NGINX 1.29.4 Mainline Released

NGINX 1.29.4 mainline has been released and we’re excited to share all the new features in both 1.29.3 and 1.29.4.

Across the two releases, we’ve focused on:

• Support for HTTP/2 protocol to upstreams

• New TLS signature algorithm variables for better observability

• Header inheritance control that simplifies configuration management in nested blocks

• TLS certificate compression support in BoringSSL and AWS-LC builds

• Encrypted Client Hello (ECH) support for enhanced privacy

• Stricter HTTP chunked transfer encoding parsing for improved security

Together, these updates make it easier for operators, security teams, and developers to maintain secure, efficient, and predictable infrastructure at scale.

Read our blog post covering both releases to learn about all the details.

Hi,

just tried to setup using HTTP2 upstreams it crashed, I got :

2025/12/11 14:41:09 [error] 2130865#2130865: *44306 upstream rejected request with error 1 while reading response header from upstream, client: 1.2.3.4, server: test.local, request: "GET / HTTP/2.0", upstream: "https://10.0.9.99:443", host: "test.local", referrer: "https://test.local/"

no log on the upstream side.

manualy using curl -k --http2 https://10.0.9.99:443 works.

I’m using a self-signed cert on the upstream side, is it a clue?

regards

Hi @jaysee ,

If you’re seeing a crash, it would be helpful to have a bit more detail:

1. Can you provide the exact config?
2. What are you using as the backend?
3. Is the issue reproducible? Can you enable debug logging and send the logs to me?
4. If it’s possible to obtain a core dump, that would be invaluable.

You can send everything via private messages so that no sensitive info is exposed.

Thanks in advance!