Skip to content

2009

  • in releases
  • 1 min read

1.4.25 - the slogan is a lie

We did some important bug fixes (some of them new since 1.4.24, and some older bugs). Only 2 small new features: traceback for lua errors and the SSL_CLIENT_* vars export for ssl client cert validation.

Downloads

  • in releases
  • 3 min read

1.4.24 - now with TLS SNI and money back guarantee

Update: There is a small regression in mod_magnet, see #1307

We finally added TLS SNI, and many other small improvements. We also fixed pipelining (that should fix problem with lighty as debian mirror) and some mod_fastcgi bugs - this should result in improved handling of overloaded and crashed backends (you know which one :D).

Important changes

  • Connection state handling (pipelining should work now)
  • FastCGI fixes: improved disabled-time handling, fixed bug in active-backends counter.
  • TLS SNI support

Downloads

1.4.23 - Leaving the nest

Time for a new release: spawn-fcgi is now going its own ways in an independent project (hence the release slogan; see https://redmine.lighttpd.net/projects/spawn-fcgi), wsgi applications in / should work now (use the fastcgi/scgi option “fix-root-scriptname”) and many other fixes and improvements.

Please note that the “X-Sendfile-Range” header did not make it into 1.4.23, and we will try a more powerful approach for 1.4.24 (see #2008).

Important changes

  • Fix workaround for incorrect path info/scriptname if fastcgi prefix is “/” (fixes #729)
  • Finally removed spawn-fcgi
  • Fix bug with FastCGI request id overflow under high load; just use always id 1 as we don’t use multiplexing. (thx jgray)
  • Workaround broken operating systems: check for trailing ‘/’ in filenames (fixes #1989)

Downloads

1.4.22 - Echoes

And here we are again… we had some bad regressions, so 1.4.22 was needed earlier than we expected and spawn-fcgi is still included in this release.

But spawn-fcgi 1.6.0 has been released, see https://redmine.lighttpd.net/projects/spawn-fcgi/news, so expect it to be removed soon.

Important Changes

  • Fix default vhost in mod_simple_vhost (fixes #1905)
  • Fix segfault in mod_scgi (fixes #1911)
  • Fix error handling in freebsd sendfile (fixes #1913)

Downloads

  • in releases
  • 3 min read

1.4.21 - “Yes we can… do another release”

Four and a half months after the release of 1.4.20 comes a new version in the stable branch of lighty: 1.4.21 is here.\ It is a bugfix release but also contains 3 small new features.\ We would like to thank everybody who reported bugs, especially the ones who provided patches.

spawn-fcgi warning

We decided to remove spawn-fcgi after this release from the lighttpd source, there is now a separate project for it:\ https://redmine.lighttpd.net/projects/spawn-fcgi

Important changes

  • Reverted fix for CVE-2008-4359 (too many regressions - see #1720 and r2362): do NOT use rewrite/redirect to protect specific urls!
  • Fixed a bug when server.max-connections was hit
  • SSLv2 disabled by default

  • New setting to disable returning of a 417 if “Expect: 100-continue” header is given: 

    server.reject-expect-100-with-417 = "disable"

  • Settings that require numbers can now be strings too which get converted. Useful in conjunction wth env vars (thx andrewb)

  • mod_compress now supports caching through etags and last-modified
  • The annoying log entries about timeouted connections are now disabled by default and can be enabled with a new setting:

debug.log-timeouts = "enable"
* New $HTTP["language"] conditional (thx to petar) which allows interesting new configs like: 
\$HTTP\["language"\] =\~ "(de\|it\|hr)" {\
url.redirect = ( "\^/\$" =\> "http://www.site.net/%1/" )\
}

Downloads