lighttpd (pronounced /lighty/) is a secure, fast, compliant, and very flexible web server that has been optimized for high-performance environments. lighttpd uses memory and CPU efficiently and has lower resource use than other popular web servers. Its advanced feature-set (FastCGI, CGI, Auth, Output-Compression, URL-Rewriting and much more) make lighttpd the perfect web server for all systems, small and large. lighttpd is released under the Open Source revised BSD license.

lighttpd wiki and documentation

News

1.4.64

January 19, 2022

Important changes

remove deprecated modules, bugfixes, CVE-2022-22707 (rare configs)

Downloads

lighttpd-1.4.64.tar.gz (GPG signature)
- SHA256: 71e46403fb28371a06b23ef1cceffd75285140c6f62a879c777ee5af0d248801
lighttpd-1.4.64.tar.xz (GPG signature)
- SHA256: e1489d9fa7496fbf2e071c338b593b2300d38c23f1e5967e52c9ef482e1b0e26
SHA256 checksums
SHA512 checksums

Behavior Changes

(previously announced and scheduled)

graceful restart/shutdown timeout changed from 0 (disabled) to 8 seconds
configure an alternative with:
server.feature-flags += (“server.graceful-shutdown-timeout” => 8)
build: lighttpd defaults to —with-pcre2 instead of —with-pcre
pcre2 is current. pcre is no longer maintained.
Explicitly specify —with-pcre in build to use pcre instead of pcre2.
deprecated modules (previously announced) have been removed
- mod_authn_mysql
- mod_mysql_vhost
- mod_cml
- mod_flv_streaming
- mod_geoip
- mod_trigger_b4_dl
  https://wiki.lighttpd.net/Docs_ConfigurationOptions#Deprecated
  suggests migration steps for replacements, if needed