lighttpd 1.4.28 released
Just in case you didn’t see the announcement on the main page: click
Please head over there for more information and comments.
If you want to get the latest source for any branch, you can get it from our svn repository.
Documentation to do so can be obtained from this page:
http://redmine.lighttpd.net/projects/lighttpd/wiki/DevelSubversion
Bug reports or feature requests can be filed in our ticket system:
http://redmine.lighttpd.net/projects/lighttpd/issues/new
Please make sure to check if there isn’t a ticket already here:
http://redmine.lighttpd.net/projects/lighttpd/issues
Thank you for flying light.
lighttpd 1.4.27 released
Just in case you didn’t see the announcement on the main page: click
Please head over there for more information.
If you want to get the latest source for any branch, you can get it from our svn repository.
Documentation to do so can be obtained from this page:
http://redmine.lighttpd.net/projects/lighttpd/wiki/DevelSubversion
Bug reports or feature requests can be filed in our ticket system:
http://redmine.lighttpd.net/projects/lighttpd/issues/new
Please make sure to check if there isn’t a ticket already here:
http://redmine.lighttpd.net/projects/lighttpd/issues
Thank you for flying light.
PRE-RELEASE: lighttpd 1.4.27rc2-r2758 2
We would like to draw your attention to the latest pre-release of the stable 1.4 branch of lighttpd.
You can get the pre-release from these urls:
http://download.lighttpd.net/lighttpd/snapshots-1.4.x/lighttpd-1.4.27rc2-r2758.tar.gz
http://download.lighttpd.net/lighttpd/snapshots-1.4.x/lighttpd-1.4.27rc2-r2758.tar.bz2
SHA1 checksums:
http://download.lighttpd.net/lighttpd/snapshots-1.4.x/lighttpd-1.4.27rc2-r2758.sha1sum
Please test it as much as possible and provide us with feedback.
A lot of testing ensures a good release.
New changes since rc1:
We fixed a race condition with mod_cgi responses; and a similar problem in mod_proxy (forward response as soon at it is available).
There is a new fdevent handler “libev”; “linux-rtsig” got removed. The “libev” handler should support solaris ports, so it might be especially interesting on solaris.
And the last commit changes a small bit how we handle IPv6; we now disable the “dual-stack” IPv6 sockets in almost all cases, see IPv6-Config for details.
Changes already in rc1:
The most important change is the SSL_CTX_set_options fix, as lighttpd doesn’t start without it if you use a recent ssl library; most distributions included it with 1.4.26 for a while now.
We hope to have fixed some problems with mod_proxy and we really hope TLS SNI works now, and lighty doesn’t use the wrong certs anymore; it would be nice if you could test this :)
We fixed a segfault in mod_compress; if you disable etags, mod_compress won’t try to cache on disk anymore (and doesn’t set etag).
If no showstoppers are encountered, there will be a final release soon.
Changelog since 1.4.26:
- Fix handling return value of SSL_CTX_set_options (fixes #2157, thx mlcreech)
- Fix mod_proxy HUP handling (send final chunk, fix usage counter)
- mod_proxy: close connection on write error (fixes #2114)
- Check uri instead of physical path for directory redirect
- Fix detecting git repository (fixes #2173, thx ncopa)
- [mod_compress] Fix segfault when etags are disabled (fixes #2169)
- Reset uri.authority before TLS servername handling, reset all “keep-alive” data in connection_del (fixes #2125)
- Print double quotes properly when dumping config file (fixes #1806)
- Include IP addresses on error log on password failures (fixes #2191)
- Fix stalls while reading from ssl sockets (fixes #2197)
- Fix etag formatting on boxes with 32-bit longs
- Fix two compiler warnings
- mod_accesslog: fix %p for ipv6 sockets (fixes #2228, thx jo.henke)
- mod_fastcgi: Send 502 “Bad Gateway” if we couldn’t open the file for X-Sendfile (fixes #2226)
- mod_staticfile: add debug output if we ignore a file with static-file.exclude-extensions (fixes #2215)
- mod_cgi: fix race condition leaving response not forwarded to client (fixes #2217)
- mod_accesslog: Fix var declarations mixed in source (fixes #2233)
- mod_status: Add version to status page (fixes #2219)
- mod_accesslog: optimize accesslog_append_escaped (fixes #2236, thx crypt)
- autotools: don’t recreate parser files with lemon after lemon rebuild
- openssl: silence annoying error messages for errno==0 (fixes #2213)
- array.c: improve array_get_unused_element to check data type; fix mem leak if unused_element didn’t find a matching entry (fixes #2145)
- add check to stop loading plugins twice
- cleanup fdevent code, removed linux-rtsig handler, replaced some fprintf calls
- only require FDEVENT_IN bit to be set for listening connections (fixes #2227)
- add libev fdevent handler: server.event-handler = “libev”
- mod_proxy: return response as soon as it is available (fixes #2196)
- don’t overwrite global server.force-lowercase-filenames setting (fixes #2042)
- bind to IPV6-only if ipv6 address was specified (IPv6-Config)
If you want to get the latest source for any branch, you can get it from our svn repository.
