Time for a new release: spawn-fcgi is now going its own ways in an independent project (hence the release slogan; see http://redmine.lighttpd.net/projects/spawn-fcgi), wsgi applications in / should work now (use the fastcgi/scgi option “fix-root-scriptname”) and many other fixes and improvements.
Please note that the “X-Sendfile-Range” header did not make it into 1.4.23, and we will try a more powerful approach for 1.4.24 (see #2008).

Important changes

  • Fix workaround for incorrect path info/scriptname if fastcgi prefix is “/” (fixes #729)
  • Finally removed spawn-fcgi
  • Fix bug with FastCGI request id overflow under high load; just use always id 1 as we don’t use multiplexing. (thx jgray)
  • Workaround broken operating systems: check for trailing ‘/’ in filenames (fixes #1989)


1.4.22 - Echoes

March 07, 2009

And here we are again… we had some bad regressions, so 1.4.22 was needed earlier than we expected and spawn-fcgi is still included in this release.
But spawn-fcgi 1.6.0 has been released, see http://redmine.lighttpd.net/projects/spawn-fcgi/news, so expect it to be removed soon.

Important Changes

  • Fix default vhost in mod_simple_vhost (fixes #1905)
  • Fix segfault in mod_scgi (fixes #1911)
  • Fix error handling in freebsd sendfile (fixes #1913)


Four and a half months after the release of 1.4.20 comes a new version in the stable branch of lighty: 1.4.21 is here.
It is a bugfix release but also contains 3 small new features.
We would like to thank everybody who reported bugs, especially the ones who provided patches.

spawn-fcgi warning

We decided to remove spawn-fcgi after this release from the lighttpd source, there is now a separate project for it:

Important changes

  • Reverted fix for CVE-2008-4359 (too many regressions – see #1720 and r2362): do NOT use rewrite/redirect to protect specific urls!
  • Fixed a bug when server.max-connections was hit
  • SSLv2 disabled by default
  • New setting to disable returning of a 417 if “Expect: 100-continue” header is given:

    server.reject-expect-100-with-417 = “disable”
  • Settings that require numbers can now be strings too which get converted. Useful in conjunction wth env vars (thx andrewb)
  • mod_compress now supports caching through etags and last-modified
  • The annoying log entries about timeouted connections are now disabled by default and can be enabled with a new setting:

    debug.log-timeouts = “enable”
  • New $HTTP["language"] conditional (thx to petar) which allows interesting new configs like:

    $HTTP[“language”] =~ “(de|it|hr)” {
    url.redirect = ( “^/$” => “http://www.site.net/%1/” )