lighty's life

lighty developer blog

PRE-RELEASE: Lighttpd 1.4.27rc2-r2758

We would like to draw your attention to the latest pre-release of the stable 1.4 branch of lighttpd.

You can get the pre-release from these urls:
SHA1 checksums:

Please test it as much as possible and provide us with feedback.
A lot of testing ensures a good release.

New changes since rc1:

We fixed a race condition with mod_cgi responses; and a similar problem in mod_proxy
(forward response as soon at it is available).

There is a new fdevent handler “libev”; “linux-rtsig” got removed. The “libev” handler
should support solaris ports, so it might be especially interesting on solaris.

And the last commit changes a small bit how we handle IPv6; we now disable the “dual-stack”
IPv6 sockets in almost all cases, see IPv6-Config for details.

Changes already in rc1:

The most important change is the SSL_CTX_set_options fix, as lighttpd
doesn’t start without it if you use a recent ssl library; most distributions
included it with 1.4.26 for a while now.

We hope to have fixed some problems with mod_proxy and we really hope TLS SNI works now,
and lighty doesn’t use the wrong certs anymore; it would be nice if you could test this :)

We fixed a segfault in mod_compress; if you disable etags, mod_compress won’t try to cache
on disk anymore (and doesn’t set etag).

If no showstoppers are encountered, there will be a final release soon.

Changelog since 1.4.26:

  • Fix handling return value of SSL_CTX_set_options (fixes #2157, thx mlcreech)
  • Fix mod_proxy HUP handling (send final chunk, fix usage counter)
  • mod_proxy: close connection on write error (fixes #2114)
  • Check uri instead of physical path for directory redirect
  • Fix detecting git repository (fixes #2173, thx ncopa)
  • [mod_compress] Fix segfault when etags are disabled (fixes #2169)
  • Reset uri.authority before TLS servername handling, reset all “keep-alive” data in connection_del (fixes #2125)
  • Print double quotes properly when dumping config file (fixes #1806)
  • Include IP addresses on error log on password failures (fixes #2191)
  • Fix stalls while reading from ssl sockets (fixes #2197)
  • Fix etag formatting on boxes with 32-bit longs
  • Fix two compiler warnings
  • mod_accesslog: fix %p for ipv6 sockets (fixes #2228, thx jo.henke)
  • mod_fastcgi: Send 502 “Bad Gateway” if we couldn’t open the file for X-Sendfile (fixes #2226)
  • mod_staticfile: add debug output if we ignore a file with static-file.exclude-extensions (fixes #2215)
  • mod_cgi: fix race condition leaving response not forwarded to client (fixes #2217)
  • mod_accesslog: Fix var declarations mixed in source (fixes #2233)
  • mod_status: Add version to status page (fixes #2219)
  • mod_accesslog: optimize accesslog_append_escaped (fixes #2236, thx crypt)
  • autotools: don’t recreate parser files with lemon after lemon rebuild
  • openssl: silence annoying error messages for errno==0 (fixes #2213)
  • array.c: improve array_get_unused_element to check data type; fix mem leak if unused_element didn’t find a matching entry (fixes #2145)
  • add check to stop loading plugins twice
  • cleanup fdevent code, removed linux-rtsig handler, replaced some fprintf calls
  • only require FDEVENT_IN bit to be set for listening connections (fixes #2227)
  • add libev fdevent handler: server.event-handler = “libev”
  • mod_proxy: return response as soon as it is available (fixes #2196)
  • don’t overwrite global server.force-lowercase-filenames setting (fixes #2042)
  • bind to IPV6-only if ipv6 address was specified (IPv6-Config)

If you want to get the latest source for any branch, you can get it from our svn repository.
Documentation to do so can be obtained from this page:
Bug reports or feature requests can be filed in our ticket system:
Please make sure to check if there isn’t a ticket already here:
Perhaps you also want to have a look at our download site

Thank you for flying light.