Documentation to do so can be obtained from this page:
http://redmine.lighttpd.net/projects/lighttpd/wiki/DevelSubversion
Bug reports or feature requests can be filed in our ticket system:
http://redmine.lighttpd.net/projects/lighttpd/issues/new
Please make sure to check if there isn’t a ticket already here:
http://redmine.lighttpd.net/projects/lighttpd/issues
Perhaps you also want to have a look at our download site
Thank you for flying light.
PRE-RELEASE: lighttpd 1.4.27rc1-r2724 3
We would like to draw your attention to the latest pre-release of the stable 1.4 branch of lighttpd.
You can get the pre-release from these urls:
http://download.lighttpd.net/lighttpd/snapshots-1.4.x/lighttpd-1.4.27rc1-r2724.tar.gz
http://download.lighttpd.net/lighttpd/snapshots-1.4.x/lighttpd-1.4.27rc1-r2724.tar.bz2
SHA1 checksums:
http://download.lighttpd.net/lighttpd/snapshots-1.4.x/lighttpd-1.4.27rc1-r2724.sha1sum
Please test it as much as possible and provide us with feedback.
A lot of testing ensures a good release.
The most important change is the SSL_CTX_set_options fix, as lighttpd doesn’t start without it if you use a recent ssl library; most distributions included it with 1.4.26 for a while now.
We hope to have fixed some problems with mod_proxy and we really hope TLS SNI works now, and lighty doesn’t use the wrong certs anymore; it would be nice if you could test this :)
We fixed a segfault in mod_compress; if you disable etags, mod_compress won’t try to cache on disk anymore (and doesn’t set etag).
If no showstoppers are encountered, there will be a final release soon.
Changelog since 1.4.26:
- Fix handling return value of SSL_CTX_set_options (fixes #2157, thx mlcreech)
- Fix mod_proxy HUP handling (send final chunk, fix usage counter)
- mod_proxy: close connection on write error (fixes #2114)
- Check uri instead of physical path for directory redirect
- Fix detecting git repository (fixes #2173, thx ncopa)
- [mod_compress] Fix segfault when etags are disabled (fixes #2169)
- Reset uri.authority before TLS servername handling, reset all “keep-alive” data in connection_del (fixes #2125)
If you want to get the latest source for any branch, you can get it from our svn repository.
Documentation to do so can be obtained from this page:
http://redmine.lighttpd.net/projects/lighttpd/wiki/DevelSubversion
Bug reports or feature requests can be filed in our ticket system:
http://redmine.lighttpd.net/projects/lighttpd/issues/new
Please make sure to check if there isn’t a ticket already here:
http://redmine.lighttpd.net/projects/lighttpd/issues
Perhaps you also want to have a look at our new download site
Thank you for flying light.
lighttpd 1.4.26 released
Just in case you didn’t see the announcement on the main page: click
Please head over there for more information.
If you want to get the latest source for any branch, you can get it from our svn repository.
