August 30, 2015

In good tradition every (second) release is followed by another one to fix the regressions. Sorry…
So this release contains mostly regression fixes for 1.4.36 and other bug fixes.

Important changes

1.4.37 contains some regression fixes for 1.4.36, and cmake, scons and FreeBSD (and maybe other BSDs) related fixes. Static builds (for now scons only) have been improved. mmap handling in mod_cgi was improved, also the network mmap backend now handles SIGBUS (SIGBUS is triggered if a file gets smaller while reading; there are still some other places this can happen).

The internal API changed again, so please be careful with 3rd party plugins.

The test suite on our jenkins instance is now also run for scons (including static and fullstatic builds) and FreeBSD, hopefully preventing the kind of regressions especially FreeBSD had with 1.4.36 in future releases.



July 26, 2015

This release contains mostly bug fixes.

Important changes

  • [ssl] disable SSL3.0 by default
  • escape all strings for logging
  • fix segfault when temp file for upload couldn’t be created (found by coverity)
  • changes to the internal API for buffers, chunks and more; 3rd party plugins are likely to break



March 12, 2014

Important changes

This release contains a lot of bug fixes, many detected by scan.coverity.com (and more to come). The main reason for the release is a fix for an SQL injection (and path traversal) bug triggered by specially crafted (and invalid) Host: headers.

Security fixes