2012¶

November 21, 2012
in releases
2 min read

1.4.32

Important changes

One important denial of service (in 1.4.31) fix: CVE-2012-5533.

Downloads

https://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.32.tar.gz
- GPG signature: https://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.32.tar.gz.asc
  - SHA256: 0765e07dac432393dea3950639d5ba646ded95a9408ad002e54b3353ab6b9645
https://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.32.tar.bz2
- GPG signature: https://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.32.tar.bz2.asc
  - SHA256: 60691b2dcf3ad2472c06b23d75eb0c164bf48a08a630ed3f308f61319104701f
https://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.32.tar.xz
- GPG signature: https://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.32.tar.xz.asc
  - SHA256: 1368f80069ce71f5928cad59c8e60c0b95876942ca9e02c53853e54ae24aedc1
SHA256 checksums: https://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.32.sha256sum

External references

CVE-2012-5533
- lighttpd-SA-2012-01
- lighttpd-1.4.31_fix_connection_header_dos.patch

May 31, 2012
in releases
2 min read

1.4.31 - Diablo servers are down again, back to work

Important changes

Many important changes - fixed a segfault (crash on first https request), disabled mmap due to possible crash if the file is truncated while reading and more.

If you still want to use mmap you can use ./configure --enable-mmap, but check #2391 before.

Downloads

https://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.31.tar.gz
- GPG signature: https://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.31.tar.gz.asc
  - SHA256: 848a15604bf358d9355bd7a48c01f448c286734dbb5f4dc1cd16acb8b05a9b52
https://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.31.tar.bz2
- GPG signature: https://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.31.tar.bz2.asc
  - SHA256: 5209e7a25d3044cb21b34d6a2bb3a6f6c216ba903ea486a803d070582e5e26ac
https://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.31.tar.xz
- GPG signature: https://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.31.tar.xz.asc
  - SHA256: 8a0a4f1ab782c2a3554e031c7d8ad600aac9b4c0466710a6cc9aab10659fe3f2
SHA256 checksums: https://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.31.sha256sum