Important changes

support pcre2; HTTP Digest auth userhash; bugfixes

Downloads

• lighttpd-1.4.62.tar.gz (GPG signature)
  • SHA256: aa695d506a87c6aa7b54a66bdb5a07653e800c95da9af3188661430e65a15c4f
• lighttpd-1.4.62.tar.xz (GPG signature)
  • SHA256: 36cf483cf34a06f7c75c724a4237d8779b0d88ce208a1742763793d317114ab7
• SHA256 checksums

FUTURE SCHEDULED BEHAVIOR CHANGES (estimated Jan 2022):

• graceful restart/shutdown default timeout will change from
  0 (infinite/no timeout) to 5 seconds (or some similar non-zero period)
  configure an alternative with:
  server.feature-flags += (“server.graceful-shutdown-timeout” => 5)
• lighttpd (optional) dependencies on libev and on FAM are deprecated.
  lighttpd event loop and file monitoring use native OS interfaces
  except on obscure platforms. FAM and gamin appear to be abandoned.
  Package maintainers on Linux and *BSD:
  please remove —with-libev and —with-fam from package builds
  lighttpd uses epoll() on Linux, kqueue() on *BSD for event notification.
  lighttpd uses inotify() on Linux, kqueue() on *BSD for file monitoring.
• lighttpd will default to —with-pcre2 instead of —with-pcre
  pcre2 is current. pcre is no longer maintained.
  Explicitly specify —with-pcre in build to use pcre instead of pcre2.

https://wiki.lighttpd.net/Docs_ConfigurationOptions#Deprecated

• mod_compress is DEPRECATED; use mod_deflate
  mod_compress has been subsumed by mod_deflate
  Note: mod_compress config options may be removed in a future release
• mod_geoip is DEPRECATED; use mod_maxminddb
  Note: mod_geoip will be removed from a future lighttpd release
• mod_authn_mysql is DEPRECATED; use mod_authn_dbi
  Note: mod_authn_mysql will be removed from a future lighttpd release
• mod_mysql_vhost is DEPRECATED; use mod_vhostdb_dbi or mod_vhostdb_mysql
  Note: mod_mysql_vhost will be removed from a future lighttpd release
• mod_cml is DEPRECATED; use mod_magnet
  Note: mod_cml will be removed from a future lighttpd release
• mod_flv_streaming is DEPRECATED; (Adobe Flash Video (.flv))
  Note: mod_flv_streaming will be removed from a future lighttpd release
  (Note: can be replaced with a few lines of lua code and mod_magnet)
  (sample script flv-streaming.lua is posted at
  https://redmine.lighttpd.net/projects/lighttpd/wiki/ModMagnetExamples )
  Adobe Flash is deprecated and support has been removed from modern clients
• mod_trigger_b4_dl is DEPRECATED; use mod_magnet
  Note: mod_trigger_b4_dl will be removed from a future lighttpd release
  (Note: can be replaced with a few lines of lua code and mod_magnet)
  (sample script mod_trigger_b4_dl.lua is posted at
  https://redmine.lighttpd.net/projects/lighttpd/wiki/ModMagnetExamples )

Important changes

bugfixes

Downloads

• lighttpd-1.4.61.tar.gz (GPG signature)
  • SHA256: 7697a4eb517ff7e438b148552c4ddbcc4c3fe79d8b79c3200441edc58787abb0
• lighttpd-1.4.61.tar.xz (GPG signature)
  • SHA256: 43f0d63d04a1b7c5b8aab07e0612e44ccad0afc0614bab784c5b019872363432
• SHA256 checksums

Future Scheduled Behavior Changes (estimated early 2022)

• graceful restart/shutdown default timeout will change from
  0 (infinite/no timeout) to 5 seconds (or some similar non-zero period)
  configure an alternative with:
  server.feature-flags += (“server.graceful-shutdown-timeout” => 5)
• lighttpd (optional) dependencies on libev and on FAM are deprecated.
  lighttpd event loop and file monitoring use native OS interfaces
  except on obscure platforms. FAM and gamin appear to be abandoned.
  Package maintainers on Linux and *BSD:
  please remove —with-libev and —with-fam from package builds
  lighttpd uses epoll() on Linux, kqueue() on *BSD for event notification.
  lighttpd uses inotify() on Linux, kqueue() on *BSD for file monitoring.