Documentation to do so can be obtained from this page:
http://redmine.lighttpd.net/projects/lighttpd/wiki/DevelSubversion
Bug reports or feature requests can be filed in our ticket system:
http://redmine.lighttpd.net/projects/lighttpd/issues/new
Please make sure to check if there isn’t a ticket already here:
http://redmine.lighttpd.net/projects/lighttpd/issues
Thank you for flying light.
PRE-RELEASE: lighttpd 1.4.26rc1-r2710
We would like to draw your attention to the latest pre-release of the stable 1.4 branch of lighttpd.
You can get the pre-release from these urls:
http://download.lighttpd.net/lighttpd/snapshots-1.4.x/lighttpd-1.4.26rc1-r2710.tar.gz
http://download.lighttpd.net/lighttpd/snapshots-1.4.x/lighttpd-1.4.26rc1-r2710.tar.bz2
SHA1 checksums:
http://download.lighttpd.net/lighttpd/snapshots-1.4.x/lighttpd-1.4.26rc1-r2710.sha1sum
Please test it as much as possible and provide us with feedback.
A lot of testing ensures a good release.
There have been some important bug fixes (request parser handling for splitted header data, a fd leak in mod_cgi, a segfault with broken configs in mod_rewrite/mod_redirect and of course the latest security issue with an OOM vulnerability)
If no showstoppers are encountered, there will be a final release soon.
PS: As it is often asked in the comments: We don’t plan to release 1.5, as we are working on 2.0; we can’t support too many different versions, so while we are still trying to keep 1.5 working, our main efforts will be keeping 1.4 stable and working on 2.0 for now.
Changelog since 1.4.25:
- Fix request parser to handle packets with splitted \r\n\r\n (fixes #2105)
- Remove dependency on automake >= 1.11 with m4_ifdef check
- mod_accesslog: support %e (fixes #2113, thx presbrey)
- Fix mod_cgi cgi.execute-x-only option in global block
- mod_fastcgi: x-sendfile2 parse error debugging
- Fix mod_proxy dead host detection if connect() fails
- Fix fd leaks in mod_cgi (fds not closed on pipe/fork failures, found by Rodrigo, fixes #2158, #2159)
- Fix segfault with broken rewrite/redirect patterns (fixes #2140, found by crypt)
- Append to previous buffer in con read, fix DoS/OOM vulnerability (fixes #2147, found by liming, CVE-2010-0295)
If you want to get the latest source for any branch, you can get it from our svn repository.
Documentation to do so can be obtained from this page:
http://redmine.lighttpd.net/projects/lighttpd/wiki/DevelSubversion
Bug reports or feature requests can be filed in our ticket system:
http://redmine.lighttpd.net/projects/lighttpd/issues/new
Please make sure to check if there isn’t a ticket already here:
http://redmine.lighttpd.net/projects/lighttpd/issues
Perhaps you also want to have a look at our new download site
Thank you for flying light.
lighttpd 1.4.25 released 3
Just in case you didn’t see the announcement on the main page: click
Please head over there for more information.
We also started a public directory listing with all the releases, snapshots and security announcements of our projects under http://download.lighttpd.net
If you want to get the latest source for any branch, you can get it from our svn repository.
Documentation to do so can be obtained from this page:
http://redmine.lighttpd.net/projects/lighttpd/wiki/DevelSubversion
Bug reports or feature requests can be filed in our ticket system:
http://redmine.lighttpd.net/projects/lighttpd/issues/new
Please make sure to check if there isn’t a ticket already here:
http://redmine.lighttpd.net/projects/lighttpd/issues
Thank you for flying light.
PRE-RELEASE: lighttpd 1.4.25rc1-r2692 6
We would like to draw your attention to the latest pre-release of the stable 1.4 branch of lighttpd.
You can get the pre-release from these urls:
http://www.lighttpd.net/download/lighttpd-1.4.25rc1-r2692.tar.gz
http://www.lighttpd.net/download/lighttpd-1.4.25rc1-r2692.tar.bz2
SHA1 checksums:
http://www.lighttpd.net/download/lighttpd-1.4.25rc1-r2692.sha1sum
Please test it as much as possible and provide us with feedback.
