Important changes
- hardened systemd lighttpd.service
- bug fix for mod_openssl using both ECDSA and RSA certs
BEHAVIOR CHANGES
- lighttpd-provided hardened systemd lighttpd.service may need admin-overrides
on non-typical systems (less popular distros) using lighttpd-provided systemd
lighttpd.service and which also run lighttpd as root, or run CGI scripts
as root, to manage the system. To create overrides,
systemctl edit lighttpd
and edit /etc/systemd/system/lighttpd.service.d/override.conf
.
In contrast, many popular distros configure lighttpd to drop privileges from
root and to run as an unprivileged user, e.g. ‘lighttpd’ or ‘www-data’.
These systems are unlikely to be affected by the hardened and more secure
systemd lighttpd.service configuration.
Downloads
- lighttpd-1.4.79.tar.gz (GPG signature)
- SHA256:
72a625243de607802b74bd6ae243716cb65757aba8e74a40321cbd74cf12c9c8
- lighttpd-1.4.79.tar.xz (GPG signature)
- SHA256:
3b29a625b3ad88702d1fea4f5f42bb7d87488f2e4efc977d7f185329ca6084bd
- SHA256 checksums
- SHA512 checksums
Changes from 1.4.78
- [ci] update deps pkg names for lighttpd on Cygwin
- [ci] MSYS detection kludge in tests/LightyTest.pm
- [autotools] spelling Couldn’t => Could not
- [mod_openssl] revert SSL_CTX default cert assign
- [mod_openssl] spelling in comment
- [TLS] issue trace if unable to check/refresh cert
- [ci] Cygwin Invoke-WebRequest -MaximumRetryCount 3
- [ci] Cygwin prefer D:\ drive
- [ci] Cygwin remove redundant call to setup.exe
- [core] set server.max-fds = 4096 if not specified
- [core] clear Linux ambient capabilities, if any
- [core] rename remove_pid_file() -> server_pid_file_remove()
- [core] retry pidfile open on Linux
- [doc] systemd lighttpd.service hardening
- [doc] move TLS config to separate file tls.conf
- [doc] systemd lighttpd.service hardening addition
- [doc] systemd lighttpd*.socket activation examples
- [core] default listen() backlog to SOMAXCONN
- [ci] fix meson build execution selection