sticky sessions enabled.

    *) Feature: support for NTLS in the HTTP and stream modules using
       TongSuo TLS library, that can be enabled via the "--with-ntls" build
       time option and configured with the "ssl_ntls" and "proxy_ssl_ntls"
       corresponding directives.

    *) Feature: in the HTTP and stream proxy-modules ability to specify
       multiple certificates with different types (RSA and ECDSA) and
       corresponding keys, using the "proxy_ssl_certificate" and
       "proxy_ssl_certificate_key" directives.

    *) Feature: display of version and build name in the "master" process
       title, which allows to get this information about a running server
       instance using the "ps" utility.

    *) Feature: ability to compress "207 Multi-Status" responses by the gzip
       module.
       Thanks to DBotThePony.

    *) Feature: all functionality of nginx 1.25.0, including HTTP/3 support.


Changes with Angie 1.1.0                                         24 Jan 2023

    *) Feature: the "resolve" option of the "server" directive in the HTTP
       module "upstream" block, that allows to monitor changes to the list
       of IP addresses corresponding to a domain name, and automatically
       update it without the need of reloading configuration.

    *) Feature: the "service" option of the "server" directive in the HTTP
       module "upstream" block, that allows to retrieve lists of addresses
       from DNS SRV records, with basic priority support.

    *) Feature: detailed information and metrics for the groups of HTTP
       upstream servers in the statistics interface provided by the "api"
       directive.

    *) Feature: autoindex uses natural sorting order for directory listings.

    *) Feature: all functionality of nginx 1.23.3.

    *) Bugfix: compilation failed due to false warning when using GCC 9 or
       older with the -O2 or higher optimization.


Changes with Angie 1.0.0                                         27 Oct 2022

    *) Feature: the "api" directive, that provides HTTP RESTful interface
       for accessing in JSON format basic information about a web server
       instance, as well as metrics of client connections, shared memory
       zones, DNS queries, HTTP requests, HTTP responses cache, TCP/UDP
       sessions of "stream" module, and zones of "limit_conn/limit_req"
       modules.

    *) Feature: the "status_zone" directive in "http" module for specifying
       zone to collect request metrics in "server" and "location" contexts.

    *) Feature: the "status_zone" directive in "stream" module for
       specifying zone to collect TCP/UDP session metrics.

    *) Feature: the "status_zone" parameter of the "resolver" directive for
       specifying zone to collect metrics on DNS queries.

    *) Feature: the $angie_version variable with version of Angie.

    *) Feature: all functionality of nginx 1.23.2.

