lighty's life

lighty developer blog

PRE-RELEASE: Lighttpd 1.4.36~rc1

We would like to draw your attention to the latest pre-release of the stable 1.4 branch of lighttpd.

You can get the pre-release from these urls:

Please test it as much as possible and provide us with feedback.
A lot of testing ensures a good release.

Important changes

  • [ssl] disable SSL3.0 by default
  • escape all strings for logging
  • fix segfault when temp file for upload couldn’t be created (found by coverity)
  • changes to the internal API for buffers, chunks and more; 3rd party plugins are likely to break

Changes from 1.4.35

  • use keep-alive timeout while waiting for HTTP headers; use always the read timeout while waiting for the HTTP body
  • fix bad shift in conditional netmask “…/0” handling
  • add more mime types and a script to generate mime.conf (fixes #2579)
  • add support for (Free)BSD extended attributes
  • [build] use fortify flags with “extra-warnings”
  • [mod_dirlisting,mod_redirect,mod_rewrite] abort config parsing if pcre-compile fails or isn’t available
  • [ssl] disable SSL3.0 by default
  • fixed typo in example config found by openSUSE user (boo# 907709)
  • [network] fix compile break in calculation of sockaddr_un size if SUN_LEN is not defined (fixes #2609)
  • [connections] fix bug in connection state handling
  • print backtrace in assert logging with libunwind
  • major refactoring of internal buffer/chunk handling
  • [mod_auth] use crypt_r instead of crypt if available
  • fix error message for T_CONFIG_ARRAY config values if an entry value is not a string
  • fix segfaults in many plugins if they failed configuration
  • escape all strings for logging (fixes #2646 log file injection, reported by Jaanus Kääp)
  • fix hex escape in accesslog (fixes #2559)
  • show extforward re-run warning only with debug.log-request-handling (fixes #2561)
  • parse If-None-Match for ETag validation (fixes #2578)
  • fix memory leak in mod_status when no counters are set (found by coverity)
  • [mod_magnet] fix segfault when accessing not existing lighty.req_env[] entry (found by coverity)
  • fix segfault when temp file for upload couldn’t be created (found by coverity)
  • mime.conf: add some new mime types, remove .dat, .sha1, .md5, update .vcf
  • [mod_proxy] add unix domain socket support (fixes #2653)

Also see the changelog in git

If you want to get the latest source for any branch, you can get it from our svn repository.
Documentation to do so can be obtained from this page: DevelSubversion
Bug reports or feature requests can be filed in our ticket system: New Issue
Please make sure to check if there isn’t a ticket already here: Issues
Perhaps you also want to have a look at our download site

Thank you for flying light.