Important changes

• hardened systemd lighttpd.service
• bug fix for mod_openssl using both ECDSA and RSA certs

BEHAVIOR CHANGES

• lighttpd-provided hardened systemd lighttpd.service may need admin-overrides on non-typical systems (less popular distros) using lighttpd-provided systemd lighttpd.service and which also run lighttpd as root, or run CGI scripts as root, to manage the system. To create overrides, systemctl edit lighttpd and edit /etc/systemd/system/lighttpd.service.d/override.conf . In contrast, many popular distros configure lighttpd to drop privileges from root and to run as an unprivileged user, e.g. ‘lighttpd’ or ‘www-data’. These systems are unlikely to be affected by the hardened and more secure systemd lighttpd.service configuration.

Downloads

• lighttpd-1.4.79.tar.gz (GPG signature)
  • SHA256: 72a625243de607802b74bd6ae243716cb65757aba8e74a40321cbd74cf12c9c8
• lighttpd-1.4.79.tar.xz (GPG signature)
  • SHA256: 3b29a625b3ad88702d1fea4f5f42bb7d87488f2e4efc977d7f185329ca6084bd
• SHA256 checksums
• SHA512 checksums

  Changes from 1.4.78

• [ci] update deps pkg names for lighttpd on Cygwin
• [ci] MSYS detection kludge in tests/LightyTest.pm
• [autotools] spelling Couldn’t => Could not
• [mod_openssl] revert SSL_CTX default cert assign
• [mod_openssl] spelling in comment
• [TLS] issue trace if unable to check/refresh cert
• [ci] Cygwin Invoke-WebRequest -MaximumRetryCount 3
• [ci] Cygwin prefer D:\ drive
• [ci] Cygwin remove redundant call to setup.exe
• [core] set server.max-fds = 4096 if not specified
• [core] clear Linux ambient capabilities, if any
• [core] rename remove_pid_file() -> server_pid_file_remove()
• [core] retry pidfile open on Linux
• [doc] systemd lighttpd.service hardening
• [doc] move TLS config to separate file tls.conf
• [doc] systemd lighttpd.service hardening addition
• [doc] systemd lighttpd*.socket activation examples
• [core] default listen() backlog to SOMAXCONN
• [ci] fix meson build execution selection