Security, speed, compliance, and flexibility -- all of these describe lighttpd (pron. lighty) which is rapidly redefining efficiency of a webserver; as it is designed and optimized for high performance environments. With a small memory footprint compared to other web-servers, effective management of the cpu-load, and advanced feature set (FastCGI, SCGI, Auth, Output-Compression, URL-Rewriting and many more) lighttpd is the perfect solution for every server that is suffering load problems. And best of all it's Open Source licensed under the revised BSD license.

Web 2.0

lighttpd powers several popular Web 2.0 sites. Its high speed io-infrastructure allows them to scale several times better with the same hardware than with alternative web-servers.

This fast web server and its development team create a web-server with the needs of the future web in mind:

Its event-driven architecture is optimized for a large number of parallel connections (keep-alive) which is important for high performance AJAX applications.

News

1.4.35

March 12, 2014

Important changes

This release contains a lot of bug fixes, many detected by scan.coverity.com (and more to come). The main reason for the release is a fix for an SQL injection (and path traversal) bug triggered by specially crafted (and invalid) Host: headers.

Security fixes

lighttpd SA-2014-01 (CVE-2014-2323, CVE-2014-2324)

Downloads

lighttpd-1.4.35.tar.gz (GPG signature)
- SHA256: 62c23de053fd82e1bf64f204cb6c6e44ba3c16c01ff1e09da680d982802ef1cc
lighttpd-1.4.35.tar.bz2 (GPG signature)
- SHA256: 4a71c1f6d8af41ed894b507720c4c17184dc320590013881d5170ca7f15c5bf7
lighttpd-1.4.35.tar.xz (GPG signature)
- SHA256: 113e9b72ccbd1da5deb0774bf93cf0ca15dc82aad2da0f04e5ab27d37d3f30a3
SHA256 checksums