IMPORTANT all 1.4.x users should upgrade to 1.4.19, all users of 1.5-svn should at least upgrade to r1922.
1.4.18 - speeding up a bit
September 9th, 2007
"Release early, release often."
So here we are again. The previous release is already 12 days old! It already got grey hair.
And again we have a small security bug! It seems, if you get the more popular, more people are looking at your code. This time Mattias Bengtsson and Philip Olausson from secweb.se took a look at the code. They found a small bug that could lead to remote code execution in fastcgi applications. (We wont mention names here.)
Download
-
lighttpd-1.4.18.tar.gz
(sha1sum: 30eb24cdfcfeadf10fa16f187330bdc5deb25ed2)
md5sum: 5db3204d57436a032f899ff9dbce793f -
lighttpd-1.4.18.tar.bz2
(sha1sum: a53a8f8ae8d42d036f0b5129764b822e943cc778)
md5sum: 26f98dddf9d8c0775221b800986003ee
Changes
- fixed compile error on IRIX 6.5.x on prctl() (#1333)
- fixed forwarding a SIGINT and SIGHUP when using max-workers (#902)
- fixed FastCGI header overrun in mod_fastcgi (reported by mattias@secweb.se)
- fixed hanging redirects with keep-alive due to missing "Content-Length: 0" headers
- fixed crashing when using undefined environment variables in the config
- fixed compilation of mod_mysql_vhost on irix (#1341)
For all the packagers: if you wonder what happened to lighttpd 2007-SA:11 and lighttpd 2007-SA:10, they will be released in the next days.
15 Responses to “1.4.18 - speeding up a bit”
Sorry, comments are closed for this article.
September 9th, 2007 at 11:05 PM Thanxxxxxxxxxxxxxxxxxxxxx
September 9th, 2007 at 11:22 PM great work, fast update. thanks for a better web server than apache and perhaps others !
September 10th, 2007 at 12:30 AM I built Lighttpd 1.4.18 RPMs and SRPMs for RedHat Enterprise Linux / CentOS 4 & 5 and Fedora 7, if anyone is interested: https://www.kevinworthington.com/index.php/2007/09/09/lighttpd-1418-rpms-and-srpms-for-rhelcentos-45-and-fedora-7/
September 10th, 2007 at 02:03 AM "Release early, release often." 1.5 sitting in her cradle for so long time. :)
September 10th, 2007 at 06:54 PM Can someone explain to me what is $PREFIX/sbin/lighttpd-angel supposed to do? Sounds neat but no mention about it in changelog, news readme, whatever...
September 11th, 2007 at 09:31 PM Argh... not so "small" bug but quite dangerous one.Thanks for fast fix!
September 12th, 2007 at 11:31 AM When can I see the new releases of ighttpd 2007-SA:11 and lighttpd 2007-SA:10? A few days have already come over. Thanks
September 12th, 2007 at 06:18 PM SA:10 and SA:11 were fixed in 1.4.17. so we just didnt publish the SA's in time.
September 15th, 2007 at 04:18 PM Thanks for lighttpd, I like it very much :) Expecting it be more stable and robust!
September 15th, 2007 at 07:50 PM Hey, i built packages for debian here they are: For i386: http://benle.de/debian/lighttpd_1.4.18_i386.deb For AMD64: http://benle.de/debian/lighttpd_1.4.18_amd64.deb Have fun with them! lighty rocks! beanie
September 18th, 2007 at 05:00 PM On my NAS (WD Mybook World Edition) lighttpd is installed by default. I have tried to upgrade to 1.4.18 and the compilation went ok. However when I try to start I get: /usr/local/sbin/lighttpd -f /etc/lighttpd/lighttpd.conf 2007-09-18 13:49:27: (plugin.c.165) dlopen() failed for: /usr/local/lib/mod_indexfile, mod_auth, mod_auth.so File not found 2007-09-18 13:49:27: (server.c.621) loading plugins finally failed What went wrong and what can I do ? Best wishes Johan, Sweden
September 24th, 2007 at 05:02 PM Thanks for this Update! it works fine!
September 28th, 2007 at 12:42 PM johan, can you join #lighttpd on chat.freenode.net? that is better suited for debugging than blog comments. :)
September 29th, 2007 at 07:04 PM lighttpd-1.4.18 i386 Debian Packages incl. separate mod packages: http://c.64x.org/packages/lighttpd/1.6.18/
October 4th, 2007 at 05:40 PM Well... 1.4.18 - cool! But ... what about windoze??? I hate it but I need it! Thanks in advance...