1.4.30 - Faster than santa, your first present this year!
And lighttpd 1.4 is still alive :)
Especially for ssl users this release should be important: by setting
ssl.cipher-list = "ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4-SHA:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM"
you can mitigate BEAST attacks.\ Also check your site with Qualys SSL Labs Server Test
Important changes
- [mod_auth] Fix signedness error in http_auth (CVE-2011-4362)
- ssl: disable client initiated renegotiations
- ssl: support mitigating BEAST attack
- fix connection stalls
Downloads
- https://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.30.tar.gz
- GPG signature: https://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.30.tar.gz.asc
- SHA256: 59ae55b0ec427c328fa74d683e00eb1bc99bcc20cd184177875e9b6865de2b8b
- GPG signature: https://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.30.tar.gz.asc
- https://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.30.tar.bz2
- GPG signature: https://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.30.tar.bz2.asc
- SHA256: 0d795597e4666dbf6ffe44b4a42f388ddb44736ddfab0b1ac091e5bb35212c2d
- GPG signature: https://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.30.tar.bz2.asc
- https://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.30.tar.xz
- GPG signature: https://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.30.tar.xz.asc
- SHA256: c237692366935b19ef8a6a600b2f3c9b259a9c3107271594c081a45902bd9c9b
- GPG signature: https://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.30.tar.xz.asc
- SHA256 checksums: https://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.30.sha256sum
In the comments for 1.4.29 we were asked for a launchpad repository for ubuntu. This is not going to happen (launchpad sucks), but we have repositories for some dists on build.opensuse.org.\ Checkout GetLighttpd, or server:http/lighttpd or home:stbuehler/lighttpd on build.opensuse.org.\