1.4.22 - Echoes

March 07, 2009

And here we are again… we had some bad regressions, so 1.4.22 was needed earlier than we expected and spawn-fcgi is still included in this release.
But spawn-fcgi 1.6.0 has been released, see http://redmine.lighttpd.net/projects/spawn-fcgi/news, so expect it to be removed soon.

Important Changes

  • Fix default vhost in mod_simple_vhost (fixes #1905)
  • Fix segfault in mod_scgi (fixes #1911)
  • Fix error handling in freebsd sendfile (fixes #1913)

Downloads

Four and a half months after the release of 1.4.20 comes a new version in the stable branch of lighty: 1.4.21 is here.
It is a bugfix release but also contains 3 small new features.
We would like to thank everybody who reported bugs, especially the ones who provided patches.

spawn-fcgi warning

We decided to remove spawn-fcgi after this release from the lighttpd source, there is now a separate project for it:
http://redmine.lighttpd.net/projects/spawn-fcgi

Important changes

  • Reverted fix for CVE-2008-4359 (too many regressions – see #1720 and r2362): do NOT use rewrite/redirect to protect specific urls!
  • Fixed a bug when server.max-connections was hit
  • SSLv2 disabled by default
  • New setting to disable returning of a 417 if “Expect: 100-continue” header is given:

    server.reject-expect-100-with-417 = “disable”
  • Settings that require numbers can now be strings too which get converted. Useful in conjunction wth env vars (thx andrewb)
  • mod_compress now supports caching through etags and last-modified
  • The annoying log entries about timeouted connections are now disabled by default and can be enabled with a new setting:

    debug.log-timeouts = “enable”
  • New $HTTP["language"] conditional (thx to petar) which allows interesting new configs like:

    $HTTP[“language”] =~ “(de|it|hr)” {
    url.redirect = ( “^/$” => “http://www.site.net/%1/” )
    }

Downloads

After two prereleases and a lot of bugfixing, we are proud to announce a new release of the 1.4 branch: 1.4.20 is finally out.
We would like to thank everybody who tested the prereleases and/or reported bugs in our ticket system.
Please pay special attention to the security announcements:

Download

  • lighttpd-1.4.20.tar.gz
    (sha1sum: 61790c02d9e96c3cb23ffd3907f1caee64c475dd
    md5sum: 7ce7eefb487682b61d9b06b41864c64a)
  • lighttpd-1.4.20.tar.bz2
    (sha1sum: e5944a40579e0f37c6a0eeb0ad751344b2d6006c
    md5sum: ed6ee0bb714f393219a32768d86984d8)