OpenResty 126.96.36.199 is a patch release addressing recent security vulnerabilities in both the Nginx core and the ngx_http_lua module.
The (portable) source code distribution, the Win32/Win64 binary distributions, and the pre-built binary Linux packages for Ubuntu, Debian, Fedora, CentOS, RHEL, OpenSUSE, Amazon Linux are provided on this page:
We also upgraded PCRE to 8.44 and OpenSSL to 1.1.0l for our binary packages.
This is the third OpenResty release based on the nginx 1.15.8 core.
Thanks the HackerOne team for reporting the memory content leak vulnerabilities.
Thanks Thibault Charbonnier and Dejiang Zhu for helping this release.
Complete change logs since the last (formal) release, 188.8.131.52, can be browsed in the page Change Log for 1.15.8.x:
Feedback on this release is more than welcome. Feel free to create new GitHub issues or send emails to one of our mailing lists.
The next release will be OpenResty 184.108.40.206 based on the recent nginx 1.17.8 core and its RC1 version is already out for community testing. See