lighty's life

lighty developer blog

PRE-RELEASE: lighttpd-1.5.0-r1992

Some time passed since the last pre-release, time for an update.

Everyone who runs 1.5.0 already has to upgrade to get fixes several vulnerabilities that got fixed in the 1.4.x branch already.

If this release passes your requirements it will be the last 1.5.0 pre-release. Afterwards we will start the the normal 1.5.x series and will add the missing features in 1.5.1 and later.


md5sum: b62e2442ee0f3395844b54385b14397a


  • added native support for mingw32
  • added experimental option to compile without glib
  • fixed mod_uploadprogress
  • fixed endless loop on freebsd-sendfile (#1289)
  • fixed compile in IRIX and HP/UX
  • fixed hardcoded font-sizes in mod_dirlisting (#1267)
  • fixed different ETag length on 32/64 platforms (#1279)
  • fixed conditional dir-listing.exclude (#930)
  • fixed CONTENT_LENGTH = -1 in mod_cgi (#1276)
  • fixed typecast of NULL on execl() (#1235)
  • fixed extra Content-Length header on 1xx, 204 and 304 (#1002)
  • fixed mysql server reconnects (#518)
  • fixed prctl() usage (#1310, #1333)
  • fixed FastCGI header overrun in mod_proxy_backend_fastcgi (reported by
  • fixed mem-leak in mod_auth (reported by Stefan Esser)
  • fixed crash with md5-sess and cnonce not set in mod_auth (reported by Stefan Esser)
  • fixed missing check for base64 encoded string in mod_auth and Basic auth
    (reported by Stefan Esser)
  • fixed possible crash in Auth-Digest header parser on trailing WS in
    mod_auth (reported by Stefan Esser)