Four and a half months after the release of 1.4.20 comes a new version in the stable branch of lighty: 1.4.21 is here.
It is a bugfix release but also contains 3 small new features.
We would like to thank everybody who reported bugs, especially the ones who provided patches.

spawn-fcgi warning

We decided to remove spawn-fcgi after this release from the lighttpd source, there is now a separate project for it:
http://redmine.lighttpd.net/projects/spawn-fcgi

Important changes

  • Reverted fix for CVE-2008-4359 (too many regressions – see #1720 and r2362): do NOT use rewrite/redirect to protect specific urls!
  • Fixed a bug when server.max-connections was hit
  • SSLv2 disabled by default
  • New setting to disable returning of a 417 if “Expect: 100-continue” header is given:

    server.reject-expect-100-with-417 = “disable”
  • Settings that require numbers can now be strings too which get converted. Useful in conjunction wth env vars (thx andrewb)
  • mod_compress now supports caching through etags and last-modified
  • The annoying log entries about timeouted connections are now disabled by default and can be enabled with a new setting:

    debug.log-timeouts = “enable”
  • New $HTTP["language"] conditional (thx to petar) which allows interesting new configs like:

    $HTTP[“language”] =~ “(de|it|hr)” {
    url.redirect = ( “^/$” => “http://www.site.net/%1/” )
    }

Downloads

After two prereleases and a lot of bugfixing, we are proud to announce a new release of the 1.4 branch: 1.4.20 is finally out.
We would like to thank everybody who tested the prereleases and/or reported bugs in our ticket system.
Please pay special attention to the security announcements:

Download

  • lighttpd-1.4.20.tar.gz
    (sha1sum: 61790c02d9e96c3cb23ffd3907f1caee64c475dd
    md5sum: 7ce7eefb487682b61d9b06b41864c64a)
  • lighttpd-1.4.20.tar.bz2
    (sha1sum: e5944a40579e0f37c6a0eeb0ad751344b2d6006c
    md5sum: ed6ee0bb714f393219a32768d86984d8)

1.4.19 - Made in Germany

March 10, 2008

Long time no see.

It has been almost half a year since 1.4.18. 6months. Jan has been working on many interesting features for 1.5. [1] Currently he ports it to glib2.

But back to 1.4.19. Yes again the release date was nailed down by a few security bugs. *cough* Nevertheless we got a ton of other nice bugfixes. All praise our new lighttpd hero Stefan Bühler. Big thank you from my side. (darix)

Download

  • lighttpd-1.4.19.tar.gz
    (sha1sum: 79e2d61dd9017c3c50c0fe98b2289cae5c1255ee
    md5sum: cede410e7adee3ea14206749190a8b5d
    )
  • lighttpd-1.4.19.tar.bz2
    (sha1sum: fd4450e7faae55ebe0905114722995b0c57397cc
    md5sum: d787374e4e4aaa09d5cfa9ab9d23ad40
    )