A lot of testing ensures a good release.
We did some important bug fixes (some of them new since 1.4.24, and some older bugs). Only 2 small new features: traceback for lua errors and the SSL_CLIENT_* vars export for ssl client cert validation.
If no showstoppers are encountered, there will be a final release soon.
Changelog since 1.4.24:
- mod_magnet: fix pairs() for normal tables and strings (fixes #1307)
- mod_magnet: add traceback for printing lua errors
- mod_rewrite: fix compile error if compiled without pcre
- disable warning “CLOSE-read” (fixes #2091)
- mod_rrdtool: fix creating file if it doesn’t exist (#1788)
- reset tlsext_server_name in connection_reset – fixes random hostnames in the $HTTP[“host”] conditional
- export some SSL_CLIENT_* vars for client cert validation (fixes #1288, thx presbrey)
- mod_fastcgi: fix mod_fastcgi packet parsing
- mod_fastcgi: Don’t reconnect after connect() succeeded (fixes #2096)
If you want to get the latest source for any branch, you can get it from our svn repository.
Documentation to do so can be obtained from this page:
http://redmine.lighttpd.net/projects/lighttpd/wiki/DevelSubversion
Bug reports or feature requests can be filed in our ticket system:
http://redmine.lighttpd.net/projects/lighttpd/issues/new
Please make sure to check if there isn’t a ticket already here:
http://redmine.lighttpd.net/projects/lighttpd/issues
Thank you for flying light.
lighttpd 1.4.24 released 3
Just in case you didn’t see the announcement on the main page: click
Please head over there for more information.
If you want to get the latest source for any branch, you can get it from our svn repository.
Documentation to do so can be obtained from this page:
http://redmine.lighttpd.net/projects/lighttpd/wiki/DevelSubversion
Bug reports or feature requests can be filed in our ticket system:
http://redmine.lighttpd.net/projects/lighttpd/issues/new
Please make sure to check if there isn’t a ticket already here:
http://redmine.lighttpd.net/projects/lighttpd/issues
Thank you for flying light.
PRE-RELEASE: lighttpd 1.4.24rc2-r2668 2
We would like to draw your attention to the latest pre-release of the stable 1.4 branch of lighttpd.
You can get the pre-release from these urls:
http://www.lighttpd.net/download/lighttpd-1.4.24rc2-r2668.tar.gz
http://www.lighttpd.net/download/lighttpd-1.4.24rc2-r2668.tar.bz2
SHA1 checksums:
http://www.lighttpd.net/download/lighttpd-1.4.24rc2-r2668.sha1sum
Please test it as much as possible and provide us with feedback.
A lot of testing ensures a good release.
Since rc1 we fixed another fastcgi bug, escape accesslog data and fixed a crash in webdav (which got introduced in rc1)
Already in rc1: We have made many changes, especially regarding the core of our connection state machine (hopefully fixing the lingering socket close, which should fix pipelining), and the FastCGI internals (it should recover from crashing FastCGI applications)
There are two new features for SSL too: TLS SNI and client certificate validation.
If no showstoppers are encountered, there will be a final release soon.