https://wiki.lighttpd.net/Docs_ConfigurationOptions#Deprecated

• mod_compress is DEPRECATED; use mod_deflate
  mod_compress has been subsumed by mod_deflate
  Note: mod_compress config options may be removed in a future release
• mod_geoip is DEPRECATED; use mod_maxminddb
  Note: mod_geoip will be removed from a future lighttpd release
• mod_authn_mysql is DEPRECATED; use mod_authn_dbi
  Note: mod_authn_mysql will be removed from a future lighttpd release
• mod_mysql_vhost is DEPRECATED; use mod_vhostdb_dbi or mod_vhostdb_mysql
  Note: mod_mysql_vhost will be removed from a future lighttpd release
• mod_cml is DEPRECATED; use mod_magnet
  Note: mod_cml will be removed from a future lighttpd release
• mod_flv_streaming is DEPRECATED; (Adobe Flash Video (.flv))
  (Note: can be replaced with a few lines of lua code and mod_magnet)
  (sample script flv-streaming.lua is posted at
  https://redmine.lighttpd.net/projects/lighttpd/wiki/ModMagnetExamples )
  Adobe Flash is deprecated and support has been removed from modern clients

Important changes

• improve performance, reduce memory use, bugfixes

Downloads

• lighttpd-1.4.60.tar.gz (GPG signature)
  • SHA256: 9c284107f8ed7dd3a8a25b06c6acfcf49ae2f19e66e384ebe51f7bc4dc57621c
• lighttpd-1.4.60.tar.xz (GPG signature)
  • SHA256: 4bb1dd859e541a3131e5be101557d2e1195b4129d3a849a3a6fbd21fe1c946f0
• SHA256 checksums

Highlights

• HTTP/2 smoother and lower memory use (in general)
• HTTP/2 tuning to better handle aggressive client initial requests
• reduce memory footprint; workaround poor glibc behavior; jemalloc is better
• mod_magnet lua performance improvements
• mod_dirlisting performance improvements and new caching option
• memory constraints for extreme edge cases in mod_dirlisting, mod_ssi, mod_webdav
• connect(), write(), read() time limits on backends (separate from client timeouts)
• lighttpd restarts if large discontinuity in time occurs (embedded systems)
• RFC7233 Range support for all non-streaming responses, not only static files

Behavior Changes

• connect() to backend now has default 8 second timeout (configurable)

Future Scheduled Behavior Changes (estimated early 2022)

• graceful restart/shutdown default timeout will change from
  0 (infinite/no timeout) to 5 seconds (or some similar non-zero period)
  configure an alternative with:
  server.feature-flags += (“server.graceful-shutdown-timeout” => 5)
• lighttpd (optional) dependencies on libev and on FAM are deprecated.
  lighttpd event loop and file monitoring use native OS interfaces
  except on obscure platforms. FAM and gamin appear to be abandoned.
  Package maintainers on Linux and *BSD:
  please remove —with-libev and —with-fam from package builds
  lighttpd uses epoll() on Linux, kqueue() on *BSD for event notification.
  lighttpd uses inotify() on Linux, kqueue() on *BSD for file monitoring.

https://wiki.lighttpd.net/Docs_ConfigurationOptions#Deprecated

• mod_compress is DEPRECATED; use mod_deflate
  mod_compress has been subsumed by mod_deflate
  Note: mod_compress config options may be removed in a future release
• mod_geoip is DEPRECATED; use mod_maxminddb
  Note: mod_geoip will be removed from a future lighttpd release
• mod_authn_mysql is DEPRECATED; use mod_authn_dbi
  Note: mod_authn_mysql will be removed from a future lighttpd release
• mod_mysql_vhost is DEPRECATED; use mod_vhostdb_dbi or mod_vhostdb_mysql
  Note: mod_mysql_vhost will be removed from a future lighttpd release
• mod_cml is DEPRECATED; use mod_magnet
  Note: mod_cml will be removed from a future lighttpd release
• mod_flv_streaming is DEPRECATED; (Adobe Flash Video (.flv))
  (Note: can be replaced with a few lines of lua code and mod_magnet)
  (sample script flv-streaming.lua is posted at
  https://redmine.lighttpd.net/projects/lighttpd/wiki/AbsoLUAtion )
  Adobe Flash is deprecated and support has been removed from modern clients