Skip to content

releases

1.4.16 - Let’s ship it

We all could use some refreshment in this hot summer. So how about a fresh and shiny new lighttpd release? Sadly the main reasons are again a few security fixes. (Bad developers, bad!) But we broke it, we fix it. On the other hand we squeezed in a new cool feature aswell. The E-Tag generation is now configurable. So if your files are on a NFS cluster you can now e.g. disable the inode number usage for the E-Tag.

Teh bugz!!!

header parsing bug
Lighttpd SA 2007:03\ (patch: lighttpd-1.4.x_duplicated_headers_with_folding_crash.patch)
various mod_auth bugs
Lighttpd SA 2007:04\ Lighttpd SA 2007:05\ Lighttpd SA 2007:06\ Lighttpd SA 2007:07\ (patch: lighttpd-1.4.x_mod_auth_sec.patch)
mod_access bug
Lighttpd SA 2007:08\ (patch: lighttpd-1.4.x_mod_access_bypass.patch)
mod_fastcgi local DOS bug
Lighttpd SA 2007:09 (patch: lighttpd-1.4.x_mod_fastcgi_local_dos.patch)

The reader might wonder now why we delayed the release that long. We actually tried to get CVE numbers for all the bugs, to avoid confusion later. But so far we did not succeed in receiving them. As the bugs got publically announced now, we are forced to release.

External references

Download

  • lighttpd-1.4.16.tar.gz\ (sha1sum: b160cece6c0dd15746d10957d28ba02b2e9e77ce\ md5sum: 04988067026e93ccb46e19fa8c17ae97)
  • lighttpd-1.4.16.tar.bz2\ (sha1sum: 8f137ff71f629fe24a745c758b72dce24a8669f2\ md5sum: ea671997591f772417b7e540d325f8cc)

Thanks for using lighttpd! :)

Lighttpd 1.4.15 - The “following traditions” release

Here we are again. As a good tradition with lighttpd release we are bitten by a last minute hotfix in 1.4.14. :)

The bug appeared in 1.4.14 and users of 1.4.13 or older releases are not affected.

You can read up on the other 1.4.14 changes here.

Download

  • lighttpd-1.4.15.tar.gz\ (sha1sum: 67ba1279a0eaeda728c1e1143d302beb364a034c\ md5sum: d2ceaaf242b2b3593ff4d8222d543649)
  • lighttpd-1.4.15.tar.bz2\ (sha1sum: 742b567eca011fa5ef2cc506038389a4959eab56\ md5sum: b994b8c359da578dec073cae52c4924f)

Thanks for using lighttpd! :)

  • in releases
  • 2 min read

Latest Pre-Release

Changes

On the way from 1.4.x to 1.5.0 many things have been improved, changed and added and we try to keep track of them to make it easier for user to migrate their configuration.

  • IMPORTANT requires glib2-2.4.0 or higher
  • mod-fastcgi, mod-proxy and mod-scgi are replaced by mod-proxy-core

Must Read

  • https://blog.lighttpd.net/articles/2007/01/31/threaded-stat
  • https://www.lighttpd.net/2007/02/03/raw-io-performance
  • https://blog.lighttpd.net/articles/2006/12/19/1-5-0-works-on-win32-nativly-again
  • https://blog.lighttpd.net/articles/2006/12/28/lighttpd-powers-5-alexa-top-250-sites

older pre-releases

  • https://blog.lighttpd.net/articles/2006/12/18/pre-release-lighttpd-1-5-0-r1477-tar-gz
  • https://blog.lighttpd.net/articles/2006/11/15/pre-release-lighttpd-1-5-0-r1454-tar-gz
  • https://blog.lighttpd.net/articles/2006/11/14/pre-release-lighttpd-1-5-0-r1435-tar-gz
  • in releases
  • 2 min read

lighttpd 1.4.13

Only 2 weeks after .12 hit the servers we have a new release cleaning up the issues that were introduced by it.

Download: - lighttpd-1.4.13.tar.gz

On the fix side we have: - fixed a seg-fault in the HTTP-Request splitting - fixed long-standing bug with Content-Length and HEAD requests - fixed a possible abort of a upload if xattr is enabled

New are - mod-magnet finally handles ‘require “lfs”’ without complaining - mod-magnet got light.stat() which uses the stat-cache - mod-webdav supports LOCK if compiled with –with-webdav-locks