Project

General

Profile

lighttpd 1.4.9 - 2006-01-14 19:49

Dear lighties,

I'm proud to announce the availability of lighttpd 1.4.9, a prop-in
replacement for lighttpd 1.4.8.

This release fixes several major bugs
  • growing errorlog if fastcgi backend dies
  • endless loop in mod_cgi
and most important:
  • a CRITICAL bug in the handling of case-insensitive filesystems like
    NTFS and FAT on Windows or the default filesystem on MacOS X. Everyone
    on those platforms has to upgrade as soon as possible. A security
    announcement is following this mail.
On the good side:
  • the power-magnet for mod_cml
  • more statistics for mod_fastcgi (load, backend usage, ...)
  • a first mod_evasive
  • better handling of If-Range, duplocate If-Modified-Since and more compliance with webdav clients

Changes

  • added server.core-files option (sandy <>)
  • added docs for mod_status
  • added mod_evasive to limit the number of connections by IP (<>)
  • added the power-magnet to mod_cml
  • added internal statistics to mod_fastcgi
  • added server.statistics-url to get internal statistics from mod_status
  • added support for conditional range-requests through If-Range
  • added static building via scons
  • fixed 100% cpu loops in mod_cgi ("sandy" <>)
  • fixed handling for secure-download.timeout ()
  • fixed IE bug in content-charset in the output of mod_dirlisting ()
  • fixed typos and language in the docs ()
  • fixed assertion in mod_cgi on HEAD request is Content-Length (<>)
  • fixed handling if equal but duplicate If-Modified-Since request headers
  • fixed endless loops in mod_fastcgi if backend is dead
  • fixed Depth: 1 handling in PROPFIND requests on empty dirs
  • fixed encoding of UTF8 encoded dirlistings (Jani Taskinen <>)
  • fixed initial bind to a unix-domain socket through server.bind
  • fixed handling of lowercase filesystems
  • fixed duplicate request headers cause by mod_setenv