Looks like we have a disk failure in our RAID. The replacement of the disk is scheduled for 14:30 CET today. Downtime should be minimal.

In case you havn't noticed: lighttpd.net moved to a new home. After several years running on sponsored hardware, we now run on our "own" server. Now including IPv6. The transition went very smoothly thanks to the wonderful team. If you notice some issues, please ping us on IRC. BTW, all your donations get used to keep the domain and server running. Thanks to all that make this possible. *hint* More support is always welcome.

Just in case you didn’t see the announcement on the main page: click

Please head over there for more information.

We would like to draw your attention to the latest pre-release of the stable 1.4 branch of lighttpd.

You can get the pre-release from these urls:
download.lighttpd.net/lighttpd/snapshots-1.4.x/lighttpd-1.4.26rc1-r2710.tar.gz
download.lighttpd.net/lighttpd/snapshots-1.4.x/lighttpd-1.4.26rc1-r2710.tar.bz2
SHA1 checksums:
download.lighttpd.net/lighttpd/snapshots-1.4.x/lighttpd-1.4.26rc1-r2710.sha1sum

Please test it as much as possible and provide us with feedback.
A lot of testing ensures a good release.

There have been some important bug fixes (request parser handling for splitted header data, a fd leak in mod_cgi, a segfault with broken configs in mod_rewrite/mod_redirect and of course the latest security issue with an OOM vulnerability)

If no showstoppers are encountered, there will be a final release soon.

PS: As it is often asked in the comments: We don’t plan to release 1.5, as we are working on 2.0; we can’t support too many different versions, so while we are still trying to keep 1.5 working, our main efforts will be keeping 1.4 stable and working on 2.0 for now.

Just in case you didn’t see the announcement on the main page: click

Please head over there for more information.

We also started a public directory listing with all the releases, snapshots and security announcements of our projects under download.lighttpd.net

We would like to draw your attention to the latest pre-release of the stable 1.4 branch of lighttpd.

You can get the pre-release from these urls:
www.lighttpd.net/download/lighttpd-1.4.25rc1-r2692.tar.gz
www.lighttpd.net/download/lighttpd-1.4.25rc1-r2692.tar.bz2
SHA1 checksums:
www.lighttpd.net/download/lighttpd-1.4.25rc1-r2692.sha1sum

Please test it as much as possible and provide us with feedback.
A lot of testing ensures a good release.

We did some important bug fixes (some of them new since 1.4.24, and some older bugs). Only 2 small new features: traceback for lua errors and the SSL_CLIENT_* vars export for ssl client cert validation.

If no showstoppers are encountered, there will be a final release soon.

Just in case you didn’t see the announcement on the main page: click

Please head over there for more information.

We would like to draw your attention to the latest pre-release of the stable 1.4 branch of lighttpd.

You can get the pre-release from these urls:
www.lighttpd.net/download/lighttpd-1.4.24rc2-r2668.tar.gz
www.lighttpd.net/download/lighttpd-1.4.24rc2-r2668.tar.bz2
SHA1 checksums:
www.lighttpd.net/download/lighttpd-1.4.24rc2-r2668.sha1sum

Please test it as much as possible and provide us with feedback.
A lot of testing ensures a good release.

Since rc1 we fixed another fastcgi bug, escape accesslog data and fixed a crash in webdav (which got introduced in rc1)

Already in rc1: We have made many changes, especially regarding the core of our connection state machine (hopefully fixing the lingering socket close, which should fix pipelining), and the FastCGI internals (it should recover from crashing FastCGI applications)

There are two new features for SSL too: TLS SNI and client certificate validation.

If no showstoppers are encountered, there will be a final release soon.

We would like to draw your attention to the latest pre-release of the stable 1.4 branch of lighttpd.

You can get the pre-release from these urls:
www.lighttpd.net/download/lighttpd-1.4.24rc1-r2656.tar.gz
www.lighttpd.net/download/lighttpd-1.4.24rc1-r2656.tar.bz2
SHA1 checksums:
www.lighttpd.net/download/lighttpd-1.4.24rc1-r2656.sha1sum

Please test it as much as possible and provide us with feedback.
A lot of testing ensures a good release.

We have made many changes, especially regarding the core of our connection state machine (hopefully fixing the lingering socket close, which should fix pipelining), and the FastCGI internals (it should recover from crashing FastCGI applications)

There are two new features for SSL too: TLS SNI and client certificate validation.

If no showstoppers are encountered, there will be a final release soon.

Just in case you didn’t see the announcement here

Please head over there for more information.