There have been some important bug fixes (request parser handling for splitted header data, a fd leak in mod_cgi, a segfault with broken configs in mod_rewrite/mod_redirect, HUP detection and an OOM/DoS vulnerability)

Downloads

• http://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.26.tar.gz
  • SHA256: 08fc11864a0ad6d2871f32e6d0b0eaeb070f78698a72959f812526173145986e
  • SHA1: c22642dc3616043293fb895b9f049b9270dbb2a0
  • MD5: 3ce5be17a4dac3c384a8a452c664b840
• http://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.26.tar.bz2
  • SHA256: d7c25a5bb08c8dbc3e8d86f9e564c90ebf0c365d7fcf5ee801e912fb3c2357fd
  • SHA1: f9710da0152792d83c223a1248345a2d145d6f32
  • MD5: a682c8efce47a2f4263a247ba0813c9b
• SHA256 checksums: http://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.26.sha256sum
• SHA1 checksums: http://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.26.sha1sum
• MD5 checksums: http://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.26.md5sum

We did some important bug fixes (some of them new since 1.4.24, and some older bugs). Only 2 small new features: traceback for lua errors and the SSL_CLIENT_* vars export for ssl client cert validation.

Downloads

• http://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.25.tar.gz
  • SHA256: 0e71cd677a2282fff0ee0248a0e70a593a75e06f8a26411ca5314d0c01debbc3
  • SHA1: 53537f0b1da35e9974e278adc7e959bb77e8dd75
  • MD5: 87e936ec272ddaba8a2fdfecd8c6b704
• http://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.25.tar.bz2
  • SHA256: 7e803089f18b179097cb33b64b37d8a3b537ce9c196c88e3fb09881b471c88ce
  • SHA1: bc4592930292ae8d0990a94a584f49fe8f52445b
  • MD5: 2027c49fb46530e45338c5e2da13c02f
• SHA256 checksums: http://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.25.sha256sum
• SHA1 checksums: http://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.25.sha1sum
• MD5 checksums: http://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.25.md5sum

Update: There is a small regression in mod_magnet, see #1307

We finally added TLS SNI, and many other small improvements. We also fixed pipelining (that should fix problem with lighty as debian mirror) and some mod_fastcgi bugs – this should result in improved handling of overloaded and crashed backends (you know which one :D).

Important changes

• Connection state handling (pipelining should work now)
• FastCGI fixes: improved disabled-time handling, fixed bug in active-backends counter.
• TLS SNI support

Downloads

• http://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.24.tar.gz
  • SHA256: d7cb514e0953a8d8a9b88b0029e5a0380ca740ae385b465bd0592023ad75a0c7
  • SHA1: f925f07b40a50ac97a595542fa8bee80c37e4ed0
  • MD5: cb2155230f5738bf56d14131874c36fe
• http://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.24.tar.bz2
  • SHA256: 6e643dc4627d742510afee67654291a5190a316f5737dfb463b158a70f24750e
  • SHA1: 7a2f53d4af25d4b0b94cb7b3900c5600dcda1b00
  • MD5: e2324a24e4a5bce74663c21c58ddd200
• SHA256 checksums: http://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.24.sha256sum
• SHA1 checksums: http://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.24.sha1sum
• MD5 checksums: http://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.24.md5sum