lighttpd
IMPORTANT all 1.4.x users should upgrade to 1.4.19, all users of 1.5-svn should at least upgrade to r1922.

Lighttpd 1.4.14 released

April 13th, 2007

We are pleased to announce the release of lighttpd 1.4.14. This is mainly a bug fix release including 2 security fixes. It is recommended to upgrade or at least apply the patches.

Download

As 1.4.14 had a cookies related bug please use 1.4.15

Thanks for using lighttpd!:)

The complete list of changes

  • fix crash if gethostbyaddr() failed on redirect [1718]
  • properly handle 206 responses generated by *cgi scripts. (#755) [1716]
  • added HTTPS=on to the environment of cgi scripts (#861) [1684]
  • fix handling of 303 (#1045) [1678]
  • made the configure check for lua more portable [1677]
  • added mod_extforward module [1665]
  • references to the fam stat cache engine should be conditional (#1039) [1664]
  • fix http 500 errors (colin.stephen/at/o2.com) #1041 [1663]
  • prevent wrong pidfile unlinking on graceful restart (Chris Webb) [1656]
  • ignore empty packets from STDERR stream. #998
  • fix a crash for files with an mtime of 0 reported by cubiq on irc [1519] CVE-2007-1870
  • allow empty passwords with ldap (Jörg Sonnenberger) [1516]
  • mod_scgi.c segfault fix #964 [1501]
  • Added round-robin support to mod_fastcgi [1500]
  • Handle DragonFlyBSD the same way as Freebsd (Jörg Sonnenberger) [1492,1676]
  • added now and weeks support to mod_expire. #943
  • fix cpu hog in certain requests [1473] CVE-2007-1869
  • fix for handling hostnames with trailing dot [1406]
  • fixed header-injection via server.tag (#1106)
  • disabled caching of files without a content-type to solve the aggressive caching of FF
  • remove trailing white-spaces from HTTP-requests before parsing (#1098)
  • fixed accesslog.use-syslog in a conditional and the caching of the accesslog for files (fixes #1064)
  • fixed various crashes at startup on broken accesslog.format strings (#1000)
  • fixed handling of %% in accesslog.format
  • fixed conditional dir-listing.exclude (#930)
  • reduced default PATH_MAX to 255 (#826)
  • ECONNABORTED is not known on cygwin (#863)
  • fixed crash on url.redirect and url.rewrite if %0 is used in a global context (#800)
  • fixed possible crash in debug-message in mod_extforward
  • fixed compilation of mod_extforward on glibc < 2.3.4
  • fixed include of empty in the configfiles (#1076)
  • send SIGUSR1 to fastcgi children before SIGTERM. libfcgi wants SIGUSR1. (#737)
  • fixed missing AUTH_TYPE entry in the fastcgi environment. (#889)
  • fixed compilation in network_writev.c on MacOS X 10.3.9 (#903)
  • added kill-signal as another setting for fastcgi backends. See the wiki for more.

5 Responses to “Lighttpd 1.4.14 released”

  1. Shaun Says:
    April 17th, 2007 at 11:29 AM Thanks for the latest update. I will be running 1.4.15 on ubuntu.
  2. Wallpapers Says:
    April 18th, 2007 at 09:06 AM Hello I use version 1.5.0. Do I have to switch to 1.4.15 version ?
  3. Jerry Says:
    April 18th, 2007 at 10:24 PM Wow, as usual lighttpd is chock full of bugs and security holes. Why would anyone use this crappy webserver instead of cherokee or nginx? Maybe you shouldn't be claiming lighttpd is secure given its terrible history of really boneheaded security holes?
  4. Jerry Seinfeld Says:
    April 20th, 2007 at 11:05 AM Jerry, What kind of a pathetic loser are you? Are you aware of any "holes"? If so, report them. You obviously care about lighttpd enough to be commenting here. So do something about it, foo.
  5. İsmail Kizir Says:
    April 25th, 2007 at 09:34 PM Hi, After having upgraded to 1.4.15 from 1.4.13 as proposed by lighty developers, the CPU usage (was typically 0.1 .. 10% in 1.4.13 depending on server load) is constantly increasing every 10-20 minutes. For example, when i begun to write this comment, i typed "ps aux" three times, the result was 12.9% every time. Then 13.1% and now it is 13.3% and smoothly increasing every minute. Constantly increasing(never decreases). The server load is the same as before, i may say minimal: 4 or 5 connections per second. I have my own fastcgi application, written in C. It is the same as 1.4.13. I didn't touch it. I haven't touched to configuration either. The is something abnormal, I am sure(now, cpu usage is 13.4%). I haven't a exact proof yet, but I am sure there is something wrong on 1.4.15. I seriously think to downgrade to 1.4.13. My configuration is P4 3.0 Dual Core with Fedora 4. Did someone else encounter a similar problem? Thanks Ismail Kizir

Sorry, comments are closed for this article.