master (unreleased) * Added feature: http2 support. Thanks to Frankie Dintino. Version 2.2.1 * Added feature: SHA-256 and SHA-512 Version 2.2.0 * Added feature: resumable uploads * Added feature: allow to use of $variables in "upload_pass" directive (Piotr Sikora) * Added feature: allow module's directives inside if statements (David Backeus) * Added feature: directive upload_tame_arrays and ability to do some magic with php arrays Version 2.0.12 * Fixed bug: keepalive connection was hanging after upload has been completed. * Change: if request method is not POST return HTTP 405 in order to simplify configuration. Version 2.0.11 * Fixed bug: rb->buf was uninitiazlied at some execution paths. Found by Andrew Filonov. * Fixed bug: dummy field would not appear whenever form contains only non-file fields. * Added feature: variable $upload_file_number which indicates ordinal number of file in request * Change: compatibility with nginx API 0.8.25 and greater Version 2.0.10 * Change: compatibility with nginx API 0.8.11 * Fixed bug: Prevent module from registering store path if no upload location was configured * Fixed bug: upload corrupted in case of short body + keepalive. Thanks to Dmitry Dedukhin. * Change: Return error 415 instead of 400 if request content type is not multipart/form-data Version 2.0.9 * Change: compatibility with nginx's API 0.7.52 and greater * Fixed bug: module directives couldn't have appeared in limit_except block * Added feature: directive upload_limit_rate and ability to limit upload rate * Change: Malformed body issues are now logged to error log instead of debug log Version 2.0.8 * Change: support for named locations * Fixed bug: crash on missing Content-Type request header * Fixed bug: compilation problem on amd 64 Version 2.0.7 * Change: file size and output body size restrictions * Added feature: directive upload_pass_args enables forwarding of request arguments to a backend. Thanks to Todd Fisher. Version 2.0.6 * Fixed bug: zero variables in aggregate field name caused allocation of random amount of memory. Thanks to Dmitry Dedukhin. * Fixed bug: Prevent generation of a field in case of empty field name Version 2.0.5 * Fixed bug: prevent leaking of file descriptors on a timeout (unconfirmed problem). * Fixed bug: variables in field values in upload_set_form_field and upload_aggregate_form_field directives were not working if field name contained 0 variables. * Added feature: directive upload_cleanup now specifies statuses, which initiate removal of uploaded files. Used for cleanup after failure of a backend. * Added feature: aggregate variable upload_file_crc32 allows to calculate CRC32 if file on the fly. * Fixed bug: Indicator of necessity to calculate SHA1 sum was not inheritable from server configuration. Version 2.0.4 * Fixed bug: location configuration of upload_set_form_field and upload_pass_form_field was not inheritable from server configuration. * Added feature: directive upload_aggregate_form_field to pass aggragate properties of a file like file size, MD5 and SHA1 sums to backend. * Fixed bug: missing CRLF at the end of resulting body. * Change: optimized out some unnecessary memory allocations and zeroing. Version 2.0.3 * upload_store directive was not able to receive more than one argument. As a result no hashed dirs for file uploads were possible. * upload_store_access directive did not work at all. Permissions were defaulted to user:rw. Thanks to Brian Moran. * In case of any errors at the last chunk of request body only 500 Internal Server Error was generated intead of 400 Bad Request and 503 Service Unavailable. * Fixed copyrights for temporary file name generation code * Fixed compilation issue on 0.6.32. Thanks to Tomas Pollak. * Added directive upload_pass_form_field to specify fields to pass to backend. Fixes security hole found by Brian Moran. Version 2.0.2 * Fixed crash in logging filename while aborting upload * Added feasible debug logging * Added support for variables to generate form fields in resulting request body * Added missing logging of errno after write failures * Simplified upload abortion logic; simply discarding already added fields * Now returning explicit error code after script failures to be able to generate Internal server error