Changelog since 1.4.23:
- Add T_CONFIG_INT for bigger integers from the config (needed for #1966)
- Use unsigned int (and T_CONFIG_INT) for max_request_size
- Use unsigned int for secdownload.timeout (fixes #1966)
- Keep url/host values from connection to display information while keep-alive in mod_status (fixes #1202 /issues/show/1202)
- Add server.breakagelog, a “special” stderr (fixes #1863)
- Fix config evaluation for debug.log-timeouts option (#1529)
- Add “cgi.execute-x-only” to mod_cgi, requires +x for cgi scripts (fixes #2013)
- Fix FD_SETSIZE comparision warnings
- Add “lua-5.1” to searched pkg-config names for lua
- Fix unused function webdav_lockdiscovery in mod_webdav
- cmake: Fix crypt lib check
- cmake: Add -export-dynamic to link flags, fixes build on FreeBSD
- Set FD_CLOEXEC for bound sockets before pipe-logger forks (fixes #2026)
- Reset ignored signals to SIG_DFL before exec() in fastcgi/scgi (fixes #2029)
- Show “no uri specified -> 400” error only when “debug.log-request-header-on-error” is enabled (fixes #2030)
- Fix hanging connection in mod_scgi (fixes #2024)
- Allow digits in hostnames in more places (fixes #1148)
- Use connection_reset instead of handle_request_done for cleanup callbacks
- Change mod_expire to append Cache-Control instead of overwriting it (fixes #1997)
- Allow all comparisons for $SERVER[“socket”] – only bind for ”==”
- Remove strptime failed message (fixes #2031)
- Fix issues found with clang analyzer
- Try to fix server.tag issue with localized svnversion
- Fix handling network-write return values (#2024)
- Use disable-time in fastcgi for all disables after errors, default is 1sec (fixes #2040)
- Remove adaptive spawning code from fastcgi (was disabled for a long time)
- Allow mod_mysql_vhost to use stored procedures (fixes #2011, thx Ben Brown)
- Fix ipv6 in mod_proxy (fixes #2043)
- Print errors from include_shell to stderr
- Set tm.tm_isdst = 0 before mktime() (fixes #2047)
- Use linux-epoll by default if available (fixes #2021, thx Olaf van der Spek)
- Print an error if you use too many captures in a regex pattern (fixes #2059)
- Combine Cache-Control header value in mod_expire to existing HTTP header if header already added by other modules (fixes #2068)
- Remember keep-alive-idle in separate variable (fixes #1988)
- Fix header inclusion order, always include “config.h” before any system header
- mod_webdav: Patch to skip login information for domain part of Destination field (fixes #1793)
- mod_webdav: Delete old properties before updating new for MOVE (fixes #1317)
- Read hostname from absolute uris in the request line (fixes #1937)
- mod_fastcgi: don’t disable backend if disable-time is 0 (fixes #1825)
- mod_compress: match partial+full content-type (fixes #1552)
- mod_fastcgi: fix is_local detection, respawn backends if bin-path is set (fixes #897)
- Fix linger-on-close behaviour to avoid rare failure conditions (was r2636, fixes #657)
- mod_fastcgi: restart local procs immediately after they terminated, fix local procs handling
- Fix segfault on invalid config “duplicate else conditions” (fixes #2065)
- mod_usertrack: Use T_CONFIG_INT for max-age, solves range problem (#1455)
- mod_accesslog: configurable timestamp logging (fixes #1479)
- always define _GNU_SOURCE
- Add some iterators for mod_magnet (fixes #1307)
- Fix close_timeout_ts trigger (should finally fix lingering close)
- mod_rewrite: add url.rewrite-[repeat-]if-not-file to rewrite if file doesn’t exist or is not a regular file (fixes #985, thx lucas aerbeydt)
- Add TLS servername indication (SNI) support (fixes #386, thx Peter Colberg
- Add SSL Client Certificate verification (#1288)
- mod_fastcgi: Fix host->active_procs counter, return 503 if connect wasn’t successful after 5 tries (fixes #1825)
- mod_accesslog: escape special characters (fixes #1551, thx icy)
- fix mod_webdav crash from #1793 (fixes #2084, thx hiroya)
- Don’t print ssl error if client didn’t support TLS SNI
If you want to get the latest source for any branch, you can get it from our svn repository.
Documentation to do so can be obtained from this page:
http://redmine.lighttpd.net/projects/lighttpd/wiki/DevelSubversion
Bug reports or feature requests can be filed in our ticket system:
http://redmine.lighttpd.net/projects/lighttpd/issues/new
Please make sure to check if there isn’t a ticket already here:
http://redmine.lighttpd.net/projects/lighttpd/issues
Thank you for flying light.
Older posts: 1 2