Version 1.9.x

 V1.9.0

2026-04-22

Server Core

• [Security] Address remote exploit vulnerabilities in HTTP/3 engine.
• [Security] Address request smuggling issue for HTTP/2.
• [Security] Add `UnsafeAllow3F` rewrite rule flag to address unsafe `%3f` encoded URLs.
• [Feature] Add new WebAdmin UI.
• [Feature] Add built-in ACME support for auto SSL certificate fetching.
• [Feature] Add support for SCGI and uWSGI backends.
• [Feature] Drop SPDY protocol support.
• [Bug fix] Address various corner cases in AIO, cache module, and Node.js support.